Hyper-V ICS 1.0 (w/Synthethic Network Driver) for pfSense 2.1 & 2.1.1
-
Here is the latest version of the Hyper-V 1.0 drivers for FreeBSD 8.3 compiled specifically for pfSense 2.1 (Release) and 2.1.1 (Prerelease).
If you had issues with the old drivers, please give the new drivers a try and let us know how they work in your environment. Try and describe your environment (Hyper-V and Windows version, network card versions, teaming technology in use, hardware acceleration options, etc.)
These drivers have been greatly improved since the initial Summer 2012 (that was used in the all prior methods to enable the drivers in pfSense), and have been included in FreeBSD 10.0 (and are available for FreeBSD 8.3) and are the best version available as of Jan 2014. They needed to be recompiled in the pfSense builder environment for them to work with pfSense (the original drivers compiled in a normal FreeBSD 8.3 installation cause pfSense to crash as soon as you try and access the network interfaces).
I include the precompiled kernel modules in the attached zip, and I preconfigured a basic pfSense 2.1 Hyper-V VM and uploaded it to SkyDrive and Rapidshare:
-
Skydrive/OneDrive: REDACTED
-
Rapidshare: REDACTED
limited to about 20 downloads a day, so try again if you can't get it).
This basic VM has WAN assigned to hn0 and LAN to hn1.
The only issues I've noticed (all minor so far):
-
If you use MAC address spoofing on an interface (ie, you configure a custom MAC address in pfSense), you have to enable MAC address spoofing on all the interfaces. The basic VM has MAC spoofing configured on both interfaces.
-
You still see the "calcru: runtime went backwards" message on the console. Usually a few times when you just boot, and it stops.
So far, I haven't been able to integrate the drivers into a pfSense installation ISO, but having a pre-configured VM is probably easier, and having the modules separated also makes it easier to use commonly available ISOs to customize your pfSense installation.
The kernel modules work with both pfSense 2.1 and with pfSense 2.1.1 Prerelase (as of 20140221, likely will keep working with Prerelease versions).
Getting started
Option A. Preconfigured VM
This is the easiest option.
-
Download the preconfigured VM from SkyDrive or RapidShare
-
Extract the 7z and import the VM it into your Hyper-V installation
-
If you already have a pfSense router, backup your configuration and shutdown your pfSense router
-
Make any Hyper-V configuration changes specific to your environment (virtual switch, VLANs, etc.)
-
Start the new VM
-
If you don't have WAN on hn0 and LAN on hn1, assign interfaces
-
Assign the LAN IP
-
Use the WebConfigurator to restore your XML configuration
Option B. Precompiled Kernel Modules
In case you want to specify your own setting when configuring the initial pfSense VM (disk size and partitions, memory, etc.)
-
Download the zip file attached to this post (the files are also included in the 7z on SkyDrive/RapidShare)
-
Extract the files
-
Create a new VM with 2 Legacy Network Adapters using a pfSense 2.1 or 2.1.1 ISO downloaded from pfSense.com. Do not use an ISO with the Summer 2012 drivers - don't use older ISOs created by me or PollyPy or older alexappleton kernels from the older thread
-
Create and configure GEOM labels, as described in Labeling Disk Devices. First boot in single user mode, and if using the default partitioning scheme, use these commands
cat /etc/fstab /sbin/glabel label rootfs /dev/ad0s1a /sbin/glabel label swap /dev/ad0s1b-
Don't forget to modify your /etc/fstab to use the labels you created in single user mode above
-
If you're going to use SSH to copy files, you will need to reset the legacy interfaces. If you're using DHCP on the WAN interface connected to de0:
ifconfig de0 down ifconfig de0 up dhclient de0 ifconfig de1 down ifconfig de1 up-
Copy the kernel modules into this new VM into /boot/modules. You can use a FAT or FAT32 formatted VHD or (easier) enable SSH on pfSense and use WinSCP to copy the files
-
Set the file permisions for the modules to executable
chmod +x /boot/modules/hv_*.ko- Edit /boot/loader.conf, load the modules
hv_vmbus_load="YES" hv_utils_load="YES" hv_netvsc_load="YES" hv_storvsc_load="YES" hv_ata_pci_disengage_load="YES"- Shutdwon the VM and remove Legacy Network Adapters
Option C. Compile your own kernel modules
If you want to compile the kernel modules from source and have access to the pfsense-tools repository.
