@AlanMAC: Do you happen to have another NIC laying around? I've just added a dual port ($45) to my proxmox setup and running two new LANs from pfSense now. I tried doing the virtual NIC, but kept running into problems, so I decided that instead of wasting my time, that I'd just add a dual port NIC…. I'll be adding another one soon as well. thanks I did get it figured out and do have to say proxmox is pretty easy to learn dont really have any other issues but maybe some firewall/nat troubles

In the diagram the MGMT network is a separate NIC that's connected to the VMkernel Port Group (the management network) and nothing else.  That's just the way I did it because I had a spare NIC.  It's very common to leave the VMkernel Port Group and the VM Port Group (LAN) on the same vSwitch. You shouldn't be thinking of pfSense as a switch, it's a router/firewall.  If you have multiple physical devices (wifi access point, PC, etc) to connect to the LAN you will need a physical switch, which I think is what Abdsalem referred to as a "pswitch".

Thanks for the feedback all. I looked over my setup in pfsense and managed to resolve the issue. Next problem…. how do I get PC's connected to different VLAN's to connect to the Internet ? All VLAN's are on one switch WAN interface is on another switch Both switches have physical NICs

That VM must have been totally corrupted.  Didn't matter what I installed (2.0.1 or 2.0.2), I pretty much got the same results with VMware Tools.  Very odd. I finished up deleting that VM and resurrecting a 2.1 VM from months ago.  Updated it to the 24 December build and, once I sorted out all the changes I've made since then, I'm back on line again.

I use vmware workstation 9 live cd install having no problems and it works fine

Thanks, I'll switch them over to e1000 and see if that makes any difference. We are running RC 1 because in the final release the Captive Portal service has a bug where is doesn't accurately track mb usage via Radius.  That is what we use pfsense for to track user's internet usage for billing.

@Supermule: Maybe because you had both WAN and LAN in the same physical network on the switch?? yup, with heavy network traffic, it would took few hours to freeze the pfsense box.

@quetzalcoatl: Thanks matguy. But when you said "pfSense won't really use much more than 2" did you mean 2 cores or 2 gigs of ram. Since you then talk about ESX it sounds that you are talking about cores. Besides all the PFSense stuff going on here i have a question for you. If you meant cores that means that if i have a 6 core CPU and 2 VMs and i assign 6 cores to each one of them, those VMs will actually end up being slower than giving them only 3 cores each? Because if one of the VMs is idle, the other one should be able to take advantage of all 6 cores, unless the idle VM is actually slowing down all 6 cores even if it's idle. Maybe it depends also on the OS you have inside the VMs. TIA! Yes, I was talking about cores.  Having multiple VMs with a couple vCPUs (assuming your VM host has, say, 4 or more cores) is fine as ESX(i) can schedule them easily.  When a single VM has as many (or close to) vCPus as cores in your host it can become difficult to schedule a busy VM as it may have to wait for enough cores to become available all at once. Generally ESX(i) has to schedule all the cores of a multi-vCPU VM to run at the same time (I think the physical CPU may do some command re-shuffling, but as far as ESX(i) is concerned, they need to be fed to the CPUs at the same time.)  It needs to do that whether or not anything is actually happening on those vCPUs, so even an idle vCPU needs to be scheduled as though it was a busy one. That causes 2 problems:  1, scheduling these large groups of vCPUs in an otherwise busy host, where that group of 6 vCPUs may have to wait a few, or many CPU cycles for enough cores to become free (think of it like a large family that all wants to ride the roller coaster together, they may have to wait for the next train or 2 to get enough open seats.)  2, filling an otherwise busy physical CPU with cycles that are forced idle by idle vCPUs that have to be scheduled when there may be only 1 or 2 that are actually processing anything. Like I was saying, this may not be an issue for you if you have very few VMs running on that host, especially if the others are single vCPU VMs, or even 2 vCPU.  I share this more for others that may read this; it's probably not doing you any harm as long as you're not seeing contention or other instability. I come from more dense environments, where a single host is probably hosting 10 to 30 VMs.  Even on hosts with 12 to 16 physical cores we generally put a limit on VMs to 4 vCPUs, and even then we generally require real justification for going over 2.

