Issues with VLAN running PFSense on ESXi 6.7
-
Hello everyone, could you please see if you can help me? I configured the VLANs as follows.
In ESXi:
- vSwitch0 with my uplink connected to port 1 of pfSense
- vSwitch1 with no uplink connected to port 2 of pfSense
- Portgroup within vSwitch1 with VLAN ID set to 4095
- Other Portgroups within vSwitch1, each with its own VLAN
- VMs each connected to a Portgroup with its individual VLAN through vSwitch1
- In vSwitch1, Promiscuous mode, MAC address changes, and Forged transmits are enabled.
In pfSense:
- list itemConfiguration done for each of the VLANs associated with the interface where the Portgroup with ID 4095 within vSwitch1 is connected.
It worked well on the first VLAN. I had created the interface, defined the outbound rules, and everything was working fine, only with 1 machine connected to that VLAN. After a while, the outbound traffic stopped working. I still have access to the application within the VM connected to the VLAN, but the outbound traffic to the internet or between networks of my pfSense stopped working. In the pfSense logs, all connections started to have the status TIME_WAIT:TIME_WAIT.
Has anyone experienced this before? I ask for help because I've tried all sorts of rules and I don't know what could be happening. Thank you!
-
I’m not sure why you have decided to use VLAN 4095. Instead of that, you can let ESXi handle VLAN tags.
-
@kjk54 Pfsense or OPNSense on ESXi has a known issue where, when adding 4 or more interfaces, FreeBSD will mix up the interfaces during boot, causing the firewall to fail to start. There is currently no known fix for this. I know that adding more interfaces is much easier, but due to this problem, I decided to use the portgroup in trunk mode and have Pfsense handle the VLANs.
-
Oh, good that I do inter-VLAN routing on my routing switch.