@CSylvain: After several tests, it is the Kernel problematic, replacing the /boot/kernel by FreeBSD 10.3, it works ! The question is who is involved ? Because the Kernel from pfSense includes mostly the modules, which is not the case of FreeBSD which is compiled individually and place in /boot/kernel. I looked if modules were missing, and everything is present : ............................................. 2    3 0xffffffff819bd000 6d370    vboxdrv.ko (/boot/modules/vboxdrv.ko) Contains modules: Id Name 1 vboxdrv 3    1 0xffffffff81c11000 3831    ng_socket.ko (/boot/kernel/ng_socket.ko) Contains modules: Id Name 484 ng_socket 4    3 0xffffffff81c15000 ba02    netgraph.ko (/boot/kernel/netgraph.ko) Contains modules: Id Name 483 netgraph 5    2 0xffffffff81c21000 29b2    vboxnetflt.ko (/boot/modules/vboxnetflt.ko) Contains modules: Id Name 485 ng_vboxnetflt 6    1 0xffffffff81c24000 4123    ng_ether.ko (/boot/kernel/ng_ether.ko) Contains modules: Id Name 486 ng_ether 7    1 0xffffffff81c29000 3f64    vboxnetadp.ko (/boot/modules/vboxnetadp.ko) Contains modules: Id Name 487 vboxnetadp Is it because everything is integrated, for this to be a problem ? I discover every day FreeBSD I'll see if I can make for a pfSense Kernel with non-integrated modules. Dear CSylvain, Unfortunately it is very hard to access forums from my country India, as pfsense forums are blocked, i don't know why, but you are bang on, i was following the forum before your first comment very aggressively but once the forum didn't respond well, there was no choice to dig in deep myself, a lot of research led me to kldstat and yes since everything is integrated into kernel itself, i started playing with kernel options, and stripped all the kernel options to find out that it was working then, then i used Binary search algorithm to find out the culprit and it worked and removing NETGRAPH_SOCKET made things working from the kernel configuration, and building the ISO worked. But still lot lot lot of thanks, for taking the pain for working this out, also i never knew that just re-building the kernel can make things work out, loads loads and loads of thanks mate, for doing so much for me, i know somebody hardly would do so much without any incentive, i just cant thank you much for this. Thanks, Anand

@LEXmono: So after talking to my VPS provider more found out its not a second NIC I need to configure, but an IP Alias. Did it inside the pfSense GUI and all is working. Glad to hear that you solved your problem

I tried this again and for the life of me, I can't convince hyper-v to dismount the CD with the vm running. The "none" setting can be changed, but as soon as it's applied, there is an error. I tried to dismount the CD during the shutdown phase of the reboot. Any later and it's already booting again from the CD. FWIW, windows 10 handles this in a very elegant way. Even if the VM is set to boot from the CD, immediately when it boots, there is a message, "press any key to boot from the CD". Otherwise, it boots from the IDE. UPDATE: I tried again. This time, I applied the "none" setting after the reboot started, during the short interval when the screen is completely black. It worked. [image: CD.PNG_thumb] [image: CD.PNG]

Hi. Try using the virtio driver, this will help a lot. On your proxmox use the virtio driver. net0: virtio=xx:xx:xx:xx:xx:xx,bridge=vmbr0 net1: virtio=xx:xx:xx:xx:xx:xx,bridge=vmbr1 PS! It's still a lot more CPU consuming , compared to running linux under kvm.

I can confirm this problem. Also drove me nuts for a couple hours. C'est la vie Thanks in advance Piers pfSense 2.3.2 (from 2.3.1 OVA) ESXi 6.0.0 Build 3620759 HPE BL460c G6

Thx for your statement and good to know. I assumed there will be a lot of releases in-between like with 2.2 version.

thanks!  wasnt sure if anything was needed from virtualization perspective.

Setting both to 0 means you can't filter anything involving that bridge, which is highly undesirable. Don't assign the tap interface in the GUI, try using an earlyshellcmd to create the tap interface and and then a regular shellcmd to addm it to the bridge. Both types of shellcmd entries can be editing using the shellcmd package.

