Latest PFsense for hyper-V?
-
I hate to post a redundant post, but I spent 2hrs last night reading the other post that had devolved into "it's open source, we can do what we want" vs. "Open source does not give you trademark rights" Which is fine, I don't want to pick sides because I don't really care. My problem right now is i'm running PFsense 2.1 release and i'm unable to upgrade. I am running Pfsense under hyper-v 2012r2 and I tried upgrading to 2.1.2 and of course it broke everything since it doesn't support hyper-v yet, and I checked the other thread where someone had posted a .vhd of the new version but it was pulled before I got a chance to download it. Does 2.2 support hyper-V? can I download that?
-
The base FreeBSD used in 2.2 does have the Hyper-V drivers built in, so it should work. I haven't had a chance to try it on Hyper-V yet myself.
-
Running April 17th 17:43 build of 2.2 on Hyper-V 2012 R2 right now. I first experimented with it a VLAN behind my hardware install of 2.1.2 just to make sure it was going to work. Started yesterday and took down my internet connection and piped it over to the VM install. Charter's modem or something with the hypervisor doesn't like being a part of a VLAN but I have a spare Ethernet circuit going out there so I just ran the WAN side direct. All working as can be expected (I'm sure there are things not working, for example I originally deployed the VM using an April 06 build and it wouldn't let me make any changes to System>Advanced>Misc without throwing errors. The newer version does not exhibit this behavior). Check it out and if the features you need are working, go for it. It sees the synthetic network cards just fine and the heartbeat works (can even do a managed shutdown).
Joel
-
pfSense 2.2 is based on FreeBSD 10 and has HyperV drivers built in. However, don't use it in production as it's not stable yet.
The other thread has instructions on how to install the latest HyperV drivers into the stable version 2.1.2 which works very well. -
pfSense 2.2 is at least as stable as 2.1.2
-
where can I find 2.2 isos ?
-
At the Forum Index there is a development section which has a 2.2 snapshot sticky with the info you require.
Here is the pfSense snapshots page:
http://snapshots.pfsense.org
-
does 2.2 support CARP under hyper-v? What about Vlan trunking?
-
At the Forum Index there is a development section which has a 2.2 snapshot sticky with the info you require.
Here is the pfSense snapshots page:
http://snapshots.pfsense.org
thanks a lot!
-
At the Forum Index there is a development section which has a 2.2 snapshot sticky with the info you require.
Here is the pfSense snapshots page:
http://snapshots.pfsense.org
it just sits at booting…grr...
-
At the Forum Index there is a development section which has a 2.2 snapshot sticky with the info you require.
Here is the pfSense snapshots page:
http://snapshots.pfsense.org
it just sits at booting…grr...
hmm installed using latest 2.2 alpha iso - everything working fine for my needs.
-
it just sits at booting…grr...
See this thread: https://forum.pfsense.org/index.php?topic=75241.0
-
it just sits at booting…grr...
See this thread: https://forum.pfsense.org/index.php?topic=75241.0
I actually found my problem, i was using 32 bit and apparently 64 bit works, so I just switched over today to see how it works. I still can't get Vlan trunking working, and I lost snort, but it does seem to work better under hyper-v, and I no longer have to worry about heartbleed and automatic updates.
-
the good news here is that the 64-bit ISOs of the 2.2 snapshots work.
This, rather than producing a back-port to 2.1.x is the preferred direction.
-
Thanks god I found this thread after struggling with pfSense 2.1.4 on hyper-v.
Downloaded the latest 64bit snapshot.
My environment.
Host-
Supermicro 5018A-TN4 (would rather go for 5018A-FTN4 because of front Ethernet ports)
-
8GB Ram
-
128GB Samsung Evo Pro SSD
-
Windows Server 2012 R2
VM
-
1GB RAM
-
8GB fixed vhdx
-
pfSense 2.2
-
3 network adapters (no legacy) for WAN, LAN and DMZ
After a successful test in the lab i struggled with the internet access afterwards until i realized that the clients had a wrong gateway configured. After setting pfSense to the same ip as the DSL router and reconfiguring the router it all worked.
My environment
DSL router -> pfSense WAN -> pfSense LAN -> main switch -> clients
172.16.1.1 -> 172.16.1.2 -> 192.168.1.1DSL -> pfSense WAN -> pfSense DMZ -> openSuse VM
172.16.1.1 -> 172.16.1.2 -> 172.16.35.1 (static) -> 172.16.35.47 (dhcp)Access to the internet from the DMZ is not yet working though. Don't know if it has to do with hyper-v or pfSense or the guest so (openSuse). openSuse reports a ip-address (dhcp) but can't browse anything. The DMZ port is configured as 172.16.35.1 (static, dhcp server). On hyper-v a switch is configured for the physical Ethernet port. There's no physical wire connected to the port because i "think" the traffic should be routed by pfSense directly from Wan to DMZ (my guess though). Duplicated the NAT rules from LAN to DMZ.
pfSense and openSuse share the same virtual DMZ network adapter.Maybe someone has an idea what might be wrong with the DMZ interface?
15.08.2014 Edit
Solved the problem by adding an allow all outbound traffic (any) from DMZ. Will investigate later in order to just allow necessary traffic.Cheers,
Thomas -
-
Do you have a firewall rule allowing DMZ to access WAN? Its not created by default.
-
Thats the resolution!! It works now. Allowed all outbound traffic though which is not how it should be.
Do you know by chance the minimum rule to add?
Thanks,
Tho as -
There is no one-size-fits-all rule. It depends on what type of servers or clients you have in there and what you want to limit them to.
-
For now just windows clients that need internet access.
-
"Internet access" is pretty much everything. If you want to limit them to email and web, for example, then you would put rules in place to allow the standard ports for those applications, and block everything else.
