Hyper-V ICS 1.0 (w/Synthethic Network Driver) for pfSense 2.1 & 2.1.1



  • Here is the latest version of the Hyper-V 1.0 drivers for FreeBSD 8.3 compiled specifically for pfSense 2.1 (Release) and 2.1.1 (Prerelease).

    If you had issues with the old drivers, please give the new drivers a try and let us know how they work in your environment. Try and describe your environment (Hyper-V and Windows version, network card versions, teaming technology in use, hardware acceleration options, etc.)

    These drivers have been greatly improved since the initial Summer 2012 (that was used in the all prior methods to enable the drivers in pfSense), and have been included in FreeBSD 10.0 (and are available for FreeBSD 8.3) and are the best version available as of Jan 2014. They needed to be recompiled in the pfSense builder environment for them to work with pfSense (the original drivers compiled in a normal FreeBSD 8.3 installation cause pfSense to crash as soon as you try and access the network interfaces).

    I include the precompiled kernel modules in the attached zip, and I preconfigured a basic pfSense 2.1 Hyper-V VM and uploaded it to SkyDrive and Rapidshare:

    • Skydrive/OneDrive: REDACTED

    • Rapidshare: REDACTED

    limited to about 20 downloads a day, so try again if you can't get it).

    This basic VM has WAN assigned to hn0 and LAN to hn1.

    The only issues I've noticed (all minor so far):

    • If you use MAC address spoofing on an interface (ie, you configure a custom MAC address in pfSense), you have to enable MAC address spoofing on all the interfaces. The basic VM has MAC spoofing configured on both interfaces.

    • You still see the "calcru: runtime went backwards" message on the console. Usually a few times when you just boot, and it stops.

    So far, I haven't been able to integrate the drivers into a pfSense installation ISO, but having a pre-configured VM is probably easier, and having the modules separated also makes it easier to use commonly available ISOs to customize your pfSense installation.

    The kernel modules work with both pfSense 2.1 and with pfSense 2.1.1 Prerelase (as of 20140221, likely will keep working with Prerelease versions).

    Getting started

    Option A. Preconfigured VM

    This is the easiest option.

    • Download the preconfigured VM from SkyDrive or RapidShare

    • Extract the 7z and import the VM it into your Hyper-V installation

    • If you already have a pfSense router, backup your configuration and shutdown your pfSense router

    • Make any Hyper-V configuration changes specific to your environment (virtual switch, VLANs, etc.)

    • Start the new VM

    • If you don't have WAN on hn0 and LAN on hn1, assign interfaces

    • Assign the LAN IP

    • Use the WebConfigurator to restore your XML configuration

    Option B. Precompiled Kernel Modules

    In case you want to specify your own setting when configuring the initial pfSense VM (disk size and partitions, memory, etc.)

    • Download the zip file attached to this post (the files are also included in the 7z on SkyDrive/RapidShare)

    • Extract the files

    • Create a new VM with 2 Legacy Network Adapters using a pfSense 2.1 or 2.1.1 ISO downloaded from pfSense.com. Do not use an ISO with the Summer 2012 drivers - don't use older ISOs created by me or PollyPy or older alexappleton kernels from the older thread

    • Create and configure GEOM labels, as described in Labeling Disk Devices. First boot in single user mode, and if using the default partitioning scheme, use these commands

    cat /etc/fstab
    /sbin/glabel label rootfs /dev/ad0s1a
    /sbin/glabel label swap /dev/ad0s1b
    
    • Don't forget to modify your /etc/fstab to use the labels you created in single user mode above

    • If you're going to use SSH to copy files, you will need to reset the legacy interfaces. If you're using DHCP on the WAN interface connected to de0:

    ifconfig de0 down
    ifconfig de0 up
    dhclient de0
    ifconfig de1 down
    ifconfig de1 up
    
    • Copy the kernel modules into this new VM into /boot/modules. You can use a FAT or FAT32 formatted VHD or (easier) enable SSH on pfSense and use WinSCP to copy the files

    • Set the file permisions for the modules to executable

    chmod +x /boot/modules/hv_*.ko
    
    • Edit /boot/loader.conf, load the modules
    hv_vmbus_load="YES"
    hv_utils_load="YES"
    hv_netvsc_load="YES"
    hv_storvsc_load="YES"
    hv_ata_pci_disengage_load="YES"
    
    • Shutdwon the VM and remove Legacy Network Adapters

    Option C. Compile your own kernel modules

    If you want to compile the kernel modules from source and have access to the pfsense-tools repository.