@trunix: I've got the Open-VM-Tools-8.8.1 package installed on the pfSense vm I'm running under ESXi 5.1 (installed via the System menu in the pfSense webGUI > Packages).  From what I remember, the regular Open-VM-Tools package gave me some errors, but the 8.8.1 version seems to be fine.  I'm running the i386 2.0.1-Release.  My vSphere client reports the tools as installed and 3rd party/Independent.  You may consider upgrading to 5.1, as it fixes a problem where the pfSense vm (or any other vm for that matter) wouldn't auto-start after the ESXi host was booted.  Not sure if auto-start is important to you or not. There's another release something like 5.0.1 update 1b that also fixes it. Off the top of my head build number is 8xxxxx

dhatz. I tested pfsense in virtualbox for over an year and i got always the sam kind of crashes. Since the main reason i use pfsense is for squid, i always used squid and i believed those crashes every couple of hours were happening because of squid. Then i installed pfsense without the squid package and pfsense was not crashing any more…...until it crashed but 2 days later. For a couple of days i believed that squid was the reason but i was wrong. Having squid installed just makes more frequent reads and writes than not having squid at all. Since i believed also that it was virtualbox, i tested pfsense with vmware but the very same crashes happened every couple of hours forcing me to reset the VM So to fix this: Open your VM VirtualBox Manager Click on your pfSense VM Click on settings Click on Storage Click on your IDE or SATA controller Uncheck the Use host I/O cache Also I don't thing there is any difference between IDE or SATA controller. I noticed that some snapshots didn't work with SATA controllers but now they do. But as long as you have that host I/O cache in your virtual storage controller, pfsense works just fine. There is a little overhead an waste because of virtualization so if you virtualize, make sure you get a powerful computer. Anyways the more power the better it is with or without virtualization.

Hi miodzicho! I'm not sure, but see if this post gives you some hints to solve your issues… Cheers!

Im with matguy on this – VMKernel on public IP?  As stated not a great idea. So is this as assumed a hosted box?  Do you have physical access, is it say a locker or room/suite at a colo? That being said the esxi does have built in firewall that you could use to lock down the access to the VMK, do you have console outofband access to the box if needed?

which vSwitch? VM network (default) or the newly created for the 2nd interface?

Of course all NICs are connected. How would I see the NICs during boot if they weren't connected.

Just to close off on this, I have rebuilt the 32-bit PFSense in a 32-bit VM container, and it's been stable for a week now.  I think that must have been the issue.  Glad to have spotted that or it would have driven me round the bend!

ESX is the host? I'd try configuring the VLAN networking on the ESX side, this way pfSense handles traffic and ESX tags the VLAN.

@jimp: Just a note, 2.0.1 is based on FreeBSD 8.1 and so is 2.0.2, after that is 2.1 which will be based on FreeBSD 8.3, so if they did get things working on 8.2 and 8.3, it would require at least pfSense 2.1 to function. Exactly jimp. Anyway particularly interesting to think MS support to FreeBSD on your Hyper-V. In a way, means that they admit the relevance of the platform in the enterprise!

i guess it depends if you want to use the vmxnet drivers or not. if you only want to be able to have your guest shutdown nicely by *tools then the open-vm-tools work fine

I never noticed the clock stopping, buit it was probably just cause I wasn't observant enough. I wonder if this was related at all to my puzzling pfSense stability problems under ESXi 5.0.0 where the DHCP function would just stop working at random intervals.  Clients already assigned IP's would continue to work just fine nd data would be routed to them,  but new clients would not get IP's and not function at all. It was a puzzling issue I never quite figured out.  In the process of reinstalling with 5.1 now, time will tell if the issue disappears.

Personally I don't want to risk any slowdowns to my router from the vSwitches and virtual adapters, so I forward my dual port Ethernet NIC (Intel EXPI9402PT) directly to my guest using DirectPath I/O.