pfsense 2.4.4 not showing additional vNICs on ESXi 6.7



  • Hi guys,

    Fresh pfsense iso 2.4.4 installed on Vmware ESXi 6.7, I added both E1000 and VMXNET3, none of them show on pfsense after a reboot under interfaces. If I go to pfsense console and check interface assignments, it doesn't show up over there. VMtools is installed from packages

    Is there a command to show physical devices on the console so I can check if the additional interfaces are being detected by pfsense?

    Thanks!



  • I've deployed another iso from scratch to test, this time during setup I added additional interfaces and they show up during initial setup.

    Again, if I want to add another interface later, they don't show up on interfaces list so I believe this is clearly a bug



  • @mephisto said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

    p on interfaces list so I believe this is clearly a bug

    so they don't show up if you go to interfaces->assignments ?


  • Rebel Alliance Global Moderator

    VMtools has nothing to do with the drivers for those vnics..



  • @heper said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

    @mephisto said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

    p on interfaces list so I believe this is clearly a bug

    so they don't show up if you go to interfaces->assignments ?

    nope, no E1000 or VMXNET3 adapters listed in there as available

    if I go to console and do manual interface assignment, the same, the additional nics don't show up if added after pfsense is installed


  • Rebel Alliance Global Moderator

    This has zero to do with pfsense.. Did you restart pfsense - if the nics are presented to the VM then they would show up... What does your dmesg say when the VM boots?

    I have not run pfsense on 6.7 since I moved away from esxi.. But ran it it for many years and never seen a problem - what I have seen is a reorder of nics as you add them.. Guess I could fire up a copy of 6.7 and try and duplicate this.. But have many other things going on so not sure when will get to it.

    But you prob have better luck over on the esxi forums... Unless your saying you see the nics in dmesg and pfsense isn't allowing them to be used? Post up your dmesg showing your original nics.. Then added a new one in esxi.. And reboot pfsense - what does dmesg show?



  • @johnpoz said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

    VMtools has nothing to do with the drivers for those vnics..

    yeah makes sense otherwise I would not be able to get pfsense running with VMXNET3 nics straight out of the ISO



  • @johnpoz said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

    This has zero to do with pfsense.. Did you restart pfsense - if the nics are presented to the VM then they would show up... What does your dmesg say when the VM boots?

    I have not run pfsense on 6.7 since I moved away from esxi.. But ran it it for many years and never seen a problem - what I have seen is a reorder of nics as you add them.. Guess I could fire up a copy of 6.7 and try and duplicate this.. But have many other things going on so not sure when will get to it.

    But you prob have better luck over on the esxi forums... Unless your saying you see the nics in dmesg and pfsense isn't allowing them to be used? Post up your dmesg showing your original nics.. Then added a new one in esxi.. And reboot pfsense - what does dmesg show?

    Yeah, I always restart pfsense after adding vnics.

    I've been using pfsense on ESXi for 6+ years, first time I'm seeing this issue with nics not showing up

    I'll check the dmes and let you know



  • @mephisto Unable to reproduce. Did you check the Connect at Power On setting for vnic?



  • dmesg is showing vmx0, vmx1 and vmx2

    I installed the ISO with 2 vmx interfaces, later on I added a further 3rd vmx2. It shows up on dmesg but under interfaces it is not listed as an available interface

    Not sure what else can be done?


  • Rebel Alliance Global Moderator

    You clicked the ADD button right with the dropdown to add an interface using the the vmx2 under assignments.. Please show us your dmesg and your interface screen drop down..

    It might be below some other interface

    0_1542880286349_newnic.png



  • @johnpoz said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

    You clicked the ADD button right with the dropdown to add an interface using the the vmx2 under assignments.. Please show us your dmesg and your interface screen drop down..

    It might be below some other interface

    0_1542880286349_newnic.png

    Yeah I did, I'm suspecting there is some bug on the vsphere web client also as every time I add/remove a nic with VM powered on it gives an error saying it can't add the nic but actually when you go to properties of the VM the nic is added.

