Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hyper-V ICS 1.0 (w/Synthethic Network Driver) for pfSense 2.1 & 2.1.1

    Scheduled Pinned Locked Moved Virtualization
    193 Posts 41 Posters 145.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      hege
      last edited by

      Hi, big big thanks,

      i used the preconfigured VM and restored my settings - I know that it is too early to say this,
      but as far as i can see, it works much better (can't reproduce a "sleeping thread" error.

      I'll test your VM with more systems during the next week.

      Because you can't use traffic shapping by default, you still have to add "hn" to /etc/inc/interfaces.inc (see here )

      Great work!

      –----
      Testing system: Hyper-V 2012 R2 | AMD | 1GiB Ram | 2xNIC (Gbit) | 100Mbit Internet

      1 Reply Last reply Reply Quote 0
      • T Offline
        timotl
        last edited by

        Thank you Zootie!

        I used your vhd file and attached it to my vm so I didn't have to mess with MAC address issues.
        Fired it up, restored my config then updated to the latest 2.1.1 snap and it's been running fine for 10 hours so far.
        It definitely seems better, but will need to run for a few days to be sure.

        Thanks again!

        1 Reply Last reply Reply Quote 0
        • D Offline
          doktornotor Banned
          last edited by

          zootie, you'd better remove your VHDs before you receive "the most polite letter possible via the law firm". You know, you can only provide "genuine pfSense**®** software". Not kidding ya.  ::)

          BTW, your Option C is useless due to actions taken by the pfSense guys, which they apparently wish to continue. You know, they think noone should have access to the build tools repo, unless it's "subject to certain contractual obligations". Otherwise you're gonna get accused exactly like the poor guy who built an early v2.2 image and posted that on the forum. And you'll become a horrible offender who "built something that clearly was not “pfSense”, named it “pfSense 2.2”, violating our registered trademark, and then announced on the pfSense forum with an adulterated logo."

          This project has become a pile of legal BS.  >:( >:( >:(

          1 Reply Last reply Reply Quote 0
          • Z Offline
            zootie
            last edited by

            If requested, I'll promptly remove the VHD (no need of lawyers, just an admin post here - hopefully this thread won't be removed). In the meantime, I believe I'm complying with the spirit of the post: It's an effort to contribute to the community. I'm providing the community a most useful feature specific to their HW platform (Hyper-V), I'm not modifying the pfSense trademark, I'm giving full attribution to the project, I'm providing all the information needed so the feature can be added to the project in the future, and I'm asking the community to test it and document their experiences on a public forum (so the project has all the information available).

            Option C might not be operational right now unless you have access to the pfsense-tools repository, or until it is brought back (with restrictions). I just wanted to write the instructions down so contributors can try and incorporate the modules into the build process in the future.

            1 Reply Last reply Reply Quote 0
            • M Offline
              mylle
              last edited by

              @timotl:

              Thank you Zootie!

              I used your vhd file and attached it to my vm so I didn't have to mess with MAC address issues.
              Fired it up, restored my config then updated to the latest 2.1.1 snap and it's been running fine for 10 hours so far.
              It definitely seems better, but will need to run for a few days to be sure.

              Thanks again!

              I tried to manually update to the latest snapshot but when hitting the upgrade button nothing happens and 10 seconds later it times out.

              Maybe im using the wrong file?

              1 Reply Last reply Reply Quote 0
              • T Offline
                timotl
                last edited by

                Afraid I'm not much help there.
                The config I restored already had the snapshot server as an upgrade source.
                I just did the auto upgrade when it offered.

                1 Reply Last reply Reply Quote 0
                • Z Offline
                  zootie
                  last edited by

                  mylle,

                  First, Let's check some basics. Is it connecting to the Internet? Are you able to ping google.com from the pfSense VM console? Are you able to ping pfSense's LAN IP from other hosts on your LAN? Confirm if you are using the native NICs (hn0 and hn1) or Legacy NICs (de0 and de1).

                  As timotl points out, his/her existing XML config has the snapshot server as an upgrade source, so the VM installation got upgraded to a 2.1.1 pre-release build. The basic VM I posted is 2.1 Release and it says it is on the latest version. Unless you need something specific to 2.1.1 (or just want to to test it), you don't need to update it.

                  If you still want to use 2.1.1, you'd need to either setup your own VM using a 2.1.1 ISO and install the kernel modules manually (Option B), or on a 2.1 installation (like the basic VM in the 7z) you'd need to change the Updater Settings (under System/Firmware on the WebConfigurator) to use a custom URL "http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/amd64/pfSense_RELENG_2_1/.updaters/" - Just have in mind that this is an automatic nightly build: you don't know how stable the prerelease version will be and you might be the only one using it until there is an actual 2.1.1 RC Pre-Release.

