Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    First Attempt at pfSense on ESXi = FAILED

    Scheduled Pinned Locked Moved
    Virtualization
    1
    1
    484
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      OzTechGeek
      last edited by

      Hi All,

      I currently use a Ubiquiti EdgeRouter + Untangle (Transparent Bridge mode) with an AT&T NETGEAR LB1120 LTE Modem for my hme internet, works great.

      I decided i wanted to try out pfSense on ESXi as a possible replacement for my EdgeRouter and then do a pfSense + Untangle (Transparent Bridge mode) configuration like I currently have, but virtualized.

      I also have another AT&T NETGEAR MR1100 Nighthawk M1 Mobile Router that I was going to use to setup and test WAN Load Balancing on the EdgeRouter, but decided to use it to test a pfSense on ESXi configuration first.

      So I followed the “Virtualizing pfSense with VMware vSphere / ESXi“ Netgate documentation and created two vSwitches (vSwitch-WAN and vSwitch-LAN) each going to a dedicated NIC with no other connections (vmnic0=WAN and vmnic1=LAN) my other VM’s and Management Network are on different physical NICs. I also set both vSwitch-WAN and vSwitch-LAN with “Promiscuous mode”, “MAC address changes” and “Forged transmits” to “Accept”.

      I created a VM based on “FreeBSD 11 (64-bit)” and added two NICs using “VMXNET 3” and assigned vSwitch-WAN to NIC 1 and vSwitch-LAN to NIC 2, I then connected the NETGEAR MR1100 Nighthawk M1 Mobile Router (which is in pass-through/bridge mode) to vSwitch-WAN (vmnix0) and started the pfSense install process.

      The install process was smooth on pretty straight forward, on first boot I changed the LAN IP address via console to my
      local network 192.168.254.250. This allowed me to connect via the web GUI and run the setup wizard, after the setup wizard completed I rebooted for good measure.

      And this is where the problems/issues I have been struggling with for the past 5 days began.

      I could not get a WAN connection to the internet from the pfSense VM to work, the “check for Updates” and “Retrieving support information” and even ping via GUI to 8.8.8.8 would fail. After days of googling and testing I finally found a post that said put “supersede subnet-mask 255.255.255.0” in the “Option modifiers” for the WAN connection since the IP address received via DHCP on the WAN side from AT&T was a /32 one (10.72.89.113/32 to be exact from pfSense console), did a reboot and still no go. I then noticed the “Block private networks and loopback addresses” and “”Block bogon networks” option were checked in the WAN interface configuration and since AT&T is giving me a non-routable private address this seems like the problem. After making the change and rebooting for good measure I noticed Gateway Monitor now was “online” and I could now ping the Gateway IP Address “10.72.89.1”. I thought great problem solved. But still no go update check and ping to 8.8.8.8 still failed.

      After hours/days of testing/reading/googling and still getting no where I decided to take a step back and make sure the vSwitch + NETGEAR MR1100 connection/configuration was correct. To test this I shutdown pfSense and created a new VM for Untangle and connected it to the exact same vSwitch and NICs that pfSense uses. I performed the installation of Untangle on the VM, ran the initial setup wizard and reboot, and BOOM EVERYTHING WORKED, I had internet access could ping 8.8.8.8 and other addresses and browse the internet from a test VM, so I knew the ESXI vSwitch configuration and NETGEAR MR1100 configuration was fine and working.

      I powered off the Untangle VM and reattached the pfSense VM to the vSwitch network and powered on again, but NOPE STILL NO GO.

      At this point I’m at a loss for what’s going on or what configuration step/setup I’m missing. I really wanted to do a comparison of pfSense to my EdgeRouter configuration and possibly change to a pfSense + Untangle Virtualized environment.

      Not even getting pass a basic install/setup and internet connectivity test with pfSense is a real disappointment, thought it would be simple and easy to test out, but nope, not so easy and simple.

      I thought I would at least give it a chance and post my problem in the hopes that maybe someone has had the same issue initially and that something simple needs to be done or I missed something somewhere.

      Thoughts/Comments/Suggestions?

      Thanks All

      1 Reply Last reply Reply Quote 0
      • First post
        Last post