The pfSense Store

Author Topic: pfSense VMware-Ready Virtual Firewall Appliance Feedback  (Read 4017 times)

0 Members and 1 Guest are viewing this topic.

Offline Nicklas

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +2/-0
    • View Profile
Re: pfSense VMware-Ready Virtual Firewall Appliance Feedback
« Reply #15 on: May 19, 2015, 02:46:40 pm »
I have tried it myself and you are right, it seems FreeBSD is using UFS and gParted is only able to detect it.
Sorry about giving wrong advice  :( It seems Freebsd only has those 2 commands, gpart and growfs.

I use sometimes Clonezilla, perhaps you can use it to clone it to bigger disk, but please I am not sure this time.

The 5GB disk seems a bit tidy, not sure how this would work ut on my VMware machines with loads of traffic and additional software in  pfSense installed... I am a bit worried about that.  Did you find out if you could do something with the .ova file?

Offline Nicklas

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +2/-0
    • View Profile
Re: pfSense VMware-Ready Virtual Firewall Appliance Feedback
« Reply #16 on: May 19, 2015, 04:26:18 pm »
ok, i added 15GB to the disk, if I recall in right way, I did as follow.

In vmware I added the 15GB extra to the disk.
Login shell in fSense.

gpart show

I can see the 15GB extra space but on wrong place da0 instead of da0s1
gpart resize -i1 dao
gpart commit da0s1   [commit  the change]
gpart show  [now I can see the etra space and correct place, but we need to add it to the ufs partition. sadly in my case the swap is in the way for a nice aligment, so i got rid of the swap partion, then resize i1 [index 1] is the ufs partition we want to extend but we add only the space we want minus the swap as we need that back 2GB it was in my situation...

swapoff -a  [disable swap]
gpart delete -i2 da0s1
gpart show  [now you see the swap gone so, we can extend the partition]
gpart resize -i1 da0s1 -s [your size to add in notation xM xG]

Done, add your swap back and reboot.

Hope this helps.

** Don't do this with a mounted file system ;-)
I didn't mind to do it as I wanted to help you.

Oops, whilst I was busy to do this you worked it out yourself as well.... well done!
« Last Edit: May 19, 2015, 04:50:56 pm by Nicklas »

Offline Nicklas

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +2/-0
    • View Profile
Re: pfSense VMware-Ready Virtual Firewall Appliance Feedback
« Reply #17 on: May 19, 2015, 04:54:47 pm »
Not sure if you really need 8GB swap, with 4GB RAM and 4GB Swap you will run very smoothly.

The rule twice RAM = SWAP is a bit old fassion ;-)

But it might be still good with FreeBSD and pfSense in combination with each other.

Offline snm777

  • Jr. Member
  • **
  • Posts: 86
  • Karma: +3/-0
    • View Profile
Re: pfSense VMware-Ready Virtual Firewall Appliance Feedback
« Reply #18 on: May 20, 2015, 10:10:25 am »
Heh.  You are probably correct there.  But the way the image came was with  512Mb of ram configured, and a 1Gb swap partition - so I simply maintained the same ratio. 

When i initially created my 2.1.5 image that I use in "production", I had 8 gigs of ram and the setup reserved 5 gigs of disk space for swap, and I simply chose the defualts presented to me. <shrug>

Offline Nicklas

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +2/-0
    • View Profile
Re: pfSense VMware-Ready Virtual Firewall Appliance Feedback
« Reply #19 on: May 20, 2015, 11:34:08 am »
I have no idea why a VMware ready image is so 'limited' in resources, after all when using it in our production servers we want to add quite a lot to it. Just curious how different this image it is in comparing it with a 'normal' VM installation, does it have some intellect on board. I noticed your remark about the NICs and VMXNET3, but for that you need VMware tools and not sure if the open-vm tools can address that. Have you done some proper testing?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 20522
  • Karma: +1260/-10
    • View Profile
Re: pfSense VMware-Ready Virtual Firewall Appliance Feedback
« Reply #20 on: May 20, 2015, 12:24:15 pm »
I have no idea why a VMware ready image is so 'limited' in resources, after all when using it in our production servers we want to add quite a lot to it. Just curious how different this image it is in comparing it with a 'normal' VM installation, does it have some intellect on board. I noticed your remark about the NICs and VMXNET3, but for that you need VMware tools and not sure if the open-vm tools can address that. Have you done some proper testing?

FreeBSD 10.1 includes drivers for vmxnet3, the tools are no longer required for that. The VM appliance comes preconfigured for vmxnet3 interfaces.

