Hyper-V ICS 1.0 (w/Synthethic Network Driver) for pfSense 2.1 & 2.1.1
-
hi gonzopancho, hi all
i am new in this forum and we're thinking about using pfsense in our company. we would like to use it in a hyper-v vm on a win8.1 embedded machine.
@gonzopancho:
We're so close to 2.2 (and the Hyper-V support is so much better in FreeBSD 10), that the strategy is to release a Hyper-V variant for 2.2.
"so close" sounds nice :) any timelines on the progress of version 2.2? is the strategy still valid to release also a hyper-v variant?
i appreciate any information on it, thanks!!cheers, fele
Don't hold your breath that 2.2 will fix this. I tested with one of the beta builds and could not get it to even boot reliably. I don't sense that pfsense folks really give a damn about hyper-v. Truth is visualization is quickly becoming the preeminent platform for infrastructure. Hyper-V is a very nice product with a premium feature set and is offered both for free as a stand alone product or bundled and neatly integrated with nearly all current desktop and server operating systems from Microsoft. Hyper-V is a major player that should not be ignored.
-
I've heard from several people who had no luck with 2.1.x versions that 2.2 is working fine for them in HyperV. There is also more we'll be doing there to get all the integration components working nicely.
Virtualization is among our most common usage scenarios. We spend a good deal of time ensuring such environments work well. For Hyper-V, that wasn't practical before Microsoft worked with NetApp, Citrix and others on FreeBSD support in Hyper-V. That started in 2012, and wasn't included until FreeBSD 10 (released this year).
It's not that we "don't give a damn about hyper-v", it's that Microsoft waited a long time before they gave a damn about FreeBSD.
VMware has always supported FreeBSD, and we've been widely used in VMware from day one. Now that Microsoft has caught up (over a decade later), we'll get to Hyper-V as well.
-
hi cmb
thanks for your comments!
as we need an official version (no BETA), are you able to give any thoughts about timelines? when will there be a first official release? end of Q3? end of this year?thanks, felix
-
As always, it'll be released when it's ready.
-
@cmb:
I've heard from several people who had no luck with 2.1.x versions that 2.2 is working fine for them in HyperV. There is also more we'll be doing there to get all the integration components working nicely.
Virtualization is among our most common usage scenarios. We spend a good deal of time ensuring such environments work well. For Hyper-V, that wasn't practical before Microsoft worked with NetApp, Citrix and others on FreeBSD support in Hyper-V. That started in 2012, and wasn't included until FreeBSD 10 (released this year).
It's not that we "don't give a damn about hyper-v", it's that Microsoft waited a long time before they gave a damn about FreeBSD.
VMware has always supported FreeBSD, and we've been widely used in VMware from day one. Now that Microsoft has caught up (over a decade later), we'll get to Hyper-V as well.
My apologies, I was far too rash and unfair, my impatience lead to frustration and venting. Pfsense did install and with some coaxing I did get it to run; the stability issues where probably due to it being an alpha build. I am sad to see a working revision of 2.1 be pulled from circulation when you could just as easily endorsed it as your own, I'm sure its originator would have donated it freely. Doing so would have satisfied trademark concerns.
-
@cmb:
It's not that we "don't give a damn about hyper-v", it's that Microsoft waited a long time before they gave a damn about FreeBSD.
VMware has always supported FreeBSD, and we've been widely used in VMware from day one. Now that Microsoft has caught up (over a decade later), we'll get to Hyper-V as well.
I think there are reasons on both sides. Microsoft concentrated on Windows (of course), then for the "exotic" systems integrated Linux and only then BSD. Now it's a very fast growing hypervisor, being integrated in all Windows versions, so for a Virtual-aware project it just can't be ignored.
I think there are at least two levels of support:- just wait for FreeBSD project progress
- spend time and money and prepare some modules that will integrate on boot in the current version.
I vote for the second one :), once created the first setup like in my tutorial, it should be easy to auto-configure it in pfSense.
-
@cmb:
I've heard from several people who had no luck with 2.1.x versions that 2.2 is working fine for them in HyperV. There is also more we'll be doing there to get all the integration components working nicely.