-
You'll need to follow the instructiosn in DevelopersBootStrapAndDevIso to configure a pfSense builder machine (or VM).
-
Make sure to set the version you want to use and build an ISO to make sure the builder is working properly
-
Copy the code patch file (included in the zip) to the pfSense tools RELENG_8_3 patches directory (or the directory of the version you want to use). The patch is specific to 8.3, you might need a different file for 10.x if you are trying to build a pfSense 2.2 alpha or if you're targeting a different FreeBSD version
-
Modify the RELENG_2_1 or RELENG_2_2 patches list to add "-p1~~hyperv-ic-1.0.diff~"
-
Modify pfsense_local.sh, add "hyperv" to the list of MODULES_OVERRIDE of the version you want to build
-
Try and build an ISO. While it won't generate the ISO, it will compile the source and generate the the hv_*.ko files
-
-
Hi, big big thanks,
i used the preconfigured VM and restored my settings - I know that it is too early to say this,
but as far as i can see, it works much better (can't reproduce a "sleeping thread" error.I'll test your VM with more systems during the next week.
Because you can't use traffic shapping by default, you still have to add "hn" to /etc/inc/interfaces.inc (see here )
Great work!
–----
Testing system: Hyper-V 2012 R2 | AMD | 1GiB Ram | 2xNIC (Gbit) | 100Mbit Internet -
Thank you Zootie!
I used your vhd file and attached it to my vm so I didn't have to mess with MAC address issues.
Fired it up, restored my config then updated to the latest 2.1.1 snap and it's been running fine for 10 hours so far.
It definitely seems better, but will need to run for a few days to be sure.Thanks again!
-
zootie, you'd better remove your VHDs before you receive "the most polite letter possible via the law firm". You know, you can only provide "genuine pfSense
software". Not kidding ya. ::)BTW, your Option C is useless due to actions taken by the pfSense guys, which they apparently wish to continue. You know, they think noone should have access to the build tools repo, unless it's "subject to certain contractual obligations". Otherwise you're gonna get accused exactly like the poor guy who built an early v2.2 image and posted that on the forum. And you'll become a horrible offender who "built something that clearly was not “pfSense”, named it “pfSense 2.2”, violating our registered trademark, and then announced on the pfSense forum with an adulterated logo."
This project has become a pile of legal BS. >:( >:( >:(
-
If requested, I'll promptly remove the VHD (no need of lawyers, just an admin post here - hopefully this thread won't be removed). In the meantime, I believe I'm complying with the spirit of the post: It's an effort to contribute to the community. I'm providing the community a most useful feature specific to their HW platform (Hyper-V), I'm not modifying the pfSense trademark, I'm giving full attribution to the project, I'm providing all the information needed so the feature can be added to the project in the future, and I'm asking the community to test it and document their experiences on a public forum (so the project has all the information available).
Option C might not be operational right now unless you have access to the pfsense-tools repository, or until it is brought back (with restrictions). I just wanted to write the instructions down so contributors can try and incorporate the modules into the build process in the future.
-
Thank you Zootie!
I used your vhd file and attached it to my vm so I didn't have to mess with MAC address issues.
Fired it up, restored my config then updated to the latest 2.1.1 snap and it's been running fine for 10 hours so far.
It definitely seems better, but will need to run for a few days to be sure.Thanks again!
I tried to manually update to the latest snapshot but when hitting the upgrade button nothing happens and 10 seconds later it times out.
