Re: [pfSense] pfSense on vmware ESXi 6.0

[Olivier Mascia]

> Le 15 avr. 2016 à 12:33, Mike Montgomery  a écrit :
> 
> I'm not positive, but I was always under the impression to only use the VX
> net cards for Windows OS, I have always used the e1000 for Linux/pfsense.
> Run several firewalls in esxi 5.1 and never any issues.  Never needed tweak
> anything at all, except for when I tried to do carp.

I'll arrange some different tests later, but for now, VMXNET3 WAN, VMXNET3 LAN, 
the hosts have only 1 Gbps ethernet, I get ~850 Mbps in both directions through 
'speedtest.net' (from a LAN windows server box) to some servers I know well. 
That's about only 15% less than wire-speed, even though there is the expected 
overhead of the virtualization. Not bad.  Is it stable for long-term?  Only 
time will tell me, but it looks steady for now.

For fault-tolerance, I tend to think that CARP and dual virtualized pfSense 
(with affinity on different hosts), would be lighter than using vmware Fault 
Tolerance. That will be next week tests.

-- 
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om



___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense on vmware ESXi 6.0

[Mike Montgomery]

I'm not positive, but I was always under the impression to only use the VX
net cards for Windows OS, I have always used the e1000 for Linux/pfsense.
Run several firewalls in esxi 5.1 and never any issues.  Never needed tweak
anything at all, except for when I tried to do carp.
On Thu, Apr 14, 2016 at 6:02 PM, Olivier Mascia  wrote:

> > Le 14 avr. 2016 à 23:54, WebDawg  a écrit :
> >
> > https://blog.pfsense.org/?p=1716
> >
> > They have an appliance you can purchase now.
>
> Eyes blinking.
> And it's available through the pfSense Gold subscription which I have
> signed for and renewed since it existed. Will check this.
>
> --
> Meilleures salutations, Met vriendelijke groeten, Best Regards,
> Olivier Mascia, integral.be/om
>
>
> ___
>

I plan to throw pfSense into xen.  I would like to know the answers to the
questions you are asking anyways heh.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense on vmware ESXi 6.0

[WebDawg]

On Thu, Apr 14, 2016 at 6:02 PM, Olivier Mascia  wrote:

> > Le 14 avr. 2016 à 23:54, WebDawg  a écrit :
> >
> > https://blog.pfsense.org/?p=1716
> >
> > They have an appliance you can purchase now.
>
> Eyes blinking.
> And it's available through the pfSense Gold subscription which I have
> signed for and renewed since it existed. Will check this.
>
> --
> Meilleures salutations, Met vriendelijke groeten, Best Regards,
> Olivier Mascia, integral.be/om
>
>
> ___
>

I plan to throw pfSense into xen.  I would like to know the answers to the
questions you are asking anyways heh.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense on vmware ESXi 6.0

[Ryan Coleman]

> On Apr 14, 2016, at 4:54 PM, WebDawg  wrote:
> 
> https://blog.pfsense.org/?p=1716 
> 
> They have an appliance you can purchase now.

That’s why they killed the VM download… ::smdh::

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense on vmware ESXi 6.0

[Steve Yates]

I don't have VMWare-specific insight.  But, we're doing this on another 
platform, with CARP syncing between the pfSense VMs.  I would consider using a 
VLAN to isolate the Internet traffic from the servers.  Depending on the amount 
of traffic there are settings for the number of firewall states and such but 
unless you're expecting a super high number of connections I would probably 
just turn it on and check the settings periodically.

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Olivier Mascia
Sent: Thursday, April 14, 2016 4:41 PM
To: pfSense Support and Discussion Mailing List 
Subject: [pfSense] pfSense on vmware ESXi 6.0

Hello,

I'm looking for advices and best practices when running pfSense (this time it 
will be 2.3) in a vmware VM.  I'm offered to move some resources to a virtual 
datacenter made of dedicated hardware hosts in clusters, running ESXi 6.0 and 
vSphere.  I have access to such an infrastructure for the next 3 weeks.  I have 
used pfSense in a number of devices and hosts, but never inside a VM, except 
for experimenting with configurations of pfSense itself.

