Hyper-V pfsense setup with no internet behind LAN interface

Zung

Yes they are external types

Zung

Excepting the host PC (with Pfsense) other PCs behind the LAN or PCs connecting to ISP router (same as the host PC) cannot get to 192.168.1.1

Gertjan

@Zung said in Hyper-V pfsense setup with no internet behind LAN interface:

PCs connecting to ISP router (same as the host PC) cannot get to 192.168.1.1

These PC's connecting to the ISP router would be on the same network as what pfSense is calling WAN network.
Rather normal that these PC's can't connect to the LAN of pfSense without any NAT set up on pfSense. These PC's are on the wrong side of the firewall/router pfSense.

Btw "v-switches are of the type external" : that's fine but in that case both WAN and LAN or used somewhat exclusively for the Hyper-V client. Which is running pfSense. This way, all network traffic is perfectly isolated from even the host running pfSense in Heyper-V.
If you want the host PC that runs Hyper-V to access the Internet as any other PC that you hookup to the LAN, typically using a witch, you should have a third NIC in your host PC that should be connected to this LAN switch.
I'm not advertising this as best practice, but you could consider attaching the physical real LAN interface as shown here : https://docs.netgate.com/pfsense/en/latest/virtualization/virtualizing-pfsense-with-hyper-v.html : use the "Internal" network for the LAN.

Mats

@Gertjan said in Hyper-V pfsense setup with no internet behind LAN interface:

Btw "v-switches are of the type external" : that's fine but in that case both WAN and LAN or used somewhat exclusively for the Hyper-V client. Which is running pfSense. This way, all network traffic is perfectly isolated from even the host running pfSense in Heyper-V.
If you want the host PC that runs Hyper-V to access the Internet as any other PC that you hookup to the LAN, typically using a witch, you should have a third NIC in your host PC that should be connected to this LAN switch.

There is no need for that. Simply check the "Allow management operating system to share this network adapter" on the LAN interface instead. That connects the host os to the lan V-switch without the need for extra hw

I'm not advertising this as best practice, but you could consider attaching the physical real LAN interface as shown here : https://docs.netgate.com/pfsense/en/latest/virtualization/virtualizing-pfsense-with-hyper-v.html : use the "Internal" network for the LAN.

That article is a mess. Since they use a private v-switch for lan only VM:s will be able to use the firewall.

As a reminder of V-switch types:
Private - Only between VM:s
Internal - VM:s and host OS
External - VM:s, host OS (if you allow it) and externally through a physical nic

Zung

It is interesting that at one time I swapped out the second NIC and I got internet via this NIC i.e. connecting with ethernet cable from this NIC to PC. However this is not repeatable. I am not sure what I did to have it happened or not happened. I know that I do not change much as far as configuration goes. I even reinstalled pfsense several times without success .

Zung

Has anybody had any suggestions on what could cause this issue?

Mats

@Zung

Sorry but no, not at the moment

Mats

can you make a sketch of how your network looks like.
Might be something simple being overlooked

provels

@Zung said in Hyper-V pfsense setup with no internet behind LAN interface:

I have connected the second NIC (for LAN) to a wireless router. Any PC connected to this wireless router has no internet.

What port on the wireless router are you using? Should be a LAN port, not the WAN.

Zung

@provels said in Hyper-V pfsense setup with no internet behind LAN interface:

@Zung said in Hyper-V pfsense setup with no internet behind LAN interface:

I have connected the second NIC (for LAN) to a wireless router. Any PC connected to this wireless router has no internet.

What port on the wireless router are you using? Should be a LAN port, not the WAN.

It did not work even with a direct ethernet wired connection between the second NIC and another computer.

Here is my situation ...

ISP-->switch-->NIC1 of Window 10/Hyper-V/Pfsense from NIC2--->another PC or switch or wireless router.

If this config was set with from base hardware i.e. (no WIndows 10+Hyper-v) then this would work fine.

Mats

this seems like some kind of issue with the nic in Windows then.

If I get it right with win 10 on the box and a straight cable to the next box it works.
With win 10 + hyper-v it stops working? Is the allow management operating ...... checked for that adapter?

Zung

You are right that NIC could be a probelm. At first I have used old NIC (lying around the house for years) and it was a hit-and-miss affairs even with bare metal pfsense pc box. After I bought a new Dlink NIC (having 1gb speed too) that the base box behaved more consistent i.e. internet was OK behind LAN.

However when I configured the PC with Windows 10 using Hyper-V to created pfsense box then there was no internet behind the LAN. To me the virtualization of the NIC may have something to do with it. I will keep investigating if anywhere people have same problem or not.

Thank you very much for spending time and offering suggestions to my issue. If you have any other ideas please share them with me. I appreaciate it very much.

Mats

Have you tried different drivers for the Nic?
I have run into one issue with a realtec card and Hyper-V but it was more than 5 years ago server 2008r2 or 2012 so I'm rather sure it's not exactly the same issue

Zung

Hi Mats, I updated the NIC driver as detected by Windows 10. However, that did not help either until I preassigned the IPV4 address for the second NIC i.e. static IP address instead of 'obtained an IP address automatically'. That did it! Now PCs behind the LAN interface have internet access.

Thank you very much for your and others' help all along.

My next step is to implement OPENVPN using VPNBOOK services.

Zung

I spoke too early. It was working for hours but failed later for no apparent reason. No internet at LAN connections. I could not recreate the working scenario anymore.

Mats

Hmmm, this one seems tricky.
A long shot - do you have any third party antivirus, firewall or other security software on that Win10 box?

Zung

It just has a standard Windows Defender and no 3rd party software whatsoever.

provels

@Zung I would try to move some things around. Card to different slot, switch different port, different cables on broken link (or at least swap ends if another cable not available). Roll back NIC drivers. Change something, sounds physical.

Zung

@provels I changed the NICs around using the WAN NICs for LAN and the LAN NIC for WAN. It worked for a while then the internet access disappeared. I am not sure if this issue was recorded in certain log or not.

Gertjan

@Zung said in Hyper-V pfsense setup with no internet behind LAN interface:

I am not sure if this issue was recorded in certain log or not.

WAN events are always logged.
In the logs.
Not a question of being sure : if you want to know, you have a look.