Latest PFsense for hyper-V?
-
Horray for compatibility in hyper-v!
-
Same as here. Works good.
-
I've been using pfSense in hyper-v 2012 r2 for over 6 months.
The 'degraded' status can be more or less ignored, it just means it isn't reading the data about it from the OS, doesn't mean performance is actually degraded.
Performance is awesome overall, I'm going to be setting it up as my primary router for Google Fiber once I get that installed. I'll be trying to see if I can set it up with CARP as well.
The only real issue I run into occasionally is with traffic actually flowing through the WAN after a reboot\update. I often need to power off the VM entirely and then power it back on for my interfaces to work again.
-
I'll be trying to see if I can set it up with CARP as well.
edit: scratch that, CARP now works with Hyper-V, see my later post in this thread.
The only real issue I run into occasionally is with traffic actually flowing through the WAN after a reboot\update. I often need to power off the VM entirely and then power it back on for my interfaces to work again.
I'm guessing that's due to a timing issue we've seen on some reboots on our own systems and some others'. The clock runs backwards and/or is otherwise messed up in that circumstance but only during boot and maybe a couple minutes after. I haven't had a chance to dig too far into that one, on our systems it doesn't seem to have any negative impact beyond log noise from the "runtime went backwards". I've heard from at least one other person who needs to do the same power off/on at times after that timing issue occurs. I'll be looking at that further post-2.2 release as well.
-
I've heard from at least one other person who needs to do the same power off/on at times after that timing issue occurs. I'll be looking at that further post-2.2 release as well.
Ah, yes I do regularly get the runtime \ clock went backwards message. I figure it's due to the way that cpu cycles are handed out to each VM and how the VM itself keeps time or possibly also due to the VM Host overriding the VM time. I don't usually see issues associated with it, though.
To be honest I haven't fully validated that I'm still getting the interface issue in the latest releases. I got into the habit of doing a full shutdown & startup after each update, so I'll have to try it again normally next time I update to see if the issue recurs.
-
@cmb:
I'll be trying to see if I can set it up with CARP as well.
There's an issue in the network driver that prevents CARP from working currently, but that is something we'll be working with Microsoft to address post-2.2 release.
Microsoft has patched the issue, and we're looking at folding it into pfSense version 2.2
-
I can confirm that CARP is fully functional in Hyper-V with the most recent 2.2 snapshot available! Thanks to the folks at Microsoft for fixing it and getting us the patch. Those who'd like to use CARP in Hyper-V, check out the most recent 2.2 from snapshots.pfsense.org and let us know your experiences.
-
Is anyone up and running on Gen 2 VM's with 2.2 and non legacy drivers?
-
It seems as if freeBSD with Generation 2 VMs are not fully supported:
https://technet.microsoft.com/en-us/library/dn848318.aspxBut it could work if you disable secure boot option:
https://technet.microsoft.com/en-us/library/dn282285.aspxHere's a list of Best practices for running FreeBSD on Hyper-V:
https://technet.microsoft.com/en-us/library/dn848317.aspxP.S. Have to admit that I didn't implement any of those recommended practices :-o
Cheers,
Thomas -
No, pfsense won't even boot off the ISO under a Generation 2 setup–even if you disable secure boot. The pfsense ISO would would require GPT/EFI partition or be converted to GPT/UEFI to boot... You'll get an error message: "Boot Failed. EFI SCSI Device" ... Confirmed.
-
Is anyone up and running on Gen 2 VM's with 2.2 and non legacy drivers?
Gen 2 wouldn't really give you any advantages for pfSense even if it would install (which it won't). The big advantage is Synthetic network drivers, which 2.2 now supports. Install at as a Gen 1 with synthetic drivers (No more legacy drivers required) and be happy :)
-
Looks like Hyper-V and pfSense just won't get along…
My test setup looks like this:
• Host OS: Windows 8.1 Enterprise with Hyper-V up and running (essentially the same as Windows Server 2012 R2)
• Physical networking: WiFi - Broadcom (ven-14e4, dev-4359), Ethernet - Broadcom (ven-14e1, dev-16b5)
• Virtual networking: 1x External (tied to WiFi-adapter, impossible otherwise), 2x Private (different subnets)
• VM with 3 NICs: 1x WAN (to External), 2x LAN (to each of Privates) (tested both legacy and regular ones in different setups)
• Latest pfSense (2.2.0 Release x64)Every WAN-assigned NIC, regardless of generation, fails to interact with the rest of the external network (no DHCP interaction). The regular one seems to start working as intended somehow after I reboot the host OS (which itself is strange enough), but after some time, regardless of WAN load, all traffic going through WAN vNIC is just silently blocked until I down-up-dhclient said NIC (rinse-and-repeat every 2~5 minutes); legacy vNIC refuses even to get IP address. Once I reassign WAN vNIC to Ethernet adapter though, it suddenly starts working flawlessly. =\ As of private vNICs, they work as intended, no problems detected there (for now).
To sum it up:
• Hyper-V: WAN vNIC (hn0; regular) connected to physical WiFi adapter = no internet, and even if there is somehow, then it won't last long anyway (down-up-dhclient every now and then)
• Hyper-V: WAN vNIC (hn0; regular) connected to physical Ethernet adapter = all ok
• Hyper-V: WAN vNIC (de0; legacy) connected to physical WiFi adapter = no external access AT ALL
• Hyper-V: WAN vNIC (de0; legacy) connected to physical Ethernet adapter = all ok (supposedly; didn't test because regular one worked as intended)
• VMware: everything works out of the box no matter which physical adapter I connect pfSense's WAN vNIC to (duh)Kinda makes me want to give up trying and just scrap Hyper-V.
-
I can report that the 2.2 releases, both Beta and Release, work fine with Hyper-V, and with CARP.
6 Pf's on different hosts/clusters & I have a CARP array doing OpenVPN Site-to-Sites to other PF's, works fine.
Only thing you need to do i've found is:
Use a Gen1 VM.
Set the disk to be fixed size.
Enable MAC Spoofing on the NICs that will have CARP addresses.
Disable dynamic memory.