Hyper-V ICS 1.0 (w/Synthethic Network Driver) for pfSense 2.1 & 2.1.1
- 
 @HC: .. hv_kvp_negotiate_version Hyperv-utils1: detached hyperv-utils1 on vmbus0 hyperv-utils1: Hyper-V service attching: Hyper-v sevice attaching; Hyper-v KVP ServiceI only get hv_kvp_negotiate_version ```every 12 hours - more or less, with the following Hyper-V Log message.Hyper-V Data Exchange connected to virtual machine 'MachineName', but the version does not match the version expected by Hyper-V (Virtual machine ID Machine-ID). Framework version: Negotiated (3.0) - Expected (3.0); Message version: Negotiated (4.0) - Expected (5.0)....unsupported.... Think we can ignore that? Update about my experience with the new driver: I'm testing the new iso now at four different locations in production systems. The only issue i could find is, that the performance (in my case the throughput) seems to be poorer on **realtek** nics. [1] Hyper-V 2012 R2 | AMD | 1GiB Ram | 1x Intel NIC 1x Private NIC (Hyper-V) | 100Mbit Internet | Traffic shapping on | 20 Users [2] Hyper-V 2012 R2 | Intel i7| 1GiB Ram | 1x Intel NIC 1x Private NIC (Hyper-V) | 100Mbit Internet | Traffic shapping on | 8 Users [3] Hyper-V 2012 R2 | Intel i3| 512 MiB Ram | 1x Intel NIC 1x Realtek | 70Mbit Internet | Traffic shapping off | 2 Users [4] Hyper-V 2012 R2 | Intel i5| 512 MiB Ram | 2x Intel NIC | 4Mbit Internet | Traffic shapping on | 6 Users Great work!
- 
 I cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb, Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition. I'm creating versions of the preconfigured VM with a larger disk/swap. I'll try and post them tonight. Zootie thanks so much your a legend especially to us Hyper-v admins that would love to use what I consider the best Software UTM out there ;-), 
- 
 If requested, I'll promptly remove the VHD (no need of lawyers, just an admin post here - hopefully this thread won't be removed). In the meantime, I believe I'm complying with the spirit of the post: It's an effort to contribute to the community. I'm providing the community a most useful feature specific to their HW platform (Hyper-V), I'm not modifying the pfSense trademark, I'm giving full attribution to the project, I'm providing all the information needed so the feature can be added to the project in the future, and I'm asking the community to test it and document their experiences on a public forum (so the project has all the information available). I don't know if I'm an 'admin' or not. (Turns out: I am.) If not, I can make myself one pretty quick. I'll ask nicely that you take this down. What follows are snippets from what the eventual communication about the issue will be, when we (finally, sorry) address the community about it. The issue really is our trademark(s). pfSense  and "pfSense Certified" and "pfSense Certified" are registered trademarks of Electric Sheep Fencing, LLC.  The pfSense logo is a trademark of Electric Sheep Fencing, LLC. are registered trademarks of Electric Sheep Fencing, LLC.  The pfSense logo is a trademark of Electric Sheep Fencing, LLC.The issue with you using “pfSense” it that it is possible to lose rights in a mark by licensing the mark to others without controlling the nature and quality of the goods or services the licensee offers under the mark. This concept is often referred to as “naked licensing.” This is the reason why we insist that only things we build be described as “pfSense”. Another way in which rights may be lost is by misusing the mark – or by failing to police against the mark’s misuse by others – so that the mark ceases to indicate the source of goods or services and becomes a generic word (like escalator and cellophane, which originally were trademarks but came to be understood by the public as the generic names of the products for which they had been used as brands). Now, that's not a complete treatise on the issues, it's just illustration of the problem. Your intent, however noble, doesn't matter, because the issue is, if we allow it "enough", someone else, some third-party, can come along and demand that the mark be canceled. (It happened to me, and not long ago. http://www.plainsite.org/dockets/index.html?id=2283547) El Reg posted a story a few days ago about Mozilla's lawyers arguing with Dell about Dell charging to install Firefox. 
 http://www.theregister.co.uk/2014/03/10/mozilla_investigates_fee_for_firefox_dell_claims/ This following: http://www.theregister.co.uk/2014/03/05/mozilla_probes_dell_over_firefox_installation_claims/Which is really all about: http://www.mozilla.org/en-US/foundation/trademarks/faq/ The Mozilla “business model” is about getting Firefox (and friends) distributed far and wide. Dell charging a fee for the distribution interrupts that model (fewer people take it), so Mozilla does not allow it. The business of pfSense (the products and projects) is very much dependent on exactly the same distribution dynamic. We want pfSense distributed far and wide, but in an unmodified form from what we build, and without charge. That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed. If you're interested, we're interested. Finally, I don't know who deleted that thread. I responded to the end of the thread asking the individual to take it down, but I didn't delete the thread. Chris (cmb) tells me he didn't do it. There are only a few others who could have. To be perfectly frank, it was me who demanded that the -tools repo be taken down until we could find a solution. I am trying for minimum impact on the community. Option C might not be operational right now unless you have access to the pfsense-tools repository, or until it is brought back (with restrictions). I just wanted to write the instructions down so contributors can try and incorporate the modules into the build process in the future. The -tools repo will return just as soon as I can satisfy all parties with a solution. The reason it was withdrawn was because someone did the unthinkable: - 
they built something called "pfSense 2.2", which was not pfSense, nevermind 2.2 
- 
they released it, leaving all indicia intact 
- 
they announced it on the forum 
 (EDIT: formatting, spelling and "I am.") 
