Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hyper-V ICS 1.0 (w/Synthethic Network Driver) for pfSense 2.1 & 2.1.1

    Scheduled Pinned Locked Moved Virtualization
    193 Posts 41 Posters 145.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      dineshsharma
      last edited by

      When it comes to non-profits, Microsoft is very generous. And using something so wonderful like pfSense and using advanced hypervisor features like VM Replication, live export of running VM etc makes the life a lot easy. If I had budget to buy VMWare licenses then we could have also bought a commercial firewall like Sonicwall/Cyberoam etc.

      If the idea is to reach far and wide, then Hyper-V is not something that should be ignored.

      1 Reply Last reply Reply Quote 0
      • P Offline
        peterclark4
        last edited by

        @zootie:

        Indeed, it is the most read by far, nearly 4x views than the most viewed sticky thread (I don't know why it never got made into a sticky, maybe because it was too confusing - partly why I started this one, so it could be made into a sticky). Looking on other forums, there is only a handful of threads that have more views (many of them older).

        So far, the kernel modules seem to work fine with 2.1.1. Unless there are big source changes coming in 2.1.1, it should be possible to include Hyper-V support in the build process for 2.1.1 (so we can begin testing with snapshopts). How can we help to get this in the official development, build, and distribution process?

        Is it possible for the pfSense team (or should I say ESF?) to implement this into 2.1.1???

        Even if it means that we have to enable it in the Advanced settings or modify some System Tunables or something.

        Peter

        1 Reply Last reply Reply Quote 0
        • P Offline
          peterclark4
          last edited by

          Also, please see here for many requests from the community for Hyper-V support:

          https://blog.pfsense.org/?p=705#comments

          Please, please, please can we have official Hyper-V support!

          Peter

          1 Reply Last reply Reply Quote 0
          • ? This user is from outside of this forum
            Guest
            last edited by

            @peterclark4:

            So what needs to happen for us to have an official pfSense build with Hyper-V support?

            I thought I already outlined that.  I'm willing to make it happen, but I'm going to need some help (perhaps from zootie),
            and it will (of necessity) need to be buildable from source.  Once that happens, we can produce an official 'snapshot' for
            people (like you) to test, as well as setup for the test harness at work.

            @peterclark4:

            I understand that you are protecting your trademark and I think that pfSense is worth protecting.

            Thank you.

            @peterclark4:

            If you need to test an official pfSense build with Hyper-V support I'll be more than happy to test so that this can be released.

            Thank you.

            1 Reply Last reply Reply Quote 0
            • ? This user is from outside of this forum
              Guest
              last edited by

              @hege:

              That's the beginning of the end of the pfSense community.

              I'm unsure if you're speaking about the call for discussion, or if you're commenting.

              If you're commenting, all I can really say is,  "death of pfSense predicted, film at 11".
              (http://en.wikipedia.org/wiki/Film_at_11)

              @hege:

              More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests.

              It's not other interests, it's "higher priorities".  But I already made a very public commitment.

              1 Reply Last reply Reply Quote 0
              • ? This user is from outside of this forum
                Guest
                last edited by

                @dineshsharma:

                When it comes to non-profits, Microsoft is very generous. And using something so wonderful like pfSense and using advanced hypervisor features like VM Replication, live export of running VM etc makes the life a lot easy. If I had budget to buy VMWare licenses then we could have also bought a commercial firewall like Sonicwall/Cyberoam etc.

                If the idea is to reach far and wide, then Hyper-V is not something that should be ignored.

                A Microsoft Hyper-V PM was in-touch back in November, wanting pfSense officially supported on Hyper-V.
                He estimated then that it would be at least 8 man-weeks of effort to get to a tested version.

                Neither pfSense, nor the companies behind it, are "non-profit".  Don't confuse "open source" with "non-profit".  Nobody will work without a salary for long, and there are bandwidth, hosting fees, insurance, rent, power bills, etc. to deal with.

