Hyper-V integration installed with pfSense 2.0.1

Liceo · Aug 22, 2013, 4:24 PM

@Liceo:

Sure, but then you are limited to the max of vNICs you can add.

You need more than 8 vNICs?

Consider using it in a productive environment, that can happen. It's not really an issue, if i would need more i may would deploy a 2nd pfsense.

TRIUMF · Aug 23, 2013, 6:05 AM

@Liceo:

@TRIUMF:

You should add network adapters and configure vlans using Hyper-V, not pfsense itself.

Sure, but then you are limited to the max of vNICs you can add.

Sorry, never needed that many NICs so never had this issue :)

Is there a chance we will see pfsense officially supported on Hyper-v in near future?

Liceo · Aug 24, 2013, 8:17 AM

@PollyPy:

Hi all.
My last updated ISO with a Hyper-V kernel

http://goo.gl/evcFRk :: pfSense-LiveCD-2.1-DEVELOPMENT-amd64-HV-kernel-20130812-2157.iso

Hi PollyPy

Which procedure you use to create your pfsense-Hyper-V builds? Do you have a step-by-step manual which is understandable for a Linux dummie like me?

PollyPy · Aug 27, 2013, 5:28 PM

Hi PollyPy

Which procedure you use to create your pfsense-Hyper-V builds? Do you have a step-by-step manual which is understandable for a Linux dummie like me?

http://forum.pfsense.org/index.php/topic,56565.msg308223.html#msg308223

diegoriera · Sep 5, 2013, 1:49 AM

Hi,

Have you 2.1-RC1-HV.ISO?

Thanks

diegoriera · Sep 7, 2013, 6:17 PM

If I try to Update system or install Packages the system crash during download.

Panic String: sleeping thread
Dump Parity: 2933982801
Bounds: 0
Dump Status: good

If I include kern.timecounter.hardware=TSC the clock was wrong

I tested any versions with hyper-v patches.

hege · Sep 9, 2013, 12:55 PM

@diegoriera:

If I try to Update system or install Packages the system crash during download.
Panic String: sleeping thread…
If I include kern.timecounter.hardware=TSC the clock was wrong

kern.timecounter.hardware=TSC can happen, when your cpu change its frequency - change back to the old one and live with the log messages…

Panic String: sleeping thread...
thats a strange issue, sometimes I get this error too - i posted something about that already.

You dont should try to update or install packages over your wan nic (i did that)

diegoriera · Sep 9, 2013, 12:08 PM

I tested package install in hyper-v on I3-2120 processor and get Kernel Panic, but I did this in hyper-v on Xeon-X5675 and didn´t get Kernel Panic.

zootie · Sep 11, 2013, 5:26 AM

I did a new build with the Hyper-V kernel of pfSense versions 2.0.3p1 and 2.1 RC2 with the source as of 20130904.

Taking PollyPy lead, I posted it on SkyDrive and on RapidShare and I'm using URL shortening (to be able to redirect it in the future to newer builds, since I can't edit older posts to update the links - if an admin reads this, you might want to edit older posts or we might want to put these links in a sticky thread so they're easier to find).

Rapidshare: http://sn.im/27sh5kx (limited to about 10 downloads a day, so try again if you can't get it).
Skydrive: http://goo.gl/mBhK46 (using Google shortening since SnipURL doesn't let you redirect to SkyDrive, I won't be able to update it to redirect to a new version later, so keep watching this thread).

I posted a single 7z file with both ISOs, so it is less confusing.

I tested both for a couple days and only had a couple issues:

On 2.0.3p1, I had to re-install rrdtool (run pgk_add -r rrdtool)
On 2.1RC2, I had to Reset RRD Data (while there were graphs, they were empty)

The 2.1RC2 install seems to be working great and I'll probably move to it permanently.

nlitend1 · Sep 16, 2013, 3:27 AM

SO HAPPY to see 2.1-RELEASE is available now. :) Currently running 2.1RC0, but looking to upgrade to the RELEASE. I've tried, unsuccessfully, to create an update/latest edition. Loving Pfsense in Hyper-V! Looking forward to moving beyond these incremental 2.1 releases and having the "final" 2.1 edition to troubleshoot with everyone.

nlitend1

zootie · Jan 21, 2015, 3:59 AM

Admin edit: Removed outdated, incorrect advice others were linking to. Everyone using Hyper-V should be using 2.2 (or newer if available, if you're reading this in the future).

zootie · Sep 17, 2013, 4:58 AM

AFAIK, you can't use these ISOs as an update source.

As you suggest, I usually make a backup of the config of the current router. Then use the ISO to make a clean install on a new VM (use a fixed size VHD, add 2 synthetic network adapters), give it an unused IP in your LAN, and connect to it using the WebConfigurator and restore the backup config (shutdown existing router before clicking on restore to avoid having duplicate IPs - also make sure to configure mac spoofing on the VM network card if it applies).

You just have to make sure to match the interfaces to the correct virtual network card, that you assign them the same way you had them on your prior router in the VM Hyper-V config. Or you can edit the config XML file manually.

If coming from a pre-Hyper-V VM with legacy adapters, the config file will have it's interfaces named de0, de1, etc.; and it will have an interface mismatch with the synthetic adapters (hn0, hn1, …), so it will prompt you what interface corresponds to which network port. Or you might have to edit the config using the "Assign Interfaces" option in the console menu.