- 
- 
 So what needs to happen for us to have an official pfSense build with Hyper-V support? The latest image that Zootie has provided has a greater stability than the official build under Hyper-V! I use it in a Hyper-V environment extensively. At first I had to use the "Legacy Network cards" and then install ShellCmd to bring each of the interfaces down and up again to work. This kind of worked but we have reduced throughput due to the "Legacy Network cards". Since these unofficial builds have been available the pfSense installs have been a lot more stable and have much better throughput. I understand that you are protecting your trademark and I think that pfSense is worth protecting. If you need to test an official pfSense build with Hyper-V support I'll be more than happy to test so that this can be released. Peter 
- 
 @gonzopancho: …. 
 The business of pfSense (the products and projects) is very much dependent on exactly the same distribution dynamic. We want pfSense distributed far and wide, but in an unmodified form from what we build, and without charge.That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed. If you're interested, we're interested. …. (EDIT: formatting, spelling and "I am.") Hi gonzopancho! Community need Hyper-V support! 
 If pfSense team currently don't have time/resources to produce stable Hyper-V image, please!!!, build a testing image with zooties patches
 It's working except CARP!Many people want to use pfSense on Hyper-V, and use it today… 
 Create offical thread pfSense on Hyper-V and you will get feedback from community
 Community will hunt down bugs in the pfSense software :)Thank you! P.S. 
 Community, if you want to use pfSense on Hyper-V, please post your thoughts about it!
- 
 @hmh: P.S. 
 Community, if you want to use pfSense on Hyper-V, please post your thoughts about it!That's the beginning of the end of the pfSense community. @gonzopancho: That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed. If you're interested, we're interested. More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests. 
- 
 As requested, I've removed the VM from the links, I just left a readme with a link to this thread. I can't remove the kernel modules zip from the first post (since I can't edit it anymore due to forum restrictions). However, I'd ask admins to please leave it in place so adventurous users can try and get Option B working for their environment. It only has the kernel compiled modules and the source patch file. While they were compiled using pfSense tools, the zip itself doesn't contain pfSense itself, and the process to get them to work implies that users doing it understand that they are modifying pfSense outside of its original distribution (and have no support or certification expectations by doing so). I think most of us understand ESF's need to control the distribution and quality of pfSense, we're just frustrated because this is critical for our needs (both for network and disk throughput and to be able to shutdown the VM in a way compatible with Hyper-V and Windows Clustering) and we feel somewhat neglected after years of asking for help. The current measures seem to be a overreaction to the acts of others and in preparation of 2.2, but I think most can see the slippery slope. We are grateful to the project and want to help. I hope we can find a middle ground: a way to contribute to the community w/o grinding grassroots efforts to a halt. The pfSense-Hyper-V sub-community has waited a long time to have better Hyper-V support and there is considerable interest (as the number of views of the old thread show), and we have tried to get attention to these efforts so they become part of the official distribution (partly why I've gone to great pains to try and document everything I've done, so it can be formalized and included in the official distribution). From a couple of old posts, it seemed that part of the problem was that the development team didn't have any servers with Hyper-V to test, so when the original driver source was released and we figured out a way to get them working with pfSense, it made sense to try and get the community involved in testing in a variety of environments. Please let us know how we can help. 
- 
 More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests. Good point! It is the most viewed thread in the "Virtualization installations and techniques" forum! Surely we must have enough people interested in the community to have a build that supports Hyper-V without having to wait for pfSense 2.2??? Peter 
- 
 More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests. Good point! It is the most viewed thread in the "Virtualization installations and techniques" forum! Surely we must have enough people interested in the community to have a build that supports Hyper-V without having to wait for pfSense 2.2??? Indeed, it is the most read by far, nearly 4x views than the most viewed sticky thread (I don't know why it never got made into a sticky, maybe because it was too confusing - partly why I started this one, so it could be made into a sticky). Looking on other forums, there is only a handful of threads that have more views (many of them older). So far, the kernel modules seem to work fine with 2.1.1. Unless there are big source changes coming in 2.1.1, it should be possible to include Hyper-V support in the build process for 2.1.1 (so we can begin testing with snapshopts). How can we help to get this in the official development, build, and distribution process? 
- 
 When it comes to non-profits, Microsoft is very generous. And using something so wonderful like pfSense and using advanced hypervisor features like VM Replication, live export of running VM etc makes the life a lot easy. If I had budget to buy VMWare licenses then we could have also bought a commercial firewall like Sonicwall/Cyberoam etc. If the idea is to reach far and wide, then Hyper-V is not something that should be ignored. 