I could build up a pfSense 2.3 VM without real difficulties.  Installing the 
integration tools was easy through the included package.  Now, what are the 
pitfalls I should look for?  Any shared vmware experience from you will 
undoubtedly help fine tuning this.

For now the pfSense VM I configured has these resources: OS declared to vSphere 
is FreeBSD 10.3 64 bits, 1 socket, 2 cores, 2 GHz reserved, 2 GB RAM, 10 GB HD, 
2 network adapters. I'm generally resources-conservative but I could allow much 
more if it makes sense.

For these adapters I have the choice between E1000, VMXNET 2, VMXNET 3.  I have 
set them for VMXNET 3 but without background about this being the 
right-thing-to-do or not. At least it seems to work but I still need to stress 
test the VM (traffic-wise) a little bit.

Are there tunings inside pfSense which you could recommend / not live without, 
based on your experience inside vmware virtual machines?

Network interfaces settings? All are set for their default pfSense values, 
which means TCP segmentation offloading and large receive offloading are 
disabled. Would it make sense to enable those?

Thanks for any insight you might want to share.

--
Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, 
integral.be/om


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense on vmware ESXi 6.0

[WebDawg]

On Thu, Apr 14, 2016 at 4:40 PM, Olivier Mascia  wrote:
>
> Hello,
>
> I'm looking for advices and best practices when running pfSense (this
time it will be 2.3) in a vmware VM.  I'm offered to move some resources to
a virtual datacenter made of dedicated hardware hosts in clusters, running
ESXi 6.0 and vSphere.  I have access to such an infrastructure for the next
3 weeks.  I have used pfSense in a number of devices and hosts, but never
inside a VM, except for experimenting with configurations of pfSense itself.
>
> I could build up a pfSense 2.3 VM without real difficulties.  Installing
the integration tools was easy through the included package.  Now, what are
the pitfalls I should look for?  Any shared vmware experience from you will
undoubtedly help fine tuning this.
>
> For now the pfSense VM I configured has these resources: OS declared to
vSphere is FreeBSD 10.3 64 bits, 1 socket, 2 cores, 2 GHz reserved, 2 GB
RAM, 10 GB HD, 2 network adapters. I'm generally resources-conservative but
I could allow much more if it makes sense.
>
> For these adapters I have the choice between E1000, VMXNET 2, VMXNET 3.
I have set them for VMXNET 3 but without background about this being the
right-thing-to-do or not. At least it seems to work but I still need to
stress test the VM (traffic-wise) a little bit.
>
> Are there tunings inside pfSense which you could recommend / not live
without, based on your experience inside vmware virtual machines?
>
> Network interfaces settings? All are set for their default pfSense
values, which means TCP segmentation offloading and large receive
offloading are disabled. Would it make sense to enable those?
>
> Thanks for any insight you might want to share.
>
> --
> Meilleures salutations, Met vriendelijke groeten, Best Regards,
> Olivier Mascia, integral.be/om
>

https://blog.pfsense.org/?p=1716

They have an appliance you can purchase now.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Pfsense on VMware in Hetzner

[Tiernan OToole]

So, i installed Mikrotik routeros in the same VM, just replacing the disk, and 
it seems stable... So, it might be an issue with the pfsense config... Now to 
remember how to use routeros... 
--Tiernan 

On 10 June 2015 14:46:01 GMT+01:00, Tiernan OToole tier...@tiernanotoole.net 
wrote:
I actually did a full reinstall of the VM, and left the ips out, and it
still had issues. I added the ips as a single block then, and it's
still falling over... 