Maybe im using the wrong file?
-
Afraid I'm not much help there.
The config I restored already had the snapshot server as an upgrade source.
I just did the auto upgrade when it offered. -
mylle,
First, Let's check some basics. Is it connecting to the Internet? Are you able to ping google.com from the pfSense VM console? Are you able to ping pfSense's LAN IP from other hosts on your LAN? Confirm if you are using the native NICs (hn0 and hn1) or Legacy NICs (de0 and de1).
As timotl points out, his/her existing XML config has the snapshot server as an upgrade source, so the VM installation got upgraded to a 2.1.1 pre-release build. The basic VM I posted is 2.1 Release and it says it is on the latest version. Unless you need something specific to 2.1.1 (or just want to to test it), you don't need to update it.
If you still want to use 2.1.1, you'd need to either setup your own VM using a 2.1.1 ISO and install the kernel modules manually (Option B), or on a 2.1 installation (like the basic VM in the 7z) you'd need to change the Updater Settings (under System/Firmware on the WebConfigurator) to use a custom URL "http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/amd64/pfSense_RELENG_2_1/.updaters/" - Just have in mind that this is an automatic nightly build: you don't know how stable the prerelease version will be and you might be the only one using it until there is an actual 2.1.1 RC Pre-Release.
-
Hi Zootie,
Thanks for your reply and you image. It works great :)
I have connectivity and everything works. Im just he kinda guy that loves trying out the bleeding edge code all the time :)
I already added the Snapshot rep and the newest snapshot downloads just fine but then:
The image file is corrupt.
Update cannot continueThats where i get stuck now.
Regards
Mylle -
Thank you so much for doing this !
Did anyone managed to make CARP work with this version (using Hyper-V 2012R2 as the host) ?
-
I've been running 2.1 Beta1 with integration for a long time without issue, so I'm not a great test but so far this is looking stable.
I'm using your pre-created VM, dual wan balanced on 2012 R2 with Windows LBFO teamed Intel Nics, 4 vNics to guest with tagging at the Hyper-V level.
Thanks :D
-
Many thanks zootie!
This seems to be the most stable Hyper-V image yet! Before this I was stuck on the 2.0.3 with Hyper-V kernel as it appeared to be the most stable for me.
Hopefully we can have an official build with the Hyper-V kernel before 2.2 is released.
Peter
-
Did anyone managed to make CARP work with this version (using Hyper-V 2012R2 as the host) ?
I tried 2.1 and latest 2.1.1 and CARP wouldn't work, stuck on INIT with "ifa_add_loopback_route: insertion failed" in the log.
I found a source patch for bridgestp/if/if_bridge that might solve one possible cause for this error. I'll have to make some time to try it.
update: bridgestp/if/if_bridge patch didn't seem to have an effect, so unless someone else has an idea, CARP remains non-operational.
-
Hi
I am really sorry if this is hi-jacking the thread :)
I have ran your pre-configured VM in windows 2012 R2 and it works brilliant and its very appreciated,
I cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,
Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition (please excuse my ignorance I new to freebsd )
Any guidance would be much appreciated as I need some space for log retention and squid cache,
I also want to run 2 - 4gb of ram would it be correct to say I would need at least the same in a swap partition
Or if one pre-configured VM could be made with a bigger disk , I will spot you a few beers I promise as it will get me out of a tight squeeze ;-)
-
I cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,
Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition.
I'm creating versions of the preconfigured VM with a larger disk/swap. I'll try and post them tonight.(I've been asked to remove it, so I can't post more versions)Since you already have it, you can try and resize it yourself. I used a FreeBSD 10 VM (should work with FreeBSD 9.x too, unsure about 8.x or if using another copy of pfSense). I expanded the VHD and mounted it on this VM (on the secondary IDE controller), and used the instructions in 18.4. Resizing and Growing Disks and in Resize Your Existing FreeBSD Root Partition/Slice Safely Without Re-Installing
First I had to grow the slice (ada0s1) within the disk (ada0) and reboot before the space was visible within the slice. Then followed the instructions to delete the swap partition, expand root to the desired size, and then recreate the swap partition. Run gpart show ada0 and gpart show ada0s1 so you see the changes.