                  1 Reply Last reply Reply Quote 0
                  • M Offline
                    mylle
                    last edited by

                    Hi Zootie,

                    Thanks for your reply and you image. It works great :)

                    I have connectivity and everything works. Im just he kinda guy that loves trying out the bleeding edge code all the time :)

                    I already added the Snapshot rep and the newest snapshot downloads just fine but then:

                    The image file is corrupt.
                    Update cannot continue

                    Thats where i get stuck now.

                    Regards
                    Mylle

                    1 Reply Last reply Reply Quote 0
                    • A Offline
                      ArthurZz1
                      last edited by

                      Thank you so much for doing this !

                      Did anyone managed to make CARP work with this version (using Hyper-V 2012R2 as the host) ?

                      1 Reply Last reply Reply Quote 0
                      • M Offline
                        Magsy
                        last edited by

                        I've been running 2.1 Beta1 with integration for a long time without issue, so I'm not a great test but so far this is looking stable.

                        I'm using your pre-created VM, dual wan balanced on 2012 R2 with Windows LBFO teamed Intel Nics, 4 vNics to guest with tagging at the Hyper-V level.

                        Thanks :D

                        1 Reply Last reply Reply Quote 0
                        • P Offline
                          peterclark4
                          last edited by

                          Many thanks zootie!

                          This seems to be the most stable Hyper-V image yet! Before this I was stuck on the 2.0.3 with Hyper-V kernel as it appeared to be the most stable for me.

                          Hopefully we can have an official build with the Hyper-V kernel before 2.2 is released.

                          Peter

                          1 Reply Last reply Reply Quote 0
                          • Z Offline
                            zootie
                            last edited by

                            @ArthurZz1:

                            Did anyone managed to make CARP work with this version (using Hyper-V 2012R2 as the host) ?

                            I tried 2.1 and latest 2.1.1 and CARP wouldn't work, stuck on INIT with "ifa_add_loopback_route: insertion failed" in the log.

                            I found a source patch for bridgestp/if/if_bridge that might solve one possible cause for this error. I'll have to make some time to try it.

                            update: bridgestp/if/if_bridge patch didn't seem to have an effect, so unless someone else has an idea, CARP remains non-operational.

                            1 Reply Last reply Reply Quote 0
                            • C Offline
                              CloudNut
                              last edited by

                              Hi

                              I am really sorry if this is hi-jacking the thread  :)

                              I have ran your pre-configured VM in windows 2012 R2 and it works brilliant and its very appreciated,

                              I  cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,

                              Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition (please excuse my ignorance I new to freebsd )

                              Any guidance would be much appreciated as I need some space for log retention and squid cache,

                              I also want to run 2 - 4gb of ram would it be correct to say I would need at least the same in a swap partition

                              Or if one pre-configured VM could be made with a bigger disk , I will spot you a few beers I promise as it will get me out of a tight squeeze ;-)

                              1 Reply Last reply Reply Quote 0
                              • Z Offline
                                zootie
                                last edited by

                                @CloudNut:

                                I  cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,

                                Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition.

                                I'm creating versions of the preconfigured VM with a larger disk/swap. I'll try and post them tonight. (I've been asked to remove it, so I can't post more versions)

                                Since you already have it, you can try and resize it yourself. I used a FreeBSD 10 VM (should work with FreeBSD 9.x too, unsure about 8.x or if using another copy of pfSense). I expanded the VHD and mounted it on this VM (on the secondary IDE controller), and used the instructions in 18.4. Resizing and Growing Disks and in Resize Your Existing FreeBSD Root Partition/Slice Safely Without Re-Installing

                                First I had to grow the slice (ada0s1) within the disk (ada0) and reboot before the space was visible within the slice. Then followed the instructions to delete the swap partition, expand root to the desired size, and then recreate the swap partition. Run gpart show ada0 and gpart show ada0s1 so you see the changes.

