Hyper-v pfSense & virtual switches



  • Hi
    How do i configure a virtual windows 10 to be behind a virtual pfSense

    The issue is my virtual windows 10 can access the internet directly and is not behind the pfSense

    My system:

    • one windows 10 host with one network card connected to a USG pro4 router
    • virtualization and vt-d is enabled in bios
    • hyper-v is enabled in windows

    Virtual switches:

    • one external virtual switch (ticked: allow host system to share this adapter)
    • one internal virtual switch

    Virtual machines:

    • pfSense
      -- external virtual switch (WAN)
      -- internal virtual switch (LAN)

    • Windows 10
      -- external virtual switch (WAN)
      -- internal virtual switch (LAN)

    pfSense can ping the internet, the host windows 10, and the virtual windows 10

    the virtual windows 10 can ping the internet, the host windows 10, and the pfSense

    but it can access the internet directly and is not behind the pfSense

    on the virtual windows 10:
    if i disable the external network it can no longer access the internet
    if i disable the internal network it can no longer access pfSense
    the adapters are set to automatically obtain IP and DNS

    Can anyone suggest the correct setup or a guide for this thanks!



  • I guess the best way of doing it would be to have pfSense before the Host and the VM. For that you should have at least two, maybe three real NICs in your Host-PC.



  • @TEAM666 Olá!
    I have a suggestion: Leave only one network card in virtual w10. Put it plugged into the internal switch. This way, virtual w10 will automatically connect to pfSense.
    Leave the ip settings automatic and check for a connection.
    I do not speak English very well.



  • @djair Hi if there is only the internal connection for the virtual w10 it only connects to pfSense, but cannot access the internet for some reason, even tho pfSense can ping the internet

    Is there some extra configuration i need in pfSense?

    pfSense Gateway: (ip of my USG pro4)
    WAN_DHCP (default)
    Status: Online

    pfSense Interface WAN:

    • DHCP
    • Block priv networks (checked)
    • Block bogon networks (checked)

    pfSense Interface LAN:

    • DHCP
    • Block priv networks (unchecked)
    • Block bogon networks (unchecked)

    pfSense Firewall WAN rules:

    • none

    pfSense Firewall LAN rules:

    • IPv4 * LAN net * * * * none Default allow LAN to any rule
    • IPv6 * LAN net * * * * none Default allow LAN IPv6 to any rule


  • @Bob-Dig Thanks, if i cant get this working with 1 NIC i might try a separate NIC for each that would be best for sure.
    I think i did have this working on 1 NIC last year before i reformatted, but i cant remember the configuration as i followed a combination of youtube videos none had the entire walk through for a w10 host with 1 NIC and hyper-v pfSense with a hyper-v w10 :/



  • I think i have fixed it!

    On the virtual w10:

    • Removed the external virtual interface
    • Enabled only the internal virtual interface

    Then in pfSense admin settings,

    pfSense Interface WAN:

    • Static IPv4 (changed from DHCP)

    Static IPv4 Configuration:

    • IPv4 Address: ip of pfSense from my unify clients dashboard
    • IPv4 Upstream gateway: ip of the USGpro4

    Now i have access to the internet on the virtual w10 through the virtual pfSense!



  • Yup confirmed its fully working!

    I added a traffic shaper Limiter to the pfSense firewall LAN rule and its limiting the internet speed for the virtual w10!

    Thanks for the help :D


Log in to reply