(solve)HyperV 2012 vlans support(hn0)

periko · Jan 29, 2019, 1:08 AM

Hi, I have some issue, we have a HyperV 2012 that have pfsense 2.3.x Gen1. Now I wanted to setup Captive Portal and decide to add a vlan(30) inside a cisco switch core.

I add a vlan 30 in pfsense lan(hn0) setup the interface but I can say the driver doesn't support vlans TAG packets.

Pfsense port in mode truck, clients in access but they cannot communicate, I open tcpdump and never see any packets arrive in the vlan interface.

Someone with something similar what paths you follow for this situation?

Thanks.

johnpoz · Jan 24, 2019, 5:28 AM

@periko said in HyperV 2012 vlans support(hn0):

lan(hn0) setup the interface but I can say the driver doesn't support vlans TAG packets.
Pfsense port in mode truck, clients in access but they cannot communicate, I open tcpdump and never see any pack

Not really why there is a question here? What part is confusing there?

periko · Jan 24, 2019, 1:04 PM

I setup the vlan on the switch but pfsense cannot communicate with my vlans directly.

johnpoz · Jan 24, 2019, 1:47 PM

And how did you setup the vlans in Hyper-V? You have to do it from command line to allow for the vlans, etc. Its easier to just setup different switches in hyper-v for each vlan and then virtual nic for each on pfsense.

periko · Jan 24, 2019, 8:45 PM

@johnpoz I will check this, thanks.

periko · Jan 27, 2019, 7:21 AM

I had confirm from windows forum that pfsense doesn't have support for vlans under hyperV.

johnpoz · Jan 27, 2019, 1:54 PM

Sorry but its not pfsense/freebsd that doesn't have the support... Did you allow hyper-v to pass the tags?

What does show for mode of the virtual nic you have connected to pfsense?

PS C:\WINDOWS\system32> Get-VMnetworkAdapterVLAN

VMName  VMNetworkAdapterName Mode     VlanList
------  -------------------- ----     --------
pfsense Network Adapter      Untagged


PS C:\WINDOWS\system32>

https://docs.microsoft.com/en-us/powershell/module/hyper-v/set-vmnetworkadaptervlan?view=win10-ps

Did you then validate that your traffic is showing up to pfsense TAGGED? I ran into this on another thread

PS C:\WINDOWS\system32> Set-VMnetworkAdapterVLAN -VMName pfsense -Trunk -AllowedVlanIDList 20-40 -NativeVlanID 10
PS C:\WINDOWS\system32> Get-VMnetworkAdapterVLAN

VMName  VMNetworkAdapterName Mode  VlanList
------  -------------------- ----  --------
pfsense Network Adapter      Trunk 10,20-40


PS C:\WINDOWS\system32>

I have not had time to actually test this... But it to have a chance to work the networking of hyperv has to be setup correctly to pass the tags to the virtual nic on your pfsense vm.

Simple enough to validate the vlan tags show up on your pfsense vm virtual nic with tcpdump on pfsense using -e so you can see the vlan tagging that is there or not there.

johnpoz · Jan 29, 2019, 3:24 AM

So here you go... Not sure about HyperV 2012... But just fired up hyperV on my windows 10 box..

And bing bang boom setup vlans on pfsense in a few minutes. Set my interface via powershell to be trunk and setup a native vlan 9 in my case that would be untagged, and then tagged vlan 3 for my wan.

Setup my switch to have vlan 9 and 3 tagged

Setup pfsense with vlan for wan as 3 and lan as native untagged.

And few min later after boot - bam up and running with vlans

So I have no idea what they told you were - but sure looks easy enough to setup to me.

Here is me accessing gui and showing vlan setup there

I do have 2012r2 running but does not have hyper-v enabled. Guess I could fire it up to test... But pretty sure should be the same setup..

So I just fired up 2012r2 hyper-V.. Yeah its going to work exactly the same way... Created a new switch and out of the box it in untagged mode. So if your going to want to present tagged vlans to pfsense vm... You would have to set it up via the Set-VMnetworkAdapterVLAN powershell cmdlet...

PS C:\Users\Administrator> Get-VMnetworkAdapterVLAN

VMName VMNetworkAdapterName                                                  Mode     VlanList
------ --------------------                                                  ----     --------
       newswitch                                                             Untagged
       Intel(R) PRO/1000 PT Dual Port Network Connection #2 - Virtual Switch Untagged

periko · Jan 28, 2019, 6:04 PM

I had setup a 2012 test environment, I will follow the instructions and return here, thanks.

Mats · Jan 28, 2019, 8:28 PM

We have seen issues with Vlans on 2012 (https://forum.netgate.com/topic/137384/hyper-v-2016-virtual-pfsense-windows-adds-dhcp-dns-vlans) so if you can do 2016 it might be worth it.

depending on your needs Hyper-v server is a free download. It's really server core with the hyper-v role

periko · Jan 29, 2019, 1:05 AM

I had tested, after some click, try, click try I can see some light.
The only issue right now, is this.
Once u setup with Power Shell the vlans, it applies to all pfsense interfaces.
Them the wan is affected and lost communication, because both interfaces in my example are in the same vlans.
I'm trying to see how to apply the settings to the LAN looks a little confuse but, the driver vlan capable, my question is been answer, thanks.

johnpoz · Jan 29, 2019, 3:22 AM

Well your apply to the vswitch you you have your pfsense vnic connected too.. Create create different vswitch to connect different vnics in your VM too, etc.

Can not be of more help without more info - but as you say been answered... Could you point out this microsoft forum where they said pfsense does not support vlans under hyper-v?

I don't even use hyper-v, I am a esxi guy... And took me all of 2 minutes to figure out how to do vlans on the thing ;)

Mats · Feb 9, 2019, 3:42 PM

Just for clarity

I have now been running my Pfsense VM on hyper-V 2016 with VLans for more than one week with zero issues.

Therefore I claim that it is proven that PFsense do support VLans with hyper-v. However MS do have an issue in versions lower than 2016

johnpoz · Feb 9, 2019, 4:28 PM

From my testing with windows 10 and 2k12r2 I did not see any issues.

Other than misleading information being out there..

Mats · Feb 9, 2019, 6:37 PM

@johnpoz said in (solve)HyperV 2012 vlans support(hn0):

From my testing with windows 10 and 2k12r2 I did not see any issues.

Other than misleading information being out there..

At least two of us have seen issues on 2012(r2). It's in the thread I linked earlier - the fix was to update to 2016.

It can work for one or a few days before the issues appear

johnpoz · Feb 9, 2019, 7:14 PM

And that is NOT how I am doing vlans - I am doing it the correct way ;) Per my links and the simple powershell cmds.

Mats · Feb 9, 2019, 8:04 PM

@johnpoz

So did I but you are missing the point. A config that works for four hours should work for four days too.

The issue I have seen is that the Vlan trunk stops working after a few days. Not even arp will see the nic of the VM.

The "workaround" I found was to add or remove a nic to the VM (just a non connected nic) and it will work for a couple of days again

With 2016 the same config (actually it's the same VM) works if you can read this ;)