                                
                                #Resize ada0s1 slice to full size of ada0 disk
                                gpart resize -i 1 -a 4k ada0
                                
                                #After reboot (so free  space would be visible within slice)
                                #Delete swap (note it is using the slice)
                                gpart delete -i 2 ada0s1
                                #Expand root (adjust size, assuming it's a 32 GB disk, wanting to leave 4 GB for swap)
                                gpart resize -i 1 -a 4k -s 28G ada0s1
                                #Recreate swap
                                gpart add -t freebsd-swap -a 4k ada0s1
                                #Grow filesystem
                                growfs /dev/ada0s1a
                                
                                

                                Then back in the pfSense VM, I had to recreate the GEOM labels. Boot in single user mode, specify ufs:/dev/da0s1a as the root file system, and then recreate the labels using /sbin/glabel label rootfs /dev/da0s1a and /sbin/glabel label swap /dev/da0s1b. No need to change fstab again (since the labels have the same names).

                                1 Reply Last reply Reply Quote 0
                                • H Offline
                                  hege
                                  last edited by

                                  @HC:

                                  ..

                                  hv_kvp_negotiate_version
                                  Hyperv-utils1: detached
                                  hyperv-utils1 on vmbus0
                                  hyperv-utils1: Hyper-V service attching: Hyper-v sevice attaching; Hyper-v KVP Service
                                  

                                  I only get

                                  hv_kvp_negotiate_version
                                  ```every 12 hours - more or less, with the following Hyper-V Log message.
                                  
                                  

                                  Hyper-V Data Exchange connected to virtual machine 'MachineName', but the version does not match the version expected by Hyper-V (Virtual machine ID Machine-ID). Framework version: Negotiated (3.0) - Expected (3.0); Message version: Negotiated (4.0) - Expected (5.0)....unsupported....

                                  
                                  Think we can ignore that?
                                  
                                  Update about my experience with the new driver:
                                  
                                  I'm testing the new iso now at four different locations in production systems. The only issue i could find is, that the performance (in my case the throughput) seems to be poorer on **realtek** nics.
                                  
                                  [1] Hyper-V 2012 R2 | AMD    | 1GiB Ram      | 1x Intel NIC 1x Private NIC (Hyper-V) | 100Mbit Internet | Traffic shapping on  | 20 Users
                                  [2] Hyper-V 2012 R2 | Intel i7| 1GiB Ram      | 1x Intel NIC 1x Private NIC (Hyper-V) | 100Mbit Internet | Traffic shapping on  | 8 Users
                                  [3] Hyper-V 2012 R2 | Intel i3| 512 MiB Ram | 1x Intel NIC 1x Realtek                      | 70Mbit Internet  | Traffic shapping off  | 2 Users
                                  [4] Hyper-V 2012 R2 | Intel i5| 512 MiB Ram | 2x Intel NIC                                        | 4Mbit Internet    | Traffic shapping on  | 6 Users
                                  
                                  Great work!
                                  1 Reply Last reply Reply Quote 0
                                  • C Offline
                                    CloudNut
                                    last edited by

                                    @zootie:

                                    @CloudNut:

                                    I  cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,

                                    Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition.

                                    I'm creating versions of the preconfigured VM with a larger disk/swap. I'll try and post them tonight.

                                    Zootie thanks so much your a legend especially to us Hyper-v admins that would love to use what I consider the best Software UTM out there ;-),

                                    1 Reply Last reply Reply Quote 0
                                    • ? This user is from outside of this forum
                                      Guest
                                      last edited by

                                      @zootie:

                                      If requested, I'll promptly remove the VHD (no need of lawyers, just an admin post here - hopefully this thread won't be removed). In the meantime, I believe I'm complying with the spirit of the post: It's an effort to contribute to the community. I'm providing the community a most useful feature specific to their HW platform (Hyper-V), I'm not modifying the pfSense trademark, I'm giving full attribution to the project, I'm providing all the information needed so the feature can be added to the project in the future, and I'm asking the community to test it and document their experiences on a public forum (so the project has all the information available).

                                      I don't know if I'm an 'admin' or not.  (Turns out: I am.) If not, I can make myself one pretty quick.

                                      I'll ask nicely that you take this down.  What follows are snippets from what the eventual communication about the issue will be, when we (finally, sorry) address the community about it.

                                      The issue really is our trademark(s).  pfSense® and "pfSense Certified"® are registered trademarks of Electric Sheep Fencing, LLC.  The pfSense logo is a trademark of Electric Sheep Fencing, LLC.

                                      The issue with you using “pfSense” it that it is possible to lose rights in a mark by licensing the mark to others without controlling the nature and quality of the goods or services the licensee offers under the mark.  This concept is often referred to as “naked licensing.”  This is the reason why we insist that only things we build be described as “pfSense”.

