PfSense on esxi 6.7, can get it to work propperly.
-
Hello everyone,
I have been working on my ESXI server for some time, and therefore decided to replace my router with PfSense.
Now I've followed the tutorial at: https://docs.netgate.com/pfsense/en/latest/virtualization/virtualizing-pfsense-with-vmware-vsphere-esxi.html But I can't get it to work.This is current network setup:
T-mobile Fiber> Media converter> Ubiquiti USG> Network Switch for the rest of the house.
This is the setup I would like.
T-mobile Fiber> WAN port PFsense> LAN port PfSense> Network switch for the rest of the house.Unfortunately, I run into the following problem, and I can't get it solved.
I followed exactly what the tutorial described:
1.Add two Virtual switches, one for WAN and another for LAN. For uplink select two separate available ports.
2. After creating Virtual switches, click on Port groups tab. On the Port groups tab click on “Add port group”. Add WAN and LAN port groups, each using WAN and LAN switches respectively.After this I neatly installed PfSense and assigned the interfaces to the ports on the esxi server.
And here I get stuck.All internet virtual machines are getting internet, but as soon as I connect a network cable to the port which is configured as LAN, no DHCP ip address comes out. Setting a static IP does not work either.
Also I tried the following setup to get it working:
T-Mobile fiber> Ubiquiti USG> WAN port Pfsense (192.168.1.200)
Lan Port PfSense (10.0.0.1)
Again all Virtual machines work perfectly and neatly get an ip range in the 10.0.0.x and can also access the PfSense admin GUI. but as soon as I connect a network cable to the NIC which is indicated as LAN in PfSense, a 169.254.10.189 address comes out.I would like to hear the mistake I make :)
This is the setup of my ESXI server:
(Updated) ESXi-6.7.0-20191204001-standard (VMware, Inc.)
Dell Inc. PowerEdge T20
2 CPUs x Intel(R) Pentium(R) CPU G3220 @ 3.00GHz
RAM: 27.91 GB
Network nics; 2X RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller -
Try setting VLAN-ID for LAN port group in ESXI to 4095.
-
@three
Can you explain why, and what this does? -
Not really. I came across the same problem. Had VLAN ID set to nothing, except for my VLAN flagged interfaces. But that did not work. Have you tried it?
-
No, thats not working at all.
I have removed ESXI from the machine and installed Windows Server 2019 as a test.
Then i installed Virtualbox and made a virtualmachine with PfSense.I attached 2 nic's ( WAN, LAN ) and changed the ip range for the LAN to 10.0.0.1 with DHCPrange 10.0.0.25/10.0.0.200.
It is working instantly.So i know the the network nics will work in virtualisation.
So why is it not working within ESXI? -
Is that your setup in esxi like this?
physical port LAN - > virtual switch LAN -> Port group LAN -> VLAN ID empty
physical port WAN -> virtual switch WAN -> Port group WAN -> T-mobile fiberHow are your other virtual machines connected?
And how do they get IPs?
And do they have internet access via pfsense -> WAN -> t-mobile? -
@three said in PfSense on esxi 6.7, can get it to work propperly.:
Is that your setup in esxi like this?
physical port LAN - > virtual switch LAN -> Port group LAN -> VLAN ID empty
physical port WAN -> virtual switch WAN -> Port group WAN -> T-mobile fiberYes
physical port LAN - > virtual switch LAN -> Port group LAN -> VLAN ID empty
physical port WAN -> virtual switch WAN -> Port group WAN -> T-mobile fiber ( or on the LAN of the USG )How are your other virtual machines connected?
network adapters on the LAN group
And how do they get IPs?
trough DHCP.
And do they have internet access via pfsense -> WAN -> t-mobile?
Correct.
-
So, all VMs are in LAN and do get IP addresses from pfsense and they are able to connect to internet. That's good but all virtual within ESXI.
Now, when you plug in a cable between your ESXI LAN port on your physical network switch, those devices do not get IP addresses.
Is this switch managed? Any VLAN settings on the particular physical switch port? Have you tried another physical switch port? Have you tried to directly connect a device via cable to your ESXI LAN port?
