Hyper-V ICS 1.0 (w/Synthethic Network Driver) for pfSense 2.1 & 2.1.1
-
If requested, I'll promptly remove the VHD (no need of lawyers, just an admin post here - hopefully this thread won't be removed). In the meantime, I believe I'm complying with the spirit of the post: It's an effort to contribute to the community. I'm providing the community a most useful feature specific to their HW platform (Hyper-V), I'm not modifying the pfSense trademark, I'm giving full attribution to the project, I'm providing all the information needed so the feature can be added to the project in the future, and I'm asking the community to test it and document their experiences on a public forum (so the project has all the information available).
Option C might not be operational right now unless you have access to the pfsense-tools repository, or until it is brought back (with restrictions). I just wanted to write the instructions down so contributors can try and incorporate the modules into the build process in the future.
-
Thank you Zootie!
I used your vhd file and attached it to my vm so I didn't have to mess with MAC address issues.
Fired it up, restored my config then updated to the latest 2.1.1 snap and it's been running fine for 10 hours so far.
It definitely seems better, but will need to run for a few days to be sure.Thanks again!
I tried to manually update to the latest snapshot but when hitting the upgrade button nothing happens and 10 seconds later it times out.
Maybe im using the wrong file?
-
Afraid I'm not much help there.
The config I restored already had the snapshot server as an upgrade source.
I just did the auto upgrade when it offered. -
mylle,
First, Let's check some basics. Is it connecting to the Internet? Are you able to ping google.com from the pfSense VM console? Are you able to ping pfSense's LAN IP from other hosts on your LAN? Confirm if you are using the native NICs (hn0 and hn1) or Legacy NICs (de0 and de1).
As timotl points out, his/her existing XML config has the snapshot server as an upgrade source, so the VM installation got upgraded to a 2.1.1 pre-release build. The basic VM I posted is 2.1 Release and it says it is on the latest version. Unless you need something specific to 2.1.1 (or just want to to test it), you don't need to update it.
If you still want to use 2.1.1, you'd need to either setup your own VM using a 2.1.1 ISO and install the kernel modules manually (Option B), or on a 2.1 installation (like the basic VM in the 7z) you'd need to change the Updater Settings (under System/Firmware on the WebConfigurator) to use a custom URL "http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/amd64/pfSense_RELENG_2_1/.updaters/" - Just have in mind that this is an automatic nightly build: you don't know how stable the prerelease version will be and you might be the only one using it until there is an actual 2.1.1 RC Pre-Release.
-
Hi Zootie,
Thanks for your reply and you image. It works great :)
I have connectivity and everything works. Im just he kinda guy that loves trying out the bleeding edge code all the time :)
I already added the Snapshot rep and the newest snapshot downloads just fine but then:
The image file is corrupt.
Update cannot continueThats where i get stuck now.
Regards
Mylle -
Thank you so much for doing this !
Did anyone managed to make CARP work with this version (using Hyper-V 2012R2 as the host) ?
-
I've been running 2.1 Beta1 with integration for a long time without issue, so I'm not a great test but so far this is looking stable.
I'm using your pre-created VM, dual wan balanced on 2012 R2 with Windows LBFO teamed Intel Nics, 4 vNics to guest with tagging at the Hyper-V level.
Thanks :D
-
Many thanks zootie!
This seems to be the most stable Hyper-V image yet! Before this I was stuck on the 2.0.3 with Hyper-V kernel as it appeared to be the most stable for me.
Hopefully we can have an official build with the Hyper-V kernel before 2.2 is released.
Peter
-
Did anyone managed to make CARP work with this version (using Hyper-V 2012R2 as the host) ?
I tried 2.1 and latest 2.1.1 and CARP wouldn't work, stuck on INIT with "ifa_add_loopback_route: insertion failed" in the log.
I found a source patch for bridgestp/if/if_bridge that might solve one possible cause for this error. I'll have to make some time to try it.
update: bridgestp/if/if_bridge patch didn't seem to have an effect, so unless someone else has an idea, CARP remains non-operational.
