Latest PFsense for hyper-V?



  • You're Motherboard has a Realtek® 8111F, 1 x Gigabit LAN Controller.
    There are several posts that pfSense (actually its freeBSD) works best with Intel NICs. Thats why I ordered a Intel board.
    The Realtek might be the cause for the network problem.

    Cheers,
    Thomas



  • I do have a seperate Dual Gigabit that I was going to add. It is however a rosewill network card if that helps at all.



  • Hi guys and Tisler,

    I was wondering how / where you download the 2.2 Alpha build (the one that Tisler mentioned previously) 
    I have Intel NIC's and wanted to try it out on my 2012 R2 Hyper-V.

    Also does anyone know if Squid module will work with 2.2 currently?

    Thanks guys,

    Bruce





  • I have squirt and snort and lightsquirt installed.
    The custom options in squirt do not work though. At least its not showing my custom html page.
    Lightsquirt is not working at all. No reports.



  • Is anyone else having a problem where the network interfaces don't come up automatically after a boot? I am having such an issue – the WAN side (static IP to my internet provider) is working great -- but the LAN side (DHCP) doesn't come back automatically after a reboot. I have to either ssh in or connect via web, and initiate an

    ifconfig de1 down
    ifconfig de1 up
    

    To make it work. What's up with this?



  • If you recycle your LAN adapter is pfSense then fully working/can your browse the Internet)?
    Without knowing more details about your installation its hard to give and advice…



  • Turning the interfaces on and off didn't work for me. I had to continue to use legacy drivers



  • Almost 6 day uptime, no issues whatsoever besides having to use legacy.

    Although this is my personal instance of pfsense and is not used for much other than port forwarding and such, I may just leave it even after 2.2 is offically released. This personal instance does nothing other than serve as a firewall, no dhcp/dns as that is done by the DC.

    I am able to achieve full speeds of my biz cable connection with legacy nic (50Mb down X 5Mb upload)



  • @tisler:

    If you recycle your LAN adapter is pfSense then fully working/can your browse the Internet)?
    Without knowing more details about your installation its hard to give and advice…

    It's a very simple setup… The WAN side is a static IP interface with my ISP -- this works without requring reboot. But the LAN side runs DHCP and hands out addresses to my LAN hosts. After reboot, no LAN hosts can get an IP. I can log into the WAN interface from the internet, then I do the ifconfig up-down dance and kablam, everything works.

    Perhaps like some issue with interfaces that have DHCP running?

    Once it's up and running its fine though. Have had 100+ days of uptime with zero issue.



  • Thanks for the link rustydustry1717, will have a play on the weekend with 2.2 and see how it goes with the non-legacy adapters.



  • So 2.1.5 is released?

    Wonder about 2.2 more than anything, as is everyone I think.



  • I, for one, am hoping to get 2.2 to BETA soon.  Honestly, the only major things that are currently broken are captive portal and AES-GCM IPsec (which is new).

    2.2 is the strategy for Hyper-V support.



  • Not to drag up on a old topic but:
    we got PFsense 100% working on Xen and Hyper-v
    with all hyper-v drivers, fully working Carp, multi-subnetting, etc.

    We notified Jim this week and awaiting his reply on arrangements to publish this as a PFSense build.

    Regards,
    Marco



  • @key4ce:

    Not to drag up on a old topic but:
    we got PFsense 100% working on Xen and Hyper-v
    with all hyper-v drivers, fully working Carp, multi-subnetting, etc.

    We notified Jim this week and awaiting his reply on arrangements to publish this as a PFSense build.

    Regards,
    Marco

    Here's what you didn't do.

    You didn't send any code.
    You didn't offer to send any code.

    You just said you had it working, and want to publish it.

    Only ESF distributes pfSense.



  • Just wanted to post an update. On sunday I rebuilt my firewall again with the latest snapshot as of sunday. Didn't use legacy again to start and this time it worked perfectly.

    Also, I'm noticing a huge decrease in CPU load over the legacy drivers, as well as full speed of my connection (biz cable 50x5)



  • Hi
    I have a 2.2 (latest) installation on Hyper-V 2012 R2 and all works fine, but I still see the synthetic network adaptors as Degraded (integration services upgrade required).
    I thought Integration Services were included in FreeBSD 10, do I need to install them separately or have I done something wrong?

