Latest PFsense for hyper-V?



  • At the Forum Index there is a development section which has a 2.2 snapshot sticky with the info you require.

    Here is the pfSense snapshots page:

    http://snapshots.pfsense.org



  • does 2.2 support CARP under hyper-v?  What about Vlan trunking?



  • @Spaghetti:

    At the Forum Index there is a development section which has a 2.2 snapshot sticky with the info you require.

    Here is the pfSense snapshots page:

    http://snapshots.pfsense.org

    thanks a lot!



  • @Spaghetti:

    At the Forum Index there is a development section which has a 2.2 snapshot sticky with the info you require.

    Here is the pfSense snapshots page:

    http://snapshots.pfsense.org

    it just sits at booting…grr...



  • @darkytoo:

    @Spaghetti:

    At the Forum Index there is a development section which has a 2.2 snapshot sticky with the info you require.

    Here is the pfSense snapshots page:

    http://snapshots.pfsense.org

    it just sits at booting…grr...

    hmm installed using latest 2.2 alpha iso - everything working fine for my needs.



  • @darkytoo:

    it just sits at booting…grr...

    See this thread: https://forum.pfsense.org/index.php?topic=75241.0



  • @charliem:

    @darkytoo:

    it just sits at booting…grr...

    See this thread: https://forum.pfsense.org/index.php?topic=75241.0

    I actually found my problem, i was using 32 bit and apparently 64 bit works, so I just switched over today to see how it works.  I still can't get Vlan trunking working, and I lost snort, but it does seem to work better under hyper-v, and I no longer have to worry about heartbleed and automatic updates.



  • the good news here is that the 64-bit ISOs of the 2.2 snapshots work.

    This, rather than producing a back-port to 2.1.x is the preferred direction.



  • Thanks god I found this thread after struggling with pfSense 2.1.4 on hyper-v.

    Downloaded the latest 64bit snapshot.
    My environment.
    Host

    • Supermicro 5018A-TN4 (would rather go for 5018A-FTN4 because of front Ethernet ports)

    • 8GB Ram

    • 128GB Samsung Evo Pro SSD

    • Windows Server 2012 R2

    VM

    • 1GB RAM

    • 8GB fixed vhdx

    • pfSense 2.2

    • 3 network adapters (no legacy) for WAN, LAN and DMZ

    After a successful test in the lab i struggled with the internet access afterwards until i realized that the clients had a wrong gateway configured. After setting pfSense to the same ip as the DSL router and reconfiguring the router it all worked.

    My environment
    DSL router -> pfSense WAN -> pfSense LAN -> main switch -> clients
    172.16.1.1 -> 172.16.1.2 -> 192.168.1.1

    DSL -> pfSense WAN -> pfSense DMZ -> openSuse VM
    172.16.1.1 -> 172.16.1.2 -> 172.16.35.1 (static) -> 172.16.35.47 (dhcp)

    Access to the internet from the DMZ is not yet working though. Don't know if it has to do with hyper-v or pfSense or the guest so (openSuse). openSuse reports a ip-address (dhcp) but can't browse anything. The DMZ port is configured as 172.16.35.1 (static, dhcp server). On hyper-v a switch is configured for the physical Ethernet port. There's no physical wire connected to the port because i "think" the traffic should be routed by pfSense directly from Wan to DMZ (my guess though). Duplicated the NAT rules from LAN to DMZ.
    pfSense and openSuse share the same virtual DMZ network adapter.

    Maybe someone has an idea what might be wrong with the DMZ interface?

    15.08.2014 Edit
    Solved the problem by adding an allow all outbound traffic (any) from DMZ. Will investigate later in order to just allow necessary traffic.

    Cheers,
    Thomas



  • Do you have a firewall rule allowing DMZ to access WAN?  Its not created by default.



  • Thats the resolution!! It works now. Allowed all outbound traffic though which is not how it should be.

    Do you know by chance the minimum rule to add?

    Thanks,
    Tho as



  • There is no one-size-fits-all rule.  It depends on what type of servers or clients you have in there and what you want to limit them to.