Virtualization is among our most common usage scenarios. We spend a good deal of time ensuring such environments work well. For Hyper-V, that wasn't practical before Microsoft worked with NetApp, Citrix and others on FreeBSD support in Hyper-V. That started in 2012, and wasn't included until FreeBSD 10 (released this year).
It's not that we "don't give a damn about hyper-v", it's that Microsoft waited a long time before they gave a damn about FreeBSD.
VMware has always supported FreeBSD, and we've been widely used in VMware from day one. Now that Microsoft has caught up (over a decade later), we'll get to Hyper-V as well.
My apologies, I was far too rash and unfair, my impatience lead to frustration and venting. Pfsense did install and with some coaxing I did get it to run; the stability issues where probably due to it being an alpha build. I am sad to see a working revision of 2.1 be pulled from circulation when you could just as easily endorsed it as your own, I'm sure its originator would have donated it freely. Doing so would have satisfied trademark concerns.
I've been running pfsense (2.1.1 -> 2.1.2 -> 2.1.3) on Hyper-V Server 2012 R2 with zootie's drivers and instructions since last April and the stability has been good. There are some annoyances like RRD graphs stalling out but since this is technically bleeding edge I'm not surprised at minor issues.
-
With hearing about 2.2 including multiple DHCP servers via VLANS from the same physical interface, I am seriously looking forward to this, especially if it works with hyper-v
-
I got pfSense up and running on Hyper-V 2012 R2 with the legacy Network adapter.
Where can I find proper hyper-v drivers for pfSense so I can use the default Network Adapter?Thanks for your help,
Newbie Thomas -
Changed to pfSense 2.2.
Details here: https://forum.pfsense.org/index.php?topic=75549.0 -
Not to drag up on a old topic but:
we got PFsense 100% working on Xen and Hyper-v
with all hyper-v drivers, fully working Carp, multi-subnetting, etc.We notified Jim this week and awaiting his reply on arrangements to publish this as a PFSense build.
Regards,
Marco -
unless we build it, it's not going to be called "pfSense".
You've not offered the patches.
In any case, the strategy here is 2.2 with native support for Hyper-V
-
Well,
We send you an email about making arrangements to publish it (i do believe Angelo is awaiting reply).
As far as native Hyper-V support: it's not just about the drivers of hyper-v that is easy.
Carp however needs ALOT of changes to make it 100% functional with virtualized environments.We have made it all work 100% (and our own systems been running live on it without a hitch for a while now).
As far as the PFSense name and publishing: you don't need to repeat that, but as i said before: easy to fork and rename (also supported by your agreement).
Though preferred method (for everyone) would be publishing arrangements with PFSense which is why Angelo is waiting for a reply by mail.
Regards,
Marco -
As far as the PFSense name and publishing: you don't need to repeat that, but as i said before: easy to fork and rename (also supported by your agreement).
Why do people always assume that I (of all people) don't understand this?
Though preferred method (for everyone) would be publishing arrangements with PFSense which is why Angelo is waiting for a reply by mail.
I agree, but "publishing arrangements" sounds like you want to get paid. Why not just issue pull requests?
-
Paid?
nop, some recognition for over 8 months of development bug testing and RC testing –> Ofcourse.Though you can say recognition is a form of payment (it is for us anyways).
Angelo did make several bug fixes (without recognition) to PFsense so far.I do assume it's easy to come to terms together and get a fully functional (even with some unique functions ur current pfsense doesn't got) Virtualized PFSense on Xen/Hyper-v/ Vmware is worth some recognition, if you don't then you don't thats up to you :-)
-
Paid?
nop, some recognition for over 8 months of development bug testing and RC testing –> Ofcourse.please describe this "recognition" you seek.
Though you can say recognition is a form of payment (it is for us anyways).
Angelo did make several bug fixes (without recognition) to PFsense so far.many people do as well.
I do assume it's easy to come to terms together and get a fully functional (even with some unique functions ur current pfsense doesn't got) Virtualized PFSense on Xen/Hyper-v/ Vmware is worth some recognition, if you don't then you don't thats up to you :-)
please describe these unique functions.
