pfSense on HyperV = Massive problems

deanfourie

@bob-dig thanks for the information. This will come in handy if I have any issues.

What i'm really struggling with is getting the interfaces setup correctly. Im following this guide.

https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-hyper-v.html

However, when I setup the LAN interface as a "internal network" I cannot ping or reach my pfSense login page.

I have created 2 Virtual Switches just as shown in the guide.

WAN - with the WAN interface selected and setup as a "External Network" and have disabled Allow management operating system to share this network adapter as I have a dedicated NIC for WAN.

LAN - created the LAN interface and just selected "Internal Network".

Assigned both interfaces to the VM and assigned them correct, WAN gets DHCP, and I set a static IP on the LAN interface in the same subnet as my LAN, and also as the physical LAN interface on the host, yet still I cannot ping or reach the pfSense web page.

Could someone advise me on the CORRECT way to setup these interfaces on HyperV. I would like to do it once and once only and get it right.

Thanks in advance.

Bob.Dig

@deanfourie Internal is correct if you sit in front of this physical machine. You also can use external if you connect this interface to a physical switch.

Bob.Dig

@deanfourie said in pfSense on HyperV = Massive problems:

and I set a static IP on the LAN interface in the same subnet as my LAN, and also as the physical LAN interface on the host,

What do you mean by that? pfSense should be the router in my mind.

So you want pfSense to be only a virtual firewall for another vm?

deanfourie

@bob-dig Ok I think I get you.

if I understand correctly, Internal and Private are just the HOST machine internal communication. When selecting internal or private, traffic will not leave the HOST at all?

This needs to also be setup as a external interface for LAN traffic to exit the LAN interface out to the physical LAN switches and infrastructure?

Thanks

deanfourie

@deanfourie Now I have 1 WAN interface and 2 LAN interfaces.

WAN
LAN
vEthernet LAN

Is this correct?

Bob.Dig

@deanfourie Please don't assume but tell exactly what your setup is, how many routers, how many switches and hosts etc. and what you want to achieve. Will make answering much easier. Maybe make a diagram.

deanfourie

@bob-dig Sure, let me do the best I can here

4GWireless Router WAN Incoming *Upstream Gateway" >>
pfSense WAN Interface /30 Network>>
pfSense LAN Interface /27 Network >>
Cisco 48 Port PoE Switch >>
Wifi AP >>
CLIENTs

Pretty basic, just a home setup. Hope that makes sense.

Bob.Dig

@deanfourie Ok, make another external vSwitch for pfSense LAN and connect it to the Cisco Switch. You also can use this connection for the VMhost (shared) or use another physical NIC (if you have) to the Cisco switch for that, that is up to you.

VLANs come on top of this if you have...

deanfourie

@bob-dig yup thanks have done that. But speeds seem super slow and connection is intermittent.

Bob.Dig

@deanfourie Then #2.

deanfourie

@bob-dig yup ok cheers. Thank you

deanfourie

@deanfourie I have another question regarding the NIC configuration in windows.

Lets take for example my WAN interface. I have the ability to DISABLE IPv4 on this interface. If I disable the IPv4 and IPv6 option on this interface, it basically disables everything on the interface except the Microsoft Hyper-V Interface.

This still allows pfSense to send and receive traffic on this interface, however windows just simply doesn't see it.

What are the disadvantages or advantages to doing this? And how does this still allow traffic to pass through. Its like it just become some kind of transparent bridge interface the just allows traffic to flow through it.

Im not gonna lie, I like it, as I can manage which interfaces actually are sitting on what networks on the HOST. This way I can configure my HOST Hyper-V LAN interface for traffic and have the traffic also router through pfSense and I dont have a pointless client sitting on the WAN network.

Hope that makes sense.

Any ideas?

Thanks

Bob.Dig

@deanfourie said in pfSense on HyperV = Massive problems:

Lets take for example my WAN interface. I have the ability to DISABLE IPv4 on this interface.

No, you wouldn't share this with the host to begin with so no need to disable anything.

It will look like this on the host, don't mess with it.