We have three NICs. One for the WAN, one for the LAN and one is used to connect to the management interface of the modem. There are virtual switches on the WAN and LAN NICs plus an internal switch that's not connected to either NIC. The WAN switch is not shared with the OS. The LAN switch is shared with the OS. This allows there to be more than one instance of pfsense for testing. VMs can either connect to the LAN switch or with the internal switch (for testing).

Okay, i may have found the issue, though it should be solved in a driver update, but the issues seems to be the same i'm experiencing. It relates to VMQ on networkcards. Here is the article i found about it: http://www.aidanfinn.com/?p=16876 I will let you know if it solves my problem.

Thanks for pointing me in the right direction. The pfsense ISO's were corrupted on upload. It took me about 8 tries from more than a few different machines to get on to upload and have the same sha hash. I'm not sure what's causing it because other ISO's have uploaded without problems.

@kapara: Jul 16 00:39:53 kernel calcru: runtime went backwards from 8791 usec to 4441 usec for pid 321 (devd) Jul 16 00:39:53 kernel calcru: runtime went backwards from 1889 usec to 966 usec for pid 321 (devd) Those are generally harmless, but there is a fix in 2.3.2 from Microsoft that makes it go away. @kapara: Jul 16 00:54:25 charon 08[CFG] <13> received proposals: IKE:BLOWFISH_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Jul 16 00:54:25 charon 08[CFG] <13> configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Jul 16 00:54:25 charon 08[IKE] <13> received proposals inacceptable Right there - your config doesn't match. Blowfish on one side, 3DES on the other.

Thank you for your help. Currently all 3 ports are untagged trunk on vlan 1000 on my switch. pfSense1 on port1, pfSense2 on port2 and modem on port3. I will change port 1 and 2 to tagged on switch and put both pfsense vm in the same port group in ESXi with vlan id 1000. Is this correct?

ok thanks, this is what I got [root@localhost:~] esxcli storage core device vaai status get t10.ATA_____SanDisk_SDSSDXPS240G____________________162336401593________   VAAI Plugin Name:   ATS Status: unsupported   Clone Status: unsupported   Zero Status: unsupported   Delete Status: unsupported it appears the SCSI UNMAP wont happen here.  thanks though

You will probably want to disable time sync. from there. Don't want the host and NTP both trying to control the clock.

I thin provision my test VMs and give them ~8GB of space. Never had an issue with that size, even with some swap space configured, but none of them have much package data either.

@rudelerius: @XanderVR: Currently using pfSense with Hyper-V 2012 R2 without issues. It nicely recognizes the virtual NIC's, and runs OK, even with VLAN However if you want to work with VLAN tagging, the supported way of doing this is to add a virtual NIC for every VLAN you have in use, and set the VLAN tag on VM level settings (Yes there is a workaround, however you might run into complications using this, as there is no official way to set a virtual machine NIC to trunk mode) There is a small problem with the 1 NIC per VLAN solution that I ran into, in that there is a limitation in Hyper-V of 12 NICS per VM: 8 synthetic and 4 legacy NICS.  However, using Powershell, you can set a Hyper-V switch port to trunk mode: https://technet.microsoft.com/en-us/library/hh848475.aspx. The following sets the port on the VM named Redmond to trunkmode and allows access to VLANs 1-100 and tags all untagged traffic to VLAN 10: PS C:\> Set-VMNetworkAdapterVlan -VMName Redmond -Trunk -AllowedVlanIdList 1-100 -NativeVlanId 10 Thank you so much sir. After many many hours of search and research, your solution worked for me (Windows Server 2012 R2 + HyperV + pfSense 2.3.1) Just one comment: on allowedVlanIdList, do not include VLAN 1, since on most switches, it´s the default untagged. On my environment (Dell Switches) it didn´t work at all until I used -AllowedVlanIdList 2-XXXX and -NativeVlanId 1 so I can access through my server

if not Hyper V then Vsphere , but technically it will work rite? Just put monitoring IP to ISP Router IP