Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2x pfsense instances on ESXi 6

    Scheduled Pinned Locked Moved Virtualization
    6 Posts 5 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rdtk
      last edited by

      Hi,
      Hopeing for some help.  I am stuck.

      Presently I have 2 PFsense boxes connected to my modem/router.  1 for connecting VPN to canada and 1 for connecting VPN to USA.  Each pfsense box has a wireless router connected to them.  Dlink router connected to PFsense VPN Canada BOX and a DD-WRT router connected to PFSense USA BOX.  Almost all my devices are connected to Dlink router and I have 1 device connected to DD-WRT router.

      The new goal is to have both instances of fpsense on esxi 6 server, each pfsense vm will have there own LAN port but share 1 singe WAN NIC to connect to modem/router.  esxi management port connected to Dlink router, 1 nic for future server labs also connected to dlink router.  This way I can manage ESXI from my primary PC which is connected to dlink router and also retain Canada VPN connection.  Also future server lab vm will have access to all the same devices and network resources that exist in dlink ip range.

      to help explain I have create a network diagram here:
      http://i.imgur.com/QViuzva.jpg

      on the left side is what i have working
      on the right side is what I am trying to get to work.

      This is also what I have setup under ESXi configuration - networking:
      http://i.imgur.com/TVttq1D.jpg

      CANGW = PFsense VPN Canada LAN port/vmnic
      USGW = PFsense VPN USA LAN port/vmnic
      WAN = vmnic for both PFSesne WAN port/vmnic which is connected to mdoem/router

      I have set manual MAC for both LAN nics for both PFSense nics.
      I have tried also manual MAC for WAN but not sure if that would cause an issue or not.  Not sure if that should be left as Automatic.

      End result, I cant get an IP from either LAN port from DHCP from either PFsense instances/nics even tho the console config on fpsense boxes looks perfect.  MACs link up and they both get an ip address from DHCP on Modem/Router!!

      Anyone have any ideas?

      1 Reply Last reply Reply Quote 0
      • R
        rdtk
        last edited by

        sorry clarification,
        esxi managment nic is connected to switch port of dlink router
        dlink wan port is connected to pfsense canada LAN port

        1 Reply Last reply Reply Quote 0
        • B
          bennyc
          last edited by

          Don't entirely understanding your setup.
          Not that it matters much, there must be something essentially wrong (DHCP from pfSense works), and I would think in the esx config.
          Why the manual MACs? Why 2 pfSenses? Why the 2 routers?
          In the new setup, you could let pfSense handle both tunnels, do dhcp for your network(s), and still separate those networks if you must. (your esx host seems well equiped with nics)

          4x XG-7100 (2xHA), 1x SG-4860, 1x SG-2100
          1x PC Engines APU2C4, 1x PC Engines APU1C4

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Yeah I don't get why you would run 2 pfsense. You could have multiple vpn connections and route your traffic to them how ever you wanted.

            What I see from that drawing is a MESS.. So looks like to me you have your wifi routers natting as well

            Why is can vpn pfsense 2.1 but wifi router is 1.1 and usa vpn is 3.1 and wifi router is 4.1?  WTF  And then pfsense is behind a nat as well..

            connect your modem to your pfsense wan, if was really a "modem" you should have public on pfsense wan - then create how ever many segments you need on your local side be it phsyical or vlan and create as many vpn connections in pfsense you want and then route the traffic how you want.. If you want machine A to use can vpn sure, if you want machine B to use USA vpn then do that.  Machine A could either be in the same local segment or a different one..

            Your going down the rabbit hole here to total unwarranted complication.

            If you were using AP that supports vlan tagging of your ssids you could even have different wireless clients on the same AP isolated and again use whatever vpn you want, etc..

            I run pfsense on esxi 6 and have multiple lan segments both physical and vlan and multiple ssids on my unifi ap with different wifi networks on their own segments.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • M
              messerchmidt
              last edited by

              or this

              http://www.asrock.com/mb/Intel/N3700M/

              add some intel lan cards (1x slot so it can take a dual gigbit nic max)

              1 Reply Last reply Reply Quote 0
              • M
                msmith9xr4
                last edited by

                pfsense sometimes has a hard time with dual HMA vpn, IME>

                I'm working on the same now.

                SHOULD be doable with one pfsense… I had it running but now get problems. Can swap between.

                I have tried even using a second WAN to no avail.

                I have not tired with multiple IPs same provider, just multiple providers=nics.

                always fully reall and passed through nics, of course

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.