-
Hi
I am really sorry if this is hi-jacking the thread :)
I have ran your pre-configured VM in windows 2012 R2 and it works brilliant and its very appreciated,
I cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,
Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition (please excuse my ignorance I new to freebsd )
Any guidance would be much appreciated as I need some space for log retention and squid cache,
I also want to run 2 - 4gb of ram would it be correct to say I would need at least the same in a swap partition
Or if one pre-configured VM could be made with a bigger disk , I will spot you a few beers I promise as it will get me out of a tight squeeze ;-)
-
I cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,
Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition.
I'm creating versions of the preconfigured VM with a larger disk/swap. I'll try and post them tonight.(I've been asked to remove it, so I can't post more versions)Since you already have it, you can try and resize it yourself. I used a FreeBSD 10 VM (should work with FreeBSD 9.x too, unsure about 8.x or if using another copy of pfSense). I expanded the VHD and mounted it on this VM (on the secondary IDE controller), and used the instructions in 18.4. Resizing and Growing Disks and in Resize Your Existing FreeBSD Root Partition/Slice Safely Without Re-Installing
First I had to grow the slice (ada0s1) within the disk (ada0) and reboot before the space was visible within the slice. Then followed the instructions to delete the swap partition, expand root to the desired size, and then recreate the swap partition. Run gpart show ada0 and gpart show ada0s1 so you see the changes.
#Resize ada0s1 slice to full size of ada0 disk gpart resize -i 1 -a 4k ada0 #After reboot (so free space would be visible within slice) #Delete swap (note it is using the slice) gpart delete -i 2 ada0s1 #Expand root (adjust size, assuming it's a 32 GB disk, wanting to leave 4 GB for swap) gpart resize -i 1 -a 4k -s 28G ada0s1 #Recreate swap gpart add -t freebsd-swap -a 4k ada0s1 #Grow filesystem growfs /dev/ada0s1a
Then back in the pfSense VM, I had to recreate the GEOM labels. Boot in single user mode, specify ufs:/dev/da0s1a as the root file system, and then recreate the labels using /sbin/glabel label rootfs /dev/da0s1a and /sbin/glabel label swap /dev/da0s1b. No need to change fstab again (since the labels have the same names).
-
@HC:
..
hv_kvp_negotiate_version Hyperv-utils1: detached hyperv-utils1 on vmbus0 hyperv-utils1: Hyper-V service attching: Hyper-v sevice attaching; Hyper-v KVP Service
I only get
hv_kvp_negotiate_version ```every 12 hours - more or less, with the following Hyper-V Log message.
Hyper-V Data Exchange connected to virtual machine 'MachineName', but the version does not match the version expected by Hyper-V (Virtual machine ID Machine-ID). Framework version: Negotiated (3.0) - Expected (3.0); Message version: Negotiated (4.0) - Expected (5.0)....unsupported....
Think we can ignore that? Update about my experience with the new driver: I'm testing the new iso now at four different locations in production systems. The only issue i could find is, that the performance (in my case the throughput) seems to be poorer on **realtek** nics. [1] Hyper-V 2012 R2 | AMD | 1GiB Ram | 1x Intel NIC 1x Private NIC (Hyper-V) | 100Mbit Internet | Traffic shapping on | 20 Users [2] Hyper-V 2012 R2 | Intel i7| 1GiB Ram | 1x Intel NIC 1x Private NIC (Hyper-V) | 100Mbit Internet | Traffic shapping on | 8 Users [3] Hyper-V 2012 R2 | Intel i3| 512 MiB Ram | 1x Intel NIC 1x Realtek | 70Mbit Internet | Traffic shapping off | 2 Users [4] Hyper-V 2012 R2 | Intel i5| 512 MiB Ram | 2x Intel NIC | 4Mbit Internet | Traffic shapping on | 6 Users Great work!
-
I cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,
Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition.
