How to connect 2 Vswitches with Pfsense?
-
Dude now you have your wan and lan on the same network??
No you don't need a WAN if you don't want one.. You can call them anything you want, by default though if you bring up pfsense as native its going to be doing nat between your wan and your lan interface..
If you want pfsense to route or firewall between networks – you going to have to have more than 1 ;) In your first setup you had only 1 interface..
Here is your question
"I'm trying without success to connect 2 Vswitches with Pfsense."Then put lan in pfsense connected to one, and your opt1 interface connected to another.. There you go they are connected.. Now setup pfsense to be the gateway off each network you setup on vm's or physical devices connected to those vswitches..
-
Thank you but what address do I have to enter for the wan ?
I have tried with my dynamic ip address but its not working.
I still can't have access to the GUI.
 -
Once you use more than 1 interface you can not access the gui of pfsense from wan. Without modification of the wan rules, etc.
Connect its lan to your physical network.. Then you can access the gui. Connect the wan to something some dummy switch if you want.
So lan on your physical network that your switch is on.. So lan will be the same network your physical lan is on.. Then connect opt1, opt2, etc.. for your other vswitches that vms will be connected too.
If once you have your vms working - then you modify your wan rules to allow gui access, and move your wan interface of pfsense to your physical network. Then your vms could use pfsense to get out.. You be double natting this way, unless you turned that off in pfsense.
-
Thank you for the answer.
I spent all day,yesterday and the day before trying to make pfsense working and it doesnt.
I really feel like to give up.
sometimes, I can have access to the GUI when I reset to the factory settings and after a while, I don’t have access anymore.There is the steps after a factory reset:
wan em1 none
lan em0 192.168.1.1
Result : no access to the GUI==========================
Modification by assigning the interfaces with option 1wan emo 192.168.1.1
lan em1 none
Result : no access to the GUIThen I select option 2 set interface ip address
new ip for the WAN : 192.168.172.252
subnet mask 24do u want to revert to http as the webconfigurator protocol? N
Then I have access to the GUI (for a while…)
after, anytime when I select the option 2 to set up the LAN interface, I entered a local address like 192.168.172.252 for the LAN to have access to the GUI, pfsense send me the message i have access to the webconfigurator with the address 192.168.172.252 but it’s not working.
But when I set up the WAN interface with the dynamic ip address from the provider 178.167.x.x, pfsense send me the same message saying I i have access to the webconfigurator to the address 178.167.x.x and I don’t have access to the GUI
That drives me completely crazy
-
What is your physical network address space?? Your computer your connecting to esxi on is what IP address and mask.. What is esxi network and mask? From your picture shows vmkern on 192.168.172.129, so this 192.168.172.252 you want to give to pfsense is open - there is nothing else using this? And the LAN interface of pfsense is connected to LAN vswitch?
Connect pfsense to your lan vswitch and wan vswitch.. Sometimes it is helpful to alter the MAC of the interfaces in esxi on the vm your setting up so you know for SURE which nic is which inside the os your setting up.. For example.. I made mine
00:50:56:00:00:01 and 00:50:56:00:00:02
So I know exactly which one is lan and which one is wan
So make sure you connect lan to lan vswitch and wan to your wan that currently from your picture goes NO WHERE..
Let pfsense wan just fail for now.. Get access to the GUI!!
Then once you have that working you can setup the firewall to allow access to the gui from you wan side. And change your IP of your wan in pfsense to allow access to the gui
http://doc.pfsense.org/index.php/How_can_I_access_the_webGUI_from_the_WAN%3F
If you give me access via teamviewer and your PC that has access to your esxi host - we could have this up and running in like 5 minutes..
-
no, there is nothing else using the 192.168.172.252.
I check for the mac address for Pfsense in ESXI to see which one is linked to the WAN and the LAN.
I really appreciate your help, that's very nice.
I knew Logmein but never used teamviewer.
I have just installed it.
I can send you a pm if you want to connect on my PC (this is the one with ESXI installed) -
About to eat dinner - if get some time later I will let you know.
Trmw wile at work I prob have more time ;)
-
no worries, we can do it tomorrow, there is no rush .Thanks again form your help,I really do appreciate!!
Enjoy ur meal :) -
So I got in via teamviewer and got him all setup.
He was running esxi inside workstation so a nested setup. So I think that is where he was having issues, he had esxi vmkern connected to the vmplayer nat network, etc. etc..
Long story short, connected his esxi vmkern to his physical network via the bridged network in workstation.
This allowed pfsense to get a IP on his network - he is connected via 3G dongle on this phone or something so it was a big odd, and the teamviewer connection was a bit laggy since he only connected at 3g, etc..
So to start we setup the lan of pfsense connect to the vswitch that ties to his box so we could get to pfsense gui. Then after editing the wan firewall rules to allow access to the gui. We swapped the connections to that pfsense wan was connected to his physical network connected through his vmware workstation bridge..
Then we got in and setup another vswitch for lan and lan1 in pfsense with network 10.1.1.0/24 and 10.1.2.0/24 and connected interfaces in pfsense to these vswitches. Connected his other vms to the switches - and good to go.
We did run into a bit of a problem where I locked my self out by editing the wan firewall rule vs lan1 when lan1 was not working because set to tcp only vs any so that ping and udp (dns worked)
Took a bit to figure out why pfsense on 10.1.2.1 could ping his vm that got an IP via dhcp, but his vm could not ping pfsense or do dns..
But over all went pretty smooth having to deal with the TV lag, me bouncing off my home box and then tv to his box only connected via 3g in ireland.
Overall I think he is happy, and fun to help a new user get going with pfsense.
-
I have to say, johnpoz had been very helpful,mailny with my sloooooow 3G connection :-)
I'm very happy with all the job he did and ready to start again!! :-)))))))
looks like there is plenty of possibilities to set up pfsense, it might(will?!) take a while to study it but feel confident about that.