-
@three said in PfSense on esxi 6.7, can get it to work propperly.:
So, all VMs are in LAN and do get IP addresses from pfsense and they are able to connect to internet. That's good but all virtual within ESXI.
Now, when you plug in a cable between your ESXI LAN port on your physical network switch, those devices do not get IP addresses.
Is this switch managed? Any VLAN settings on the particular physical switch port? Have you tried another physical switch port? Have you tried to directly connect a device via cable to your ESXI LAN port?
That is correct, all the VM's are getting internet access. But when i put a network cable form the NIC port to a switch, or direct into a client. there is no internet access. The devices are getting a IP adress like: 169.254.10.189.
Same behavior when the cable is plugged into a normal switch.
-
something must be fucked up, vlan id 4095 means that you set the vswitch as trunk port like you would do in a real switch to let all vlan pass.
169.254 no dhcp lease is offered
if you can pls post some screenshot of your esxi configuration
i'm using VMXNET3 and don't forget to install open-vm-tools
be sure it's the correct physical NIC port
-
I agree, something seems wrong with ESXI setup. Some screenshots could indeed help.
Just to be on the safe side: Your test with Windows Server 2019 and Virtualbox involved the very same machine? On which you are now operating with ESXI? And you are using the very same physical ethernet port for LAN on this machine?
-
Yes this is the same machine with esxi 6.7 or with Windows server 2019.
First off all let me explain this first.Since this CPU cant run vt-d i need to disable this at the start with: noiommu in the /bootbank/boot.cfg at the end of the line with kernelopt: http://www.digitalroadies.com/vmware-6-initializing-iov-issues/
By default the realtek nic card is not working within ESXI so i need to install a driver for it:
https://networkguy.de/installing-realtek-driver-on-esxi-6-7/After that i followed the tutorial: https://docs.netgate.com/pfsense/en/latest/virtualization/virtualizing-pfsense-with-vmware-vsphere-esxi.html for creating the WAN and LAN ports.
i have made a couple of screenshots for you off the settings that i have made on the WAN - LAN and uploaded it here:
https://imgur.com/a/IgPD7DUDont mind the link down at the nics, that is correct becuase i have remove the cables.
When i insert the cables the nics are up.I will make some more screenshot of the settings inside PfSense, and the Ubuntu vm.
-
Sorry,
The WAN is a wrong setting. this is the right setting for the WAN.
It's the WAN of the vmnetwork of the onboard NIC of the motherboard,
-
and here are some screenshots.
you can see that the ubuntu instalation on ESXI is working perfectly with internet access.
it running on the DHCP lease of 10.0.0.X.You can also see that my Windows 10 laptop and my Synology NAS wich are connected trough LAN cable on the NIC are not getting the right IP address. so there is no DHCP.
https://imgur.com/a/ZDUSXnm
-
Are both, network adapter 1 and 2, realteks?
EDIT 1:
Just saw that wan and lan are Realtek, but VMNetwork is Intel.Need to look again ...
EDIT 2:
At the time it works, does your WAN (Network Adapter 1) is set to VM Network or WAN?
-
It only works when i set the WAN on VM Network.
When i set it on WAN it wont work. -
Then it is related to the realteks. You somehow need to validate whether they operate properly in ESXI at all. Another option could be, as mentioned by @kiokoman, to change to vmxnet3 in pfsense-VM-settings of ESXI.
-
yeah in any case realtek card are never a good choice for this stuff
-
ok.
In the meantime i have tried to run PfSense directly installed on a SSD.
That is running fine, and working woth both the INTEL nic for the WAN and the realtek as the LAN.The devices that are attached trough a LAN kabel are getting 10.0.0.X and internet access,
When i tried it with windows 2019 its working perfect without a problem. So i think i need to consider to leave ESXI for what it is. or try a different hyperviser OS.i only want to use it for:
1x windows server machine
1x firewall machine
2-3 linux machines.Any thought?
-
change that realtek card to some intel they are cheap on ebay / amazon after all
