MS2012r2 Hyper-V, Pfsense and RDP crash

skylamon

So, i stumbled on this problem today :
Static IP from ISP > Windows Server 2012 r2 Hyper-V> PfSense > The Network
If i remote desktop into the 2012r2 Server via external IP, the Pfsense instantly loses WAN connection and only reboot helps is restore.
If i remote desktop into the 2012r2 Server via internal IP, the PFsense keeps its WAN connection and network works as normal.

How to solve this puzzle, cause at the moment i've fixed it via setting up a extra PC inside the network and made port-forward to it, just that i could login out of the work place to check up on things.

KOM

Anything in the System log after WAN drops?  Post screens of your NAT rules, firewall rules and interface details with any public IP details obscured.

skylamon

Thanks for replying. Here are the pictures.

System Log :
http://i.imgur.com/swq2vUi.png

Nat Rules
http://i.imgur.com/Cla40HU.png

Firewall Rules
http://i.imgur.com/Kx6ukCY.png

Interface settings
http://i.imgur.com/18Bhjx5.png

And the main page when WAN goes down
http://i.imgur.com/dLHuYYE.png

KOM

You can use the Attachments and other options to add images inline without having to link to an external source.

Your System log snippet only shows me about 45 second of time.  Did the problem show itself during that specific interval?  Some other device (a Dell unit based on the first 3 bytes of the MAC address) seems to be stealing your IP address.

skylamon

Yea that 45 second timeline is when i login to the server 2012 r2 via Remote desktop. First 2-3 seconds it works, then it shows Connection time out. Waits another 3 second and then restores. After  RDP restores the WAN in pfsense goes "Offline" and all connections drop from it.
The MAC address is the Host machine of the Server 2012 r2. Dell PowerEdge R220.
Edit: So basiclly what i understand now is that, it steals the IP from it self?
Edit2: So, figured as the ISP gave us 5 public IP's to use. I set the 1st ip to the Server 2012 r2. And the 2nd public ip to Pfsense.
And at the moment, it seems its stable.

KOM

I'm a VMware guy, not a Hyper-V guy, but you aren't supposed to give your physical host your public IP address.  Your Dell box should only have a LAN IP address, and your pfSense VM's WAN NIC takes the public IP address.  For example, say you have 2 NICs in your physical host.  One goes to your cable modem or whatever, the other goes to your LAN switch.  You create a virtual switch in Hyper-V and link it to the NIC connected to your modem.  Create another virtual switch and connect it to your LAN NIC.  You then create your pfSense VM and attach its WAN NIC to the public switch and its LAN NIC to the private switch.

Here is a page that specifically deals wit VMware ESXi, but the concepts should translate to Hyper-V:

https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5

Mats

@KOM:

I'm a VMware guy, not a Hyper-V guy, but you aren't supposed to give your physical host your public IP address.  Your Dell box should only have a LAN IP address, and your pfSense VM's WAN NIC takes the public IP address.  For example, say you have 2 NICs in your physical host.  One goes to your cable modem or whatever, the other goes to your LAN switch.  You create a virtual switch in Hyper-V and link it to the NIC connected to your modem.  Create another virtual switch and connect it to your LAN NIC.  You then create your pfSense VM and attach its WAN NIC to the public switch and its LAN NIC to the private switch.

Here is a page that specifically deals wit VMware ESXi, but the concepts should translate to Hyper-V:

https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5

It works the same way on Hyper-V

The "outside" inteface should only be connected to the PFsense system. Not the physical host

KOM

It works the same way on Hyper-V

Thanks for the confirmation.  I have played around with Hyper-V but I wasn't confident enough to say for sure.

SkinnerVic

As a note of caution, make sure that in the Virtual Switch Manager for the Internet (WAN) connected NIC that you do NOT check the "Allow management operating system to share this network adapter".  This could also be part of the issue too in that it's not making it "in" to Pfsense because the host has an IP address and connectivity on that VirSwitch.