Latest PFsense for hyper-V?
-
I hate to post a redundant post, but I spent 2hrs last night reading the other post that had devolved into "it's open source, we can do what we want" vs. "Open source does not give you trademark rights" Which is fine, I don't want to pick sides because I don't really care. My problem right now is i'm running PFsense 2.1 release and i'm unable to upgrade. I am running Pfsense under hyper-v 2012r2 and I tried upgrading to 2.1.2 and of course it broke everything since it doesn't support hyper-v yet, and I checked the other thread where someone had posted a .vhd of the new version but it was pulled before I got a chance to download it. Does 2.2 support hyper-V? can I download that?
-
The base FreeBSD used in 2.2 does have the Hyper-V drivers built in, so it should work. I haven't had a chance to try it on Hyper-V yet myself.
-
Running April 17th 17:43 build of 2.2 on Hyper-V 2012 R2 right now. I first experimented with it a VLAN behind my hardware install of 2.1.2 just to make sure it was going to work. Started yesterday and took down my internet connection and piped it over to the VM install. Charter's modem or something with the hypervisor doesn't like being a part of a VLAN but I have a spare Ethernet circuit going out there so I just ran the WAN side direct. All working as can be expected (I'm sure there are things not working, for example I originally deployed the VM using an April 06 build and it wouldn't let me make any changes to System>Advanced>Misc without throwing errors. The newer version does not exhibit this behavior). Check it out and if the features you need are working, go for it. It sees the synthetic network cards just fine and the heartbeat works (can even do a managed shutdown).
Joel
-
pfSense 2.2 is based on FreeBSD 10 and has HyperV drivers built in. However, don't use it in production as it's not stable yet.
The other thread has instructions on how to install the latest HyperV drivers into the stable version 2.1.2 which works very well.
-
pfSense 2.2 is at least as stable as 2.1.2
-
where can I find 2.2 isos ?
-
At the Forum Index there is a development section which has a 2.2 snapshot sticky with the info you require.
Here is the pfSense snapshots page:
-
does 2.2 support CARP under hyper-v? What about Vlan trunking?
-
At the Forum Index there is a development section which has a 2.2 snapshot sticky with the info you require.
Here is the pfSense snapshots page:
thanks a lot!
-
At the Forum Index there is a development section which has a 2.2 snapshot sticky with the info you require.
Here is the pfSense snapshots page:
it just sits at booting…grr...
-
At the Forum Index there is a development section which has a 2.2 snapshot sticky with the info you require.
Here is the pfSense snapshots page:
it just sits at booting…grr...
hmm installed using latest 2.2 alpha iso - everything working fine for my needs.
-
it just sits at booting…grr...
See this thread: https://forum.pfsense.org/index.php?topic=75241.0
-
it just sits at booting…grr...
See this thread: https://forum.pfsense.org/index.php?topic=75241.0
I actually found my problem, i was using 32 bit and apparently 64 bit works, so I just switched over today to see how it works. I still can't get Vlan trunking working, and I lost snort, but it does seem to work better under hyper-v, and I no longer have to worry about heartbleed and automatic updates.
-
the good news here is that the 64-bit ISOs of the 2.2 snapshots work.
This, rather than producing a back-port to 2.1.x is the preferred direction.
-
Thanks god I found this thread after struggling with pfSense 2.1.4 on hyper-v.
Downloaded the latest 64bit snapshot.
My environment.
Host-
Supermicro 5018A-TN4 (would rather go for 5018A-FTN4 because of front Ethernet ports)
-
8GB Ram
-
128GB Samsung Evo Pro SSD
-
Windows Server 2012 R2
VM
-
1GB RAM
-
8GB fixed vhdx
-
pfSense 2.2
-
3 network adapters (no legacy) for WAN, LAN and DMZ
After a successful test in the lab i struggled with the internet access afterwards until i realized that the clients had a wrong gateway configured. After setting pfSense to the same ip as the DSL router and reconfiguring the router it all worked.
My environment
DSL router -> pfSense WAN -> pfSense LAN -> main switch -> clients
172.16.1.1 -> 172.16.1.2 -> 192.168.1.1DSL -> pfSense WAN -> pfSense DMZ -> openSuse VM
172.16.1.1 -> 172.16.1.2 -> 172.16.35.1 (static) -> 172.16.35.47 (dhcp)Access to the internet from the DMZ is not yet working though. Don't know if it has to do with hyper-v or pfSense or the guest so (openSuse). openSuse reports a ip-address (dhcp) but can't browse anything. The DMZ port is configured as 172.16.35.1 (static, dhcp server). On hyper-v a switch is configured for the physical Ethernet port. There's no physical wire connected to the port because i "think" the traffic should be routed by pfSense directly from Wan to DMZ (my guess though). Duplicated the NAT rules from LAN to DMZ.
pfSense and openSuse share the same virtual DMZ network adapter.Maybe someone has an idea what might be wrong with the DMZ interface?
15.08.2014 Edit
Solved the problem by adding an allow all outbound traffic (any) from DMZ. Will investigate later in order to just allow necessary traffic.Cheers,
Thomas
-
-
Do you have a firewall rule allowing DMZ to access WAN? Its not created by default.
-
Thats the resolution!! It works now. Allowed all outbound traffic though which is not how it should be.
Do you know by chance the minimum rule to add?
Thanks,
Tho as
-
There is no one-size-fits-all rule. It depends on what type of servers or clients you have in there and what you want to limit them to.
-
For now just windows clients that need internet access.
-
"Internet access" is pretty much everything. If you want to limit them to email and web, for example, then you would put rules in place to allow the standard ports for those applications, and block everything else.
-
Anyone give me a definitive answer on what version to run, 32bit of 64bit?