    • You'll need to follow the instructiosn in DevelopersBootStrapAndDevIso to configure a pfSense builder machine (or VM).

    • Make sure to set the version you want to use and build an ISO to make sure the builder is working properly

    • Copy the code patch file (included in the zip) to the pfSense tools RELENG_8_3 patches directory (or the directory of the version you want to use). The patch is specific to 8.3, you might need a different file for 10.x if you are trying to build a pfSense 2.2 alpha or if you're targeting a different FreeBSD version

    • Modify the RELENG_2_1 or RELENG_2_2 patches list to add "-p1~~hyperv-ic-1.0.diff~"

    • Modify pfsense_local.sh, add "hyperv" to the list of MODULES_OVERRIDE of the version you want to build

    • Try and build  an ISO. While it won't generate the ISO, it will compile the source and generate the the hv_*.ko files

    pfSensewHyperv-ics_1.0_KernelModules.zip.txt



  • Hi, big big thanks,

    i used the preconfigured VM and restored my settings - I know that it is too early to say this,
    but as far as i can see, it works much better (can't reproduce a "sleeping thread" error.

    I'll test your VM with more systems during the next week.

    Because you can't use traffic shapping by default, you still have to add "hn" to /etc/inc/interfaces.inc (see here )

    Great work!

    –----
    Testing system: Hyper-V 2012 R2 | AMD | 1GiB Ram | 2xNIC (Gbit) | 100Mbit Internet



  • Thank you Zootie!

    I used your vhd file and attached it to my vm so I didn't have to mess with MAC address issues.
    Fired it up, restored my config then updated to the latest 2.1.1 snap and it's been running fine for 10 hours so far.
    It definitely seems better, but will need to run for a few days to be sure.

    Thanks again!


  • Banned

    zootie, you'd better remove your VHDs before you receive "the most polite letter possible via the law firm". You know, you can only provide "genuine pfSense® software". Not kidding ya.  ::)

    BTW, your Option C is useless due to actions taken by the pfSense guys, which they apparently wish to continue. You know, they think noone should have access to the build tools repo, unless it's "subject to certain contractual obligations". Otherwise you're gonna get accused exactly like the poor guy who built an early v2.2 image and posted that on the forum. And you'll become a horrible offender who "built something that clearly was not “pfSense”, named it “pfSense 2.2”, violating our registered trademark, and then announced on the pfSense forum with an adulterated logo."

    This project has become a pile of legal BS.  >:( >:( >:(



  • If requested, I'll promptly remove the VHD (no need of lawyers, just an admin post here - hopefully this thread won't be removed). In the meantime, I believe I'm complying with the spirit of the post: It's an effort to contribute to the community. I'm providing the community a most useful feature specific to their HW platform (Hyper-V), I'm not modifying the pfSense trademark, I'm giving full attribution to the project, I'm providing all the information needed so the feature can be added to the project in the future, and I'm asking the community to test it and document their experiences on a public forum (so the project has all the information available).

    Option C might not be operational right now unless you have access to the pfsense-tools repository, or until it is brought back (with restrictions). I just wanted to write the instructions down so contributors can try and incorporate the modules into the build process in the future.



  • @timotl:

    Thank you Zootie!

    I used your vhd file and attached it to my vm so I didn't have to mess with MAC address issues.
    Fired it up, restored my config then updated to the latest 2.1.1 snap and it's been running fine for 10 hours so far.
    It definitely seems better, but will need to run for a few days to be sure.

    Thanks again!

    I tried to manually update to the latest snapshot but when hitting the upgrade button nothing happens and 10 seconds later it times out.

    Maybe im using the wrong file?



  • Afraid I'm not much help there.
    The config I restored already had the snapshot server as an upgrade source.
    I just did the auto upgrade when it offered.



  • mylle,

    First, Let's check some basics. Is it connecting to the Internet? Are you able to ping google.com from the pfSense VM console? Are you able to ping pfSense's LAN IP from other hosts on your LAN? Confirm if you are using the native NICs (hn0 and hn1) or Legacy NICs (de0 and de1).