My largest concern is adopting all of this into the tree given the full focus on 2.2 inside the organization. While we're maintaining the 2.1 series, we tend to only perform releases on this path for security issues.
-
This should already have been described by Angelo by email i believe.
And i know many people contribute (i just meant so did we so far).
Unique features would be for example multi subnet gateways in carp that can still talk to each other (originally their isolated @ pfsense).
We had a need for that due to /24 range being too small for our servers yet /16 isn't recommended to use in production.
That was pretty much how we solved it.I'm not sure on what source Angelo based it but it's currently running on Freebsd v10 package platform states 2.2 Beta but i'm not sure if thats accurate.
I do assume it can be merged with your current developments.
Though as i said before i would recommend making a "special edition" for virtualization to keep everything optimized. -
I've responded to Angelo's email of 28 Aug, (the same day we were releasing 2.1.5, so we were a bit "busy" as I'm sure you understand.
Monday was a holiday in the US.
Let's continue the conversation via email.
Best,
Jim
-
I have to agree with the pfsense team here.
If you don't want to send the code to the pfsense team so they can add it to 2.2+, then why should you have a custom release and call it pfsense. If the agreement says you can fork it over as something else, then do that.
I can now see why the dev team took control of the pfsense releases. If others want to release their own versions which are not supported, then don't call it pfsense. I expect some level of testing from the pfsense name, and this way we are not even sure what's in the code if you are not willing to release it.
The option could have been to request a bounty and if enough money was generated, you could release the code to the dev team. (if that was the goal).
I wasat first was all about the hyper-v support and the separate builds. But I can see where it could be headed if it was not controlled.Now if gonzopancho would keep this calm composure in all the other threads as well, there might end up being some peace. :)
-
I'm tryin', tester_02, I'm tryin', real hard. ("Pulp Fiction" reference: http://youtube.com/watch?v=vMN5uQhF-Ro)
Marco and I danced for a bit. Then he explained that he wasn't bound by the CLA or license, because he hadn't signed them, Angelo did.
This is part of the reason the license is non-transferable.
In addition, Marco wanted a restriction that we not be able to "sell" pfsense.
Now, we don't "sell" pfsense, we sell hardware with pfsense pre-loaded, support services, and professional services. (And Gold, which provides access to the book, hangouts, ACB, etc.)
So "no problem", right?
Nope.
Any such restriction wouldn't be free software or open source.
Check it:
Taking the GPL as the most restrictive open source / free software license:
http://www.gnu.org/licenses/gpl-faq.html#DoesTheGPLAllowMoney
Does the GPL allow me to sell copies of the program for money?(#DoesTheGPLAllowMoney)
"Yes, the GPL allows everyone to do this. The right to sell copies is part of the definition of free software. Except in one special situation, there is no limit on what price you can charge. (The one exception is the required written offer to provide source code that must accompany binary-only release.)"Now let's look at the Open Source Definition: http://opensource.org/os
You won't have to read beyond the first paragraph:
"1. Free Redistribution
The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale."Read it. What Marco proposed is not open source, nor is it free software. As such, we will never accept such conditions. If I turned down VMware's deal (and I did, even though they wanted to pay us, (key4ce offered nothing other than code with restrictions)), why wouldn't I turn down Key4ce?
Because there is NO open source or free software license that asserts control over the sale of the resultant work.
Marco attempted to counter with statements such as:
Yes everything we make and release always been opensource and for free. but none of them ever given the right to anyone to sell, and we keep it that way :-)
But given the above, no such restriction is possible. (And imagine the result if we said the same about pfsense.). If it can't be sold, it's not open source. And not open source means it's not going in pfsense.
Marco countered with this as a license that doesn't allow selling:
http://creativecommons.org/licenses/by-sa/4.0/Which is a human-readable summary of: http://creativecommons.org/licenses/by-sa/4.0/legalcode
But even the simple form is clear about "no commercial restrictions".
Moreover:
– we can't control what others do.
-- I'm not managing a plethora of licenses that have unique restrictions in the tree.
My apologies to the community, for their inconvenience, but I'm not willing to sacrifice the code base for Key4ce's business model.