Hyper-V ICS 1.0 (w/Synthethic Network Driver) for pfSense 2.1 & 2.1.1
-
hi cmb
thanks for your comments!
as we need an official version (no BETA), are you able to give any thoughts about timelines? when will there be a first official release? end of Q3? end of this year?thanks, felix
-
As always, it'll be released when it's ready.
-
@cmb:
I've heard from several people who had no luck with 2.1.x versions that 2.2 is working fine for them in HyperV. There is also more we'll be doing there to get all the integration components working nicely.
Virtualization is among our most common usage scenarios. We spend a good deal of time ensuring such environments work well. For Hyper-V, that wasn't practical before Microsoft worked with NetApp, Citrix and others on FreeBSD support in Hyper-V. That started in 2012, and wasn't included until FreeBSD 10 (released this year).
It's not that we "don't give a damn about hyper-v", it's that Microsoft waited a long time before they gave a damn about FreeBSD.
VMware has always supported FreeBSD, and we've been widely used in VMware from day one. Now that Microsoft has caught up (over a decade later), we'll get to Hyper-V as well.
My apologies, I was far too rash and unfair, my impatience lead to frustration and venting. Pfsense did install and with some coaxing I did get it to run; the stability issues where probably due to it being an alpha build. I am sad to see a working revision of 2.1 be pulled from circulation when you could just as easily endorsed it as your own, I'm sure its originator would have donated it freely. Doing so would have satisfied trademark concerns.
-
@cmb:
It's not that we "don't give a damn about hyper-v", it's that Microsoft waited a long time before they gave a damn about FreeBSD.
VMware has always supported FreeBSD, and we've been widely used in VMware from day one. Now that Microsoft has caught up (over a decade later), we'll get to Hyper-V as well.
I think there are reasons on both sides. Microsoft concentrated on Windows (of course), then for the "exotic" systems integrated Linux and only then BSD. Now it's a very fast growing hypervisor, being integrated in all Windows versions, so for a Virtual-aware project it just can't be ignored.
I think there are at least two levels of support:- just wait for FreeBSD project progress
- spend time and money and prepare some modules that will integrate on boot in the current version.
I vote for the second one :), once created the first setup like in my tutorial, it should be easy to auto-configure it in pfSense.
-
@cmb:
I've heard from several people who had no luck with 2.1.x versions that 2.2 is working fine for them in HyperV. There is also more we'll be doing there to get all the integration components working nicely.
Virtualization is among our most common usage scenarios. We spend a good deal of time ensuring such environments work well. For Hyper-V, that wasn't practical before Microsoft worked with NetApp, Citrix and others on FreeBSD support in Hyper-V. That started in 2012, and wasn't included until FreeBSD 10 (released this year).
It's not that we "don't give a damn about hyper-v", it's that Microsoft waited a long time before they gave a damn about FreeBSD.
VMware has always supported FreeBSD, and we've been widely used in VMware from day one. Now that Microsoft has caught up (over a decade later), we'll get to Hyper-V as well.
My apologies, I was far too rash and unfair, my impatience lead to frustration and venting. Pfsense did install and with some coaxing I did get it to run; the stability issues where probably due to it being an alpha build. I am sad to see a working revision of 2.1 be pulled from circulation when you could just as easily endorsed it as your own, I'm sure its originator would have donated it freely. Doing so would have satisfied trademark concerns.
I've been running pfsense (2.1.1 -> 2.1.2 -> 2.1.3) on Hyper-V Server 2012 R2 with zootie's drivers and instructions since last April and the stability has been good. There are some annoyances like RRD graphs stalling out but since this is technically bleeding edge I'm not surprised at minor issues.
-
With hearing about 2.2 including multiple DHCP servers via VLANS from the same physical interface, I am seriously looking forward to this, especially if it works with hyper-v
-
I got pfSense up and running on Hyper-V 2012 R2 with the legacy Network adapter.
Where can I find proper hyper-v drivers for pfSense so I can use the default Network Adapter?Thanks for your help,
Newbie Thomas -
Changed to pfSense 2.2.
