Help getting pfSense running on ESXI VM



  • I have an old HP ML350 G6 server for my home lab running ESXI 6.0. I'm in the process of setting up pfSense as a VM to take over my router requirements as I am retiring my old router. I created an isolated ethernet-only network to build and test this out that runs parallel to my active network. So far I have:

    • Installed pfSense 2.4.5 as a VM and allocated 2 processors, 4GB RAM, 16GB Datastore, and 3 NICs to the VM

    • Configured pfSense allocating NIC 1 as the WAN using 10.0.0.1/24

    • Configured NIC 2 as the LAN using 10.10.10.1/24 with DHCP active using the IP range 10.10.10.10-255

    • Configured NIC 3 as the Guest LAN using 10.20.20.1/24 with DHCP active using IP range 10.20.20.10-255

    • Created Port Groups in ESXI to bind each of the NICs to the appropriate interface and confirmed that they are correctly bound by testing the uplink of each port with an active connection

    This is as far as I've gotten. As I understand it DHCP should be working on NIC 2 (LAN) and then I should be able to access the pfSense web interface through 10.10.10.1... But I can't... Any ideas where I should look to sort this out.



  • I'm running v2.50 beta on ESXI and have only recently found the need for configuring port groups in the ESXi virtual switch while adding some vlans. Are you connecting to the LAN port directly with crossover cable (although they aren't needed all that much these days)? If not, are you trying to connect through a switch? And if so are there any vlans or trunking involved? I had to do some additional config on my switches for access after configuring port groups. Also, are you able to access the VM Host via it's proper network --which I'm assuming is different than any of the above? One other question: To what is the WAN port connected and what is it's gateway? My WAN port has always been configured to either use a static public address or alternately configured to use the DHCP client to get an address from the ISP. (Of course I'm assuming that you are connecting to an ISP as opposed to just another network segment in a lab environmnet or something similar. Please forgive all the assumptions but more info is needed.
    One thing I can offer is that often I've noticed that if the WAN port loses its address or connectivity (ie. interface down) the LAN port doesn't respond quickly or sometimes at all. I think there was a setting that made a difference with this one though...something about disabling the killing of all states if the WAN interface went down or something like that which made a difference for me or so it seemed.

    David



  • @Joe_Papa So an update is in order as I have looked at this with fresh eyes and the problem is solved.

    After beating my head against the wall on this I discovered that I had a dying switch that was screwing everything up. I had properly set pfSense up and it should have worked, but the route from my PC to the new firewall was broken. As soon as I bypassed the switch everything worked perfectly...

    I felt stupid... but I'm glad to report that it is working perfectly and so far I really like pfSense.



  • No worries! Welcome to the fun. You’re gonna love pfSense!

    David



  • I have replaced the switch that died and now I'm working on tweaking and getting the network set up just the way I want it. Here's what I have so far...

    • IP - 500/500 Mbps fiber to the house with PPPoE configuration to the WAN of my pfSense router.

    • Cabling - All of the backbone wiring is brand new CAT8 cabling

    • Router - pfSense running in a VM on my server using 2 of the 4 ports of a quad gigabit network card.

    • Switching - 1 Unifi 8-port POE managed switch and 2 Flex-Mini POE managed switches.

    • Access Point - 1 Unifi AC-PRO access point.

    I'm trying to set up a guest wifi network that gives me a sequestered network with a simple password for guests and that I can limit the bandwidth fairly easily.

    I'm a little confused about what to set up in pfSense and what to set up in the Unifi Controller as it seems that there is quite a bit of overlap between what each can do. I have seen some tutorials about setting up a network like I want to but they all seem to be using an older version of the Unifi Controller than the current one and the options are definitely different.

    Any guidance about this would be most welcome!


Log in to reply