  • For now just windows clients that need internet access.



  • "Internet access" is pretty much everything.  If you want to limit them to email and web, for example, then you would put rules in place to allow the standard ports for those applications, and block everything else.



  • Anyone give me a definitive answer on what version to run, 32bit of 64bit?

    Currently this:
    Host: Server 2008 R2
    32GB RAM
    i7 3770k overclocked
    4 - 1TB in raid 10

    VM:
    pfsense 2.0.3 - 32bit
    1 GB ram
    1 Core

    Runs alright, the cpu usage has never worked though and would love to upgrade. Lots of talk on this forum with special versions with the necessary drivers for hyper-v, etc. Also, any reason performance or stability wise to use the 64bit kernel on hyper-v over the 32bit?

    Would just love some clarification as there's plenty of topics but none really state which is the best route to take.

    Thanks

    Edit:

    Pre-flight a VM running the latest 2.2 snapshot, will post back with results when I switch everything over to it. So far without anything running through it, seems very quick and stable.



  • Hi Rusty

    My setup of the pfSense 2.2 64bit snapshot works fine so far.
    See details in my previous post.

    Cheers,
    Thomas



  • @tisler:

    Hi Rusty

    My setup of the pfSense 2.2 64bit snapshot works fine so far.
    See details in my previous post.

    Cheers,
    Thomas

    Which revision? Any weird bugs or stability issues so far? Are you using legacy network drivers?

    Thanks!



  • 2.2-ALPHA (amd64)
    built on Wed Aug 06 14:28:19 CDT 2014

    No issues besides the clock going backwards in the first few minutes after reboot. Not experiencing any side effect of this so far.
    I'm using the standard network adapters.

    Cheers,
    Thomas



  • What kind of throughput are you seeing on network side? I've got 50Mb X 5Mb and can saturate most of the 50Mb download with my current 2.0.3 but having some weird bugs with it and not consistent. I will switch everything to the 2.2 tonight and see how things progress.



  • Flipped everything over, power cycled modem, WAN side won't come up.

    Will try turning the interfaces down and up like on older versions to see if that fixes it. Might have to try legacy network drivers as well.  :-\



  • Apologies for all the posts.

    Ended up still using legacy drivers as regular didn't work. Got it up and running and so far so good.

    I would imagine the drivers didn't work due to my system. I posted the wrong specs of the host, but this is what it is:

    Custom Desktop:
    Motherboard:  ASUS M5A99X EVO R2.0
    CPU: AMD FX-8350
    Memory: 24GB G.skill  ripjaws
    PSU: Seasonic 1000W

    To get the host to connect I need to manually install the network drivers. Most likely reason why I still have to use legacy drivers.



  • @rustydusty1717:

    Apologies for all the posts.

    Ended up still using legacy drivers as regular didn't work. Got it up and running and so far so good.

    I would imagine the drivers didn't work due to my system. I posted the wrong specs of the host, but this is what it is:

    Custom Desktop:
    Motherboard:  ASUS M5A99X EVO R2.0
    CPU: AMD FX-8350
    Memory: 24GB G.skill  ripjaws
    PSU: Seasonic 1000W

    To get the host to connect I need to manually install the network drivers. Most likely reason why I still have to use legacy drivers.

    I may be wrong here, but it's the Virtual Adapter driver that is in pfSense/FreeBSD. It should have almost nothing to do with the model of the physical adapter. That is up to Hyper-V to take care of.

    As for 2.2 Hyper-V WAN performance I have a 100/10 line:



  • I tried with regular drivers, then rebuilt and used legacy and connected up instantly. Also tried the ifconfig up and down without luck.



  • You're Motherboard has a Realtek® 8111F, 1 x Gigabit LAN Controller.
    There are several posts that pfSense (actually its freeBSD) works best with Intel NICs. Thats why I ordered a Intel board.
    The Realtek might be the cause for the network problem.