Details here: https://forum.pfsense.org/index.php?topic=75549.0 -
Not to drag up on a old topic but:
we got PFsense 100% working on Xen and Hyper-v
with all hyper-v drivers, fully working Carp, multi-subnetting, etc.We notified Jim this week and awaiting his reply on arrangements to publish this as a PFSense build.
Regards,
Marco -
unless we build it, it's not going to be called "pfSense".
You've not offered the patches.
In any case, the strategy here is 2.2 with native support for Hyper-V
-
Well,
We send you an email about making arrangements to publish it (i do believe Angelo is awaiting reply).
As far as native Hyper-V support: it's not just about the drivers of hyper-v that is easy.
Carp however needs ALOT of changes to make it 100% functional with virtualized environments.We have made it all work 100% (and our own systems been running live on it without a hitch for a while now).
As far as the PFSense name and publishing: you don't need to repeat that, but as i said before: easy to fork and rename (also supported by your agreement).
Though preferred method (for everyone) would be publishing arrangements with PFSense which is why Angelo is waiting for a reply by mail.
Regards,
Marco -
As far as the PFSense name and publishing: you don't need to repeat that, but as i said before: easy to fork and rename (also supported by your agreement).
Why do people always assume that I (of all people) don't understand this?
Though preferred method (for everyone) would be publishing arrangements with PFSense which is why Angelo is waiting for a reply by mail.
I agree, but "publishing arrangements" sounds like you want to get paid. Why not just issue pull requests?
-
Paid?
nop, some recognition for over 8 months of development bug testing and RC testing –> Ofcourse.Though you can say recognition is a form of payment (it is for us anyways).
Angelo did make several bug fixes (without recognition) to PFsense so far.I do assume it's easy to come to terms together and get a fully functional (even with some unique functions ur current pfsense doesn't got) Virtualized PFSense on Xen/Hyper-v/ Vmware is worth some recognition, if you don't then you don't thats up to you :-)
-
Paid?
nop, some recognition for over 8 months of development bug testing and RC testing –> Ofcourse.please describe this "recognition" you seek.
Though you can say recognition is a form of payment (it is for us anyways).
Angelo did make several bug fixes (without recognition) to PFsense so far.many people do as well.
I do assume it's easy to come to terms together and get a fully functional (even with some unique functions ur current pfsense doesn't got) Virtualized PFSense on Xen/Hyper-v/ Vmware is worth some recognition, if you don't then you don't thats up to you :-)
please describe these unique functions.
My largest concern is adopting all of this into the tree given the full focus on 2.2 inside the organization. While we're maintaining the 2.1 series, we tend to only perform releases on this path for security issues.
-
This should already have been described by Angelo by email i believe.
And i know many people contribute (i just meant so did we so far).
Unique features would be for example multi subnet gateways in carp that can still talk to each other (originally their isolated @ pfsense).
We had a need for that due to /24 range being too small for our servers yet /16 isn't recommended to use in production.
That was pretty much how we solved it.I'm not sure on what source Angelo based it but it's currently running on Freebsd v10 package platform states 2.2 Beta but i'm not sure if thats accurate.
I do assume it can be merged with your current developments.
Though as i said before i would recommend making a "special edition" for virtualization to keep everything optimized. -
I've responded to Angelo's email of 28 Aug, (the same day we were releasing 2.1.5, so we were a bit "busy" as I'm sure you understand.
Monday was a holiday in the US.
Let's continue the conversation via email.
Best,
Jim
-
I have to agree with the pfsense team here.
If you don't want to send the code to the pfsense team so they can add it to 2.2+, then why should you have a custom release and call it pfsense. If the agreement says you can fork it over as something else, then do that.
I can now see why the dev team took control of the pfsense releases. If others want to release their own versions which are not supported, then don't call it pfsense. I expect some level of testing from the pfsense name, and this way we are not even sure what's in the code if you are not willing to release it.
The option could have been to request a bounty and if enough money was generated, you could release the code to the dev team. (if that was the goal).