                Microsoft offered ZERO help.  Even though there was a Microsoft engineer in-touch about the same time who had completed similar work.  Microsoft wouldn't allow his patches to be used, for fear of 'taint'.

                Your "if I had budget to buy VMware, I wouldn't use pfSense" bothers me.  Do you understand how hostile that sounds over here?

                Is the only reason that you use pfSense because we don't charge for it?

                1 Reply Last reply Reply Quote 0
                • ? This user is from outside of this forum
                  Guest
                  last edited by

                  @peterclark4:

                  Also, please see here for many requests from the community for Hyper-V support:

                  https://blog.pfsense.org/?p=705#comments

                  Please, please, please can we have official Hyper-V support!

                  Peter

                  Yes, if the community will assist.

                  1 Reply Last reply Reply Quote 0
                  • ? This user is from outside of this forum
                    Guest
                    last edited by

                    @peterclark4:

                    Is it possible for the pfSense team (or should I say ESF?) to implement this into 2.1.1???

                    Even if it means that we have to enable it in the Advanced settings or modify some System Tunables or something.

                    Peter

                    It probably won't make the 2.1.1 release train, but I think a test version based on 2.1.1 could be made available.
                    Then we could move to the 2.2 train for Hyper-V support (which eliminates the back port.)

                    1 Reply Last reply Reply Quote 0
                    • P Offline
                      peterclark4
                      last edited by

                      @gonzopancho:

                      @peterclark4:

                      So what needs to happen for us to have an official pfSense build with Hyper-V support?

                      I thought I already outlined that.  I'm willing to make it happen, but I'm going to need some help (perhaps from zootie),
                      and it will (of necessity) need to be buildable from source.  Once that happens, we can produce an official 'snapshot' for
                      people (like you) to test, as well as setup for the test harness at work.

                      @peterclark4:

                      I understand that you are protecting your trademark and I think that pfSense is worth protecting.

                      Thank you.

                      @peterclark4:

                      If you need to test an official pfSense build with Hyper-V support I'll be more than happy to test so that this can be released.

                      Thank you.

                      Many thanks for replying, it's much appreciated, it's great to finally have a an acknowledgment and a response from the pfSense team!

                      Hopefully zootie will be more than happy to help out. He has spent considerable time already in supporting the Hyper-V part of the pfSense community.

                      I look forward to having an official build to play with in the future!

                      Peter

                      1 Reply Last reply Reply Quote 0
                      • ? This user is from outside of this forum
                        Guest
                        last edited by

                        @doktornotor:

                        zootie, you'd better remove your VHDs before you receive "the most polite letter possible via the law firm". You know, you can only provide "genuine pfSense**®** software". Not kidding ya.  ::)

                        BTW, your Option C is useless due to actions taken by the pfSense guys, which they apparently wish to continue. You know, they think noone should have access to the build tools repo, unless it's "subject to certain contractual obligations". Otherwise you're gonna get accused exactly like the poor guy who built an early v2.2 image and posted that on the forum. And you'll become a horrible offender who "built something that clearly was not “pfSense”, named it “pfSense 2.2”, violating our registered trademark, and then announced on the pfSense forum with an adulterated logo."

                        This project has become a pile of legal BS.  >:( >:( >:(

                        I'm sorry you feel that way.  Perhaps you would like to explain your viewpoint more.

                        1 Reply Last reply Reply Quote 0
                        • ? This user is from outside of this forum
                          Guest
                          last edited by

                          I have edited the original post to remove the links.

                          1 Reply Last reply Reply Quote 0
                          • K Offline
                            key4ce
                            last edited by

                            Outch.

                            Even threatning with legal action to something what i see as a major contribution (helping pfsense work on a hypervisor).
                            We where about to release a fully working pfsense with Citrix Xenserver 6.2 for the community.

                            but i guess we will keep that build to our selfs after reading this.

