Hyper-V integration installed with pfSense 2.0.1

M15t4B

@Magsy:

Cool, glad you got it sorted :)

Mine has been fine although I did have an incident where I lost all configuration inside the VM, however I did cluster the hosts and mess with snapshots so I think I probably caused that.

That Supermicro box is to die for, do you know how much power that is drawing from the wall because it looks exactly like what I want! :D

I dont cluster this box but I have others that are fine with pfSense in a cluster and I have failed over a few times.
With about 10-20% cpu useage with all the power saving turned off it is currently using about 30-35 watts .3 amps with setup. I have 3 other VMs running on it with the pfSense one for a total of 4.

vivek310

After some amount of testing, have finally got a repetitive pattern. Here are the steps and conditions

1. Setup an external switch in hyper-v. The switch is mapped to a nic which is shared with the management OS (The setting "Allow Management OS to share this network adapter" setting is checked"

2. The external network has a router providing DHCP services

3. Connect any linux vm - with a legacy network adapter or a hyper-v enabled adapter to this external switch

4. Power on the linux VM - it does not get an IP address from the router. Any addition steps (like shutting down and bringing up the vm nic using ifconfig up/down does not help)

5. Connect a windows VM instead of the linux VM - it picks up an IP address without any issues.

6. On a Internal switch (A private network), everything works perfectly well.

I'm thinking there might be a bug on the external side - where the OS has to share the NIC with the OS and the VM.

Can someone test this / provide additional comments? Have some more scenarios I will be testing, will post once I'm done.

OS's / distros used for testing:

Windows - Windows 7
Linux - Backtrack 5 r3 (hyper-v network drivers), pfsense (downloaded from this thread), untangle (no hyper-v drivers, using legacy nic), zentyal (hyper-v drivers installed), ubuntu 12.04 LTS (with hyper-v drivers.)

tester_02

What does Linux have to do with pfsense?

vivek310

@tester_02:

What does Linux have to do with pfsense?

okay - any *nx / bsd variant using the ms provided synthetic drivers. Should have phrased it better :D.

serras

@Fehler20:

I used "sysctl kern.timecounter.hardware=TSC" to fix the calc runtime error.

This resolves the error outputs but makes the pfSense clock run. I get +8 hours a day.

@Magsy:

I don't know, I sync to external NTP time source so my clock is good.

I have the same issue. My clock runs with "TSC" +8 hours a day.
The service NTPd runs with 3 external ntp-servers, but it did not change the clock.
Even if I run ntpdate to bring the clock in sync and then starts NTPd, the clock runs out of sync.
@Magsy: Do you make a special config change?
Have somebody else a hint in the right direction for me?

Fehler20

Just don't use this command. The error message indicates that the VM synced the time with the Hyper-V Host. It does not influence anything else on my System (except that you should not use the pfSense box as a time Server for your Hyper-V).

alexappleton

I've been running this for a few months on various machines and haven't ran into any issues of yet.  Curious to see others reporting issues.

I've exported the VM as a complete package, zipped it up and am sharing it on skydrive.  Ready for you to import into Hyper-V 2012.  http://sdrv.ms/15jeBZ6.  Unzipped this package extracts to 5GB in size.

When you import the VM you will find that Hyper-V console will ask you to match your adapters with your virtual switch configuration.  The first adapter is hn0 in pfsense, which is the “WAN” interface.  It is also set to pick up IP address via DHCP.  The second adapter is hn1 in pfsense, which is the “LAN” interface.  It is set to default static IP address of 192.168.1.1.  You can change this via the command line menu driven option, or via the webgui.  The default username and password is set on this VM, which is admin/pfsense.

Be interested to hear any feedback, fire me an email - alex <at>northernjeep<dot>com.  I don't consider myself to be a pfsense expert, but I've set this VM months ago on a few different test beds, and basically forgot about it; it just runs away without concern.  So far my experiences with pfsense in Hyper-V have been nothing but positive.  </dot></at>

heuristik

nice work, alex.  thanks for sharing the vm.

hege

@Fehler20:

I've tested the PRERELEASE ISO and found some things which are not working:

• Traffic Sharping (no interfaces shown)

To help others to waste too much time (as I did), you can simple enable Traffic shapping with an edit in a file.

In the shell, open /etc/inc/interfaces.inc and search for "altq".
There should be an array where you just have to add the entry "hn".
After saving traffic shapping should work immediately.

@zootie thank for your great work, i test your image since jan and for me it is nearly perfect :)

Sorry for my bad english :)

vivek310

After additional testing, I think this might be an issue with the MS hyper-v drivers. Have opened up a thread on the technet forums http://social.technet.microsoft.com/Forums/en-US/w8itprovirt/thread/cef0a9db-ec2d-47fa-b71e-e7f503356913. Summarizing my findings below:

1. linux/bsd system with hyper-v drivers will not get an IP from a DCHP server through a wireless NIC (tried with two different wireless cards)
2. same vm will get itself an IP when it is connected through the wired NIC.

the "allow management os to share this interface" setting does not have any effect (however, if you uncheck this, the host machine loses connectivity to the gateway).

Will post back when I get some additional information.

vivek310

Also, just a little curious, so asking for feedback: If you had no issues with a virtualized pfsense install, could you please report how your NIC's were assigned (whether wired / wireless and shared with mgmt os or not?) on the WAN and LAN side.

