Hyper-V integration installed with pfSense 2.0.1
-
Hi PollyPy
Which procedure you use to create your pfsense-Hyper-V builds? Do you have a step-by-step manual which is understandable for a Linux dummie like me?
http://forum.pfsense.org/index.php/topic,56565.msg308223.html#msg308223
-
Hi,
Have you 2.1-RC1-HV.ISO?
Thanks
-
If I try to Update system or install Packages the system crash during download.
Panic String: sleeping thread
Dump Parity: 2933982801
Bounds: 0
Dump Status: goodIf I include kern.timecounter.hardware=TSC the clock was wrong
I tested any versions with hyper-v patches.
-
If I try to Update system or install Packages the system crash during download.
Panic String: sleeping thread…
If I include kern.timecounter.hardware=TSC the clock was wrongkern.timecounter.hardware=TSC can happen, when your cpu change its frequency - change back to the old one and live with the log messages…
Panic String: sleeping thread...
thats a strange issue, sometimes I get this error too - i posted something about that already.You dont should try to update or install packages over your wan nic (i did that)
-
I tested package install in hyper-v on I3-2120 processor and get Kernel Panic, but I did this in hyper-v on Xeon-X5675 and didn´t get Kernel Panic.
-
I did a new build with the Hyper-V kernel of pfSense versions 2.0.3p1 and 2.1 RC2 with the source as of 20130904.
Taking PollyPy lead, I posted it on SkyDrive and on RapidShare and I'm using URL shortening (to be able to redirect it in the future to newer builds, since I can't edit older posts to update the links - if an admin reads this, you might want to edit older posts or we might want to put these links in a sticky thread so they're easier to find).
-
Rapidshare: http://sn.im/27sh5kx (limited to about 10 downloads a day, so try again if you can't get it).
-
Skydrive: http://goo.gl/mBhK46 (using Google shortening since SnipURL doesn't let you redirect to SkyDrive, I won't be able to update it to redirect to a new version later, so keep watching this thread).
I posted a single 7z file with both ISOs, so it is less confusing.
I tested both for a couple days and only had a couple issues:
-
On 2.0.3p1, I had to re-install rrdtool (run pgk_add -r rrdtool)
-
On 2.1RC2, I had to Reset RRD Data (while there were graphs, they were empty)
The 2.1RC2 install seems to be working great and I'll probably move to it permanently.
-
-
SO HAPPY to see 2.1-RELEASE is available now. :) Currently running 2.1RC0, but looking to upgrade to the RELEASE. I've tried, unsuccessfully, to create an update/latest edition. Loving Pfsense in Hyper-V! Looking forward to moving beyond these incremental 2.1 releases and having the "final" 2.1 edition to troubleshoot with everyone.
nlitend1
-
Admin edit: Removed outdated, incorrect advice others were linking to. Everyone using Hyper-V should be using 2.2 (or newer if available, if you're reading this in the future).
-
AFAIK, you can't use these ISOs as an update source.
As you suggest, I usually make a backup of the config of the current router. Then use the ISO to make a clean install on a new VM (use a fixed size VHD, add 2 synthetic network adapters), give it an unused IP in your LAN, and connect to it using the WebConfigurator and restore the backup config (shutdown existing router before clicking on restore to avoid having duplicate IPs - also make sure to configure mac spoofing on the VM network card if it applies).
You just have to make sure to match the interfaces to the correct virtual network card, that you assign them the same way you had them on your prior router in the VM Hyper-V config. Or you can edit the config XML file manually.
If coming from a pre-Hyper-V VM with legacy adapters, the config file will have it's interfaces named de0, de1, etc.; and it will have an interface mismatch with the synthetic adapters (hn0, hn1, …), so it will prompt you what interface corresponds to which network port. Or you might have to edit the config using the "Assign Interfaces" option in the console menu.
-
hi!
i'm still on 2.0.3 with no problems so far (except ntp time client errors appearing during boot process sometimes).
anybody can comment how stable 2.1 release is at this moment?
essentially, interfaces are working properly with traffic shaper in 2.1? ntp errors still appearing during boot?
in advance, thx for all the hyper-v compiled images!
