The pfSense Store

Author Topic: Hyper-V integration installed with pfSense 2.0.1  (Read 54080 times)

0 Members and 2 Guests are viewing this topic.

Offline zootie

  • Jr. Member
  • **
  • Posts: 53
  • Karma: +1/-0
    • View Profile
Re: pfSense 2.0.3p1 and 2.1Release ISOs with Hyper-V integration as of 20130915
« Reply #120 on: September 16, 2013, 08:27:05 pm »
Yes, 2.1 looks great. It has a long list of new features and improvements. IPv6 support is welcome, looking forward to trying it.

Given that 2.1 is now released, I went ahead and did a new build. I redirected the same links as last week, so you don't have to read the whole thread to get the latest version (just re-download using your preferred link, you should get a file named pfSense-LiveCD-hyperv-kernel-ISOs-20130915.7z with the checksums below). Also, admin GruensFroeschli changed the post when I originally posted links for download, so people making it to that post can skip over to last week's post and get this latest version (some users were still downloading the old version).


The links:
  • Rapidshare: http://sn.im/27sh5kx (limited to about 10 downloads a day, so try again if you can't get it).
  • Skydrive: http://goo.gl/mBhK46 (I renamed last week's file, so it is easier to see the new file when viewing this shared folder)

Current files included:
Info
Build Date
File name
Checksums
Main download file
Rapidshare - Skydrive
20130915
pfSense-LiveCD-hyperv-kernel-ISOs-20130915.7zMD5:1f724c0cad3d47f5be1cadf894e4e48e
SHA1:3c3b693f5917910e200d9a241f90fc7108831542
pfSense 2.1 Rel w/Hyper-V
Included in above 7z
20130915
pfSense-LiveCD-2.1-RELEASE-amd64-hyperv-kernel-20130915-1129.isoMD5:feaee02ee5fb6d9f9eca8b3cc91f1743
SHA1:3d497d94c090ab518a5a732bd68c98f59490aff8
pfSense 2.0.3p1 Rel w/Hyper-V
Included in above 7z
20130904
pfSense-LiveCD-2.0.3p1-RELEASE-amd64-hyperv-kernel-20130904-0722.isoMD5:85268cac1e56cee8757203d30de28104
SHA1:7e76bdbaad64014d740366b0a8fb294e49d5f5da

From a comment post in the pfSense blog (some time ago), official Hyper-V support might make it into 2.2. These custom builds might be it for a while until we start seeing 2.2 betas (which might have Hyper-V support built-in) or if there is are new 2.0.x or 2.1.x maintenance releases.

Happy updating!

[20130918 edit to add a table with checksums]
« Last Edit: September 18, 2013, 07:24:04 pm by zootie »

Offline nlitend1

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: pfSense 2.0.3p1 and 2.1Release ISOs with Hyper-V integration as of 20130915
« Reply #121 on: September 16, 2013, 11:41:44 pm »
Yes, 2.1 looks great. It has a long list of new features and improvements. IPv6 support is welcome, looking forward to trying it.

Given that 2.1 is now released, I went ahead and did a new build. I redirected the same links as last week, so you don't have to read the whole thread to get the latest version (just re-download using your preferred link, you should get a file named pfSense-LiveCD-hyperv-kernel-ISOs-20130915.7z with the checksums below). Also, admin GruensFroeschli changed the post when I originally posted links for download, so people making it to that post can skip over to last week's post and get this latest version (some users were still downloading the old version).

The links:
  • Rapidshare: http://sn.im/27sh5kx (limited to about 10 downloads a day, so try again if you can't get it).
  • Skydrive: http://goo.gl/mBhK46 (I renamed last week's file, so it is easier to see the new file when viewing this shared folder)

Current files included
  • pfSense-LiveCD-hyperv-kernel-ISOs-20130915.7z - Main download file - MD5: 1f724c0cad3d47f5be1cadf894e4e48e SHA1: 3c3b693f5917910e200d9a241f90fc7108831542
  • pfSense-LiveCD-2.1-RELEASE-amd64-hyperv-kernel-20130915-1129.iso - Included in above 7z - MD5: feaee02ee5fb6d9f9eca8b3cc91f1743 SHA1: 3d497d94c090ab518a5a732bd68c98f59490aff8
  • pfSense-LiveCD-2.0.3p1-RELEASE-amd64-hyperv-kernel-20130904-0722.iso - Included in above 7z - MD5: 85268cac1e56cee8757203d30de28104 SHA1: 7e76bdbaad64014d740366b0a8fb294e49d5f5da

From a comment post in the pfSense blog (some time ago), Hyper-V support might make it into 2.2. These custom builds might be it for a while until we start seeing 2.2 betas (which might have Hyper-V support built-in) or if there is are new 2.0.x or 2.1.x maintenance releases.