    As timotl points out, his/her existing XML config has the snapshot server as an upgrade source, so the VM installation got upgraded to a 2.1.1 pre-release build. The basic VM I posted is 2.1 Release and it says it is on the latest version. Unless you need something specific to 2.1.1 (or just want to to test it), you don't need to update it.

    If you still want to use 2.1.1, you'd need to either setup your own VM using a 2.1.1 ISO and install the kernel modules manually (Option B), or on a 2.1 installation (like the basic VM in the 7z) you'd need to change the Updater Settings (under System/Firmware on the WebConfigurator) to use a custom URL "http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/amd64/pfSense_RELENG_2_1/.updaters/" - Just have in mind that this is an automatic nightly build: you don't know how stable the prerelease version will be and you might be the only one using it until there is an actual 2.1.1 RC Pre-Release.



  • Hi Zootie,

    Thanks for your reply and you image. It works great :)

    I have connectivity and everything works. Im just he kinda guy that loves trying out the bleeding edge code all the time :)

    I already added the Snapshot rep and the newest snapshot downloads just fine but then:

    The image file is corrupt.
    Update cannot continue

    Thats where i get stuck now.

    Regards
    Mylle



  • Thank you so much for doing this !

    Did anyone managed to make CARP work with this version (using Hyper-V 2012R2 as the host) ?



  • I've been running 2.1 Beta1 with integration for a long time without issue, so I'm not a great test but so far this is looking stable.

    I'm using your pre-created VM, dual wan balanced on 2012 R2 with Windows LBFO teamed Intel Nics, 4 vNics to guest with tagging at the Hyper-V level.

    Thanks :D



  • Many thanks zootie!

    This seems to be the most stable Hyper-V image yet! Before this I was stuck on the 2.0.3 with Hyper-V kernel as it appeared to be the most stable for me.

    Hopefully we can have an official build with the Hyper-V kernel before 2.2 is released.

    Peter



  • @ArthurZz1:

    Did anyone managed to make CARP work with this version (using Hyper-V 2012R2 as the host) ?

    I tried 2.1 and latest 2.1.1 and CARP wouldn't work, stuck on INIT with "ifa_add_loopback_route: insertion failed" in the log.

    I found a source patch for bridgestp/if/if_bridge that might solve one possible cause for this error. I'll have to make some time to try it.

    update: bridgestp/if/if_bridge patch didn't seem to have an effect, so unless someone else has an idea, CARP remains non-operational.



  • Hi

    I am really sorry if this is hi-jacking the thread  :)

    I have ran your pre-configured VM in windows 2012 R2 and it works brilliant and its very appreciated,

    I  cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,

    Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition (please excuse my ignorance I new to freebsd )

    Any guidance would be much appreciated as I need some space for log retention and squid cache,

    I also want to run 2 - 4gb of ram would it be correct to say I would need at least the same in a swap partition

    Or if one pre-configured VM could be made with a bigger disk , I will spot you a few beers I promise as it will get me out of a tight squeeze ;-)



  • @CloudNut:

    I  cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,

    Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition.

    I'm creating versions of the preconfigured VM with a larger disk/swap. I'll try and post them tonight. (I've been asked to remove it, so I can't post more versions)

    Since you already have it, you can try and resize it yourself. I used a FreeBSD 10 VM (should work with FreeBSD 9.x too, unsure about 8.x or if using another copy of pfSense). I expanded the VHD and mounted it on this VM (on the secondary IDE controller), and used the instructions in 18.4. Resizing and Growing Disks and in Resize Your Existing FreeBSD Root Partition/Slice Safely Without Re-Installing

    First I had to grow the slice (ada0s1) within the disk (ada0) and reboot before the space was visible within the slice. Then followed the instructions to delete the swap partition, expand root to the desired size, and then recreate the swap partition. Run gpart show ada0 and gpart show ada0s1 so you see the changes.