5GB is not "limited" for what most people use pfSense for inside or outside a VM. It may not be enough for a large web cache but that is not as common a role as one might think. Adding a second disk to the VM is another option, though also manual, it would likely be less work/fuss than resizing the existing disk/slice. Just partition/newfs the second disk, make a mountpoint, and add it to /etc/fstab

In terms of RAM sizing it has to be fairly low to play to the lowest common denominator but that's simple for people to change.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline snm777

  • Jr. Member
  • **
  • Posts: 86
  • Karma: +3/-0
    • View Profile
Re: pfSense VMware-Ready Virtual Firewall Appliance Feedback
« Reply #21 on: May 21, 2015, 03:43:23 pm »
Thanks jimp.  I totally agree - i am an outlier, in that I've got specific needs that require me to have some more space on the device in case the remote logging goes offline for a period of time - don't want the box to fill up and likewise don't wnat to lose the logs. My "home" pfsene box is running with 2 gigs of ram and a 4 gig USB stick for storage, nanobsd version of pfsense, and works a treat, even on a crappy old atom CPU.  The defualts chosen should work fine for many people, as you say.

I should test adding a second partition - I am using the syslog-ng package to feed encrypted logs to a remote system, and I'm also keeping those syslog-ng logs local for a period of time.  I don't know if I can tell the package to write someplace other than the default location, if I can I'll simply add the partition and go. 

somosane

  • Guest
Re: pfSense VMware-Ready Virtual Firewall Appliance Feedback
« Reply #22 on: May 26, 2015, 08:25:11 am »
Has anybody managed to deploy the OVF Image with the VMware vSphere web client? I get an error saying that the OVF package might be invalid.
As there were no MD5 or SHA1 sums on the gold portal download page, I can't verify if the download is broken.

Anyway the SHA1 sum of my OVF image is: 80bc8c9feab42afe2a65c9fafcb8bbfd8fbeb401  pfsense_2.2.2__34019.ovf

Deploying OVF images from VMware (e.g. vSphere Operations Manager) works without any problem, so I think there is an issue with the image.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 20522
  • Karma: +1260/-10
    • View Profile
Re: pfSense VMware-Ready Virtual Firewall Appliance Feedback
« Reply #23 on: May 26, 2015, 08:36:00 am »
I haven't tried that myself, though we use that internally so I think that was tested but I'd have to confirm with the person who made the image.

The SHA1 appears to be correct, here are some other hashes for that file:

MD5: 0d15cb0132f86e44b794f52d5f4713ac
SHA1: 80bc8c9feab42afe2a65c9fafcb8bbfd8fbeb401
SHA256: 05f1cbd673b50178067d6dddf44abfd5798c68dc78a47c1a789127d17fbafafc
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline kcactc

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: pfSense VMware-Ready Virtual Firewall Appliance Feedback
« Reply #24 on: July 17, 2017, 01:35:42 am »

...This is where it might be a little scary - the system won't boot into the shell - instead, you see this:

simply type in
ufs:/dev/da0s1a
and hit enter, then hit enter again to get to the # prompt.I change into /sbin again, and issue ./growfs /dev/da0s1a again:

and a gpart show after:


Now we need a swap file again:
./gpart add -t freebsd-swap da0s1


After that, I activated the swap by issuing ./swapon /dev/da0s1b , but rebooting should take care of it.
I type exit and hit enter to reboot, then do an option 5 once the console menu comes up to reboot again.  After a normal boot, choose option 8 to get to the command prompt and do a gpart show (it's in the path now), and you should see your expanded partition.

So far, it hasn't given me any trouble.  If I've made any obivous mistakes in here, please let me know. 

[/quote]

snm777's instructions worked for me! Thanks!

Couple of additional issues
Got a warning that the swap file size was larger then the kernel config allowed.
Backed it down to 4GB and it was fine.
Steps:
 ./gpart delete -i 2 da0s1
 ./gpart add -t freebsd-swap -s 4G da0s1
 ./swapon /dev/da0s1b
 ./exit
 hit enter to reboot
 option 5 once the console menu comes up to reboot again. 
 After a normal boot, choose option 8 to get to the command prompt
 ./gpart show
No further complaints about swap file size.

I also got the mountroot> issue every time I rebooted.
I mounted using smn777's mount command: ufs:/dev/da0s1a
Once pfsense was running I looked at fstab and foud some strange entries for the root and swap partitions.
I performed ls /etc nd saw that thee was fstab and fstab.old files using vi.
I looked at fstab.old and the entries were what should have been in fstab.
# Device                Mountpoint      FStype  Options         Dump    Pass#
/dev/ada0s1a            /               ufs     rw              1       1
/dev/ada0s1b            none            swap    sw              0       0
I replaced fstab with fstab.old
./mv /etc/fstab /etc/fstab.old2
./mv /etc/fstab.old /etc/fstab
After that, I was able to reboot successfully.