Latest non beta pfsense install on a windows 10 hyper-v VM, can't get LAN to work
-
Okay, I have a beefy windows 10 pro box that has a raid array in it, plex server and so forth on it, and my router is getting older so I had the idea to put pfsense in a virtual machine under windows 10 and never have to buy a router again.
I haven't used virtual machines or pfsense before, but I'm familiar with networking and windows and have a low to moderate level of *ux experience, largely with ubuntu, xbmc and elementary. But no freebsd experience.
I've read around 30 tutorials, which seem rife with old info, conflicting info and missing parts. Despite this, I got hyper-v set up, installed an HP/Intel 4 port enterprise server NIC I got for cheap, motherboard has a 5th 1Gbit port as well.
I got pfsense installed, although I keep seeing tutorials using the v1 install but some recommended v2 for the 2.4+ versions of pfsense. I tried both with the same net result.
Windows decided to number the enterprise 4 port nic ports oddly, instead of 1-4 top to bottom as the hardware manual says, windows assigned them to 1, 4, 2, 3 as determined by plugging a network cable/device into each port and seeing which adapter came on.
And as a little further potential issue, perhaps freebsd isn't naming them the same as windows.
So I set up a wan interface, specify the wan to be external and use what I identified as port 1 under windows (top port) and plug the cable modem into that, and a LAN switch set to 'private', as the many tutorials said. Install pfsense, that all goes fine, I eject the iso and reboot, pfsense comes up and shows no up adapters. If I put the cable in physical port 2 (windows says its adapter 4) then "hn0 up" pops up and I can configure it, it connects to the internet, and all is well on that side.
And then I'm stuck on getting a LAN side to plug into my 1Gb switch that everything else is on, and I want to either use a 3rd port on the 4 port card for my router as an access point or move the router elsewhere and hardwire it back to the 1Gb switch.
I'm not seeing in the tutorials how to 'connect' that private WAN 'switch' to a physical port. I've plugged the cable from the 1Gb switch into every port, including the motherboards port. pfsense never reports an 'up' adapter other than the wan. Since none of the tutorial steps show how one connects that private LAN to a physical port, I'm stuck. I've gone into 'configure interfaces', and gotten as far as it seeing an hn0 and an hn1. HN0 is still stuck on windows adapter port 4, physical 2nd port on the 4 port card, and no matter what I plugged the network cable into, it never showed hn1 'up'. I tried the 'auto' (A) config, and that says no interfaces.
At this point, I was 6 hours into it and my brain was fried.
I read more tutorials, but many focused on a dedicated machine running pfsense, with one rj45 nic and a wireless nic or were old.
My first run at it today would be to disable in windows all but 2 ports on the 4 port adapter, just to be sure I have just an a and a b and give it another whirl, then setting the lan port to external and naming a port. Not sure if that'd get me anywhere, but that's all I can think of.
So desired outcome: hyper-v vm with pfsense with one of the four nic ports on the cable modem with firewall and nat like a regular router WAN port, one of the four ports as a LAN port like a LAN port on a regular router, plugged into my switch, the motherboard lan port connected to the switch with internal and internet access, and optionally the other two ports on the four port switch like additional LAN ports on a regular router, having internet access, then set my router into access point mode and plug it into the switch for my wireless stuff, which except for my phone is all older slow 2.4GHz IoT devices like google homes and wyze cams, everything else is hard wired.
So presuming I have a vm set up with 2G ram/dynamic, 20GB virtual disk, pfsense is installed and running and I've got NO network connections set up in hyper-v or pfsense, what would I do to configure a WAN to my cable modem (I have that working, but on an odd port) and a LAN to my switch that provides dhcp/etc like a regular router would to a LAN port.
I'm almost ready to punt the pfsense to a separate machine without the vm, but all my small boxes have one lan port and only usb 3 to add a second lan port, and everything else I own is a huge tower or cube. This home server box is right next to my tv and my cable modem and I'm not sure that cutting the vm out fixes my misunderstanding of that private internal LAN and how that connects to a physical lan port.
Any help most appreciated. I'm enjoying learning about VM's (I understand them well in concept having worked for intel in cpu land) and custom routing software (I've done dd-wrt and tomato and so forth on regular routers) but yesterday was a real exercise in frustration!
-
You should have created two external virtual switches in Hyper-V (one for WAN and one for LAN) and assign them a physical interface. In the pfSense VM, you add two network interfaces (one assigned the WAN switch and the other assigned the LAN switch). It doesn't matter what Windows names the interfaces, and you can rename them if you want so they make more sense.
-
Also - I believe the recommended settings on your virtual nic card in the VM is to disable VMQ (virtual machine queue). It's under hardware acceleration in the Network adapter section in the actual VM settings. I found my internet speed was much improved with doing this.
Also, be sure to set the auto start settings for the VM. Nothing like a reboot or power outage to realize you router is down.
-
Private - Communication between VMs only.
Internal - Communication between VMs plus Host.
External - Communication between VMs, Host, plus physical network (outside world) -
Thanks all for the suggestions. Of course, the tutorials all had one external physical port for WAN and the private for the LAN, then never really explained how to connect the LAN part to a physical port.
So if I have this right, I have TWO externals, one for WAN and one for LAN, set autostart on the vm (I think its set that way already as pfsense came up started after a reboot) and disable VMQ if its there. I did look at the hardware acceleration and saw IPSEC accel and something else (forget) which sounded helpful, but this is my first enterprise grade card.
Cheap on amazon right now, $32 "renewed" (server pull from a proliant. Look for hp four port enterprise to find it. Two intel Gb controllers, four ports.
I'll give it a go in the morning and report back how it went. If all else fails, I have an unfortunately large cube with an i5-6400, 8GB of ram and a small SSD. Love to have it on this always-on machine with the water cooled 6700K and 32GB, but if the vm/pfsense thing just keeps stymieing me, guess I'll run it dedicated and play with trying to get it working on the vm on the bigger machine.
Been in computers for 40 years, and this is my first VM and "make your own router/firewall" experiment. I already had a fun time using Windows Spaces (sort of a software raid capability with parity) with a mishmash of old 2GB drives, four of them made a 7.5GB parity fault tolerant array. Cool, the drives can even be different sizes and/or geometries, internal or external usb/esata and it still uses the whole thing, like JBOD but with parity. Plus 550MB/s reads and 250MB/s writes with 4 old 5400 rpm WD green drives of varying age.
Anyhow, I'll report back in tomorrow. Thanks for the support and understanding, you don't always get nice helpful folks on forums.