Happy updating!

Awesome! Thanks for the updated ISO's. What would be the best way to update to 2.1-RELEASE from a previous beta? I don't think these ISOs will work as an update source... or will they? Would it be ok to make a config backup of 2.1RC0 and then restore it to the RELEASE?

Thanks, nlitend1

Offline zootie

  • Jr. Member
  • **
  • Posts: 53
  • Karma: +1/-0
    • View Profile
Re: pfSense 2.0.3p1 and 2.1Release ISOs with Hyper-V integration as of 20130915
« Reply #122 on: September 16, 2013, 11:58:39 pm »
AFAIK, you can't use these ISOs as an update source.

As you suggest, I usually make a backup of the config of the current router. Then use the ISO to make a clean install on a new VM (use a fixed size VHD, add 2 synthetic network adapters), give it an unused IP in your LAN, and connect to it using the WebConfigurator and restore the backup config (shutdown existing router before clicking on restore to avoid having duplicate IPs - also make sure to configure mac spoofing on the VM network card if it applies).

You just have to make sure to match the interfaces to the correct virtual network card, that you assign them the same way you had them on your prior router in the VM Hyper-V config. Or you can edit the config XML file manually.

If coming from a pre-Hyper-V VM with legacy adapters, the config file will have it's interfaces named de0, de1, etc.; and it will have an interface mismatch with the synthetic adapters (hn0, hn1, ...), so it will prompt you what interface corresponds to which network port. Or you might have to edit the config using the "Assign Interfaces" option in the console menu.

Offline TicoDePano

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: Hyper-V integration installed with pfSense 2.0.1
« Reply #123 on: September 23, 2013, 09:32:52 pm »
hi!

i'm still on 2.0.3 with no problems so far (except ntp time client errors appearing during boot process sometimes).

anybody can comment how stable 2.1 release is at this moment?

essentially, interfaces are working properly with traffic shaper in 2.1? ntp errors still appearing during boot?

in advance, thx for all the hyper-v compiled images!

Offline gemmiu

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: Hyper-V integration installed with pfSense 2.0.1
« Reply #124 on: September 27, 2013, 08:16:13 am »
Icmp on the wan side doesn't work for me.

I've created a new rule in the firewall, but it doesn't seem to work.

Does someone have the same problem?

Offline darkytoo

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Hyper-V integration installed with pfSense 2.0.1
« Reply #125 on: September 27, 2013, 11:20:46 am »
I'm up and running with pfsense on hyper-v 2012.  Here is my question, i've enabled trunk mode on the hyper-v nic and pfsense doesn't seem to want to see that as a vlan-capable interface.  So my question is, with 2.1 is there an easy fix for that?  is that feature coming in 2.2?

Offline zootie

  • Jr. Member
  • **
  • Posts: 53
  • Karma: +1/-0
    • View Profile
Re: Hyper-V integration installed with pfSense 2.0.1
« Reply #126 on: September 27, 2013, 12:42:00 pm »
gemmiu,
ICMP on the WAN side is working fine for me, using a rule as described in http://www.cdavis.us/wiki/index.php/Allow_WAN_ICMP_requests_with_pfsense.


darkytoo,
As you point out, the synthetic driver doesn't seem to support vlans (you'd have to specify a single vlan in the host). It would be up to the FreeBSD team working on the integration services drivers to add this functionality to the codebase, and for it to make it into pfsense (far too early to talk versions).

(Just to write it down, since it's an interesting nugget of info for future use) By "enabled trunk mode", I'm guessing you mean you used PowerShell to configure the vnic and vlans being passed to the VM? As described in VLAN Tags and Hyper-V Switches:

Code: [Select]
Add-VMNetworkAdapter -SwitchName Switch -VMName "VmName" -Name "TrunkNic"
Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "100,101" -VMName "VmName" -VMNetworkAdapterName "TrunkNic" -NativeVlanId 1

Offline darkytoo

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Hyper-V integration installed with pfSense 2.0.1
« Reply #127 on: September 27, 2013, 12:58:13 pm »
gemmiu,
ICMP on the WAN side is working fine for me, using a rule as described in http://www.cdavis.us/wiki/index.php/Allow_WAN_ICMP_requests_with_pfsense.


darkytoo,
As you point out, the synthetic driver doesn't seem to support vlans (you'd have to specify a single vlan in the host). It would be up to the FreeBSD team working on the integration services drivers to add this functionality to the codebase, and for it to make it into pfsense (far too early to talk versions).