-
Icmp on the wan side doesn't work for me.
I've created a new rule in the firewall, but it doesn't seem to work.
Does someone have the same problem?
-
I'm up and running with pfsense on hyper-v 2012. Here is my question, i've enabled trunk mode on the hyper-v nic and pfsense doesn't seem to want to see that as a vlan-capable interface. So my question is, with 2.1 is there an easy fix for that? is that feature coming in 2.2?
-
gemmiu,
ICMP on the WAN side is working fine for me, using a rule as described in http://www.cdavis.us/wiki/index.php/Allow_WAN_ICMP_requests_with_pfsense.darkytoo,
As you point out, the synthetic driver doesn't seem to support vlans (you'd have to specify a single vlan in the host). It would be up to the FreeBSD team working on the integration services drivers to add this functionality to the codebase, and for it to make it into pfsense (far too early to talk versions).(Just to write it down, since it's an interesting nugget of info for future use) By "enabled trunk mode", I'm guessing you mean you used PowerShell to configure the vnic and vlans being passed to the VM? As described in VLAN Tags and Hyper-V Switches:
Add-VMNetworkAdapter -SwitchName Switch -VMName "VmName" -Name "TrunkNic" Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "100,101" -VMName "VmName" -VMNetworkAdapterName "TrunkNic" -NativeVlanId 1
-
gemmiu,
ICMP on the WAN side is working fine for me, using a rule as described in http://www.cdavis.us/wiki/index.php/Allow_WAN_ICMP_requests_with_pfsense.darkytoo,
As you point out, the synthetic driver doesn't seem to support vlans (you'd have to specify a single vlan in the host). It would be up to the FreeBSD team working on the integration services drivers to add this functionality to the codebase, and for it to make it into pfsense (far too early to talk versions).(Just to write it down, since it's an interesting nugget of info for future use) By "enabled trunk mode", I'm guessing you mean you used PowerShell to configure the vnic and vlans being passed to the VM? As described in VLAN Tags and Hyper-V Switches:
Add-VMNetworkAdapter -SwitchName Switch -VMName "VmName" -Name "TrunkNic" Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "100,101" -VMName "VmName" -VMNetworkAdapterName "TrunkNic" -NativeVlanId 1
correct. Basically I have a ESX server here specifically to host PFsense due to the VLAN trunking issue and the compatibility. Now that the compatibility has been ironed out for the most part, I was hoping to remove ESX and host it on hyper-v. So i enabled the VLAN trunking in powershell and see that the trunking doesn't work anyway, little aggravating. I spent a couple of hours trying to find an alternative with the pfsense features that would be more compatible and failed, so now i'm going to try and pair-down my VLAN usage and just add a bunch of NICs to the VM and limp along until I find an alternative or the issue is fixed in pfsense.
-
I am having a horrible time with the clock on 2.1 on Hyper-V. It appears to be moving much faster than actual time. (a.k.a gains about 8 hours every day and therefore the time is getting farther and farther ahead every day. I have checked NTP service and it loads and runs. It appears to work for a few minutes after boot and then gives me the unreach/pending error under status. Restarting the service does not seem to help.
I have tried the default time servers, and many other with no noticeable differences. Any advice?
nlitend1
-
With 2.0.3, I used to see variations of 1/2 hour or more sometimes using pool.ntp.servers (even when I changed to using 1.us.pool.ntp.org, 2.us.pool.ntp.org, etc.). I ended up changing pfsense to use NIST NTP servers in the US (use the closest to you first, add a couple for good measure). This seemed to solve the problem with 2.0.3 and I haven't had issues with 2.1 so far.
Being in the West Coast, I ended up using nist1-la.ustiming.org time-nw.nist.gov nist1-chi.ustiming.org nist1-ny.ustiming.org 1.us.pool.ntp.org (added 1.us.pool.ntp.com for good measure, but is shows as outlier in the pfSense NTP status page). If in another country/continent, you might need to use a more reliable nearby list (or try a country specific list from pool.ntp.org)
I'm using the same NTP servers on the AD server, and the Hyper-V host is set to sync to the AD Infrastructure (it might be better to have the Hyper-V host sync to the NTP servers directly). Also, a common recommendation when you have a virtualized AD is to turn off guest VM time sync in Hyper-V for the AD VM, but that is not recommended by MS. More info at Ben Armstrong’s Virtualization Blog - Time Synchronization in Hyper-V.
