PfSense in a VM and 10g NIC ?

Fritz

Well-Known Member
Apr 6, 2015
2,130
493
83
66
I want to replace my current router with PfSense. Have a couple of questions.

1. Can PfSense run in a VM in Windows Server 2012 R2 Standard?
2. Does PfSense work with 10G NICs ? ACK! Scratch this. No way to get WAN in at 10G. :confused:

Currently I have a SM 1U server running my security cam via Blue Iris. The system is on 24/7 so it would be awesome if I could also run PfSense in the same box. The server is running 2 E-5645's and 48GB of RAM and has plenty of power left over as it doesn't even break a sweat running the cams.

Thanks :)
 

ttabbal

Active Member
Mar 10, 2016
755
202
43
43
I've never tried Windows virtualization, but I don't see any reason it wouldn't work. PfSense seems to be pretty VM friendly. For WAN at least, I would use a passthrough card so the traffic never gets a chance to mess with the host system. And I would be insanely jealous if you have a 10Gb WAN. :)
 

tullnd

Member
Apr 19, 2016
57
7
8
USA
Obviously you won't likely need it on the WAN port, but why not LAN? If you want to do routing via pfsense, it could still be beneficial if the rest of your core network is 10G(or 2.5G/5G).

I planned for this possibility(or something over gigabit) with my recent Pfsense build(not VM, hardware). My SM board with C2558 has 4 gigabit ports(great for my dual WAN setup) and still leaves more for my LAN and maybe a DMZ. But I do have a riser card option available where I can add a dual 10G port or SFP+ card down the line, if I ever wanted to have a higher bandwidth option from the LAN side(or WAN if it came up...but honestly more likely LAN first).
 

Fritz

Well-Known Member
Apr 6, 2015
2,130
493
83
66
Unfortunately I only have one expansion slot in this box so I'm somewhat limited as to my choices. I have a 2 port Intel NIC (Intel IBM i340) and a Hotlava Vesuvius 6 Port Gig Intel Based NIC (Pro 1000 I think). I'm thinking I only need 2 ports, WAN in and LAN out so the 6 port card might be overkill. Also, the 2 port should use less power.
 

spazoid

Member
Apr 26, 2011
91
10
8
Copenhagen, Denmark
You can use a virtual NIC for the LAN side, which would give you 10+ Gbps to the host. You can also use two vNICs, then create two vswitches on the host, add one pNIC and one vNIC to the "WAN" vswitch and then use the second vswitch for connecting to your physical network. This makes it very easy when/if changing physical NICs, as you dont have to reconfigure anything in pfsense...
 
  • Like
Reactions: Fritz

Fritz

Well-Known Member
Apr 6, 2015
2,130
493
83
66
Chit, can't even get to first base. :(

The WAN port will not pull an IP from the cable modem. It will pull an IP from the Archer C7 when it's on the network. I've tried everything including pulling my hair out and still no joy. I'm sure it's got to be something simple but it eludes me. I was hoping PfSense would be as easy to set up as a regular router as far as the basics go but I was wrong.

Any advise mucho appreciated. :(
 

Fritz

Well-Known Member
Apr 6, 2015
2,130
493
83
66
OK, according to Windows, neither vEthernets have Internet access. o_O
 

NetWise

Active Member
Jun 29, 2012
599
131
43
Edmonton, AB, Canada
Is your internet provided by an ISP that hands out addresses via DHCP?

If so you may be running into a MAC collision. I get them on HA firewall pairs that create a known set of MAC address sets and if someone across town has the same make and model in HA and the default cluster ID I can't get on. Very likely if you're using a virtual NIC for your WAN on your VM, that someone else in town has, and that MAC is used. Try changing your vMAC to something out of the ordinary and retry your DHCP.


Sent from my iPhone using Tapatalk
 

Fritz

Well-Known Member
Apr 6, 2015
2,130
493
83
66
Would that be "MAC Address Range" in Virtual Switch Manager? If so, what would be out of the ordinary.

Thanks
 

ttabbal

Active Member
Mar 10, 2016
755
202
43
43
As it's cable modem, make sure to power cycle it. Some of them refuse to talk to another MAC once they are connected.

Did you enable DHCP on the WAN interface in pfSense? I don't remember if it's on by default.
 

NetWise

Active Member
Jun 29, 2012
599
131
43
Edmonton, AB, Canada
I don't do very much HyperV at all. But in VMware you can hard code the MAC to something on VMware if required. Or in a windows VM I've used the intel drivers to change the MAC at the driver level. But if the range gives you like aa:bb:cc:00-99:00:00 pick something like 83:00:01 in the middle (as someone else doing this will likely have gone to the opposite end)

And agreed. Shaw up here definitely needs a cable modem recycle. Sometimes up to 5 minutes. ;(


Sent from my iPhone using Tapatalk
 

Fritz

Well-Known Member
Apr 6, 2015
2,130
493
83
66
Yep, I've power cycled it so many times the plug is getting loose. DHCP is enabled on the WAN port. Iy will pull an IP from the C7 router all day long.
 

xnoodle

Active Member
Jan 4, 2011
259
48
28
What ISP do you have? Did you fiddle with the WAN DHCP options? Try putting in a hostname there if you haven't already.
 

Fritz

Well-Known Member
Apr 6, 2015
2,130
493
83
66
Comcast is my isp. The router doesn't require a host name.

As far as the MAC address goes, why can't I just put in the MAC address of the NIC? I tried and it didn't work.
 

Continuum

Member
Jun 5, 2015
77
24
8
43
Virginia
Comcast is my isp. The router doesn't require a host name.

As far as the MAC address goes, why can't I just put in the MAC address of the NIC? I tried and it didn't work.
Was the C7 attached to the cable modem wan port before the server? If so, did you release the C7 dhcp lease before plugging in the server to the cable modem?

When I've switched routers on Comcast, the new router would not immediately obtain a new IP address until I released the dhcp lease on the old router or until the lease on the old router expired.
 

tullnd

Member
Apr 19, 2016
57
7
8
USA
Just a suggestion from someone who's new to pfSense as well...I noticed on 2.3.1, when I made a lot of changes and applied them, sometimes things got "wonky" until I rebooted the actual pfsense router.

Also, double check you are looking at the correct physical ethernet ports for WAN and LAN.