(Just to write it down, since it's an interesting nugget of info for future use) By "enabled trunk mode", I'm guessing you mean you used PowerShell to configure the vnic and vlans being passed to the VM? As described in VLAN Tags and Hyper-V Switches:

Code: [Select]
Add-VMNetworkAdapter -SwitchName Switch -VMName "VmName" -Name "TrunkNic"
Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "100,101" -VMName "VmName" -VMNetworkAdapterName "TrunkNic" -NativeVlanId 1

correct.  Basically I have a ESX server here specifically to host PFsense due to the VLAN trunking issue and the compatibility.  Now that the compatibility has been ironed out for the most part, I was hoping to remove ESX and host it on hyper-v.  So i enabled the VLAN trunking in powershell and see that the trunking doesn't work anyway, little aggravating.  I spent a couple of hours trying to find an alternative with the pfsense features that would be more compatible and failed, so now i'm going to try and pair-down my VLAN usage and just add a bunch of NICs to the VM and limp along until I find an alternative or the issue is fixed in pfsense.

Offline nlitend1

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Hyper-V integration installed with pfSense 2.0.1
« Reply #128 on: September 29, 2013, 12:26:02 pm »
I am having a horrible time with the clock on 2.1 on Hyper-V. It appears to be moving much faster than actual time. (a.k.a gains about 8 hours every day and therefore the time is getting farther and farther ahead every day. I have checked NTP service and it loads and runs. It appears to work for a few minutes after boot and then gives me the unreach/pending error under status. Restarting the service does not seem to help.

I have tried the default time servers, and many other with no noticeable differences. Any advice?

nlitend1

Offline zootie

  • Jr. Member
  • **
  • Posts: 53
  • Karma: +1/-0
    • View Profile
Re: Hyper-V integration installed with pfSense 2.0.1
« Reply #129 on: September 29, 2013, 07:33:50 pm »
With 2.0.3, I used to see variations of 1/2 hour or more sometimes using pool.ntp.servers (even when I changed to using 1.us.pool.ntp.org, 2.us.pool.ntp.org, etc.). I ended up changing pfsense to use NIST NTP servers in the US (use the closest to you first, add a couple for good measure). This seemed to solve the problem with 2.0.3 and I haven't had issues with 2.1 so far.

Being in the West Coast, I ended up using nist1-la.ustiming.org time-nw.nist.gov nist1-chi.ustiming.org nist1-ny.ustiming.org 1.us.pool.ntp.org (added 1.us.pool.ntp.com for good measure, but is shows as outlier in the pfSense NTP status page). If in another country/continent, you might need to use a more reliable nearby list (or try a country specific list from pool.ntp.org)

I'm using the same NTP servers on the AD server, and the Hyper-V host is set to sync to the AD Infrastructure (it might be better to have the Hyper-V host sync  to the NTP servers directly). Also, a common recommendation when you have a virtualized AD is to turn off guest VM time sync in Hyper-V for the AD VM, but that is not recommended by MS. More info at Ben Armstrong’s Virtualization Blog - Time Synchronization in Hyper-V.

{Edit to add link to Ben Armstrong’s Virtualization Blog}
« Last Edit: September 29, 2013, 07:43:59 pm by zootie »

Offline dcgoes

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Hyper-V integration installed with pfSense 2.0.1
« Reply #130 on: September 30, 2013, 07:10:26 am »
Hello!

Thanks for sharing the virtual machine with the Integrations Services, but still seems to be unstable, I have here a link of 50Mb internet and when I do a speed test the pfSense restarts, I use here FW + Squid (NTLM) + squidGuard + OpenVPN, the machine virtual this with 10Gb Memory and 8 processors.

The problem always occurs when you have a high traffic internet, restart all the time, if I switch to version "stable" for the problem to occur, but must use the legacy network.

know how to fix?

Thanks, sorry for my English.

Offline zootie

  • Jr. Member
  • **
  • Posts: 53
  • Karma: +1/-0
    • View Profile
Re: Hyper-V integration installed with pfSense 2.0.1
« Reply #131 on: September 30, 2013, 08:34:14 am »
Try and give us more details on your HW and host, so someone with a similar setup might help (and so when developers/testers read this thread, they know what to look for).

