How to connect 2 Vswitches with Pfsense?



  • Hi,

    I'm trying without success to connect 2 Vswitches with Pfsense.

    My configuration is on the following links:

    ESXI networking
    http://imageshack.us/photo/my-images/708/x6qt.jpg/

    Pfsense Dashboard
    http://imageshack.us/photo/my-images/4/08e5.jpg/

    pfsense gateway
    http://imageshack.us/photo/my-images/59/7nrb.jpg/

    pfsense static routes
    http://imageshack.us/photo/my-images/29/d9z9.jpg/

    My goal is to have the Vswitch 0 communicates with the Vswitch1.Vswitch has a virtual machines that will have the ip address 10.1.1.1

    The  2 Switches have to be on 2 different networks.

    192.168.172.153 displayed in the Pfsense dahsbaord gateway is one of my VM,NCDC1,on the Vswitch 0.

    Thank you for your help


  • LAYER 8 Global Moderator

    You only show 1 interface in pfsense Wan..

    You need to have interface on each vswitch in pfsense..

    here is mine - see my multiple vswitches, where pfsense has an interface in each vswitch..  Lan, Wlan and DMZ - all on different networks 192.168.x.0/24.. Along with my WAN which gives them all internet.  Now 2 of mine lan and wlan are tied to physical networks via a physical nic in the host.  But you could also just all be other vms tied to the vswitches.








  • Thank you for your answer.

    I understand what you are saying.

    I need  at least 2 interfaces ,one for the LAN and one for the WAN.

    I changed some settings but I don't have anymore access to the interface GUI

    I have a Dynamic ip address for information and only one network physical card on my computer.

    For the WAN, I read that's the address that gives me access to the internet but which one do I have to choose in ESXI?Is it the one on below in the attached file called "network adapater ESXI"?

    Can I add the  ip address for the WAN with the Console as I don't have anymore access to the GUI?
    Thank you

    ![Pfsense Console.jpg](/public/imported_attachments/1/Pfsense Console.jpg)
    ![Pfsense Console.jpg_thumb](/public/imported_attachments/1/Pfsense Console.jpg_thumb)
    ![Pfsense networking.jpg](/public/imported_attachments/1/Pfsense networking.jpg)
    ![Pfsense networking.jpg_thumb](/public/imported_attachments/1/Pfsense networking.jpg_thumb)
    ![network adapater ESXI.JPG](/public/imported_attachments/1/network adapater ESXI.JPG)
    ![network adapater ESXI.JPG_thumb](/public/imported_attachments/1/network adapater ESXI.JPG_thumb)


  • LAYER 8 Global Moderator

    Dude now you have your wan and lan on the same network??

    No you don't need a WAN if you don't want one.. You can call them anything you want, by default though if you bring up pfsense as native its going to be doing nat between your wan and your lan interface..

    If you want pfsense to route or firewall between networks – you going to have to have more than 1 ;)  In your first setup you had only 1 interface..

    Here is your question
    "I'm trying without success to connect 2 Vswitches with Pfsense."

    Then put lan in pfsense connected to one, and your opt1 interface connected to another.. There you go they are connected..  Now setup pfsense to be the gateway off each network you setup on vm's or physical devices connected to those vswitches..



  • Thank you but what address do I have to enter for the wan ?
    I have tried with my dynamic ip address but its not working.
    I still can't have access to the GUI.

    ![Pfsense Console.jpg](/public/imported_attachments/1/Pfsense Console.jpg)
    ![Pfsense Console.jpg_thumb](/public/imported_attachments/1/Pfsense Console.jpg_thumb)


  • LAYER 8 Global Moderator

    Once you use more than 1 interface you can not access the gui of pfsense from wan.  Without modification of the wan rules, etc.

    Connect its lan to your physical network..  Then you can access the gui. Connect the wan to something some dummy switch if you want.

    So lan on your physical network that your switch is on.. So lan will be the same network your physical lan is on.. Then connect opt1, opt2, etc.. for your other vswitches that vms will be connected too.

    If once you have your vms working - then you modify your wan rules to allow gui access, and move your wan interface of pfsense to your physical network.  Then your vms could use pfsense to get out..  You be double natting this way, unless you turned that off in pfsense.



  • Thank you for the answer.
    I spent all day,yesterday  and the day before trying to make pfsense working and it doesnt.
    I really feel like to give up.
    sometimes, I can have access to the GUI when I reset to the factory settings and after a while, I don’t have access anymore.