Going to try a different OS, just to see if it's a problem with Hetzner
or the box... Would prefer to keep pfsense, since it's what I got at
home, but it's now annoying me that I keep losing connectivity... 
--Tiernan 

On 10 June 2015 14:42:54 GMT+01:00, Moshe Katz mo...@ymkatz.net
wrote:
Do you have the IP alias entered once for the whole /29 subnet or do
you
have all of the addresses entered as individual virtual IPs?  We had a
similar issue when we switched from Verizon DSL to Verizon FIOS many
years
ago - the Virtual IPs had worked on the DSL when they had been defined
as a
group, but on the FIOS we were losing our connections about once an
hour,
exactly like you are seeing.  We tried everything we could think of
and
then, in desperation, removed the Virtual IPs and re-added them one by
one.
That solved our problem, though nobody we spoke to at that time is
really
sure why. (As far as we can tell, this isn't a pfSense bug, because
our
other backup internet connection - a T1 line - works perfectly with
the
Virtual IPs defined all together in one rule.)

It could be worth a try.

Moshe
On Jun 10, 2015 3:19 AM, Tiernan OToole tier...@tiernanotoole.net
wrote:

 Good morning.

 I have an esx box running on the Hetzner network. It has 2 ip
addresses
 (one for the box and one for one vm). That VM is a pfsense VM. That
ip then
 has a static route from Hetzner for a /29 block. And all seems to
work...
 For about an hour...

 During that hour, all VMs behind the pfsense box are online, can see
the
 internet, etc... But then pfsense loses connectivity to wan and then
gives
 up...

 If i reboot the box, it sorts it out. If i kill the wan link and
bring it
 back, it comes back, but an hour or so later it's gone again...

 Hetzner suggested giving it a static ip (was getting it from their
dhcp)
 and also said that it should respond to arp requests... Not it has a
static
 ip, and the /29 is setup in virtual ips for proxy arp, and it's
still
 falling over...

 And by falling over, gateway pings fail. It was originally set to
ping
 their gateway, then I changed to Google DNS, but again, about an
hour
later
 and it fails...

 Any ideas?

 Thanks.
 --Tiernan
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Pfsense on VMware in Hetzner

[Tiernan OToole]

So, the cm has its own ip and mac, which Hetzner gave me. So, there is no 
spoofing and the VMware host has no network issues either. 

Sent from Outlook

_
From: Philipp Tölke pt+pfse...@fos4x.de
Sent: Wednesday, June 10, 2015 8:32 a.m.
Subject: Re: [pfSense] Pfsense on VMware in Hetzner
To: pfSense Support and Discussion Mailing List list@lists.pfsense.org


Hi,

On 10.06.2015 09:18, Tiernan OToole wrote:
 I have an esx box running on the Hetzner network. It has 2 ip
 addresses (one for the box and one for one vm). That VM is a pfsense
 VM. That ip then has a static route from Hetzner for a /29 block. And
 all seems to work... For about an hour...

 During that hour, all VMs behind the pfsense box are online, can see
 the internet, etc... But then pfsense loses connectivity to wan and
 then gives up...

I had the same problem on Hetzner with just one IP: I had set that on 
the pfSense and would reach the VM-Host via NAT. After about an hour the 
connection stopped.

My solution was to change the MAC of the pfSense to the MAC of the real 
network card (and obviously change the MAC on the card); my assumption 
is that Hetzner does some clever stuff with anti-spoofing.

Since you need an IP on both the host and the VM you probably can't do 
anything without talking to Hetzner about this.

Cheers,
-- 
Philipp Tölke
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Pfsense on VMware in Hetzner

[Moshe Katz]

Do you have the IP alias entered once for the whole /29 subnet or do you
have all of the addresses entered as individual virtual IPs?  We had a
similar issue when we switched from Verizon DSL to Verizon FIOS many years
ago - the Virtual IPs had worked on the DSL when they had been defined as a
group, but on the FIOS we were losing our connections about once an hour,
exactly like you are seeing.  We tried everything we could think of and
then, in desperation, removed the Virtual IPs and re-added them one by one.
That solved our problem, though nobody we spoke to at that time is really
sure why. (As far as we can tell, this isn't a pfSense bug, because our
other backup internet connection - a T1 line - works perfectly with the
Virtual IPs defined all together in one rule.)

