Latest PFsense for hyper-V?

tisler

Thanks god I found this thread after struggling with pfSense 2.1.4 on hyper-v.

Downloaded the latest 64bit snapshot.
My environment.
Host

• Supermicro 5018A-TN4 (would rather go for 5018A-FTN4 because of front Ethernet ports)

• 8GB Ram

• 128GB Samsung Evo Pro SSD

• Windows Server 2012 R2

VM

• 1GB RAM

• 8GB fixed vhdx

• pfSense 2.2

• 3 network adapters (no legacy) for WAN, LAN and DMZ

After a successful test in the lab i struggled with the internet access afterwards until i realized that the clients had a wrong gateway configured. After setting pfSense to the same ip as the DSL router and reconfiguring the router it all worked.

My environment
DSL router -> pfSense WAN -> pfSense LAN -> main switch -> clients
172.16.1.1 -> 172.16.1.2 -> 192.168.1.1

DSL -> pfSense WAN -> pfSense DMZ -> openSuse VM
172.16.1.1 -> 172.16.1.2 -> 172.16.35.1 (static) -> 172.16.35.47 (dhcp)

Access to the internet from the DMZ is not yet working though. Don't know if it has to do with hyper-v or pfSense or the guest so (openSuse). openSuse reports a ip-address (dhcp) but can't browse anything. The DMZ port is configured as 172.16.35.1 (static, dhcp server). On hyper-v a switch is configured for the physical Ethernet port. There's no physical wire connected to the port because i "think" the traffic should be routed by pfSense directly from Wan to DMZ (my guess though). Duplicated the NAT rules from LAN to DMZ.
pfSense and openSuse share the same virtual DMZ network adapter.

Maybe someone has an idea what might be wrong with the DMZ interface?

15.08.2014 Edit
Solved the problem by adding an allow all outbound traffic (any) from DMZ. Will investigate later in order to just allow necessary traffic.

Cheers,
Thomas

KOM

Do you have a firewall rule allowing DMZ to access WAN?  Its not created by default.

tisler

Thats the resolution!! It works now. Allowed all outbound traffic though which is not how it should be.

Do you know by chance the minimum rule to add?

Thanks,
Tho as

KOM

There is no one-size-fits-all rule.  It depends on what type of servers or clients you have in there and what you want to limit them to.

tisler

For now just windows clients that need internet access.

KOM

"Internet access" is pretty much everything.  If you want to limit them to email and web, for example, then you would put rules in place to allow the standard ports for those applications, and block everything else.

rustydusty1717

Anyone give me a definitive answer on what version to run, 32bit of 64bit?

Currently this:
Host: Server 2008 R2
32GB RAM
i7 3770k overclocked
4 - 1TB in raid 10

VM:
pfsense 2.0.3 - 32bit
1 GB ram
1 Core

Runs alright, the cpu usage has never worked though and would love to upgrade. Lots of talk on this forum with special versions with the necessary drivers for hyper-v, etc. Also, any reason performance or stability wise to use the 64bit kernel on hyper-v over the 32bit?

Would just love some clarification as there's plenty of topics but none really state which is the best route to take.

Thanks

Edit:

Pre-flight a VM running the latest 2.2 snapshot, will post back with results when I switch everything over to it. So far without anything running through it, seems very quick and stable.

tisler

Hi Rusty

My setup of the pfSense 2.2 64bit snapshot works fine so far.
See details in my previous post.

Cheers,
Thomas

rustydusty1717

@tisler:

Hi Rusty

My setup of the pfSense 2.2 64bit snapshot works fine so far.
See details in my previous post.

Cheers,
Thomas

Which revision? Any weird bugs or stability issues so far? Are you using legacy network drivers?

Thanks!

tisler

2.2-ALPHA (amd64)
built on Wed Aug 06 14:28:19 CDT 2014

No issues besides the clock going backwards in the first few minutes after reboot. Not experiencing any side effect of this so far.
I'm using the standard network adapters.

Cheers,
Thomas

rustydusty1717

What kind of throughput are you seeing on network side? I've got 50Mb X 5Mb and can saturate most of the 50Mb download with my current 2.0.3 but having some weird bugs with it and not consistent. I will switch everything to the 2.2 tonight and see how things progress.

rustydusty1717

Flipped everything over, power cycled modem, WAN side won't come up.

Will try turning the interfaces down and up like on older versions to see if that fixes it. Might have to try legacy network drivers as well.  :-\

rustydusty1717

Apologies for all the posts.

Ended up still using legacy drivers as regular didn't work. Got it up and running and so far so good.

I would imagine the drivers didn't work due to my system. I posted the wrong specs of the host, but this is what it is:

Custom Desktop:
Motherboard:  ASUS M5A99X EVO R2.0
CPU: AMD FX-8350
Memory: 24GB G.skill  ripjaws
PSU: Seasonic 1000W

To get the host to connect I need to manually install the network drivers. Most likely reason why I still have to use legacy drivers.

lordstag

@rustydusty1717:

Apologies for all the posts.

Ended up still using legacy drivers as regular didn't work. Got it up and running and so far so good.

I would imagine the drivers didn't work due to my system. I posted the wrong specs of the host, but this is what it is:

Custom Desktop:
Motherboard:  ASUS M5A99X EVO R2.0
CPU: AMD FX-8350
Memory: 24GB G.skill  ripjaws
PSU: Seasonic 1000W

To get the host to connect I need to manually install the network drivers. Most likely reason why I still have to use legacy drivers.

I may be wrong here, but it's the Virtual Adapter driver that is in pfSense/FreeBSD. It should have almost nothing to do with the model of the physical adapter. That is up to Hyper-V to take care of.

As for 2.2 Hyper-V WAN performance I have a 100/10 line:

rustydusty1717

I tried with regular drivers, then rebuilt and used legacy and connected up instantly. Also tried the ifconfig up and down without luck.

tisler

You're Motherboard has a Realtek 8111F, 1 x Gigabit LAN Controller.
There are several posts that pfSense (actually its freeBSD) works best with Intel NICs. Thats why I ordered a Intel board.
The Realtek might be the cause for the network problem.

Cheers,
Thomas

rustydusty1717

I do have a seperate Dual Gigabit that I was going to add. It is however a rosewill network card if that helps at all.

reklaw

Hi guys and Tisler,

I was wondering how / where you download the 2.2 Alpha build (the one that Tisler mentioned previously) 
I have Intel NIC's and wanted to try it out on my 2012 R2 Hyper-V.

Also does anyone know if Squid module will work with 2.2 currently?

Thanks guys,

Bruce

rustydusty1717

http://snapshots.pfsense.org/

tisler

I have squirt and snort and lightsquirt installed.
The custom options in squirt do not work though. At least its not showing my custom html page.
Lightsquirt is not working at all. No reports.