#Resize ada0s1 slice to full size of ada0 disk gpart resize -i 1 -a 4k ada0 #After reboot (so free space would be visible within slice) #Delete swap (note it is using the slice) gpart delete -i 2 ada0s1 #Expand root (adjust size, assuming it's a 32 GB disk, wanting to leave 4 GB for swap) gpart resize -i 1 -a 4k -s 28G ada0s1 #Recreate swap gpart add -t freebsd-swap -a 4k ada0s1 #Grow filesystem growfs /dev/ada0s1aThen back in the pfSense VM, I had to recreate the GEOM labels. Boot in single user mode, specify ufs:/dev/da0s1a as the root file system, and then recreate the labels using /sbin/glabel label rootfs /dev/da0s1a and /sbin/glabel label swap /dev/da0s1b. No need to change fstab again (since the labels have the same names).
-
@HC:
..
hv_kvp_negotiate_version Hyperv-utils1: detached hyperv-utils1 on vmbus0 hyperv-utils1: Hyper-V service attching: Hyper-v sevice attaching; Hyper-v KVP ServiceI only get
hv_kvp_negotiate_version ```every 12 hours - more or less, with the following Hyper-V Log message.Hyper-V Data Exchange connected to virtual machine 'MachineName', but the version does not match the version expected by Hyper-V (Virtual machine ID Machine-ID). Framework version: Negotiated (3.0) - Expected (3.0); Message version: Negotiated (4.0) - Expected (5.0)....unsupported....
Think we can ignore that? Update about my experience with the new driver: I'm testing the new iso now at four different locations in production systems. The only issue i could find is, that the performance (in my case the throughput) seems to be poorer on **realtek** nics. [1] Hyper-V 2012 R2 | AMD | 1GiB Ram | 1x Intel NIC 1x Private NIC (Hyper-V) | 100Mbit Internet | Traffic shapping on | 20 Users [2] Hyper-V 2012 R2 | Intel i7| 1GiB Ram | 1x Intel NIC 1x Private NIC (Hyper-V) | 100Mbit Internet | Traffic shapping on | 8 Users [3] Hyper-V 2012 R2 | Intel i3| 512 MiB Ram | 1x Intel NIC 1x Realtek | 70Mbit Internet | Traffic shapping off | 2 Users [4] Hyper-V 2012 R2 | Intel i5| 512 MiB Ram | 2x Intel NIC | 4Mbit Internet | Traffic shapping on | 6 Users Great work! -
I cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,
Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition.
I'm creating versions of the preconfigured VM with a larger disk/swap. I'll try and post them tonight.
Zootie thanks so much your a legend especially to us Hyper-v admins that would love to use what I consider the best Software UTM out there ;-),
-
If requested, I'll promptly remove the VHD (no need of lawyers, just an admin post here - hopefully this thread won't be removed). In the meantime, I believe I'm complying with the spirit of the post: It's an effort to contribute to the community. I'm providing the community a most useful feature specific to their HW platform (Hyper-V), I'm not modifying the pfSense trademark, I'm giving full attribution to the project, I'm providing all the information needed so the feature can be added to the project in the future, and I'm asking the community to test it and document their experiences on a public forum (so the project has all the information available).
I don't know if I'm an 'admin' or not. (Turns out: I am.) If not, I can make myself one pretty quick.
I'll ask nicely that you take this down. What follows are snippets from what the eventual communication about the issue will be, when we (finally, sorry) address the community about it.