- 
 Indeed, it is the most read by far, nearly 4x views than the most viewed sticky thread (I don't know why it never got made into a sticky, maybe because it was too confusing - partly why I started this one, so it could be made into a sticky). Looking on other forums, there is only a handful of threads that have more views (many of them older). So far, the kernel modules seem to work fine with 2.1.1. Unless there are big source changes coming in 2.1.1, it should be possible to include Hyper-V support in the build process for 2.1.1 (so we can begin testing with snapshopts). How can we help to get this in the official development, build, and distribution process? Is it possible for the pfSense team (or should I say ESF?) to implement this into 2.1.1??? Even if it means that we have to enable it in the Advanced settings or modify some System Tunables or something. Peter 
- 
 Also, please see here for many requests from the community for Hyper-V support: https://blog.pfsense.org/?p=705#comments Please, please, please can we have official Hyper-V support! Peter 
- 
 So what needs to happen for us to have an official pfSense build with Hyper-V support? I thought I already outlined that. I'm willing to make it happen, but I'm going to need some help (perhaps from zootie), 
 and it will (of necessity) need to be buildable from source. Once that happens, we can produce an official 'snapshot' for
 people (like you) to test, as well as setup for the test harness at work.I understand that you are protecting your trademark and I think that pfSense is worth protecting. Thank you. If you need to test an official pfSense build with Hyper-V support I'll be more than happy to test so that this can be released. Thank you. 
- 
 That's the beginning of the end of the pfSense community. I'm unsure if you're speaking about the call for discussion, or if you're commenting. If you're commenting, all I can really say is, "death of pfSense predicted, film at 11". 
 (http://en.wikipedia.org/wiki/Film_at_11)More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests. It's not other interests, it's "higher priorities". But I already made a very public commitment. 
- 
 When it comes to non-profits, Microsoft is very generous. And using something so wonderful like pfSense and using advanced hypervisor features like VM Replication, live export of running VM etc makes the life a lot easy. If I had budget to buy VMWare licenses then we could have also bought a commercial firewall like Sonicwall/Cyberoam etc. If the idea is to reach far and wide, then Hyper-V is not something that should be ignored. A Microsoft Hyper-V PM was in-touch back in November, wanting pfSense officially supported on Hyper-V. 
 He estimated then that it would be at least 8 man-weeks of effort to get to a tested version.Neither pfSense, nor the companies behind it, are "non-profit". Don't confuse "open source" with "non-profit". Nobody will work without a salary for long, and there are bandwidth, hosting fees, insurance, rent, power bills, etc. to deal with. Microsoft offered ZERO help. Even though there was a Microsoft engineer in-touch about the same time who had completed similar work. Microsoft wouldn't allow his patches to be used, for fear of 'taint'. Your "if I had budget to buy VMware, I wouldn't use pfSense" bothers me. Do you understand how hostile that sounds over here? Is the only reason that you use pfSense because we don't charge for it? 
- 
 Also, please see here for many requests from the community for Hyper-V support: https://blog.pfsense.org/?p=705#comments Please, please, please can we have official Hyper-V support! Peter Yes, if the community will assist. 
- 
 Is it possible for the pfSense team (or should I say ESF?) to implement this into 2.1.1??? Even if it means that we have to enable it in the Advanced settings or modify some System Tunables or something. Peter It probably won't make the 2.1.1 release train, but I think a test version based on 2.1.1 could be made available. 
 Then we could move to the 2.2 train for Hyper-V support (which eliminates the back port.)
- 
 @gonzopancho: So what needs to happen for us to have an official pfSense build with Hyper-V support? I thought I already outlined that. I'm willing to make it happen, but I'm going to need some help (perhaps from zootie), 
 and it will (of necessity) need to be buildable from source. Once that happens, we can produce an official 'snapshot' for
 people (like you) to test, as well as setup for the test harness at work.I understand that you are protecting your trademark and I think that pfSense is worth protecting. Thank you. If you need to test an official pfSense build with Hyper-V support I'll be more than happy to test so that this can be released. Thank you. Many thanks for replying, it's much appreciated, it's great to finally have a an acknowledgment and a response from the pfSense team! Hopefully zootie will be more than happy to help out. He has spent considerable time already in supporting the Hyper-V part of the pfSense community. I look forward to having an official build to play with in the future! Peter 
- 
 zootie, you'd better remove your VHDs before you receive "the most polite letter possible via the law firm". You know, you can only provide "genuine pfSense**  ** software". Not kidding ya.  ::) ** software". Not kidding ya.  ::)BTW, your Option C is useless due to actions taken by the pfSense guys, which they apparently wish to continue. You know, they think noone should have access to the build tools repo, unless it's "subject to certain contractual obligations". Otherwise you're gonna get accused exactly like the poor guy who built an early v2.2 image and posted that on the forum. And you'll become a horrible offender who "built something that clearly was not “pfSense”, named it “pfSense 2.2”, violating our registered trademark, and then announced on the pfSense forum with an adulterated logo." This project has become a pile of legal BS. >:( >:( >:( I'm sorry you feel that way. Perhaps you would like to explain your viewpoint more. 
- 
 I have edited the original post to remove the links.