Currently this:
Host: Server 2008 R2
32GB RAM
i7 3770k overclocked
4 - 1TB in raid 10VM:
pfsense 2.0.3 - 32bit
1 GB ram
1 CoreRuns alright, the cpu usage has never worked though and would love to upgrade. Lots of talk on this forum with special versions with the necessary drivers for hyper-v, etc. Also, any reason performance or stability wise to use the 64bit kernel on hyper-v over the 32bit?
Would just love some clarification as there's plenty of topics but none really state which is the best route to take.
Thanks
Edit:
Pre-flight a VM running the latest 2.2 snapshot, will post back with results when I switch everything over to it. So far without anything running through it, seems very quick and stable.
-
Hi Rusty
My setup of the pfSense 2.2 64bit snapshot works fine so far.
See details in my previous post.Cheers,
Thomas
-
Hi Rusty
My setup of the pfSense 2.2 64bit snapshot works fine so far.
See details in my previous post.Cheers,
ThomasWhich revision? Any weird bugs or stability issues so far? Are you using legacy network drivers?
Thanks!
-
2.2-ALPHA (amd64)
built on Wed Aug 06 14:28:19 CDT 2014No issues besides the clock going backwards in the first few minutes after reboot. Not experiencing any side effect of this so far.
I'm using the standard network adapters.Cheers,
Thomas
-
What kind of throughput are you seeing on network side? I've got 50Mb X 5Mb and can saturate most of the 50Mb download with my current 2.0.3 but having some weird bugs with it and not consistent. I will switch everything to the 2.2 tonight and see how things progress.
-
Flipped everything over, power cycled modem, WAN side won't come up.
Will try turning the interfaces down and up like on older versions to see if that fixes it. Might have to try legacy network drivers as well. :-\
-
Apologies for all the posts.
Ended up still using legacy drivers as regular didn't work. Got it up and running and so far so good.
I would imagine the drivers didn't work due to my system. I posted the wrong specs of the host, but this is what it is:
Custom Desktop:
Motherboard: ASUS M5A99X EVO R2.0
CPU: AMD FX-8350
Memory: 24GB G.skill ripjaws
PSU: Seasonic 1000WTo get the host to connect I need to manually install the network drivers. Most likely reason why I still have to use legacy drivers.
-
Apologies for all the posts.
Ended up still using legacy drivers as regular didn't work. Got it up and running and so far so good.
I would imagine the drivers didn't work due to my system. I posted the wrong specs of the host, but this is what it is:
Custom Desktop:
Motherboard: ASUS M5A99X EVO R2.0
CPU: AMD FX-8350
Memory: 24GB G.skill ripjaws
PSU: Seasonic 1000WTo get the host to connect I need to manually install the network drivers. Most likely reason why I still have to use legacy drivers.
I may be wrong here, but it's the Virtual Adapter driver that is in pfSense/FreeBSD. It should have almost nothing to do with the model of the physical adapter. That is up to Hyper-V to take care of.
As for 2.2 Hyper-V WAN performance I have a 100/10 line:
-
I tried with regular drivers, then rebuilt and used legacy and connected up instantly. Also tried the ifconfig up and down without luck.
-
You're Motherboard has a Realtek
8111F, 1 x Gigabit LAN Controller.
There are several posts that pfSense (actually its freeBSD) works best with Intel NICs. Thats why I ordered a Intel board.
The Realtek might be the cause for the network problem.Cheers,
Thomas
-
I do have a seperate Dual Gigabit that I was going to add. It is however a rosewill network card if that helps at all.
-
Hi guys and Tisler,
I was wondering how / where you download the 2.2 Alpha build (the one that Tisler mentioned previously)
I have Intel NIC's and wanted to try it out on my 2012 R2 Hyper-V.Also does anyone know if Squid module will work with 2.2 currently?
Thanks guys,
Bruce
-
-
I have squirt and snort and lightsquirt installed.
The custom options in squirt do not work though. At least its not showing my custom html page.
Lightsquirt is not working at all. No reports.
-
Is anyone else having a problem where the network interfaces don't come up automatically after a boot? I am having such an issue – the WAN side (static IP to my internet provider) is working great -- but the LAN side (DHCP) doesn't come back automatically after a reboot. I have to either ssh in or connect via web, and initiate an
ifconfig de1 down ifconfig de1 upTo make it work. What's up with this?
-
If you recycle your LAN adapter is pfSense then fully working/can your browse the Internet)?
Without knowing more details about your installation its hard to give and advice…
-
Turning the interfaces on and off didn't work for me. I had to continue to use legacy drivers
-
Almost 6 day uptime, no issues whatsoever besides having to use legacy.
Although this is my personal instance of pfsense and is not used for much other than port forwarding and such, I may just leave it even after 2.2 is offically released. This personal instance does nothing other than serve as a firewall, no dhcp/dns as that is done by the DC.
I am able to achieve full speeds of my biz cable connection with legacy nic (50Mb down X 5Mb upload)
-
If you recycle your LAN adapter is pfSense then fully working/can your browse the Internet)?
Without knowing more details about your installation its hard to give and advice…It's a very simple setup… The WAN side is a static IP interface with my ISP -- this works without requring reboot. But the LAN side runs DHCP and hands out addresses to my LAN hosts. After reboot, no LAN hosts can get an IP. I can log into the WAN interface from the internet, then I do the ifconfig up-down dance and kablam, everything works.
Perhaps like some issue with interfaces that have DHCP running?
Once it's up and running its fine though. Have had 100+ days of uptime with zero issue.
-
Thanks for the link rustydustry1717, will have a play on the weekend with 2.2 and see how it goes with the non-legacy adapters.