The issue really is our trademark(s). pfSense
and "pfSense Certified" are registered trademarks of Electric Sheep Fencing, LLC. The pfSense logo is a trademark of Electric Sheep Fencing, LLC.The issue with you using “pfSense” it that it is possible to lose rights in a mark by licensing the mark to others without controlling the nature and quality of the goods or services the licensee offers under the mark. This concept is often referred to as “naked licensing.” This is the reason why we insist that only things we build be described as “pfSense”.
Another way in which rights may be lost is by misusing the mark – or by failing to police against the mark’s misuse by others – so that the mark ceases to indicate the source of goods or services and becomes a generic word (like escalator and cellophane, which originally were trademarks but came to be understood by the public as the generic names of the products for which they had been used as brands).
Now, that's not a complete treatise on the issues, it's just illustration of the problem. Your intent, however noble, doesn't matter, because the issue is, if we allow it "enough", someone else, some third-party, can come along and demand that the mark be canceled. (It happened to me, and not long ago. http://www.plainsite.org/dockets/index.html?id=2283547)
El Reg posted a story a few days ago about Mozilla's lawyers arguing with Dell about Dell charging to install Firefox.
http://www.theregister.co.uk/2014/03/10/mozilla_investigates_fee_for_firefox_dell_claims/ This following: http://www.theregister.co.uk/2014/03/05/mozilla_probes_dell_over_firefox_installation_claims/Which is really all about: http://www.mozilla.org/en-US/foundation/trademarks/faq/
The Mozilla “business model” is about getting Firefox (and friends) distributed far and wide. Dell charging a fee for the distribution interrupts that model (fewer people take it), so Mozilla does not allow it.
The business of pfSense (the products and projects) is very much dependent on exactly the same distribution dynamic. We want pfSense distributed far and wide, but in an unmodified form from what we build, and without charge.
That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed. If you're interested, we're interested.
Finally, I don't know who deleted that thread. I responded to the end of the thread asking the individual to take it down, but I didn't delete the thread. Chris (cmb) tells me he didn't do it. There are only a few others who could have. To be perfectly frank, it was me who demanded that the -tools repo be taken down until we could find a solution. I am trying for minimum impact on the community.
Option C might not be operational right now unless you have access to the pfsense-tools repository, or until it is brought back (with restrictions). I just wanted to write the instructions down so contributors can try and incorporate the modules into the build process in the future.
The -tools repo will return just as soon as I can satisfy all parties with a solution.
The reason it was withdrawn was because someone did the unthinkable:
-
they built something called "pfSense 2.2", which was not pfSense, nevermind 2.2
-
they released it, leaving all indicia intact
-
they announced it on the forum
(EDIT: formatting, spelling and "I am.")
-
-
So what needs to happen for us to have an official pfSense build with Hyper-V support?
The latest image that Zootie has provided has a greater stability than the official build under Hyper-V!
I use it in a Hyper-V environment extensively. At first I had to use the "Legacy Network cards" and then install ShellCmd to bring each of the interfaces down and up again to work. This kind of worked but we have reduced throughput due to the "Legacy Network cards".
Since these unofficial builds have been available the pfSense installs have been a lot more stable and have much better throughput.
I understand that you are protecting your trademark and I think that pfSense is worth protecting.
If you need to test an official pfSense build with Hyper-V support I'll be more than happy to test so that this can be released.
Peter
-
@gonzopancho:
….
The business of pfSense (the products and projects) is very much dependent on exactly the same distribution dynamic. We want pfSense distributed far and wide, but in an unmodified form from what we build, and without charge.That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed. If you're interested, we're interested.
….
(EDIT: formatting, spelling and "I am.")
Hi gonzopancho!
Community need Hyper-V support!
If pfSense team currently don't have time/resources to produce stable Hyper-V image, please!!!, build a testing image with zooties patches
It's working except CARP!Many people want to use pfSense on Hyper-V, and use it today…
Create offical thread pfSense on Hyper-V and you will get feedback from community
Community will hunt down bugs in the pfSense software :)Thank you!
P.S.
Community, if you want to use pfSense on Hyper-V, please post your thoughts about it!