{Edit to add link to Ben Armstrong’s Virtualization Blog}
-
Hello!
Thanks for sharing the virtual machine with the Integrations Services, but still seems to be unstable, I have here a link of 50Mb internet and when I do a speed test the pfSense restarts, I use here FW + Squid (NTLM) + squidGuard + OpenVPN, the machine virtual this with 10Gb Memory and 8 processors.
The problem always occurs when you have a high traffic internet, restart all the time, if I switch to version "stable" for the problem to occur, but must use the legacy network.
know how to fix?
Thanks, sorry for my English.
-
Try and give us more details on your HW and host, so someone with a similar setup might help (and so when developers/testers read this thread, they know what to look for).
What CPU family and model? It sounds like an octa-core. How much memory assigned to pfSense? What OS on the host? What network card? Is it teamed? What type of teaming technology (for example, Broadcom BACS/BASP, Intel ANS, or Win 2012 LBFO)? VLANs? Are you using VMQ and/or SR-IOV? Any other hardware acceleration options in use?
Just a stab in the dark. If your network card supports it, you might want to try with and w/o hardware acceleation, to see if that has an impact.
-
I am having a horrible time with the clock on 2.1 on Hyper-V. It appears to be moving much faster than actual time. (a.k.a gains about 8 hours every day and therefore the time is getting farther and farther ahead every day. I have checked NTP service and it loads and runs. It appears to work for a few minutes after boot and then gives me the unreach/pending error under status. Restarting the service does not seem to help.
I have tried the default time servers, and many other with no noticeable differences. Any advice?
nlitend1
Well it appears to be a weird issue/conflict with traffic shaping. Does anyone have traffic shaping (particularly HSFC) working in pfsense on hyper-v and have NTP working?
NTP syncs just fine without traffic shaping enabled.
To enable traffic shaping (as previously discussed on page 6 of this thread) you need to add "hn" to /etc/inc/interfaces.inc in order to the the interfaces to show up for traffic shaping. The single lan muli-WAN wizard completes just fine, however after the changes are applied, all new connections don't work…aka, cannot browse to any new webpages etc....I found out that specifying the bandwidth of the LAN interface (in my case 1000Mb/s) seemingly fixes that issue and allows new connections to be made. At that point status->queues shows traffic being routed correctly. However, NTP is broken at that time and NTP status is then unreach/pending. I have tried numerous external ntp servers and even setup my local server as a NTP server to test and it does not work locally either.
Any ideas? Thanks.
nlitend1
-
Try and give us more details on your HW and host, so someone with a similar setup might help (and so when developers/testers read this thread, they know what to look for).
What CPU family and model? It sounds like an octa-core. How much memory assigned to pfSense? What OS on the host? What network card? Is it teamed? What type of teaming technology (for example, Broadcom BACS/BASP, Intel ANS, or Win 2012 LBFO)? VLANs? Are you using VMQ and/or SR-IOV? Any other hardware acceleration options in use?
Just a stab in the dark. If your network card supports it, you might want to try with and w/o hardware acceleation, to see if that has an impact.
Hardware Configurations:
S.O. Windows 2012 STD
Host Hyper-v
PowerEdge 420
2. Xeon E5-2430 8.4 Ghz
98 Memory
12 Network Adapters Broadcom NetXtreme Gigabit EthernetVirtual Machine
30GB HDD
10GB Memory
3 Network Adapters Broadcom NetXtreme Gigabit Ethernet (dedicated) VMQ DisableToday I installed pfSense on physical machine, it worked perfectly. The problem is I have about 20 servers on Hyper-V, need to fix this problem, whenever I test speed and high traffic, the server shuts down by itself.
Thanks,
dcgoes