    I'll find another host on ESXi 6.7 and update it to latest build.

    I should be able to add/remove nics on the fly to a VM, just need to reboot pfsense to show up inside the VM.

    the vmx2 was not showing up under available network ports, one of my colleagues tried as well and had the same result


  • Rebel Alliance Global Moderator

    So your actually running vsphere or you using the embedded host web client. Are you using what is offical or you using a fling?

    I know both flings have recently been updated. Ie the vsphere and host fling.

    And what version of 6.7 are you using? update 1 or the latest build 10764712? That came out on 11/9

    I could fire up esxi 6.7 to test this... but since @gjaltemba says he can not reproduce we need to look to what your actually doing that could be causing the problem..



  • @johnpoz said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

    So your actually running vsphere or you using the embedded host web client. Are you using what is offical or you using a fling?

    I know both flings have recently been updated. Ie the vsphere and host fling.

    And what version of 6.7 are you using? update 1 or the latest build 10764712? That came out on 11/9

    I could fire up esxi 6.7 to test this... but since @gjaltemba says he can not reproduce we need to look to what your actually doing that could be causing the problem..

    using the the web client, on 6.7 the web client is the only way to connect directly to a host, no more native windows client from 6.7 onwards.

    I'm using build 10176752, I think 10764712 is the latest 6.7U1 which I would not use as my other software doesn't support it yet like Veeam for example.

    I installed vCenter for this environment yesterday (this is a new environment) and I'm using the vcenter web interface to manage this host.

    I added the vnic using vcenter, check dmesg and the vnic was there, I go to pfsense and the nic is showing on the GUI. Go figure!

    I've got another network engineer/vmware chap looking at this and he had the same issue as me before installing vcenter, so strangely we both missed something and we are trying to not look stupid (which seems the case now) or it was some strange bug with ESXi web client.

    I don't want to blame Vmware or pfsense on this, both are amazing solutions and pfsense has been my primary firewall for years, got lots of XG-7100 working rock solid!

    Let's put the blame on me and perhaps my engineer as well, strange incident but humans are more likely to commit mistakes than machines :)

    Thanks for helping out though, much appreciated!


  • Rebel Alliance Global Moderator

    @mephisto said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

    no more native windows client from 6.7 onwards.

    You don't need the fat client or vcenter - you can use the embedded host client... There is the official one and the fling.. For both the vserver web and the embedded one..

    So your not even on update 1.. Wow dude - lots of bug and security fixes in the update 1 and the new patch 5 that came out after update 1... Just because I no longer run it in my home doesn't mean I don't keep up with the security patches and changes.. I don't support it at work - but I like to rub their noses how far behind they are ;) hehehe

    So can marked this solved as PEBKAC ;)



  • @johnpoz said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

    @mephisto said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

    no more native windows client from 6.7 onwards.

    You don't need the fat client or vcenter - you can use the embedded host client... There is the official one and the fling.. For both the vserver web and the embedded one..

    So your not even on update 1.. Wow dude - lots of bug and security fixes in the update 1 and the new patch 5 that came out after update 1... Just because I no longer run it in my home doesn't mean I don't keep up with the security patches and changes.. I don't support it at work - but I like to rub their noses how far behind they are ;) hehehe

    So can marked this solved as PEBKAC ;)

    From my experience, never use latest version of ESXi, last time it had serious CBT bugs with 6.5 and rendered backups corrupt, then it came problems with PSOD with high I/O networking due to another update.

    New spectre patches now are hitting some boxes on 30-40% performance, so yeah we try to keep it all secure but there is always a side effect of updating everything to latest. remember Windows 10 October update? :D

    6.7U1 is not supported by Veeam for example and some other backup software, so no go for anyone on production.

    this 6.7 environment that was commissioned last week, is not live yet as I was troubleshooting pfsense and vlans :)

    Thanks again for your help and attention here, much appreciated!



  • @johnpoz > I have not run pfsense on 6.7 since I moved away from esxi

    What are you using now for a type 1 hypervisor? QEMU/kvm + virt-manager? Hyper-V???


