No internet connection Hyper-V



  • Hi,

    This is my current test setup:

    Management server:
    Windows Server 2012 Datacenter with Hyper-V role enabled

    Virtual machines:
    pfSense 2.2
    Windows Server 2012 R2 Standard

    Virtual switches:
    WAN - External switch connected to my main (and only) NIC.
    LAN - Private switch

    This server is located at Soyoustart (part of OVH).

    The problem is the following:
    My pfSense has 2 virtual NIC's, WAN and LAN. I'm able to ping outsite of my network from pfSense. My Server 2012 R2 vm has 1 virtual switch connecten, LAN. I can't access the internet from my Server 2012 R2. I get an IP from my DHCP server in pfSense and i'm able to ping pfSense and access the web-interface.

    Can anyone find a problem in the above setup?

    EDIT: I'm also able to automatically upgrade to the newest snapshots trough the web-app.



  • Not really enough information but I can confirm pfSense works great in hyperv on my 2012 R2 server.  Two NICs, one Virtual Switch for WAN the other Virtual Switch to LAN, all VMs on the LAN virtual switch and pfSense assigned to both.



  • Hmm. I can't seem to get it to work. I did download a 2.1 version with Hyper-V support built-in that worked. But i don't want to use that one. I now tried installing Ubuntu 14.04.01, same problem. I can't even ping my WAN ip that is configured on pfSense. Do you have some troubleshoot tips?

    EDIT: Please note that my Server 2012 Datacenter with Hyper-V role enabled is NOT R2. Could this be a problem?



  • post a screenshot of your vswitch config + network adapters assigned to pfsense in hyper-v manager.

    working fine on my 2012 (not r2) under hyper-v.

    wan + lan (other vm's lan on host) + lan2 (physical lan)



  • @kanters:

    EDIT: Please note that my Server 2012 Datacenter with Hyper-V role enabled is NOT R2. Could this be a problem?

    No, our internal Hyper-V test server is Server 2012 as well, and I know a number of others are using it too.

    Either network config at the Hyper-V level, or something within the VM would be the issue. You won't be able to ping WAN by default. Can go to option 12 at the console and run "playback enableallowallwan" to open up WAN's firewall rules. Check the ARP table on the host you're pinging from to see if it has an entry for the WAN IP. If not, then the issue is at the Hyper-V level. If so, then it may just be firewall rules not allowing it.



  • Since the Windows VM can't do anything on the internet, but can connect to the pfSense VM, and is getting a DHCP lease, I would say there is something wrong in your DHCP server settings.

    How do you connect to the webconfigurator, by IP address or FQDN?
    I take it the DNS server of the pfSense VM is used, so can you use nslookup to check some websites. google.com for example.
    Which will only report back IP addresses is the DHCP options are set correctly. Maybe put in a wrong IP address at the DNS server option.



  • Wait did I read it wrong, is the problem that your Windows Server HOST does not have internet access?

    In which case on the LAN interface of the virtual nic did you make sure to check the option that allows the interface to be shared by the host?



  • Ok I think I have to add a bit more information. Sorry about that.

    1st off all. I upgrade to Server 2012 R2 with my HOST.

    As stated above i rent a server at Soyoustart. (part of OVH). They provide a server with 1 ip and 1 NIC. There is an option to get a second IP for your server. The Fail over IP. These are a bit weird since the 2nd IP you get isn't in the subnet of the gateway. For example. The server I rent has IP 23.45.67.89/24 with gateway 23.45.67.254. The fail over IP I get could be 98.76.54.32 and the gateway would be the gateway from the 1st IP so for this example 23.45.67.254. To give pfsense the Fail over IP there has to run a script at startup:

    "route add -net <defaultgateway>/32 -iface <wan internetface="">route add default <defaultgateway>"

    https://forum.pfsense.org/index.php?topic=79141.0

    Ping from pfsense:

    pfSense settings:

    Ping from Windows VM

    As you can see the DNS gets resolved but it's not accessible.

    pfSense VM settings:

    Windows server VM settings:

    virtual switches:

    Sorry for the long post. Need some more info?</defaultgateway></wan></defaultgateway>



  • I think your issue is the LAN side switch. Did you try it in "Internal Only" mode?

    Private = Only VM<->VM
    Internal = VM <-> VM and Host<->VM

    You are trying to do Host->Internal vSwitch->pfsense VM->NIC->External Network right?



  • @pjkenned:

    I think your issue is the LAN side switch. Did you try it in "Internal Only" mode?

    Private = Only VM<->VM
    Internal = VM <-> VM and Host<->VM

    You are trying to do Host->Internal vSwitch->pfsense VM->NIC->External Network right?

    Thanks for the tip but it doesn't work ;(

    I'm trying to do VM(Server 2012) -> internal(not private) switch -> pfsense LAN -> pfsense WAN -> external swtich (NIC shared by host) -> THE INTERNET



  • Make LAN a standard external switch.



  • @binaryjay:

    Make LAN a standard external switch.

    How would this help? And should I also allow my management server to share the network connection?



  • Update:

    Because I tought it had something to do with Hyper-V I installed a different firewall (Untangle). This worked straight out of the box. So this tells me the problem is with pfSense 2.2. I really hope someone finds a solution because I really want to use pfSense instead of the other product.

    Again, I have the feeling it has something to so with the gateway being out of the subnet (see couple posts above).

    I'll check back here regularly to see if someone wants me to test something.



  • I am running pfSense 2.2 on 2 separate Hyper-V 2012R2 servers and I never had any problems with installation and config of pfSense 2.2. Did you select the correct network adapter for your WAN interface?

    Having the management operating system available on the WAN interface can be dangerous.


Log in to reply