    Many thanks

    Bill



  • You shouldn't require to use legacy drivers which was my problem. After switching from legacy I saw huge CPU usage drop increased performance



  • This matches my (brief) experience.



  • Which part does?



  • not using the "Legacy" drivers.



  • Have issues getting it to run without the legacy drivers?

    I had to do the install of the snapshots 3 times to get it to work. Haven't bothered updating to the latest snapshot in the worry it won't work anymore.

    Running for weeks without a hiccup.



  • FWIW I've had 2.2 running on Hyper-V 2012 R2 for the past week and a half at home with nary a hiccup.  Works beautifully.  No perceptible CPU usage even under full load at night with everyone watching Netflix or gaming.  Mix of Realtek and Intel NICs.  Granted host is a 3770k, but still, I don't think I've seen CPU usage > 10%.



  • @bdinger:

    FWIW I've had 2.2 running on Hyper-V 2012 R2 for the past week and a half at home with nary a hiccup.  Works beautifully.  No perceptible CPU usage even under full load at night with everyone watching Netflix or gaming.  Mix of Realtek and Intel NICs.  Granted host is a 3770k, but still, I don't think I've seen CPU usage > 10%.

    I  concur with all of this. Huge decrease in CPU usage since switching from the legacy drivers. Performance gains are significant



  • Just to add another me too post, I just upgraded from the 2.1 based install, my host is still 2008 R2 and was running leagcy adapters (obviously). Having just got 100Mb fibre installed I was finding the VM could only actually do about 90Mb because of the legacy adapters and their "limit" of 100Mb.

    Switched over to 2.2 by doing a clean install and importing the config and then just disconnected the old VM and connected the new and away everything went. I now get a solid 100Mb down :)



  • @rustydusty1717:

    I  concur with all of this. Huge decrease in CPU usage since switching from the legacy drivers. Performance gains are significant

    An update - I ditched the realtek NICs and threw in a couple Intels, now the CPU usage is nothing - literally.  Rock solid wireline performance and I never see a load on it even with two VPN tunnels and kids hammering Netflix :).

    Hypervisor is Hyper-V 2012R2 on Server 2012 R2.  I'm not necessarily a fan of the Hypervisor but pfSense is rock solid on it.  I've got nothing but praise at this point for the setup.



  • Horray for compatibility in hyper-v!



  • Same as here. Works good.



  • I've been using pfSense in hyper-v 2012 r2 for over 6 months.

    The 'degraded' status can be more or less ignored, it just means it isn't reading the data about it from the OS, doesn't mean performance is actually degraded.

    Performance is awesome overall, I'm going to be setting it up as my primary router for Google Fiber once I get that installed. I'll be trying to see if I can set it up with CARP as well.

    The only real issue I run into occasionally is with traffic actually flowing through the WAN after a reboot\update. I often need to power off the VM entirely and then power it back on for my interfaces to work again.



  • @doubledgedboard:

    I'll be trying to see if I can set it up with CARP as well.

    edit: scratch that, CARP now works with Hyper-V, see my later post in this thread.

    @doubledgedboard:

    The only real issue I run into occasionally is with traffic actually flowing through the WAN after a reboot\update. I often need to power off the VM entirely and then power it back on for my interfaces to work again.

    I'm guessing that's due to a timing issue we've seen on some reboots on our own systems and some others'. The clock runs backwards and/or is otherwise messed up in that circumstance but only during boot and maybe a couple minutes after. I haven't had a chance to dig too far into that one, on our systems it doesn't seem to have any negative impact beyond log noise from the "runtime went backwards". I've heard from at least one other person who needs to do the same power off/on at times after that timing issue occurs. I'll be looking at that further post-2.2 release as well.



  • I've heard from at least one other person who needs to do the same power off/on at times after that timing issue occurs. I'll be looking at that further post-2.2 release as well.

    Ah, yes I do regularly get the runtime \ clock went backwards message. I figure it's due to the way that cpu cycles are handed out to each VM and how the VM itself keeps time or possibly also due to the VM Host overriding the VM time. I don't usually see issues associated with it, though.

    To be honest I haven't fully validated that I'm still getting the interface issue in the latest releases. I got into the habit of doing a full shutdown & startup after each update, so I'll have to try it again normally next time I update to see if the issue recurs.