I wasat first was all about the hyper-v support and the separate builds. But I can see where it could be headed if it was not controlled.Now if gonzopancho would keep this calm composure in all the other threads as well, there might end up being some peace. :)
-
I'm tryin', tester_02, I'm tryin', real hard. ("Pulp Fiction" reference: http://youtube.com/watch?v=vMN5uQhF-Ro)
Marco and I danced for a bit. Then he explained that he wasn't bound by the CLA or license, because he hadn't signed them, Angelo did.
This is part of the reason the license is non-transferable.
In addition, Marco wanted a restriction that we not be able to "sell" pfsense.
Now, we don't "sell" pfsense, we sell hardware with pfsense pre-loaded, support services, and professional services. (And Gold, which provides access to the book, hangouts, ACB, etc.)
So "no problem", right?
Nope.
Any such restriction wouldn't be free software or open source.
Check it:
Taking the GPL as the most restrictive open source / free software license:
http://www.gnu.org/licenses/gpl-faq.html#DoesTheGPLAllowMoney
Does the GPL allow me to sell copies of the program for money?(#DoesTheGPLAllowMoney)
"Yes, the GPL allows everyone to do this. The right to sell copies is part of the definition of free software. Except in one special situation, there is no limit on what price you can charge. (The one exception is the required written offer to provide source code that must accompany binary-only release.)"Now let's look at the Open Source Definition: http://opensource.org/os
You won't have to read beyond the first paragraph:
"1. Free Redistribution
The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale."Read it. What Marco proposed is not open source, nor is it free software. As such, we will never accept such conditions. If I turned down VMware's deal (and I did, even though they wanted to pay us, (key4ce offered nothing other than code with restrictions)), why wouldn't I turn down Key4ce?
Because there is NO open source or free software license that asserts control over the sale of the resultant work.
Marco attempted to counter with statements such as:
Yes everything we make and release always been opensource and for free. but none of them ever given the right to anyone to sell, and we keep it that way :-)
But given the above, no such restriction is possible. (And imagine the result if we said the same about pfsense.). If it can't be sold, it's not open source. And not open source means it's not going in pfsense.
Marco countered with this as a license that doesn't allow selling:
http://creativecommons.org/licenses/by-sa/4.0/Which is a human-readable summary of: http://creativecommons.org/licenses/by-sa/4.0/legalcode
But even the simple form is clear about "no commercial restrictions".
Moreover:
– we can't control what others do.
-- I'm not managing a plethora of licenses that have unique restrictions in the tree.
My apologies to the community, for their inconvenience, but I'm not willing to sacrifice the code base for Key4ce's business model.
-
Funny how you suddenly took this public.
You forgot to mention you suspended our contributors license but never told us the reason.
The license we want is 100% opensource without the rights to sell.license example i gave you was: http://creativecommons.org/licenses/by-sa/4.0/
As you can see it's 100% freeware AND demands anyone using our code to keep it freeware (same license).
Aparently too hard for jim to swallow.
However not to waste time we are confident to publish virtualpf.com within 7 to 14 days
fully compatible with Vmware, Hyper-V and Xen. (with automatic driver install).also works on KVM etc (but they do not require special drivers).
the license we will publish it under will be opensource, free for everyone BUT requires everyone to publish it under the same license.
Preventing people from selling it.Jim, Don't try and make this whole thing personal, we aren't planning on publicly discrasing what you said and did to us neither.
however if you want a public "battle" you have still failed the reason on revoking our contributors agreement while all we did was talk (and so far no actions or publications have been made).You can soon put your eyes on our new site, and the license we publish everything under, and try and find any flaw as you can (we expect that from you).
Safe to say we never once violated your terms, licenses and agreements and tried to publish it all under PFSense under your rules.We just don't allow people to Sell things thats meant for free :-)
PS: Your hardware argument fails from the start –> their not virtualized, and you sell the hardware not the software on it but you know this already --> i even said this in your first reply on not allowing to sell (then you never brought it up again).
Regards,
Marco -
Funny how you suddenly took this public.
it was public before. I was informing the other interested parties that an agreement could not be reached, and why.
You forgot to mention you suspended our contributors license but never told us the reason.