    
    #Resize ada0s1 slice to full size of ada0 disk
    gpart resize -i 1 -a 4k ada0
    
    #After reboot (so free  space would be visible within slice)
    #Delete swap (note it is using the slice)
    gpart delete -i 2 ada0s1
    #Expand root (adjust size, assuming it's a 32 GB disk, wanting to leave 4 GB for swap)
    gpart resize -i 1 -a 4k -s 28G ada0s1
    #Recreate swap
    gpart add -t freebsd-swap -a 4k ada0s1
    #Grow filesystem
    growfs /dev/ada0s1a
    
    

    Then back in the pfSense VM, I had to recreate the GEOM labels. Boot in single user mode, specify ufs:/dev/da0s1a as the root file system, and then recreate the labels using /sbin/glabel label rootfs /dev/da0s1a and /sbin/glabel label swap /dev/da0s1b. No need to change fstab again (since the labels have the same names).



  • @HC:

    ..

    hv_kvp_negotiate_version
    Hyperv-utils1: detached
    hyperv-utils1 on vmbus0
    hyperv-utils1: Hyper-V service attching: Hyper-v sevice attaching; Hyper-v KVP Service
    

    I only get

    hv_kvp_negotiate_version
    ```every 12 hours - more or less, with the following Hyper-V Log message.
    
    

    Hyper-V Data Exchange connected to virtual machine 'MachineName', but the version does not match the version expected by Hyper-V (Virtual machine ID Machine-ID). Framework version: Negotiated (3.0) - Expected (3.0); Message version: Negotiated (4.0) - Expected (5.0)....unsupported....

    
    Think we can ignore that?
    
    Update about my experience with the new driver:
    
    I'm testing the new iso now at four different locations in production systems. The only issue i could find is, that the performance (in my case the throughput) seems to be poorer on **realtek** nics.
    
    [1] Hyper-V 2012 R2 | AMD    | 1GiB Ram      | 1x Intel NIC 1x Private NIC (Hyper-V) | 100Mbit Internet | Traffic shapping on  | 20 Users
    [2] Hyper-V 2012 R2 | Intel i7| 1GiB Ram      | 1x Intel NIC 1x Private NIC (Hyper-V) | 100Mbit Internet | Traffic shapping on  | 8 Users
    [3] Hyper-V 2012 R2 | Intel i3| 512 MiB Ram | 1x Intel NIC 1x Realtek                      | 70Mbit Internet  | Traffic shapping off  | 2 Users
    [4] Hyper-V 2012 R2 | Intel i5| 512 MiB Ram | 2x Intel NIC                                        | 4Mbit Internet    | Traffic shapping on  | 6 Users
    
    Great work!


  • @zootie:

    @CloudNut:

    I  cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,

    Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition.

    I'm creating versions of the preconfigured VM with a larger disk/swap. I'll try and post them tonight.

    Zootie thanks so much your a legend especially to us Hyper-v admins that would love to use what I consider the best Software UTM out there ;-),



  • @zootie:

    If requested, I'll promptly remove the VHD (no need of lawyers, just an admin post here - hopefully this thread won't be removed). In the meantime, I believe I'm complying with the spirit of the post: It's an effort to contribute to the community. I'm providing the community a most useful feature specific to their HW platform (Hyper-V), I'm not modifying the pfSense trademark, I'm giving full attribution to the project, I'm providing all the information needed so the feature can be added to the project in the future, and I'm asking the community to test it and document their experiences on a public forum (so the project has all the information available).

    I don't know if I'm an 'admin' or not.  (Turns out: I am.) If not, I can make myself one pretty quick.

    I'll ask nicely that you take this down.  What follows are snippets from what the eventual communication about the issue will be, when we (finally, sorry) address the community about it.

    The issue really is our trademark(s).  pfSense® and "pfSense Certified"® are registered trademarks of Electric Sheep Fencing, LLC.  The pfSense logo is a trademark of Electric Sheep Fencing, LLC.

    The issue with you using “pfSense” it that it is possible to lose rights in a mark by licensing the mark to others without controlling the nature and quality of the goods or services the licensee offers under the mark.  This concept is often referred to as “naked licensing.”  This is the reason why we insist that only things we build be described as “pfSense”.

    Another way in which rights may be lost is by misusing the mark – or by failing to police against the mark’s misuse by others – so that the mark ceases to indicate the source of goods or services and becomes a generic word (like escalator and cellophane, which originally were trademarks but came to be understood by the public as the generic names of the products for which they had been used as brands).