It could be worth a try.

Moshe
On Jun 10, 2015 3:19 AM, Tiernan OToole tier...@tiernanotoole.net wrote:

 Good morning.

 I have an esx box running on the Hetzner network. It has 2 ip addresses
 (one for the box and one for one vm). That VM is a pfsense VM. That ip then
 has a static route from Hetzner for a /29 block. And all seems to work...
 For about an hour...

 During that hour, all VMs behind the pfsense box are online, can see the
 internet, etc... But then pfsense loses connectivity to wan and then gives
 up...

 If i reboot the box, it sorts it out. If i kill the wan link and bring it
 back, it comes back, but an hour or so later it's gone again...

 Hetzner suggested giving it a static ip (was getting it from their dhcp)
 and also said that it should respond to arp requests... Not it has a static
 ip, and the /29 is setup in virtual ips for proxy arp, and it's still
 falling over...

 And by falling over, gateway pings fail. It was originally set to ping
 their gateway, then I changed to Google DNS, but again, about an hour later
 and it fails...

 Any ideas?

 Thanks.
 --Tiernan
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Pfsense on VMware in Hetzner

[Tiernan OToole]

I actually did a full reinstall of the VM, and left the ips out, and it still 
had issues. I added the ips as a single block then, and it's still falling 
over... 

Going to try a different OS, just to see if it's a problem with Hetzner or the 
box... Would prefer to keep pfsense, since it's what I got at home, but it's 
now annoying me that I keep losing connectivity... 
--Tiernan 

On 10 June 2015 14:42:54 GMT+01:00, Moshe Katz mo...@ymkatz.net wrote:
Do you have the IP alias entered once for the whole /29 subnet or do
you
have all of the addresses entered as individual virtual IPs?  We had a
similar issue when we switched from Verizon DSL to Verizon FIOS many
years
ago - the Virtual IPs had worked on the DSL when they had been defined
as a
group, but on the FIOS we were losing our connections about once an
hour,
exactly like you are seeing.  We tried everything we could think of and
then, in desperation, removed the Virtual IPs and re-added them one by
one.
That solved our problem, though nobody we spoke to at that time is
really
sure why. (As far as we can tell, this isn't a pfSense bug, because our
other backup internet connection - a T1 line - works perfectly with the
Virtual IPs defined all together in one rule.)

It could be worth a try.

Moshe
On Jun 10, 2015 3:19 AM, Tiernan OToole tier...@tiernanotoole.net
wrote:

 Good morning.

 I have an esx box running on the Hetzner network. It has 2 ip
addresses
 (one for the box and one for one vm). That VM is a pfsense VM. That
ip then
 has a static route from Hetzner for a /29 block. And all seems to
work...
 For about an hour...

 During that hour, all VMs behind the pfsense box are online, can see
the
 internet, etc... But then pfsense loses connectivity to wan and then
gives
 up...

 If i reboot the box, it sorts it out. If i kill the wan link and
bring it
 back, it comes back, but an hour or so later it's gone again...

 Hetzner suggested giving it a static ip (was getting it from their
dhcp)
 and also said that it should respond to arp requests... Not it has a
static
 ip, and the /29 is setup in virtual ips for proxy arp, and it's still
 falling over...

 And by falling over, gateway pings fail. It was originally set to
ping
 their gateway, then I changed to Google DNS, but again, about an hour
later
 and it fails...

 Any ideas?

 Thanks.
 --Tiernan
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense on VMWare

[Bart Grefte]

http://doc.pfsense.org/index.php/Installing_pfSense_in_VMware_under_Windows
;)

 

Van: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org]
Namens Joseph Hardeman
Verzonden: woensdag 21 september 2011 19:56
Aan: 'list@lists.pfsense.org'
Onderwerp: [pfSense] pfSense on VMWare

 

Hi Everyone,

 

I was wondering if anyone has been able to get pfSense running on VMWare?
And if so, would you mind sharing how to do it.  I was thinking of doing
some testing for a buddy and installing pfSense on a VM so I don't have to
find or setup another physical box for him.