The license we want is 100% opensource without the rights to sell.I didn't suspend your CLA, I provided notice that, if you had a license (and it's not clear that you ever did), your license to the pfSense codebase (upon which access to the pfsense-tools repository is conditional) is revoked.
Quoting https://www.pfsense.org/ESF_License_Agreement_v1.0.pdf:
"You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of a recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work."
You've breeched the agreement in at least these terms. I've even offered that there is a way for you to cure the breech, and you can get "back in the club", as it were.
license example i gave you was: http://creativecommons.org/licenses/by-sa/4.0/
and it says, right at the top of the page: "This is a human-readable summary of (and not a substitute for) the license."
where the words "this license" are a link to http://creativecommons.org/licenses/by-sa/4.0/legalcode, which is what I pointed to.As you can see it's 100% freeware AND demands anyone using our code to keep it freeware (same license).
Aparently too hard for jim to swallow.
Apparently, you've not read the very page to which you point. Allow me to quote in-part:
–-
You are free to:
Share — copy and redistribute the material in any medium or format
Adapt — remix, transform, and build upon the material for any purpose, even commercially.
–
(emphasis mine)However not to waste time we are confident to publish virtualpf.com within 7 to 14 days
fully compatible with Vmware, Hyper-V and Xen. (with automatic driver install).also works on KVM etc (but they do not require special drivers).
the license we will publish it under will be opensource, free for everyone BUT requires everyone to publish it under the same license. Preventing people from selling it.
I've shown why this is compliant with neither the Open Source Definition, nor the definition of Free Software. I've pointed out above that you are not free to re-license pfSense to your own ends.
And again, forking is explicitly allowed. The fact that you've created a fork isn't a problem. The fact that you're prepared to distribute your fork outside the bounds of the pfSense license is a problem. A very big problem.
Despite all of my detractors, the license for pfSense is designed to keep pfSense Free and Open Source. Forever. It's not perfect, and goodness knows that I'm not in-favor of what I had to do last March/April. I've been thinking a lot over the past 6 months on ways to restore the situation without leaving pfSense open to hostile actions such as what you've proposed. This is not the place to have the discussions around that topic, but it is, again, something that I've thought a lot about.
Jim, Don't try and make this whole thing personal, we aren't planning on publicly discrasing what you said and did to us neither.
however if you want a public "battle" you have still failed the reason on revoking our contributors agreement while all we did was talk (and so far no actions or publications have been made).You can soon put your eyes on our new site, and the license we publish everything under, and try and find any flaw as you can (we expect that from you). Safe to say we never once violated your terms, licenses and agreements and tried to publish it all under PFSense under your rules.
We just don't allow people to Sell things thats meant for free :-)
PS: Your hardware argument fails from the start –> their not virtualized, and you sell the hardware not the software on it but you know this already --> i even said this in your first reply on not allowing to sell (then you never brought it up again).
Regards,
MarcoI find it both interesting and sad that:
You're the one who wants to put pfSense under a license that is neither an open source, nor free software license, and your license is holy and good, but the license to the code upon which you based the work is worthless, and you're more than ready to cast it aside.
That your work is above the work of hundreds of contributors to the pfSense project over the past decade.
And that this is exactly the type of situation that caused me to put the pfSense-tools repo behind a license agreement.
Marco, you are the first, (and only) party to have been noticed that your license is revoked.
Again, this begs the question that you ever had a license to the work, since you claim that you never signed the agreement, that Angelo did, and that you're the only one who can sign for your company. Nice footwork, but it's not going to fly. Since the license is non-sublicenable and non-transferable, you couldn't have a license to the work to begin with. If you do, somehow, you've breeched the agreement, and your license has been revoked. In either case, you don't have a license to the work.
You've been noticed that you are in breech and your license to pfSense is revoked.
You've been offered a way to cure the breech that is no different than what you should have done to begin with.
Anyone can sell pfSense. We've said this almost from the very start a decade ago. What's not going to happen is that you make a private fork of pfSense with new restrictions. Again, I said, "No" to VMware on this very subject, and they offered money. I said "No", and I'm telling you the same thing.