                                      Another way in which rights may be lost is by misusing the mark – or by failing to police against the mark’s misuse by others – so that the mark ceases to indicate the source of goods or services and becomes a generic word (like escalator and cellophane, which originally were trademarks but came to be understood by the public as the generic names of the products for which they had been used as brands).

                                      Now, that's not a complete treatise on the issues, it's just illustration of the problem.  Your intent, however noble, doesn't matter, because the issue is, if we allow it "enough", someone else, some third-party, can come along and demand that the mark be canceled.  (It happened to me, and not long ago.  http://www.plainsite.org/dockets/index.html?id=2283547)

                                      El Reg posted a story a few days ago about Mozilla's lawyers arguing with Dell about Dell charging to install Firefox.
                                      http://www.theregister.co.uk/2014/03/10/mozilla_investigates_fee_for_firefox_dell_claims/  This following: http://www.theregister.co.uk/2014/03/05/mozilla_probes_dell_over_firefox_installation_claims/

                                      Which is really all about: http://www.mozilla.org/en-US/foundation/trademarks/faq/

                                      The Mozilla “business model” is about getting Firefox (and friends) distributed far and wide.  Dell charging a fee for the distribution interrupts that model (fewer people take it), so Mozilla does not allow it.

                                      The business of pfSense (the products and projects) is very much dependent on exactly the same distribution dynamic.  We want pfSense distributed far and wide, but in an unmodified form from what we build, and without charge.

                                      That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed.  If you're interested, we're interested.

                                      Finally, I don't know who deleted that thread. I responded to the end of the thread asking the individual to take it down, but I didn't delete the thread.  Chris (cmb) tells me he didn't do it.  There are only a few others who could have.  To be perfectly frank, it was me who demanded that the -tools repo be taken down until we could find a solution.  I am trying for minimum impact on the community.

                                      @zootie:

                                      Option C might not be operational right now unless you have access to the pfsense-tools repository, or until it is brought back (with restrictions). I just wanted to write the instructions down so contributors can try and incorporate the modules into the build process in the future.

                                      The -tools repo will return just as soon as I can satisfy all parties with a solution.

                                      The reason it was withdrawn was because someone did the unthinkable:

                                      • they built something called "pfSense 2.2", which was not pfSense, nevermind 2.2

                                      • they released it, leaving all indicia intact

                                      • they announced it on the forum

                                      (EDIT: formatting, spelling and "I am.")

                                      1 Reply Last reply Reply Quote 0
                                      • P Offline
                                        peterclark4
                                        last edited by

                                        So what needs to happen for us to have an official pfSense build with Hyper-V support?

                                        The latest image that Zootie has provided has a greater stability than the official build under Hyper-V!

                                        I use it in a Hyper-V environment extensively. At first I had to use the "Legacy Network cards" and then install ShellCmd to bring each of the interfaces down and up again to work. This kind of worked but we have reduced throughput due to the "Legacy Network cards".

                                        Since these unofficial builds have been available the pfSense installs have been a lot more stable and have much better throughput.

                                        I understand that you are protecting your trademark and I think that pfSense is worth protecting.

                                        If you need to test an official pfSense build with Hyper-V support I'll be more than happy to test so that this can be released.

                                        Peter

                                        1 Reply Last reply Reply Quote 0
                                        • H Offline
                                          hmh
                                          last edited by

                                          @gonzopancho:

                                          ….
                                          The business of pfSense (the products and projects) is very much dependent on exactly the same distribution dynamic.  We want pfSense distributed far and wide, but in an unmodified form from what we build, and without charge.

                                          That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed.  If you're interested, we're interested.

                                          ….

                                          (EDIT: formatting, spelling and "I am.")

                                          Hi gonzopancho!

                                          Community need Hyper-V support!
                                          If pfSense team currently don't have time/resources to produce stable Hyper-V image, please!!!, build a testing image with zooties patches
                                          It's working except CARP!

                                          Many people want to use pfSense on Hyper-V, and use it today…
                                          Create offical thread pfSense on Hyper-V and you will get feedback from community
                                          Community will hunt down bugs in the pfSense software :)

                                          Thank you!

                                          P.S.
                                          Community, if you want to use pfSense on Hyper-V, please post your thoughts about it!

                                          1 Reply Last reply Reply Quote 0
                                          • H Offline
                                            hege
                                            last edited by

                                            @hmh:

                                            P.S.
                                            Community, if you want to use pfSense on Hyper-V, please post your thoughts about it!

                                            That's the beginning of the end of the pfSense community.

                                            @gonzopancho:

                                            That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed.  If you're interested, we're interested.

                                            More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.