 

Thanks

 

Joe

 

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense on VMWare

[Florian Forster]

hi joseph

we have a pfsense 2 rc3 running on a vsphere 5 host with hardware version 8

the install is straight forward ;-)

create a vm, mount the iso and install it like any physical pfsense


greets ffo

On 21.09.2011, at 19:57, Joseph Hardeman 
jharde...@cirracore.commailto:jharde...@cirracore.com wrote:

Hi Everyone,

I was wondering if anyone has been able to get pfSense running on VMWare?  And 
if so, would you mind sharing how to do it.  I was thinking of doing some 
testing for a buddy and installing pfSense on a VM so I don’t have to find or 
setup another physical box for him.

Thanks

Joe

___
List mailing list
List@lists.pfsense.orgmailto:List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense on VMWare

[Joseph Hardeman]

Cool, thanks.  *S*

Joseph Hardeman
Data Center Manager - CIRRACORE
678-427-5890 DIRECT  | 404-795-0631 FAX  | http://www.cirracore.com
[Description: Description: cid:ED53C2CA-3294-4F96-A966-EF440E0603AE]

This email message is intended for the use of the person to whom it has been 
sent, and may contain information that is confidential or legally protected. If 
you are not the intended recipient or have received this message in error, you 
are not authorized to copy, distribute, or otherwise use this message or its 
attachments. Please notify the sender immediately by return e-mail and 
permanently delete this message and any attachments.  Thank you.

From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On 
Behalf Of Bart Grefte
Sent: Wednesday, September 21, 2011 1:59 PM
To: 'pfSense support and discussion'
Subject: Re: [pfSense] pfSense on VMWare

http://doc.pfsense.org/index.php/Installing_pfSense_in_VMware_under_Windows ;)

Van: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] 
Namens Joseph Hardeman
Verzonden: woensdag 21 september 2011 19:56
Aan: 'list@lists.pfsense.org'
Onderwerp: [pfSense] pfSense on VMWare

Hi Everyone,

I was wondering if anyone has been able to get pfSense running on VMWare?  And 
if so, would you mind sharing how to do it.  I was thinking of doing some 
testing for a buddy and installing pfSense on a VM so I don't have to find or 
setup another physical box for him.

Thanks

Joe

inline: image001.png___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense on VMWare

[Joseph Hardeman]

Awesome,

I will give that a shot soon as I get a minute.  I appreciate it. *S*

Joseph Hardeman
Data Center Manager - CIRRACORE
678-427-5890 DIRECT  | 404-795-0631 FAX  | http://www.cirracore.com
[Description: Description: cid:ED53C2CA-3294-4F96-A966-EF440E0603AE]

This email message is intended for the use of the person to whom it has been 
sent, and may contain information that is confidential or legally protected. If 
you are not the intended recipient or have received this message in error, you 
are not authorized to copy, distribute, or otherwise use this message or its 
attachments. Please notify the sender immediately by return e-mail and 
permanently delete this message and any attachments.  Thank you.

From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On 
Behalf Of Florian Forster
Sent: Wednesday, September 21, 2011 2:02 PM
To: pfSense support and discussion
Cc: list@lists.pfsense.org
Subject: Re: [pfSense] pfSense on VMWare

hi joseph

we have a pfsense 2 rc3 running on a vsphere 5 host with hardware version 8

the install is straight forward ;-)

create a vm, mount the iso and install it like any physical pfsense


greets ffo

On 21.09.2011, at 19:57, Joseph Hardeman 
jharde...@cirracore.commailto:jharde...@cirracore.com wrote:
Hi Everyone,

I was wondering if anyone has been able to get pfSense running on VMWare?  And 
if so, would you mind sharing how to do it.  I was thinking of doing some 
testing for a buddy and installing pfSense on a VM so I don't have to find or 
setup another physical box for him.

Thanks

Joe

___
List mailing list
List@lists.pfsense.orgmailto:List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
inline: image001.png___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list