I'm creating versions of the preconfigured VM with a larger disk/swap. I'll try and post them tonight.
Zootie thanks so much your a legend especially to us Hyper-v admins that would love to use what I consider the best Software UTM out there ;-),
-
If requested, I'll promptly remove the VHD (no need of lawyers, just an admin post here - hopefully this thread won't be removed). In the meantime, I believe I'm complying with the spirit of the post: It's an effort to contribute to the community. I'm providing the community a most useful feature specific to their HW platform (Hyper-V), I'm not modifying the pfSense trademark, I'm giving full attribution to the project, I'm providing all the information needed so the feature can be added to the project in the future, and I'm asking the community to test it and document their experiences on a public forum (so the project has all the information available).
I don't know if I'm an 'admin' or not. (Turns out: I am.) If not, I can make myself one pretty quick.
I'll ask nicely that you take this down. What follows are snippets from what the eventual communication about the issue will be, when we (finally, sorry) address the community about it.
The issue really is our trademark(s). pfSense and "pfSense Certified" are registered trademarks of Electric Sheep Fencing, LLC. The pfSense logo is a trademark of Electric Sheep Fencing, LLC.
The issue with you using “pfSense” it that it is possible to lose rights in a mark by licensing the mark to others without controlling the nature and quality of the goods or services the licensee offers under the mark. This concept is often referred to as “naked licensing.” This is the reason why we insist that only things we build be described as “pfSense”.
Another way in which rights may be lost is by misusing the mark – or by failing to police against the mark’s misuse by others – so that the mark ceases to indicate the source of goods or services and becomes a generic word (like escalator and cellophane, which originally were trademarks but came to be understood by the public as the generic names of the products for which they had been used as brands).
Now, that's not a complete treatise on the issues, it's just illustration of the problem. Your intent, however noble, doesn't matter, because the issue is, if we allow it "enough", someone else, some third-party, can come along and demand that the mark be canceled. (It happened to me, and not long ago. http://www.plainsite.org/dockets/index.html?id=2283547)
El Reg posted a story a few days ago about Mozilla's lawyers arguing with Dell about Dell charging to install Firefox.
http://www.theregister.co.uk/2014/03/10/mozilla_investigates_fee_for_firefox_dell_claims/ This following: http://www.theregister.co.uk/2014/03/05/mozilla_probes_dell_over_firefox_installation_claims/Which is really all about: http://www.mozilla.org/en-US/foundation/trademarks/faq/
The Mozilla “business model” is about getting Firefox (and friends) distributed far and wide. Dell charging a fee for the distribution interrupts that model (fewer people take it), so Mozilla does not allow it.
The business of pfSense (the products and projects) is very much dependent on exactly the same distribution dynamic. We want pfSense distributed far and wide, but in an unmodified form from what we build, and without charge.
That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed. If you're interested, we're interested.
Finally, I don't know who deleted that thread. I responded to the end of the thread asking the individual to take it down, but I didn't delete the thread. Chris (cmb) tells me he didn't do it. There are only a few others who could have. To be perfectly frank, it was me who demanded that the -tools repo be taken down until we could find a solution. I am trying for minimum impact on the community.
Option C might not be operational right now unless you have access to the pfsense-tools repository, or until it is brought back (with restrictions). I just wanted to write the instructions down so contributors can try and incorporate the modules into the build process in the future.
The -tools repo will return just as soon as I can satisfy all parties with a solution.
The reason it was withdrawn was because someone did the unthinkable:
-
they built something called "pfSense 2.2", which was not pfSense, nevermind 2.2
-
they released it, leaving all indicia intact
-
they announced it on the forum
(EDIT: formatting, spelling and "I am.")
-
-
So what needs to happen for us to have an official pfSense build with Hyper-V support?
The latest image that Zootie has provided has a greater stability than the official build under Hyper-V!
