Hyper-v pfSense & virtual switches

TEAM666

Hi
How do i configure a virtual windows 10 to be behind a virtual pfSense

The issue is my virtual windows 10 can access the internet directly and is not behind the pfSense

My system:

• one windows 10 host with one network card connected to a USG pro4 router
• virtualization and vt-d is enabled in bios
• hyper-v is enabled in windows

Virtual switches:

• one external virtual switch (ticked: allow host system to share this adapter)
• one internal virtual switch

Virtual machines:

• pfSense
  -- external virtual switch (WAN)
  -- internal virtual switch (LAN)

• Windows 10
  -- external virtual switch (WAN)
  -- internal virtual switch (LAN)

pfSense can ping the internet, the host windows 10, and the virtual windows 10

the virtual windows 10 can ping the internet, the host windows 10, and the pfSense

but it can access the internet directly and is not behind the pfSense

on the virtual windows 10:
if i disable the external network it can no longer access the internet
if i disable the internal network it can no longer access pfSense
the adapters are set to automatically obtain IP and DNS

Can anyone suggest the correct setup or a guide for this thanks!

Bob.Dig

I guess the best way of doing it would be to have pfSense before the Host and the VM. For that you should have at least two, maybe three real NICs in your Host-PC.

djair

@TEAM666 Olá!
I have a suggestion: Leave only one network card in virtual w10. Put it plugged into the internal switch. This way, virtual w10 will automatically connect to pfSense.
Leave the ip settings automatic and check for a connection.
I do not speak English very well.

TEAM666

@djair Hi if there is only the internal connection for the virtual w10 it only connects to pfSense, but cannot access the internet for some reason, even tho pfSense can ping the internet

Is there some extra configuration i need in pfSense?

pfSense Gateway: (ip of my USG pro4)
WAN_DHCP (default)
Status: Online

pfSense Interface WAN:

• DHCP
• Block priv networks (checked)
• Block bogon networks (checked)

pfSense Interface LAN:

• DHCP
• Block priv networks (unchecked)
• Block bogon networks (unchecked)

pfSense Firewall WAN rules:

• none

pfSense Firewall LAN rules:

• IPv4 * LAN net * * * * none Default allow LAN to any rule
• IPv6 * LAN net * * * * none Default allow LAN IPv6 to any rule

TEAM666

@Bob-Dig Thanks, if i cant get this working with 1 NIC i might try a separate NIC for each that would be best for sure.
I think i did have this working on 1 NIC last year before i reformatted, but i cant remember the configuration as i followed a combination of youtube videos none had the entire walk through for a w10 host with 1 NIC and hyper-v pfSense with a hyper-v w10 :/

TEAM666

I think i have fixed it!

On the virtual w10:

• Removed the external virtual interface
• Enabled only the internal virtual interface

Then in pfSense admin settings,

pfSense Interface WAN:

• Static IPv4 (changed from DHCP)

Static IPv4 Configuration:

• IPv4 Address: ip of pfSense from my unify clients dashboard
• IPv4 Upstream gateway: ip of the USGpro4

Now i have access to the internet on the virtual w10 through the virtual pfSense!

TEAM666

Yup confirmed its fully working!

I added a traffic shaper Limiter to the pfSense firewall LAN rule and its limiting the internet speed for the virtual w10!

Thanks for the help :D

Master_Chief_Gr

Hello there!! I have a home project for my school and that is exactly what i have to do! VM for pfsense and a win10 vm to try pfsense on. My only question is this. What did you use for WAN IP and LAN IP when configuring pfsense? And what IPv4 address did you give to your internal virtual switch??

djair

@Master_Chief_Gr Geralmente o acesso às configurações do pFsense pela porta wan já vem bloqueadas por padrão. Para liberar você vai precisar incluir uma regra na interface Wan do pfSense. Um ip que pode ser atribuído a interface lan é preferencialmente da classe C, serve pra grande maioria dos casos.
Coloque a placa de rede lan do pfSense na mesma rede que você criou pra a VM W10 e deixe o DHCP do pfSense funcionando nessa interface, assim, você conseguirá acessar o pfSense através do W10.

Master_Chief_Gr

@djair thanks for the reply I decided that for the work i need to do, I need a more friendly hypervisor. So I used VMware Workstation 15.5 and did the same job in half the time