TicoDePano · Sep 24, 2013, 2:32 AM

hi!

i'm still on 2.0.3 with no problems so far (except ntp time client errors appearing during boot process sometimes).

anybody can comment how stable 2.1 release is at this moment?

essentially, interfaces are working properly with traffic shaper in 2.1? ntp errors still appearing during boot?

in advance, thx for all the hyper-v compiled images!

gemmiu · Sep 27, 2013, 1:16 PM

Icmp on the wan side doesn't work for me.

I've created a new rule in the firewall, but it doesn't seem to work.

Does someone have the same problem?

darkytoo · Sep 27, 2013, 4:20 PM

I'm up and running with pfsense on hyper-v 2012. Here is my question, i've enabled trunk mode on the hyper-v nic and pfsense doesn't seem to want to see that as a vlan-capable interface. So my question is, with 2.1 is there an easy fix for that? is that feature coming in 2.2?

zootie · Sep 27, 2013, 5:42 PM

gemmiu,
ICMP on the WAN side is working fine for me, using a rule as described in http://www.cdavis.us/wiki/index.php/Allow_WAN_ICMP_requests_with_pfsense.

darkytoo,
As you point out, the synthetic driver doesn't seem to support vlans (you'd have to specify a single vlan in the host). It would be up to the FreeBSD team working on the integration services drivers to add this functionality to the codebase, and for it to make it into pfsense (far too early to talk versions).

(Just to write it down, since it's an interesting nugget of info for future use) By "enabled trunk mode", I'm guessing you mean you used PowerShell to configure the vnic and vlans being passed to the VM? As described in VLAN Tags and Hyper-V Switches:


Add-VMNetworkAdapter -SwitchName Switch -VMName "VmName" -Name "TrunkNic"
Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "100,101" -VMName "VmName" -VMNetworkAdapterName "TrunkNic" -NativeVlanId 1

darkytoo · Sep 27, 2013, 5:58 PM

@zootie:

gemmiu,
ICMP on the WAN side is working fine for me, using a rule as described in http://www.cdavis.us/wiki/index.php/Allow_WAN_ICMP_requests_with_pfsense.

darkytoo,
As you point out, the synthetic driver doesn't seem to support vlans (you'd have to specify a single vlan in the host). It would be up to the FreeBSD team working on the integration services drivers to add this functionality to the codebase, and for it to make it into pfsense (far too early to talk versions).

(Just to write it down, since it's an interesting nugget of info for future use) By "enabled trunk mode", I'm guessing you mean you used PowerShell to configure the vnic and vlans being passed to the VM? As described in VLAN Tags and Hyper-V Switches:
Add-VMNetworkAdapter -SwitchName Switch -VMName "VmName" -Name "TrunkNic"
Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "100,101" -VMName "VmName" -VMNetworkAdapterName "TrunkNic" -NativeVlanId 1

correct. Basically I have a ESX server here specifically to host PFsense due to the VLAN trunking issue and the compatibility. Now that the compatibility has been ironed out for the most part, I was hoping to remove ESX and host it on hyper-v. So i enabled the VLAN trunking in powershell and see that the trunking doesn't work anyway, little aggravating. I spent a couple of hours trying to find an alternative with the pfsense features that would be more compatible and failed, so now i'm going to try and pair-down my VLAN usage and just add a bunch of NICs to the VM and limp along until I find an alternative or the issue is fixed in pfsense.

nlitend1 · Sep 29, 2013, 5:26 PM

I am having a horrible time with the clock on 2.1 on Hyper-V. It appears to be moving much faster than actual time. (a.k.a gains about 8 hours every day and therefore the time is getting farther and farther ahead every day. I have checked NTP service and it loads and runs. It appears to work for a few minutes after boot and then gives me the unreach/pending error under status. Restarting the service does not seem to help.

I have tried the default time servers, and many other with no noticeable differences. Any advice?

nlitend1

zootie · Sep 30, 2013, 12:43 AM

With 2.0.3, I used to see variations of 1/2 hour or more sometimes using pool.ntp.servers (even when I changed to using 1.us.pool.ntp.org, 2.us.pool.ntp.org, etc.). I ended up changing pfsense to use NIST NTP servers in the US (use the closest to you first, add a couple for good measure). This seemed to solve the problem with 2.0.3 and I haven't had issues with 2.1 so far.

Being in the West Coast, I ended up using nist1-la.ustiming.org time-nw.nist.gov nist1-chi.ustiming.org nist1-ny.ustiming.org 1.us.pool.ntp.org (added 1.us.pool.ntp.com for good measure, but is shows as outlier in the pfSense NTP status page). If in another country/continent, you might need to use a more reliable nearby list (or try a country specific list from pool.ntp.org)

I'm using the same NTP servers on the AD server, and the Hyper-V host is set to sync to the AD Infrastructure (it might be better to have the Hyper-V host sync to the NTP servers directly). Also, a common recommendation when you have a virtualized AD is to turn off guest VM time sync in Hyper-V for the AD VM, but that is not recommended by MS. More info at Ben Armstrong’s Virtualization Blog - Time Synchronization in Hyper-V.

{Edit to add link to Ben Armstrong’s Virtualization Blog}

dcgoes · Sep 30, 2013, 12:10 PM

Hello!

Thanks for sharing the virtual machine with the Integrations Services, but still seems to be unstable, I have here a link of 50Mb internet and when I do a speed test the pfSense restarts, I use here FW + Squid (NTLM) + squidGuard + OpenVPN, the machine virtual this with 10Gb Memory and 8 processors.

The problem always occurs when you have a high traffic internet, restart all the time, if I switch to version "stable" for the problem to occur, but must use the legacy network.

know how to fix?

Thanks, sorry for my English.