What CPU family and model? It sounds like an octa-core. How much memory assigned to pfSense? What OS on the host? What network card? Is it teamed? What type of teaming technology (for example, Broadcom BACS/BASP, Intel ANS, or Win 2012 LBFO)? VLANs? Are you using VMQ and/or SR-IOV? Any other hardware acceleration options in use?

Just a stab in the dark. If your network card supports it, you might want to try with and w/o hardware acceleation, to see if that has an impact.

Offline nlitend1

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Hyper-V integration installed with pfSense 2.0.1
« Reply #132 on: October 01, 2013, 01:40:21 am »
I am having a horrible time with the clock on 2.1 on Hyper-V. It appears to be moving much faster than actual time. (a.k.a gains about 8 hours every day and therefore the time is getting farther and farther ahead every day. I have checked NTP service and it loads and runs. It appears to work for a few minutes after boot and then gives me the unreach/pending error under status. Restarting the service does not seem to help.

I have tried the default time servers, and many other with no noticeable differences. Any advice?

nlitend1

Well it appears to be a weird issue/conflict with traffic shaping. Does anyone have traffic shaping (particularly HSFC) working in pfsense on hyper-v and have NTP working?

NTP syncs just fine without traffic shaping enabled.

To enable traffic shaping (as previously discussed on page 6 of this thread) you need to add "hn" to /etc/inc/interfaces.inc in order to the the interfaces to show up for traffic shaping. The single lan muli-WAN wizard completes just fine, however after the changes are applied, all new connections don't work...aka, cannot browse to any new webpages etc....I found out that specifying the bandwidth of the LAN interface (in my case 1000Mb/s) seemingly fixes that issue and allows new connections to be made. At that point status->queues shows traffic being routed correctly. However, NTP is broken at that time and NTP status is then unreach/pending. I have tried numerous external ntp servers and even setup my local server as a NTP server to test and it does not work locally either.

Any ideas? Thanks.

nlitend1

Offline dcgoes

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Hyper-V integration installed with pfSense 2.0.1
« Reply #133 on: October 01, 2013, 12:58:02 pm »
Try and give us more details on your HW and host, so someone with a similar setup might help (and so when developers/testers read this thread, they know what to look for).

What CPU family and model? It sounds like an octa-core. How much memory assigned to pfSense? What OS on the host? What network card? Is it teamed? What type of teaming technology (for example, Broadcom BACS/BASP, Intel ANS, or Win 2012 LBFO)? VLANs? Are you using VMQ and/or SR-IOV? Any other hardware acceleration options in use?

Just a stab in the dark. If your network card supports it, you might want to try with and w/o hardware acceleation, to see if that has an impact.

Hardware Configurations:

S.O. Windows 2012 STD

Host Hyper-v
PowerEdge 420
2. Xeon E5-2430 8.4 Ghz
98 Memory
12 Network Adapters Broadcom NetXtreme Gigabit Ethernet

Virtual Machine
30GB HDD
10GB Memory
3 Network Adapters Broadcom NetXtreme Gigabit Ethernet (dedicated) VMQ Disable

Today I installed pfSense on physical machine, it worked perfectly. The problem is I have about 20 servers on Hyper-V, need to fix this problem, whenever I test speed and high traffic, the server shuts down by itself.

Thanks,
dcgoes

Offline swinn

  • Jr. Member
  • **
  • Posts: 33
  • Karma: +0/-0
    • View Profile
Re: Hyper-V integration installed with pfSense 2.0.1
« Reply #134 on: October 05, 2013, 08:14:05 pm »
I have been testing the release build under Hyper-V Server 2012. There have been a few issues.

First, it is randomly crashing and rebooting. The crash log reports a kernel panic due to a sleeping thread. I'm not sure what to do to fix that. If that was the only issue, I could probably live with it.

The main issue I'm having is that when it reboots due to the crash, the interfaces are switching. For example, I set WAN to hn0 (mac xx::45), LAN to hn1 (mac xx::46). When it reboots, it is changing hn0 to the interface with mac xx::46 and hn1 to the interface with mac xx::45. So I have to reassign the interfaces. Does anyone know why it would do this or how to ensure that hn0 stays with a specific virtual network interface?

The last thing I've noticed, is that if the WAN is set to hn1, when the DHCP lease is ready to renew, it only does it for hn0 regardless of how I have the interfaces assigned. The LAN interface (set to hn0) will get a DHCP lease from the local DHCP server. Yes, it is set for static IP of 192.168.1.1, but when this happens, it will change to say 192.168.1.196.