Hyper-V - PFsense 2.0.1 - Some tips.



  • Issue 1:  The AMD proc-specific boot fail.   If you can't even get Pfsense to load in your VM beyond the initial "post," you know what I'm referring to here.  You'll see
                 something like the following:
                    Stopped at pmap_invalidate_cache_range+0x40 clflushl 0(%ebx)
                    db>
                Workaround: At initial menu, choose option 7 to escape to the command line.  Type the following at the OK prompt:
                         Set hw.clflush_disable=1
                         boot
         
                Installation will continue as normal.  After reboot, you need to escape again to the command line, re-enter the same command and boot into PFSense.

    Now you can make the fix permanent.  Once PFsense is at the main menu, shell out to a command prompt.  Type the following:
                        vi /boot/loader.conf
                 arrow down to the last line, press "a" to append (make sure cursor is on a new line after last entry in file).  on new line type:
                         hw.clflush_disable=1  
               press return, then escape, then the keys "wq!" to write the changes to the file.
                 Verify your changes by typing "more /boot/loader.conf" and look for your entry at the end.

    Issue 2: No NICs found.  You have to use Legacy NICs, the default nics are not recognized by Free BSD.

    Issue 3: PFSense doesn't receive a DHCP address.
                So you get all the way through the install, you can hit PF's Web configurator just fine, but it won't pick up dhcp from your WAN provider, huh?
                Yeah, this one had me stumped for a bit.  Thanks to some great posts in this forum, I was able to find a quick resolution, so I'm just
                summarizing here and hopefully providing a consolidated reference for those seeking help in the future.
                For whatever reason, DEx nics don't immediately listen for dhcp assignments in Hyper-V.  If you down the adapter, bring it back up, then listen,
                it works just fine.  Shell out to the command prompt and type the following:
                           ifconfig de(x) down [where (x) corresponds to the nic you are troubleshooting for dhcp]
                          ifconfig de(x) up
                           dhclient de(x)

                now make the change permanent.  create an /etc/rc.local file (vi /etc/rc.local), add those commands, save the file, then type
                            chmod 755 /etc/rc.local
                to make it an executable for root.



  • Issue 4: CARP won't work due to a bug in the "de" network driver. See http://forum.pfsense.org/index.php/topic,44529.0.html
    No workaround known yet.



  • thanks for the heads up on that, Chris.  I just started trying to get that working between vms on a couple of HV hosts…

    I think I read recently that Microsoft just updated its linux integration services disk a couple of weeks ago.  Anyone look to see if there's some love for freebsd yet?



  • Hi,
    Thanks for the tips.
    I'm trying to install pfSense 2.0.1 on Microsoft hyper-v with 2 legacy adapters.
    system halts at startup and the first tip has no effect on it!
    What can I do now?
    Thanks.




  • Thanks for the tips heuristik & ChrisH1. I noticed that for some reason DHCP wasn't dishing out IPs on the LAN interface either. I fixed this in a similar method with ifconfig de1 down and ifconfig de1 up, where de1 is the LAN. I added this to /etc/rc.local and its been fine ever since.

    behzad I had some similar issues when using dynamically expanding disks. When I created a fixed disk on IDE it was fine after that.



  • I don't think that Pfsense is ready to work well on HyperV since this hypervisor does not support FreeBSD 8.1.
    It may work but I doubt it will be suitable for production equipment.
    I would recommend to use ESXi instead.

    http://www.opttic.com



  • I agree, for a test environment though its been fine for me. I have not used it beyond basic routing however.



  • I have successfully used your tips to install pfsense on hyper-v 2.0 (Win8 / Srv2012) today and will use it as my primary home firewall. Very convenient to run my firewall on my workstation (Hyper-V is built in win8). I will let you know what I find out. One obvious limitation is that the legacy adapters are 100mbit  :'(



  • SOpenness 6 Aug 2012 9:46 AM
    Thank you for your interest in the FreeBSD support for Hyper-V!  Check back on the blog later this week, when we’ll have more details on the release and where to get the code

    http://blogs.technet.com/b/openness/archive/2012/05/10/freebsd-support-on-windows-server-hyper-v.aspx

    C'mon c'mon c'mon ..