    Now, that's not a complete treatise on the issues, it's just illustration of the problem.  Your intent, however noble, doesn't matter, because the issue is, if we allow it "enough", someone else, some third-party, can come along and demand that the mark be canceled.  (It happened to me, and not long ago.  http://www.plainsite.org/dockets/index.html?id=2283547)

    El Reg posted a story a few days ago about Mozilla's lawyers arguing with Dell about Dell charging to install Firefox.
    http://www.theregister.co.uk/2014/03/10/mozilla_investigates_fee_for_firefox_dell_claims/  This following: http://www.theregister.co.uk/2014/03/05/mozilla_probes_dell_over_firefox_installation_claims/

    Which is really all about: http://www.mozilla.org/en-US/foundation/trademarks/faq/

    The Mozilla “business model” is about getting Firefox (and friends) distributed far and wide.  Dell charging a fee for the distribution interrupts that model (fewer people take it), so Mozilla does not allow it.

    The business of pfSense (the products and projects) is very much dependent on exactly the same distribution dynamic.  We want pfSense distributed far and wide, but in an unmodified form from what we build, and without charge.

    That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed.  If you're interested, we're interested.

    Finally, I don't know who deleted that thread. I responded to the end of the thread asking the individual to take it down, but I didn't delete the thread.  Chris (cmb) tells me he didn't do it.  There are only a few others who could have.  To be perfectly frank, it was me who demanded that the -tools repo be taken down until we could find a solution.  I am trying for minimum impact on the community.

    @zootie:

    Option C might not be operational right now unless you have access to the pfsense-tools repository, or until it is brought back (with restrictions). I just wanted to write the instructions down so contributors can try and incorporate the modules into the build process in the future.

    The -tools repo will return just as soon as I can satisfy all parties with a solution.

    The reason it was withdrawn was because someone did the unthinkable:

    • they built something called "pfSense 2.2", which was not pfSense, nevermind 2.2

    • they released it, leaving all indicia intact

    • they announced it on the forum

    (EDIT: formatting, spelling and "I am.")



  • So what needs to happen for us to have an official pfSense build with Hyper-V support?

    The latest image that Zootie has provided has a greater stability than the official build under Hyper-V!

    I use it in a Hyper-V environment extensively. At first I had to use the "Legacy Network cards" and then install ShellCmd to bring each of the interfaces down and up again to work. This kind of worked but we have reduced throughput due to the "Legacy Network cards".

    Since these unofficial builds have been available the pfSense installs have been a lot more stable and have much better throughput.

    I understand that you are protecting your trademark and I think that pfSense is worth protecting.

    If you need to test an official pfSense build with Hyper-V support I'll be more than happy to test so that this can be released.

    Peter



  • @gonzopancho:

    ….
    The business of pfSense (the products and projects) is very much dependent on exactly the same distribution dynamic.  We want pfSense distributed far and wide, but in an unmodified form from what we build, and without charge.

    That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed.  If you're interested, we're interested.

    ….

    (EDIT: formatting, spelling and "I am.")

    Hi gonzopancho!

    Community need Hyper-V support!
    If pfSense team currently don't have time/resources to produce stable Hyper-V image, please!!!, build a testing image with zooties patches
    It's working except CARP!

    Many people want to use pfSense on Hyper-V, and use it today…
    Create offical thread pfSense on Hyper-V and you will get feedback from community
    Community will hunt down bugs in the pfSense software :)

    Thank you!

    P.S.
    Community, if you want to use pfSense on Hyper-V, please post your thoughts about it!



  • @hmh:

    P.S.
    Community, if you want to use pfSense on Hyper-V, please post your thoughts about it!

    That's the beginning of the end of the pfSense community.

    @gonzopancho:

    That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed.  If you're interested, we're interested.

    More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests.



  • As requested, I've removed the VM from the links, I just left a readme with a link to this thread.

    I can't remove the kernel modules zip from the first post (since I can't edit it anymore due to forum restrictions). However, I'd ask admins to please leave it in place so adventurous users can try and get Option B working for their environment. It only has the kernel compiled modules and the source patch file. While they were compiled using pfSense tools, the zip itself doesn't contain pfSense itself, and the process to get them to work implies that users doing it understand that they are modifying pfSense outside of its original distribution (and have no support or certification expectations by doing so).