Thanks

stroyerdk

@zootie:

Success!!!!!  :D

I was able to create ISOs with a Hyper-V kernel for both 2.0.x and 2.1 Beta. Both install and show no major errors and seem functional. More testing is needed, but it is a good starting point for all of us needing to have better Hyper-V support in pfSense.

I'll post more details once I get some sleep and go deal with life. In the meantime, I posted the ISOs on RapidShare:

http://rapidshare.com/files/1592931654/pfSense-LiveCD-2.0.3-PRERELEASE-amd64-hyperv-kernel-20130119-0048.zip

http://rapidshare.com/files/4194997857/pfSense-LiveCD-2.1-BETA1-amd64-hyperv-kernel-20130119-0948.zip

I have tested both of the Images that was created by zootie.

My setup is as follows:

Intel XEON E3-1220LV2
Intel Serverboard S1200 series
OS: Windows Server 2012

I have been trying to get my firewall running virtual for some time now, and with the non-synthetic drivers it was a pain…...

First off I installed the 2.1-BETA1 - this quickly became annoying, as it would crash and reboot every once i a while. I havent been digging into what was happening, as im a bit of a unix newb, and dont even know where to begin.

After about 1 week of random crashes i desided to try the other image 2.0.3-PRERELEASE. This is working perfectly and have been running without any crashes. Even rebooted my HyperV hostmashine many times without touching the PFsense VM, an everything is just working without any hickups.

/Kind Regards

mcnbdks

@heuristik:

nice work, alex.  thanks for sharing the vm.

Using alex's vm for 2 weeks. No issues for synthetic NICs detected :) Good!  But have crashed pfsense when tryed to install bandwidthd package. And there is no RRD graphs (it don't work).

Razor_FX_II

I to have random but frequent crash/reboots with 2.1-BETA1 (amd64).
It would be interesting to try one of the later releases with integrated services installed.
I was foolish enough to try and update this version and after a few hours of trying to get it to run again and failed, I reloaded my install in less than 5 minutes.
It's such a tease to almost have the answer to so many admin's prayers.

asmat

@Razor_FX_II:

I to have random but frequent crash/reboots with 2.1-BETA1 (amd64).
It would be interesting to try one of the later releases with integrated services installed.
I was foolish enough to try and update this version and after a few hours of trying to get it to run again and failed, I reloaded my install in less than 5 minutes.
It's such a tease to almost have the answer to so many admin's prayers.

Tell me about it. I was this || close using it on a production level. But that wouldn't be very responsible isn't it?

Razor_FX_II

I have the version pfSense-LiveCD-2.1-BETA1-amd64-hyperv-kernel-20130119-0948 installed on a two 2008 R2 Datacenters and as I posted above had reboot issues with it, I was looking at the System Logs at about the time it rebooted to see if there was anything to point me in the right direction and I noticed the familiar "RRD graphs responding to fast" and thinking that the version pfSense-LiveCD-2.0.3-PRERELEASE-amd64-hyperv-kernel-20130119-0048 had no RRD graphs unless reinstalled I thought perhaps there is a connection.

So I disabled RRD graphs in each of the installs and have been running for over 24 hours without a single hiccup.
Before trying this both routers wouldn't make it an hour without rebooting.

I hope this helps.

srnoth

@alexappleton:

I've been running this for a few months on various machines and haven't ran into any issues of yet.  Curious to see others reporting issues.

I've exported the VM as a complete package, zipped it up and am sharing it on skydrive.  Ready for you to import into Hyper-V 2012.  http://sdrv.ms/15jeBZ6.  Unzipped this package extracts to 5GB in size.

When you import the VM you will find that Hyper-V console will ask you to match your adapters with your virtual switch configuration.  The first adapter is hn0 in pfsense, which is the “WAN” interface.  It is also set to pick up IP address via DHCP.  The second adapter is hn1 in pfsense, which is the “LAN” interface.  It is set to default static IP address of 192.168.1.1.  You can change this via the command line menu driven option, or via the webgui.  The default username and password is set on this VM, which is admin/pfsense.

Be interested to hear any feedback, fire me an email - alex <at>northernjeep<dot>com.  I don't consider myself to be a pfsense expert, but I've set this VM months ago on a few different test beds, and basically forgot about it; it just runs away without concern.  So far my experiences with pfsense in Hyper-V have been nothing but positive.</dot></at>

Been using this image for over about a month now with zero stability issues. Current up time is 18 days. Great work!

hege

i have issues when using the squid proxy, but so it works very nice!

Thanks for sharing the image!

hege

Almost 10000 views  ;D

@zootie
would it be possible that you make us a new 2.0.3 release image?

I tried it several times with your description, but failed with strange kernel issues.

kanylbullen

This is awesome!

I have been running pfSense at a customer for a couple of years and now that we have vitualized all the servers in Hyper-V I was keen on getting rid of the decade-old IBM-thinkcentre running pfSense.

I can report that I have clustered the pfSense-VM on a Hyper-V 2012 failover cluster with a CSV Volume and when doing a live-migration of pfSense between the nodes I don't lose a single ping at the pfSense console from the internet and only 1 ping is at the clients on the internal network from pfSense and the internet.

I am still struggling with the decision whether to actually use pfSense instead of a commercial alternative with support options, since I got no troubleshooting skills with either pfSense or *nix if anything stops working.