    Cheers,
    Thomas



  • I do have a seperate Dual Gigabit that I was going to add. It is however a rosewill network card if that helps at all.



  • Hi guys and Tisler,

    I was wondering how / where you download the 2.2 Alpha build (the one that Tisler mentioned previously) 
    I have Intel NIC's and wanted to try it out on my 2012 R2 Hyper-V.

    Also does anyone know if Squid module will work with 2.2 currently?

    Thanks guys,

    Bruce





  • I have squirt and snort and lightsquirt installed.
    The custom options in squirt do not work though. At least its not showing my custom html page.
    Lightsquirt is not working at all. No reports.



  • Is anyone else having a problem where the network interfaces don't come up automatically after a boot? I am having such an issue – the WAN side (static IP to my internet provider) is working great -- but the LAN side (DHCP) doesn't come back automatically after a reboot. I have to either ssh in or connect via web, and initiate an

    ifconfig de1 down
    ifconfig de1 up
    

    To make it work. What's up with this?



  • If you recycle your LAN adapter is pfSense then fully working/can your browse the Internet)?
    Without knowing more details about your installation its hard to give and advice…



  • Turning the interfaces on and off didn't work for me. I had to continue to use legacy drivers



  • Almost 6 day uptime, no issues whatsoever besides having to use legacy.

    Although this is my personal instance of pfsense and is not used for much other than port forwarding and such, I may just leave it even after 2.2 is offically released. This personal instance does nothing other than serve as a firewall, no dhcp/dns as that is done by the DC.

    I am able to achieve full speeds of my biz cable connection with legacy nic (50Mb down X 5Mb upload)



  • @tisler:

    If you recycle your LAN adapter is pfSense then fully working/can your browse the Internet)?
    Without knowing more details about your installation its hard to give and advice…

    It's a very simple setup… The WAN side is a static IP interface with my ISP -- this works without requring reboot. But the LAN side runs DHCP and hands out addresses to my LAN hosts. After reboot, no LAN hosts can get an IP. I can log into the WAN interface from the internet, then I do the ifconfig up-down dance and kablam, everything works.

    Perhaps like some issue with interfaces that have DHCP running?

    Once it's up and running its fine though. Have had 100+ days of uptime with zero issue.



  • Thanks for the link rustydustry1717, will have a play on the weekend with 2.2 and see how it goes with the non-legacy adapters.



  • So 2.1.5 is released?

    Wonder about 2.2 more than anything, as is everyone I think.



  • I, for one, am hoping to get 2.2 to BETA soon.  Honestly, the only major things that are currently broken are captive portal and AES-GCM IPsec (which is new).

    2.2 is the strategy for Hyper-V support.



  • Not to drag up on a old topic but:
    we got PFsense 100% working on Xen and Hyper-v
    with all hyper-v drivers, fully working Carp, multi-subnetting, etc.

    We notified Jim this week and awaiting his reply on arrangements to publish this as a PFSense build.

    Regards,
    Marco



  • @key4ce:

    Not to drag up on a old topic but:
    we got PFsense 100% working on Xen and Hyper-v
    with all hyper-v drivers, fully working Carp, multi-subnetting, etc.

    We notified Jim this week and awaiting his reply on arrangements to publish this as a PFSense build.

    Regards,
    Marco

    Here's what you didn't do.

    You didn't send any code.
    You didn't offer to send any code.

    You just said you had it working, and want to publish it.

    Only ESF distributes pfSense.



  • Just wanted to post an update. On sunday I rebuilt my firewall again with the latest snapshot as of sunday. Didn't use legacy again to start and this time it worked perfectly.

    Also, I'm noticing a huge decrease in CPU load over the legacy drivers, as well as full speed of my connection (biz cable 50x5)



  • Hi
    I have a 2.2 (latest) installation on Hyper-V 2012 R2 and all works fine, but I still see the synthetic network adaptors as Degraded (integration services upgrade required).
    I thought Integration Services were included in FreeBSD 10, do I need to install them separately or have I done something wrong?

    Many thanks

    Bill


Log in to reply