  • Rebel Alliance Global Moderator

    I moved to just the virtual machine manager on my NAS, synology ds918+ it allows me to run the vms I need to play with.. Since I moved my router to hardware (sg4860).. The only use of VMs are really light my unifi controller running on ubuntu as vm, couple other play linux vms. And some windows vms I only fire up when testing something.. 2k16 server, 2k12 server, windows 7, etc..

    Only thing that is restrictive is limits you to 4 vswitches if you don't by the pro license, etc. But does what I need it to do.. Moved my pi-hole to actual pi vs a vm, etc..

    So far its working out fine - also liking ability to run dockers on the nas as well.. Not exactly sure what VMM is based on for the underlaying tech, maybe its their own sort of build.. Haven't bothered to look that deep into as of yet... But clearly does what I need it to do.. I have run some virtual pfsense on it as well for testing. But its not really type 1, since its a package you added to DSM its type 2.

    6.7U1 is not supported by Veeam for example and some other backup software, so no go for anyone on production.

    I would not agree.. Only those using those softwares and don't follow through with their vendors
    https://forums.veeam.com/vmware-vsphere-f24/vsphere-6-7-u1-support-t54673.html
    [UPDATE] October 19th
    All auto-tests of Update 3a with the workaround enabled have completed successfully, so all base Veeam Backup & Replication functionality is now confirmed to work with vSphere 6.7 U1. I will provide another update once the full regression testing cycle completes.



  • @johnpoz said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

    synology ds918+

    OK, Synology uses QEMU with a custom dashboard as I suspected. Nobody rolls their own hypervisor and I thought the Synology NASes were Linux-based so QEMU made sense.


  • Rebel Alliance Global Moderator

    @kom said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

    Nobody rolls their own hypervisor

    Hehehe - so vmware doesn't roll their own? What about MS or QEMU, etc.. Your saying that companies that not actual vm companies don't roll their own ;) hehehe

    So its using QEMU with a fancy frontend will have to look more into that.. thanks for the hint..



  • @johnpoz You know what I meant. Nobody WHO DOESN'T ALREADY MAKE A HYPERVISOR rolls their own.



  • @johnpoz said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

    I moved to just the virtual machine manager on my NAS, synology ds918+ it allows me to run the vms I need to play with.. Since I moved my router to hardware (sg4860).. The only use of VMs are really light my unifi controller running on ubuntu as vm, couple other play linux vms. And some windows vms I only fire up when testing something.. 2k16 server, 2k12 server, windows 7, etc..

    Only thing that is restrictive is limits you to 4 vswitches if you don't by the pro license, etc. But does what I need it to do.. Moved my pi-hole to actual pi vs a vm, etc..

    So far its working out fine - also liking ability to run dockers on the nas as well.. Not exactly sure what VMM is based on for the underlaying tech, maybe its their own sort of build.. Haven't bothered to look that deep into as of yet... But clearly does what I need it to do.. I have run some virtual pfsense on it as well for testing. But its not really type 1, since its a package you added to DSM its type 2.

    6.7U1 is not supported by Veeam for example and some other backup software, so no go for anyone on production.

    I would not agree.. Only those using those softwares and don't follow through with their vendors
    https://forums.veeam.com/vmware-vsphere-f24/vsphere-6-7-u1-support-t54673.html
    [UPDATE] October 19th
    All auto-tests of Update 3a with the workaround enabled have completed successfully, so all base Veeam Backup & Replication functionality is now confirmed to work with vSphere 6.7 U1. I will provide another update once the full regression testing cycle completes.

    The same contradicts afterwards:

    Important
    This is a temporary workaround against the specific error, which will allow the jobs to complete successfully. Overriding VMware API version may potentially cause issues with other Veeam functionality, because we don't know all the specific API changes that made VMware increment the API version. We're working with VMware to obtain these details while continuing to test vSphere 6.7 U1 with the workaround applied.bolded text

    Never play with backups