    I think most of us understand ESF's need to control the distribution and quality of pfSense, we're just frustrated because this is critical for our needs (both for network and disk throughput and to be able to shutdown the VM in a way compatible with Hyper-V and Windows Clustering) and we feel somewhat neglected after years of asking for help. The current measures seem to be a overreaction to the acts of others and in preparation of 2.2, but I think most can see the slippery slope. We are grateful to the project and want to help. I hope we can find a middle ground: a way to contribute to the community w/o grinding grassroots efforts to a halt.

    The pfSense-Hyper-V sub-community has waited a long time to have better Hyper-V support and there is considerable interest (as the number of views of the old thread show), and we have tried to get attention to these efforts so they become part of the official distribution (partly why I've gone to great pains to try and document everything I've done, so it can be formalized and included in the official distribution). From a couple of old posts, it seemed that part of the problem was that the development team didn't have any servers with Hyper-V to test, so when the original driver source was released and we figured out a way to get them working with pfSense, it made sense to try and get the community involved in testing in a variety of environments.

    Please let us know how we can help.



  • @hege:

    More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests.

    Good point! It is the most viewed thread in the "Virtualization installations and techniques" forum!

    Surely we must have enough people interested in the community to have a build that supports Hyper-V without having to wait for pfSense 2.2???

    Peter



  • @peterclark4:

    @hege:

    More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests.

    Good point! It is the most viewed thread in the "Virtualization installations and techniques" forum!

    Surely we must have enough people interested in the community to have a build that supports Hyper-V without having to wait for pfSense 2.2???

    Indeed, it is the most read by far, nearly 4x views than the most viewed sticky thread (I don't know why it never got made into a sticky, maybe because it was too confusing - partly why I started this one, so it could be made into a sticky). Looking on other forums, there is only a handful of threads that have more views (many of them older).

    So far, the kernel modules seem to work fine with 2.1.1. Unless there are big source changes coming in 2.1.1, it should be possible to include Hyper-V support in the build process for 2.1.1 (so we can begin testing with snapshopts). How can we help to get this in the official development, build, and distribution process?



  • When it comes to non-profits, Microsoft is very generous. And using something so wonderful like pfSense and using advanced hypervisor features like VM Replication, live export of running VM etc makes the life a lot easy. If I had budget to buy VMWare licenses then we could have also bought a commercial firewall like Sonicwall/Cyberoam etc.

    If the idea is to reach far and wide, then Hyper-V is not something that should be ignored.



  • @zootie:

    Indeed, it is the most read by far, nearly 4x views than the most viewed sticky thread (I don't know why it never got made into a sticky, maybe because it was too confusing - partly why I started this one, so it could be made into a sticky). Looking on other forums, there is only a handful of threads that have more views (many of them older).

    So far, the kernel modules seem to work fine with 2.1.1. Unless there are big source changes coming in 2.1.1, it should be possible to include Hyper-V support in the build process for 2.1.1 (so we can begin testing with snapshopts). How can we help to get this in the official development, build, and distribution process?

    Is it possible for the pfSense team (or should I say ESF?) to implement this into 2.1.1???

    Even if it means that we have to enable it in the Advanced settings or modify some System Tunables or something.

    Peter



  • Also, please see here for many requests from the community for Hyper-V support:

    https://blog.pfsense.org/?p=705#comments

    Please, please, please can we have official Hyper-V support!

    Peter



  • @peterclark4:

    So what needs to happen for us to have an official pfSense build with Hyper-V support?

    I thought I already outlined that.  I'm willing to make it happen, but I'm going to need some help (perhaps from zootie),
    and it will (of necessity) need to be buildable from source.  Once that happens, we can produce an official 'snapshot' for
    people (like you) to test, as well as setup for the test harness at work.

    @peterclark4:

    I understand that you are protecting your trademark and I think that pfSense is worth protecting.

    Thank you.

    @peterclark4:

    If you need to test an official pfSense build with Hyper-V support I'll be more than happy to test so that this can be released.

    Thank you.



  • @hege:

    That's the beginning of the end of the pfSense community.

    I'm unsure if you're speaking about the call for discussion, or if you're commenting.