  • @cmb:

    @doubledgedboard:

    I'll be trying to see if I can set it up with CARP as well.

    There's an issue in the network driver that prevents CARP from working currently, but that is something we'll be working with Microsoft to address post-2.2 release.

    Microsoft has patched the issue, and we're looking at folding it into pfSense version 2.2



  • I can confirm that CARP is fully functional in Hyper-V with the most recent 2.2 snapshot available! Thanks to the folks at Microsoft for fixing it and getting us the patch. Those who'd like to use CARP in Hyper-V, check out the most recent 2.2 from snapshots.pfsense.org and let us know your experiences.



  • Is anyone up and running on Gen 2 VM's with 2.2 and non legacy drivers?



  • It seems as if freeBSD with Generation 2 VMs are not fully supported:
    https://technet.microsoft.com/en-us/library/dn848318.aspx

    But it could work if you disable secure boot option:
    https://technet.microsoft.com/en-us/library/dn282285.aspx

    Here's a list of Best practices for running FreeBSD on Hyper-V:
    https://technet.microsoft.com/en-us/library/dn848317.aspx

    P.S. Have to admit that I didn't implement any of those recommended practices :-o

    Cheers,
    Thomas



  • No, pfsense won't even boot off the ISO under a Generation 2 setup–even if you disable secure boot. The pfsense ISO would would require GPT/EFI partition or be converted to GPT/UEFI to boot...  You'll get an error message: "Boot Failed. EFI SCSI Device"  ... Confirmed.



  • @felickz:

    Is anyone up and running on Gen 2 VM's with 2.2 and non legacy drivers?

    Gen 2 wouldn't really give you any advantages for pfSense even if it would install (which it won't). The big advantage is Synthetic network drivers, which 2.2 now supports. Install at as a Gen 1 with synthetic drivers (No more legacy drivers required) and be happy  :)



  • Looks like Hyper-V and pfSense just won't get along…

    My test setup looks like this:
    • Host OS: Windows 8.1 Enterprise with Hyper-V up and running (essentially the same as Windows Server 2012 R2)
    • Physical networking: WiFi - Broadcom (ven-14e4, dev-4359), Ethernet - Broadcom (ven-14e1, dev-16b5)
    • Virtual networking: 1x External (tied to WiFi-adapter, impossible otherwise), 2x Private (different subnets)
    • VM with 3 NICs: 1x WAN (to External), 2x LAN (to each of Privates) (tested both legacy and regular ones in different setups)
    • Latest pfSense (2.2.0 Release x64)

    Every WAN-assigned NIC, regardless of generation, fails to interact with the rest of the external network (no DHCP interaction). The regular one seems to start working as intended somehow after I reboot the host OS (which itself is strange enough), but after some time, regardless of WAN load, all traffic going through WAN vNIC is just silently blocked until I down-up-dhclient said NIC (rinse-and-repeat every 2~5 minutes); legacy vNIC refuses even to get IP address. Once I reassign WAN vNIC to Ethernet adapter though, it suddenly starts working flawlessly. =\ As of private vNICs, they work as intended, no problems detected there (for now).

    To sum it up:
    • Hyper-V: WAN vNIC (hn0; regular) connected to physical WiFi adapter = no internet, and even if there is somehow, then it won't last long anyway (down-up-dhclient every now and then)
    • Hyper-V: WAN vNIC (hn0; regular) connected to physical Ethernet adapter = all ok
    • Hyper-V: WAN vNIC (de0; legacy) connected to physical WiFi adapter = no external access AT ALL
    • Hyper-V: WAN vNIC (de0; legacy) connected to physical Ethernet adapter = all ok (supposedly; didn't test because regular one worked as intended)
    • VMware: everything works out of the box no matter which physical adapter I connect pfSense's WAN vNIC to (duh)

    Kinda makes me want to give up trying and just scrap Hyper-V.



  • I can report that the 2.2 releases, both Beta and Release, work fine with Hyper-V, and with CARP.

    6 Pf's on different hosts/clusters & I have a CARP array doing OpenVPN Site-to-Sites to other PF's, works fine.

    Only thing you need to do i've found is:
    Use a Gen1 VM.
    Set the disk to be fixed size.
    Enable MAC Spoofing on the NICs that will have CARP addresses.
    Disable dynamic memory.


Log in to reply