Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense VM doesn't know that a NIC is down

    Scheduled Pinned Locked Moved Virtualization
    4 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      k22
      last edited by

      Hello,
      My setup: PFsense virtualized on ESXi 6 and connected to physical NICs through a virtual switch. If you pull a cable on a NIC, PFsense doesn't know it because the connection to the virtual switch is still up. Is there a solution other than passing the NICs directly to the VM?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        I am not aware of a easy way to do something like this.  Your problem is the vswitch is not down, so the vnic connection from pfsense should still show a link.  When the physical adapter is unplugged from the network only the uplink of the switch is down.

        On a physical switch you would run into the same problem, just pulling the uplink on a switch does not disable all the switch ports.

        What you could do is run a script that disables pfsense vnic when you detect loss of network connectivity.  Assume your doing something with carp to why you need something like this?

        What switches are you using, something like this might be possible with the fancier switches distributed switches?  I know you can shutdown the vmnic via esxicli but not sure if you can just down the individual vnic of a vm?

        You could setup a monitor in pfsense to ping something through that network so pfsense would know the link is down even though the vnic is up, like the wan monitor.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • K
          kpa
          last edited by

          For the exact same reasons pfSense implements gateway monitoring by pinging the gateway address (configurable in case needed) and does not use the interface status. Imagine if you have a switch on the WAN side between pfSense and the device that brings the internet to you (modem, ISP router etc). Pull the cable from this device and pfSense wouldn't know what happened if it looked only at the interface status because pulling that cable would still keep the WAN interface up because it still has a link with the switch.

          1 Reply Last reply Reply Quote 0
          • K
            k22
            last edited by

            Thank you for the replies.
            Yes, running CARP. Not sure how other people report this as working. Yes, if you shut down one VM the other takes over. But, if an interface goes out, the backup never fully takes over, leaving a non-functioning Internet.
            Yes, thought about scripting but not sure how to do it. And wouldn't want to bring down the whole vswitch.
            I looked at the Gateway settings and monitoring is on.
            Anyway, the easy solution is to pass through the NICs, which is what I've done. Works perfectly this way.
            Thought maybe I was overlooking something.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.