    If you're commenting, all I can really say is,  "death of pfSense predicted, film at 11".
    (http://en.wikipedia.org/wiki/Film_at_11)

    @hege:

    More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests.

    It's not other interests, it's "higher priorities".  But I already made a very public commitment.



  • @dineshsharma:

    When it comes to non-profits, Microsoft is very generous. And using something so wonderful like pfSense and using advanced hypervisor features like VM Replication, live export of running VM etc makes the life a lot easy. If I had budget to buy VMWare licenses then we could have also bought a commercial firewall like Sonicwall/Cyberoam etc.

    If the idea is to reach far and wide, then Hyper-V is not something that should be ignored.

    A Microsoft Hyper-V PM was in-touch back in November, wanting pfSense officially supported on Hyper-V.
    He estimated then that it would be at least 8 man-weeks of effort to get to a tested version.

    Neither pfSense, nor the companies behind it, are "non-profit".  Don't confuse "open source" with "non-profit".  Nobody will work without a salary for long, and there are bandwidth, hosting fees, insurance, rent, power bills, etc. to deal with.

    Microsoft offered ZERO help.  Even though there was a Microsoft engineer in-touch about the same time who had completed similar work.  Microsoft wouldn't allow his patches to be used, for fear of 'taint'.

    Your "if I had budget to buy VMware, I wouldn't use pfSense" bothers me.  Do you understand how hostile that sounds over here?

    Is the only reason that you use pfSense because we don't charge for it?



  • @peterclark4:

    Also, please see here for many requests from the community for Hyper-V support:

    https://blog.pfsense.org/?p=705#comments

    Please, please, please can we have official Hyper-V support!

    Peter

    Yes, if the community will assist.



  • @peterclark4:

    Is it possible for the pfSense team (or should I say ESF?) to implement this into 2.1.1???

    Even if it means that we have to enable it in the Advanced settings or modify some System Tunables or something.

    Peter

    It probably won't make the 2.1.1 release train, but I think a test version based on 2.1.1 could be made available.
    Then we could move to the 2.2 train for Hyper-V support (which eliminates the back port.)



  • @gonzopancho:

    @peterclark4:

    So what needs to happen for us to have an official pfSense build with Hyper-V support?

    I thought I already outlined that.  I'm willing to make it happen, but I'm going to need some help (perhaps from zootie),
    and it will (of necessity) need to be buildable from source.  Once that happens, we can produce an official 'snapshot' for
    people (like you) to test, as well as setup for the test harness at work.

    @peterclark4:

    I understand that you are protecting your trademark and I think that pfSense is worth protecting.

    Thank you.

    @peterclark4:

    If you need to test an official pfSense build with Hyper-V support I'll be more than happy to test so that this can be released.

    Thank you.

    Many thanks for replying, it's much appreciated, it's great to finally have a an acknowledgment and a response from the pfSense team!

    Hopefully zootie will be more than happy to help out. He has spent considerable time already in supporting the Hyper-V part of the pfSense community.

    I look forward to having an official build to play with in the future!

    Peter



  • @doktornotor:

    zootie, you'd better remove your VHDs before you receive "the most polite letter possible via the law firm". You know, you can only provide "genuine pfSense® software". Not kidding ya.  ::)

    BTW, your Option C is useless due to actions taken by the pfSense guys, which they apparently wish to continue. You know, they think noone should have access to the build tools repo, unless it's "subject to certain contractual obligations". Otherwise you're gonna get accused exactly like the poor guy who built an early v2.2 image and posted that on the forum. And you'll become a horrible offender who "built something that clearly was not “pfSense”, named it “pfSense 2.2”, violating our registered trademark, and then announced on the pfSense forum with an adulterated logo."

    This project has become a pile of legal BS.  >:( >:( >:(

    I'm sorry you feel that way.  Perhaps you would like to explain your viewpoint more.



  • I have edited the original post to remove the links.



  • Outch.

    Even threatning with legal action to something what i see as a major contribution (helping pfsense work on a hypervisor).
    We where about to release a fully working pfsense with Citrix Xenserver 6.2 for the community.

    but i guess we will keep that build to our selfs after reading this.

    For the admins in question: i would really wonder if thats a right way of handling things if you say you depend on the community yet shoot it down when they do actually contribute :-)

    Regards,
    Marco



  • @key4ce:

    Outch.