  • Thanks Janneb. Fortunately the drivers are already released (I foolishly hadn't thought to check until you posted this!) http://blogs.technet.com/b/openness/archive/2012/08/09/available-today-freebsd-support-for-windows-server-hyper-v.aspx which links to building the kernel with the new drivers here - https://github.com/FreeBSDonHyper-V/freebsd/wiki/Build-the-kernel-with-the-HyperV-drivers I'm yet to try it but it sounds exciting.



  • Hello,

    drivers are for FreeBSD 8.2 and beyond so we need to use PFSense 2.1

    I've been trying for a few days with no luck :(
    Any idea how to patch the kernel ?


  • Rebel Alliance Developer Netgate

    Even if you manage to get it to work, they still have a lot of work to do before it would be useful on a firewall.

    See http://lists.freebsd.org/pipermail/freebsd-stable/2012-August/069148.html



  • Thanks for the heads up jimp.



  • I'm trying to use pfSense w/ Hyper-v on Windows 2008 R2, but I'm not getting  :-\

    My pfsense version:

    [2.0.1-RELEASE][admin@maybach.prosperi.local]/root(30): uname -a
    FreeBSD maybach.prosperi.local 8.1-RELEASE-p6 FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 18:15:35 EST 2011     root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_SMP.8  amd64
    

    I'm getting this messagens in dmesg:

    calcru: runtime went backwards from 5 usec to 2 usec for pid 17 (vmdaemon)
    calcru: runtime went backwards from 166 usec to 92 usec for pid 16 (pagedaemon)
    calcru: runtime went backwards from 435 usec to 247 usec for pid 9 (pfpurge)
    calcru: runtime went backwards from 36 usec to 19 usec for pid 8 (sctp_iterator)
    calcru: runtime went backwards from 7720 usec to 4033 usec for pid 7 (fdc0)
    calcru: runtime went backwards from 8496 usec to 4631 usec for pid 14 (yarrow)
    calcru: runtime went backwards from 1121396 usec to 603195 usec for pid 4 (g_down)
    calcru: runtime went backwards from 818454 usec to 429006 usec for pid 3 (g_up)
    
    

    And searching on the web I found this:

    http://xtravirt.com/disabling-virtual-machine-guest-host-time-synchronization-multiple-hypervisors
    http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/troubleshoot.html#calcru-negative-runtime
    http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/troubleshoot.html#COMPUTER-CLOCK-SKEW

    I tried all solutions above, but no success yet :( any suggestions?



  • @iskull:

    I tried all solutions above, but no success yet :( any suggestions?

    Move on for now.  I've moved on to vmware until hyper-v on freebsd gets sorted out.  I'd love to come back and run hyper-v as I would not have to install other software on the windows machines I am running it on.
      Oracle solution seems good too.



  • @tester_02:

    @iskull:

    I tried all solutions above, but no success yet :( any suggestions?

    Move on for now.   I've moved on to vmware until hyper-v on freebsd gets sorted out.   I'd love to come back and run hyper-v as I would not have to install other software on the windows machines I am running it on.
      Oracle solution seems good too.

    :(

    If somebody runs pfsense with successful on Hyper-V - Windows 2008 r2, please, share with us :D



  • Hi I'm new in PFsense, but i found this blog in google

    http://www.zomers.eu/knowledge/pfSense/Pages/Install-pfSense-on-Windows-2008-Hyper-V-server.aspx

    with this guide I have instaled the PFsense in the hyper-v, but I have a Problem, when y restart PFsense these loss conection to internet.



  • Just as JimP said: The support for FreeBSD inside Hyper-V is still far from complete.