I use it in a Hyper-V environment extensively. At first I had to use the "Legacy Network cards" and then install ShellCmd to bring each of the interfaces down and up again to work. This kind of worked but we have reduced throughput due to the "Legacy Network cards".
Since these unofficial builds have been available the pfSense installs have been a lot more stable and have much better throughput.
I understand that you are protecting your trademark and I think that pfSense is worth protecting.
If you need to test an official pfSense build with Hyper-V support I'll be more than happy to test so that this can be released.
Peter
-
@gonzopancho:
….
The business of pfSense (the products and projects) is very much dependent on exactly the same distribution dynamic. We want pfSense distributed far and wide, but in an unmodified form from what we build, and without charge.That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed. If you're interested, we're interested.
….
(EDIT: formatting, spelling and "I am.")
Hi gonzopancho!
Community need Hyper-V support!
If pfSense team currently don't have time/resources to produce stable Hyper-V image, please!!!, build a testing image with zooties patches
It's working except CARP!Many people want to use pfSense on Hyper-V, and use it today…
Create offical thread pfSense on Hyper-V and you will get feedback from community
Community will hunt down bugs in the pfSense software :)Thank you!
P.S.
Community, if you want to use pfSense on Hyper-V, please post your thoughts about it! -
@hmh:
P.S.
Community, if you want to use pfSense on Hyper-V, please post your thoughts about it!That's the beginning of the end of the pfSense community.
@gonzopancho:
That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed. If you're interested, we're interested.
More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests.
-
As requested, I've removed the VM from the links, I just left a readme with a link to this thread.
I can't remove the kernel modules zip from the first post (since I can't edit it anymore due to forum restrictions). However, I'd ask admins to please leave it in place so adventurous users can try and get Option B working for their environment. It only has the kernel compiled modules and the source patch file. While they were compiled using pfSense tools, the zip itself doesn't contain pfSense itself, and the process to get them to work implies that users doing it understand that they are modifying pfSense outside of its original distribution (and have no support or certification expectations by doing so).
I think most of us understand ESF's need to control the distribution and quality of pfSense, we're just frustrated because this is critical for our needs (both for network and disk throughput and to be able to shutdown the VM in a way compatible with Hyper-V and Windows Clustering) and we feel somewhat neglected after years of asking for help. The current measures seem to be a overreaction to the acts of others and in preparation of 2.2, but I think most can see the slippery slope. We are grateful to the project and want to help. I hope we can find a middle ground: a way to contribute to the community w/o grinding grassroots efforts to a halt.
The pfSense-Hyper-V sub-community has waited a long time to have better Hyper-V support and there is considerable interest (as the number of views of the old thread show), and we have tried to get attention to these efforts so they become part of the official distribution (partly why I've gone to great pains to try and document everything I've done, so it can be formalized and included in the official distribution). From a couple of old posts, it seemed that part of the problem was that the development team didn't have any servers with Hyper-V to test, so when the original driver source was released and we figured out a way to get them working with pfSense, it made sense to try and get the community involved in testing in a variety of environments.
Please let us know how we can help.
-
More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests.
Good point! It is the most viewed thread in the "Virtualization installations and techniques" forum!
Surely we must have enough people interested in the community to have a build that supports Hyper-V without having to wait for pfSense 2.2???
Peter
-
More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests.
Good point! It is the most viewed thread in the "Virtualization installations and techniques" forum!
Surely we must have enough people interested in the community to have a build that supports Hyper-V without having to wait for pfSense 2.2???
Indeed, it is the most read by far, nearly 4x views than the most viewed sticky thread (I don't know why it never got made into a sticky, maybe because it was too confusing - partly why I started this one, so it could be made into a sticky). Looking on other forums, there is only a handful of threads that have more views (many of them older).
So far, the kernel modules seem to work fine with 2.1.1. Unless there are big source changes coming in 2.1.1, it should be possible to include Hyper-V support in the build process for 2.1.1 (so we can begin testing with snapshopts). How can we help to get this in the official development, build, and distribution process?