    Even threatning with legal action to something what i see as a major contribution (helping pfsense work on a hypervisor).
    We where about to release a fully working pfsense with Citrix Xenserver 6.2 for the community.

    but i guess we will keep that build to our selfs after reading this.

    For the admins in question: i would really wonder if thats a right way of handling things if you say you depend on the community yet shoot it down when they do actually contribute :-)

    Regards,
    Marco

    Try and stay positive, and try and find a way to keep contributing. We might be able to find common ground.

    Sometimes, I'm somewhat reticent to keep contributing. I don't like that 2.2 might be having a community edition separate from a more formal (and functional) commercial edition: in my experience, the community edition ends up purposely crippled with only minor features to drive customers to the commercial edition. Then again, I might be misinformed (remember vaguely reading about the possibility of the split, can't remember if it was an official source, and even that might change) and maybe there are no plans on such a split, or even if it splits, the community edition might keep thriving and benefit from a more formal commercial endeavor that can channel more resources to improving the product. It is far too early to tell and the pfSense team deserves the benefit of the doubt.

    In the end, I've benefited from past work from the pfSense and monowall community, and I intend to keep helping if I can find a way to do it.

    If your modifications were based on the build process, we might be able to figure out how to integrate your changes (same way we're trying with the hyperv drivers).



  • @gonzopancho:

    I thought I already outlined that.  I'm willing to make it happen, but I'm going to need some help (perhaps from zootie),
    and it will (of necessity) need to be buildable from source.  Once that happens, we can produce an official 'snapshot' for
    people (like you) to test, as well as setup for the test harness at work.

    @peterclark4:

    Many thanks for replying, it's much appreciated, it's great to finally have a an acknowledgment and a response from the pfSense team!

    Hopefully zootie will be more than happy to help out.

    Yes, I'd be happy to help. In Option C, the drivers were compiled from lightly modified hyperv for FreeBSD 8.3 port source (the only modifications were to Makefiles to get the patch to apply, but we can probably forgo these changes by creating a patch that only applies to sys/modules/hyperv - something I didn't know when I started, hence the more inclusive patch). The source compiles using pfSense-tools and get the ko modules included on the ISO (they're included with the other kernel modules). However, I just need some help to get the drivers installed/used by the installation process.

    I can try to keep digging, figuring out pfsense-tools by trial an error (since I haven't found any documentation on the tools other than inline comments). However, I'd only be struggling to figure out info that someone more familiar with the build process already knows (saving me hours of running in circles). Maybe someone that worked to integrate the virtio drivers? Or someone that would know how to instruct the installer/builder to modify /boot/loader.conf (if that is the best way to do this, maybe there is a way to have the installer only make the modification only when Hyper-V is detected).

    gonzopancho, can you put me in touch with someone more knowledgeable on the tools? I'll probably need access to the tools repo (as instructed in the development list, I emailed a week ago with an SSH key to gain access, didn't hear back).

    Thank you



  • hmm,

    Well difficult to stay positive on this aspect :-)
    we where actually planning on fixing up the CARP issue with hyper-v and your iso but few months later and it's no longer there.

    (so now it seems we are going to build it from scratch like we did with XenServer).

    Actually it's funny you mention the commercial edition rumors, as thats the feeling i had when reading about what happened with hyper-v + pfsense (and why we are now looking for more real community driven firewalls).

    vyatta did that too.. even gone as far as removing the web gui from community.. now bought by another company and no more updates since 2012.

    There's only very few who survive going from opensource to commercial with maybe a community branch, most just die out :-)

    As far as how it's developped: we pretty much used freebsd 10 kernel as a roadmap so it's not easy to deploy on a existing pfsense (we do have a neat pre-build iso which also fixes even the xen guest boot and reboot issues, or the delayed press i to install where xen console tends to not refresh properly so we auto install :P)


  • Banned

    @gonzopancho:

    I'm sorry you feel that way.  Perhaps you would like to explain your viewpoint more.

    Uhm… explain what? Already posted my thoughts here and on another related threads, pretty clearly. Instead of providing people with a build tools switch to build unbranded code stripped of your trademarks, you nuke the repo access and red-tape an open-source project with tons of legal BS. Sigh.