Windows Server 2012 with AD, DHCP, and DNS and virtualized PfSense as router



  • Hi there,

    I need some advice from the pros here.

    Can I use a VM PfSense to act as my router for my whole network? I've read just about everything online that I can about this subject, but everyone seems to have a little different setup.  And the options to configure it vary from article to article.

    I have used PfSense in the past, with good results.  Over the course of a couple relocations, my PfSense box's power supply died.  So I bought a Cisco RV325, and I've been using that for a couple of years.  However, the RV 325 lacks the OpenVPN gateway ability (ExpressVPN) that I use for streaming Netflix, etc.  I used a DDWRT box for a while to get my OpenVPN working, but it was getting to be a bottleneck on my system.  I have dual 150 MB WANs, but lets not worry about that for right now.

    Now I have a Dell P.E 2950, running AD, DHCP and DNS for my whole network.  Everything works fine until I try to integrate PfSense.

    What I would like to do is have PfSense act as my router for the whole network, with OpenVPN and eventually, dual WAN.  I have read that virtualizing PfSense might not make the most sense for security purposes, but I am not willing to install another box separately.  I need to consolidate the amount of equipment scattered throughout my house.

    The PE has 2 NICs in it right now, and I might upgrade to another 1 or 2 in the near future.  My future plan is to setup a VDI environment for my house, making administrating of the 15 computers a lot easier for me.

    I would like to set it up as follow;

    WAN 1->PowerEdge(Pfsense VM)->Network Switch->rest of network.

    I know that I am overlooking something silly.  I know that PfSense needs to be rebooted with any changes that are made to the virtual switch.  I've read that some people suggest disabling the Virtual Nic in Windows, others don't mention that.

    Thank you for any advice you might be able to share.



  • One of my setup's are virtualized in Hyper-V and what I've done is created two virtual switches and with each connected to a different adapter on the host. Then one is dedicated for external access (Connected directly to modem) and the other is for all the internal network traffic. Basically you are treating the two virtual switches as the two (or more) network adapters you would have on a physical pfSense box.

    Modem -> NIC1 (Virtual Switch) -> pfSense -> (Virtual Switch 2) NIC2 -> rest of network/virtual machines.



  • @Com:

    One of my setup's are virtualized in Hyper-V and what I've done is created two virtual switches and with each connected to a different adapter on the host. Then one is dedicated for external access (Connected directly to modem) and the other is for all the internal network traffic. Basically you are treating the two virtual switches as the two (or more) network adapters you would have on a physical pfSense box.

    Modem -> NIC1 (Virtual Switch) -> pfSense -> (Virtual Switch 2) NIC2 -> rest of network/virtual machines.

    Thanks for the info!!

    I've seen a lot of conflicting info online about how to set it up.  Most people seems to use a VM PfSense only to run other VMs. so that is where the confusion lies.  Did you have to disable any of the adapters in Network Manager in Windows?

    I will see what I can do to get it going this weekend.



  • We use vm based pfsense for the whole network.  It's been very stable on VMWare and on older versions of Proxmox/KVM as well. (some stability issues on current Proxmox for some reason)

    ISP>virualBridged/bonded Server NICs/ExternalVLANTAG on VM HOST>virtual pfSense> another vlan on virtualBridged/bonded Server NICs/localVLANtag on VM Host> local lan switch> Local machines

    Works great.



  • We run multiple sites using pfSense clusters all done in ESXi. Works great.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy