2.1.5 to 2.2 upgrade problems with DHCP, VLANs with ESXi Virtual machine



  • I am running a virtual pfSense 2.1.5 on ESXi.  This box works very well and over time i have upgraded from dedicated physical WAN and LAN ports to using a LAGG trunk to my switch with VLANS.  Due to this my interfaces look like this.

    TRUNK (wan) -> em2 -> (disabled, not required)
    LAN (lan) -> em0 -> (disabled, not required)
    GUEST (opt1) -> em1 -> v4: 172.16.1.1/24
    VLAN10 (opt2) -> lagg0_vlan10 -> v4: 192.168.10.1/24
    VLAN11 (opt3) -> lagg0_vlan11 -> v4: 172.16.10.1/24
    VLAN666 (opt4) -> lagg0_vlan666 -> v4/DHCP4: x.x.x.x/24
    UPLINK (opt5) -> lagg0 -> v4: 10.10.10.10/24
    VLAN5 (opt6) -> lagg0_vlan5 -> v4: 192.168.1.1/24

    Basically I went from using em0, em1, em2 to using only physical interfaces em1 for a guest network and the two used as part of the lagg group as everything is now carried via a vlan trunk to the switch for distribution.

    So I updated to 2.2, everything seemed to go well and upon reboot the system hung at the VLAN666 for some time before continuing on (awaiting a DHCP assignment most likely).  Basically no DHCP address was assigned from my ISP to the VLAN666 interface, nor could I access the server via 192.168.1.1 via http, https or ping on the LAN.

    Thankfully rolling back to my snapshot before installing 2.2 and everything was well again (gotta love virtualisation) :) I dont have a burning need to update but wanted to share my experience and possibly someone has a quick tip fix too.



  • Is VLAN 666 connected to a cable modem by any chance?



  • Similar to a cable modem its a Wireless NTU via Australia's National Broadband Network (NBN).  Basically once it's provisioned in your premises you have an ethernet interface which assigns 1 IP address to whatevers plugged into it on DHCP.  Most ISP's provide a wifi router, but you can plug in 1 PC or in my case 1 pfsense box which does everything firewall/routing wise.

    I basically bring the raw internet to my pfsense box on vlan666, then firewall out to other local vlans (vlan5 being my 'home' network).  They are all trunked to pfsense on the lagg connection.  Works great.



  • Only asked because it's a common problem that you only get a new IP once the cable modem is reset/rebooted or the DHCP lease is released.  Maybe the same with the NBN?



  • Fair enough, I've thought that as well but I've tested that in the past as well and found the DHCP assignment even with 2.1.5 on reboot of pfsense is quite quick.  You don't need to reboot the NTU, but its a fair comment.



  • Another thing to add…

    Went and downloaded the fresh install iso for 2.2.

    Built a brand new vm on ESXi 5.5 and tried using vmxnet3 drivers.  pfSense detected them fine, but the up/down status detection totally wrong and would not respond to pings or web console.  Reverted to legacy e1000 and no problems at all.

    Another gotchya.


Log in to reply