                            For the admins in question: i would really wonder if thats a right way of handling things if you say you depend on the community yet shoot it down when they do actually contribute :-)

                            Regards,
                            Marco

                            1 Reply Last reply Reply Quote 0
                            • Z Offline
                              zootie
                              last edited by

                              @key4ce:

                              Outch.

                              Even threatning with legal action to something what i see as a major contribution (helping pfsense work on a hypervisor).
                              We where about to release a fully working pfsense with Citrix Xenserver 6.2 for the community.

                              but i guess we will keep that build to our selfs after reading this.

                              For the admins in question: i would really wonder if thats a right way of handling things if you say you depend on the community yet shoot it down when they do actually contribute :-)

                              Regards,
                              Marco

                              Try and stay positive, and try and find a way to keep contributing. We might be able to find common ground.

                              Sometimes, I'm somewhat reticent to keep contributing. I don't like that 2.2 might be having a community edition separate from a more formal (and functional) commercial edition: in my experience, the community edition ends up purposely crippled with only minor features to drive customers to the commercial edition. Then again, I might be misinformed (remember vaguely reading about the possibility of the split, can't remember if it was an official source, and even that might change) and maybe there are no plans on such a split, or even if it splits, the community edition might keep thriving and benefit from a more formal commercial endeavor that can channel more resources to improving the product. It is far too early to tell and the pfSense team deserves the benefit of the doubt.

                              In the end, I've benefited from past work from the pfSense and monowall community, and I intend to keep helping if I can find a way to do it.

                              If your modifications were based on the build process, we might be able to figure out how to integrate your changes (same way we're trying with the hyperv drivers).

                              1 Reply Last reply Reply Quote 0
                              • Z Offline
                                zootie
                                last edited by

                                @gonzopancho:

                                I thought I already outlined that.  I'm willing to make it happen, but I'm going to need some help (perhaps from zootie),
                                and it will (of necessity) need to be buildable from source.  Once that happens, we can produce an official 'snapshot' for
                                people (like you) to test, as well as setup for the test harness at work.

                                @peterclark4:

                                Many thanks for replying, it's much appreciated, it's great to finally have a an acknowledgment and a response from the pfSense team!

                                Hopefully zootie will be more than happy to help out.

                                Yes, I'd be happy to help. In Option C, the drivers were compiled from lightly modified hyperv for FreeBSD 8.3 port source (the only modifications were to Makefiles to get the patch to apply, but we can probably forgo these changes by creating a patch that only applies to sys/modules/hyperv - something I didn't know when I started, hence the more inclusive patch). The source compiles using pfSense-tools and get the ko modules included on the ISO (they're included with the other kernel modules). However, I just need some help to get the drivers installed/used by the installation process.

                                I can try to keep digging, figuring out pfsense-tools by trial an error (since I haven't found any documentation on the tools other than inline comments). However, I'd only be struggling to figure out info that someone more familiar with the build process already knows (saving me hours of running in circles). Maybe someone that worked to integrate the virtio drivers? Or someone that would know how to instruct the installer/builder to modify /boot/loader.conf (if that is the best way to do this, maybe there is a way to have the installer only make the modification only when Hyper-V is detected).

                                gonzopancho, can you put me in touch with someone more knowledgeable on the tools? I'll probably need access to the tools repo (as instructed in the development list, I emailed a week ago with an SSH key to gain access, didn't hear back).

                                Thank you

                                1 Reply Last reply Reply Quote 0
                                • K Offline
                                  key4ce
                                  last edited by

                                  hmm,

                                  Well difficult to stay positive on this aspect :-)
                                  we where actually planning on fixing up the CARP issue with hyper-v and your iso but few months later and it's no longer there.

                                  (so now it seems we are going to build it from scratch like we did with XenServer).

                                  Actually it's funny you mention the commercial edition rumors, as thats the feeling i had when reading about what happened with hyper-v + pfsense (and why we are now looking for more real community driven firewalls).