    My general (and painful experience) with Linux was: It took MS ages to support it correctly, now it's ok.
    Everything that MS does not support with integration drivers is slow or even crashy, I wouldn't even remotely consider pfSense for any production use on Hyper-V yet. Sorry to say :-/



  • Anyone try pfsense under 2012 hyper-v?  I am just starting to test 2012, so I plan to give it a shot.



  • They seem to run pretty much the same, I have migrated a few from 2008 to 2012.



  • booo.  Guess it's wait for freebsd 10 or 11.  Hopefully by then we can have better support :)



  • I'm installing pfSense 2.1 Beta0 on Hyper-V 2008R2. The live cd worked for as far as I tested (with legacy nics), however a install to disk failed with the error:
    Execution of the command
    /sbin/fdisk -v -f /tmp/format.fdisk ad0
    FAILED with a return code of 1

    This was because I used a Dynamically Expanding disk. After changing it to a Fixed Size disk, the install continued.

    As mentioned before, the nics don't receive data after first boot. To fix this I did the following:
    Go to the shell
    vi /usr/local/etc/rc.d/interfaces.sh

    Press INSERT and start typing the following (watch out for typos as these are difficult to correct in VI):

    ifconfig de0 down
    ifconfig de0 up
    ifconfig de1 down
    ifconfig de1 up
    dhclient de0

    When done, press INSERT and type:

    :wq

    Followed by pressing ENTER

    Type:

    chmod +x /usr/local/etc/rc.d/interfaces.sh

    Followed by pressing ENTER. This will allow the script to run.

    This makes pfSense work in Hyper-V.

    I'm also looking at loadbalancing multiple nics to see if I can increase the throughput. Anybody got experience with this?



  • Has this issue of the legacy adapters not being gigabit been solved?

    Seriously thinking of doing this with my server.

    Wish it was stable for production as I have several R710 servers with multiple nics that would be nice to combine into windows/pfsense box.



  • Nope, with 2012 R2 there will be an additional new hardware model using UEFI (+ SecureBoot) and even no
    more legacy hardware so pfSense will only boot on the same hardware model as Linux VMs did.

    The legacy NIC has just been there for compatibility but I'v not seen MS being interested in improving this.
    It's been slow crap (but it worked even in early days), but that's about it.

    You'd have to go with KVM or VMware instead as they both do either good e1000 emulation or bring their FreeBSD compatible paravirt NIC.



  • I didn't see anybody mention the "Hyper-V integration installed with pfSense 2.0.1" thread, so I'm posting on this thread for the benefit of anybody watching it. In essence, we've been doing custom pfSense 2.0.x and 2.1 ISO builds with Chris Knight's Hyper-V patches (plus a couple fixes). YMMV depending on your environment, but it is working great for several (many?) Hyper-V users.

    I just did a new build with the Hyper-V aware kernel and pfSense 2.1 Release. See http://forum.pfsense.org/index.php/topic,56565.msg362435.html#msg362435 and following posts (check out the complete thread for troubleshooting tips and issues others have found).



  • pfSense 2.1 RELEASE under Hyper-V 2008R2

    setting

    http://knowledge.zomers.eu/pfsense/Pages/Install-pfSense-on-Windows-2008-Hyper-V-server.aspx

    ifconfig de0 down
    ifconfig de0 up
    ifconfig de1 down
    ifconfig de1 up
    dhclient de0

    script
    /usr/local/etc/rc.d/interfaces.sh

    executed at boot, but does not work, we have to start it manually …

    after obtain

    ....
    DHCPACK from (Gateway provider)
    bound to XX.XX.XX.XX (issued ip) -- renewal in 300 seconds

    every 5 min. is updated by DHCP from the ISP connection and falls off to re-launch /usr/local/etc/rc.d/interfaces.sh

    how to overcome it or remove renewal in 300 seconds?

    thank's a lot


Log in to reply