    There is the steps after a factory reset:

    wan em1  none

    lan em0    192.168.1.1
    Result : no access to the GUI

    ==========================
    Modification by assigning the interfaces with option 1

    wan emo 192.168.1.1

    lan em1 none
    Result : no access to the GUI

    Then I select option 2 set interface ip address

    new ip for the WAN : 192.168.172.252
    subnet mask 24

    do u want to revert to http as the webconfigurator protocol? N

    Then I have access to the GUI (for a while…)

    after, anytime when I select the option 2 to set up the LAN interface, I entered a local address like 192.168.172.252 for the LAN  to have access to the GUI, pfsense send me the message i have access to the webconfigurator with the address 192.168.172.252 but it’s not working.

    But when I set up the WAN interface with the dynamic ip address from the provider 178.167.x.x, pfsense send me the same message saying I i have access to the webconfigurator to the address 178.167.x.x and I don’t have access to the GUI

    That drives me completely crazy


  • LAYER 8 Global Moderator

    What is your physical network address space?? Your computer your connecting to esxi on is what IP address and mask.. What is esxi network and mask?  From your picture shows vmkern on 192.168.172.129, so this 192.168.172.252 you want to give to pfsense is open - there is nothing else using this?  And the LAN interface of pfsense is connected to LAN vswitch?

    Connect pfsense to your lan vswitch and wan vswitch.. Sometimes it is helpful to alter the MAC of the interfaces in esxi on the vm your setting up so you know for SURE which nic is which inside the os your setting up.. For example.. I made mine

    00:50:56:00:00:01 and 00:50:56:00:00:02

    So I know exactly which one is lan and which one is wan

    So make sure you connect lan to lan vswitch and wan to your wan that currently from your picture goes NO WHERE..

    Let pfsense wan just fail for now.. Get access to the GUI!!

    Then once you have that working you can setup the firewall to allow access to the gui from you wan side.  And change your IP of your wan in pfsense to allow access to the gui

    http://doc.pfsense.org/index.php/How_can_I_access_the_webGUI_from_the_WAN%3F

    If you give me access via teamviewer and your PC that has access to your esxi host - we could have this up and running in like 5 minutes..



  • no, there is nothing else using the 192.168.172.252.
    I check for the mac address for Pfsense in ESXI to see which one is linked to the WAN and the LAN.
    I really appreciate your help, that's very nice.
    I knew Logmein but never used teamviewer.
    I have just installed it.
    I can  send you a pm if you want to connect on my PC (this is the one with ESXI installed)


  • LAYER 8 Global Moderator

    About to eat dinner - if get some time later I will let you know.

    Trmw wile at work I prob have more time ;)



  • no worries, we can do it tomorrow, there is no rush .Thanks again form your help,I really do appreciate!!
    Enjoy ur meal  :)


  • LAYER 8 Global Moderator

    So I got in via teamviewer and got him all setup.

    He was running esxi inside workstation so a nested setup.  So I think that is where he was having issues, he had esxi vmkern connected to the vmplayer nat network, etc. etc..

    Long story short, connected his esxi vmkern to his physical network via the bridged network in workstation.

    This allowed pfsense to get a IP on his network - he is connected via 3G dongle on this phone or something so it was a big odd, and the teamviewer connection was a bit laggy since he only connected at 3g, etc..

    So to start we setup the lan of pfsense connect to the vswitch that ties to his box so we could get to pfsense gui.  Then after editing the wan firewall rules to allow access to the gui.  We swapped the connections to that pfsense wan was connected to his physical network connected through his vmware workstation bridge..

    Then we got in and setup another vswitch for lan and lan1 in pfsense with network 10.1.1.0/24 and 10.1.2.0/24 and connected interfaces in pfsense to these vswitches.  Connected his other vms to the switches - and good to go.

    We did run into a bit of a problem where I locked my self out by editing the wan firewall rule vs lan1 when lan1 was not working because set to tcp only vs any so that ping and udp (dns worked)

    Took a bit to figure out why pfsense on 10.1.2.1 could ping his vm that got an IP via dhcp, but his vm could not ping pfsense or do dns..

    But over all went pretty smooth having to deal with the TV lag, me bouncing off my home box and then tv to his box only connected via 3g in ireland.

    Overall I think he is happy, and fun to help a new user get going with pfsense.



  • I have to say, johnpoz had been very helpful,mailny with my sloooooow 3G connection :-)
    I'm very happy with all the job he did and ready to start again!! :-)))))))
    looks like there is plenty of possibilities to set up pfsense, it might(will?!) take a while to study it but feel confident about that.


Log in to reply