                                  vyatta did that too.. even gone as far as removing the web gui from community.. now bought by another company and no more updates since 2012.

                                  There's only very few who survive going from opensource to commercial with maybe a community branch, most just die out :-)

                                  As far as how it's developped: we pretty much used freebsd 10 kernel as a roadmap so it's not easy to deploy on a existing pfsense (we do have a neat pre-build iso which also fixes even the xen guest boot and reboot issues, or the delayed press i to install where xen console tends to not refresh properly so we auto install :P)

                                  1 Reply Last reply Reply Quote 0
                                  • D Offline
                                    doktornotor Banned
                                    last edited by

                                    @gonzopancho:

                                    I'm sorry you feel that way.  Perhaps you would like to explain your viewpoint more.

                                    Uhm… explain what? Already posted my thoughts here and on another related threads, pretty clearly. Instead of providing people with a build tools switch to build unbranded code stripped of your trademarks, you nuke the repo access and red-tape an open-source project with tons of legal BS. Sigh.

                                    1 Reply Last reply Reply Quote 0
                                    • B Offline
                                      bryan.paradis
                                      last edited by

                                      The perversion of the project brought on by one person building and distributing, which was taken down after a request I think is far worse. Now we have an opensource project that isn't buildable?

                                      Is the solution going to be to have an internal branded buildtoolset and a unbranded copy of that on public git?

                                      1 Reply Last reply Reply Quote 0
                                      • D Offline
                                        doktornotor Banned
                                        last edited by

                                        @bryan.paradis:

                                        The perversion of the project brought on by one person building and distributing, which was taken down after a request I think is far worse.

                                        Knee-jerk reaction, borderline paranoia.

                                        @bryan.paradis:

                                        Now we have an opensource project that isn't buildable?

                                        Which - for me - is a complete and utter fail of the BSD license…

                                        1 Reply Last reply Reply Quote 0
                                        • ? This user is from outside of this forum
                                          Guest
                                          last edited by

                                          @zootie:

                                          Yes, I'd be happy to help. In Option C, the drivers were compiled from lightly modified hyperv for FreeBSD 8.3 port source (the only modifications were to Makefiles to get the patch to apply, but we can probably forgo these changes by creating a patch that only applies to sys/modules/hyperv - something I didn't know when I started, hence the more inclusive patch). The source compiles using pfSense-tools and get the ko modules included on the ISO (they're included with the other kernel modules). However, I just need some help to get the drivers installed/used by the installation process.

                                          I can try to keep digging, figuring out pfsense-tools by trial an error (since I haven't found any documentation on the tools other than inline comments). However, I'd only be struggling to figure out info that someone more familiar with the build process already knows (saving me hours of running in circles). Maybe someone that worked to integrate the virtio drivers? Or someone that would know how to instruct the installer/builder to modify /boot/loader.conf (if that is the best way to do this, maybe there is a way to have the installer only make the modification only when Hyper-V is detected).

                                          gonzopancho, can you put me in touch with someone more knowledgeable on the tools? I'll probably need access to the tools repo (as instructed in the development list, I emailed a week ago with an SSH key to gain access, didn't hear back).

                                          Thank you

                                          I'm certain that I have access to pfsense-tools.  Several people I work with do, too.  (This is because CMB and I own ESF.)
                                          The larger issue is 'testing', and setup of a Hyper-V environment to do so.

                                          1 Reply Last reply Reply Quote 0
                                          • ? This user is from outside of this forum
                                            Guest
                                            last edited by

                                            @doktornotor:

                                            @bryan.paradis:

                                            The perversion of the project brought on by one person building and distributing, which was taken down after a request I think is far worse.

                                            Knee-jerk reaction, borderline paranoia.

                                            @bryan.paradis:

                                            Now we have an opensource project that isn't buildable?

                                            Which - for me - is a complete and utter fail of the BSD license…

                                            You apparently are unfamiliar with trademark law.  I tried to explain, but you seem to not be listening.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.