Hyper-V pfsense setup with no internet behind LAN interface

Zung · Mar 8, 2020, 6:32 PM

I have set up the following configuration using pfsense 2.4.4-3 ...

Windows 10 PC hosts Hyper-v pfsense with 2 NICs. One is for WAN and the other is for LAN. Two virtual switches are associated with these 2 NICs. The installation was successful:
wan hn0 ipv4 192.168.0.36/24
lan hn1 ipv4 192.168.1.1/24

I can access Web configuration OK via 192.168.1.1 on the same PC.
I have connected the second NIC (for LAN) to a wireless router. Any PC connected to this wireless router has no internet.
I even connected the second NIC directly to another PC and got the same result.
Can somebody tell me what could be the issues with this setup?
Thank you for any help. This is my first time here.

provels · Mar 8, 2020, 7:07 PM

Interfaces / WAN / Reserved Networks
Turn this OFF.
login-to-view

Zung · Mar 8, 2020, 7:35 PM

I have unchecked the option. Saved it and reboot pfsense. Verified the option was not checked. But the problem remains.

Mats · Mar 8, 2020, 7:47 PM

from that other pc - can you get to 192.168.1.1 ?

Both your v-switches are of the type external - they should be

Zung · Mar 8, 2020, 7:49 PM

Yes they are external types

Zung · Mar 8, 2020, 8:20 PM

Excepting the host PC (with Pfsense) other PCs behind the LAN or PCs connecting to ISP router (same as the host PC) cannot get to 192.168.1.1

Gertjan · Mar 9, 2020, 7:44 AM

@Zung said in Hyper-V pfsense setup with no internet behind LAN interface:

PCs connecting to ISP router (same as the host PC) cannot get to 192.168.1.1

These PC's connecting to the ISP router would be on the same network as what pfSense is calling WAN network.
Rather normal that these PC's can't connect to the LAN of pfSense without any NAT set up on pfSense. These PC's are on the wrong side of the firewall/router pfSense.

Btw "v-switches are of the type external" : that's fine but in that case both WAN and LAN or used somewhat exclusively for the Hyper-V client. Which is running pfSense. This way, all network traffic is perfectly isolated from even the host running pfSense in Heyper-V.
If you want the host PC that runs Hyper-V to access the Internet as any other PC that you hookup to the LAN, typically using a witch, you should have a third NIC in your host PC that should be connected to this LAN switch.
I'm not advertising this as best practice, but you could consider attaching the physical real LAN interface as shown here : https://docs.netgate.com/pfsense/en/latest/virtualization/virtualizing-pfsense-with-hyper-v.html : use the "Internal" network for the LAN.

Mats · Mar 9, 2020, 7:43 PM

@Gertjan said in Hyper-V pfsense setup with no internet behind LAN interface:

Btw "v-switches are of the type external" : that's fine but in that case both WAN and LAN or used somewhat exclusively for the Hyper-V client. Which is running pfSense. This way, all network traffic is perfectly isolated from even the host running pfSense in Heyper-V.
If you want the host PC that runs Hyper-V to access the Internet as any other PC that you hookup to the LAN, typically using a witch, you should have a third NIC in your host PC that should be connected to this LAN switch.

There is no need for that. Simply check the "Allow management operating system to share this network adapter" on the LAN interface instead. That connects the host os to the lan V-switch without the need for extra hw

I'm not advertising this as best practice, but you could consider attaching the physical real LAN interface as shown here : https://docs.netgate.com/pfsense/en/latest/virtualization/virtualizing-pfsense-with-hyper-v.html : use the "Internal" network for the LAN.

That article is a mess. Since they use a private v-switch for lan only VM:s will be able to use the firewall.

As a reminder of V-switch types:
Private - Only between VM:s
Internal - VM:s and host OS
External - VM:s, host OS (if you allow it) and externally through a physical nic

Zung · Mar 10, 2020, 2:54 AM

It is interesting that at one time I swapped out the second NIC and I got internet via this NIC i.e. connecting with ethernet cable from this NIC to PC. However this is not repeatable. I am not sure what I did to have it happened or not happened. I know that I do not change much as far as configuration goes. I even reinstalled pfsense several times without success .

Zung · Mar 11, 2020, 7:27 PM

Has anybody had any suggestions on what could cause this issue?

Mats · Mar 12, 2020, 5:21 PM

@Zung

Sorry but no, not at the moment

Mats · Mar 14, 2020, 8:36 PM

can you make a sketch of how your network looks like.
Might be something simple being overlooked

provels · Mar 14, 2020, 9:11 PM

@Zung said in Hyper-V pfsense setup with no internet behind LAN interface:

I have connected the second NIC (for LAN) to a wireless router. Any PC connected to this wireless router has no internet.

What port on the wireless router are you using? Should be a LAN port, not the WAN.

Zung · Mar 15, 2020, 2:59 AM

@provels said in Hyper-V pfsense setup with no internet behind LAN interface:

@Zung said in Hyper-V pfsense setup with no internet behind LAN interface:

I have connected the second NIC (for LAN) to a wireless router. Any PC connected to this wireless router has no internet.

What port on the wireless router are you using? Should be a LAN port, not the WAN.

It did not work even with a direct ethernet wired connection between the second NIC and another computer.

Here is my situation ...

ISP-->switch-->NIC1 of Window 10/Hyper-V/Pfsense from NIC2--->another PC or switch or wireless router.

If this config was set with from base hardware i.e. (no WIndows 10+Hyper-v) then this would work fine.

Mats · Mar 15, 2020, 12:00 PM

this seems like some kind of issue with the nic in Windows then.

If I get it right with win 10 on the box and a straight cable to the next box it works.
With win 10 + hyper-v it stops working? Is the allow management operating ...... checked for that adapter?

Zung · Mar 15, 2020, 3:51 PM

You are right that NIC could be a probelm. At first I have used old NIC (lying around the house for years) and it was a hit-and-miss affairs even with bare metal pfsense pc box. After I bought a new Dlink NIC (having 1gb speed too) that the base box behaved more consistent i.e. internet was OK behind LAN.

However when I configured the PC with Windows 10 using Hyper-V to created pfsense box then there was no internet behind the LAN. To me the virtualization of the NIC may have something to do with it. I will keep investigating if anywhere people have same problem or not.

Thank you very much for spending time and offering suggestions to my issue. If you have any other ideas please share them with me. I appreaciate it very much.

Mats · Mar 16, 2020, 5:03 AM

Have you tried different drivers for the Nic?
I have run into one issue with a realtec card and Hyper-V but it was more than 5 years ago server 2008r2 or 2012 so I'm rather sure it's not exactly the same issue

Zung · Mar 16, 2020, 5:03 AM

Hi Mats, I updated the NIC driver as detected by Windows 10. However, that did not help either until I preassigned the IPV4 address for the second NIC i.e. static IP address instead of 'obtained an IP address automatically'. That did it! Now PCs behind the LAN interface have internet access.

Thank you very much for your and others' help all along.

My next step is to implement OPENVPN using VPNBOOK services.

Zung · Mar 16, 2020, 6:58 PM

I spoke too early. It was working for hours but failed later for no apparent reason. No internet at LAN connections. I could not recreate the working scenario anymore.

Mats · Mar 16, 2020, 9:14 PM

Hmmm, this one seems tricky.
A long shot - do you have any third party antivirus, firewall or other security software on that Win10 box?