OPNsense on Hyper-V

[DirtySpiv]

How do i boot OPNsense 16.1 on Hyper-V VM Generation 2?
I'm getting error "Boot Failed. No Operating System was Loaded."

[weust]

Are you trying to boot from a SCSI disk? That won't work afaik.
FreeBSD does not have support for Gen 2 VM's at all.

[DirtySpiv]

There is a tweet on OPNsense (https://twitter.com/opnsense/status/569396467636576256) with link to post on Reddit:

So I read about monowall recommending OPNsense and decided to give it a try - after installing (without reading much ahead) I realised it supports the Hyper-V network interfaces by default.

Man says that OPNsense supports Synthetic Network Adapters. You need to run a gen2 VM to use them.

[DirtySpiv]

Opps, I was wrong - you can use non-legacy network adapter on gen1.

[weust]

Yes, indeed. I've been running like that for over a year now :-)

FreeBSD has drivers for most things we need for running OPNsense in a Hyper-V VM.
Even de AES-NI is detected.

[DirtySpiv]

How do I ensure my network adapters are synthetic?

[weust]

Select "Network adapter". Unlike previous versions, it doesn't show synthetic anymore.
The Legacy is a emulated Digital Fast Ethernet. Which in, at least, 16.1 doesn't seem to work at all.
WAN can't get a DHCP lease from the ISP, and LAN can't be connected to it seems.

Keep in mind that 16.1 will most likely not work on Hyper-V 2012 R2.
Haven't tested older versions, or TP4 of 2016.
You can ping using the VM as DNS server, but any other traffic is not passed through.

I have a feeling it's related to FreeBSD 10.2 in some way. I've been testing with Fitch for some time now, but cant find a workaround as of yet.

[DirtySpiv]

WEB UI doesn't show link speed for network adapter, neither do ifconfig (no media info).
I've checked pfSense - with legacy adapter it will show 100TX, for non-legacy show no link speed (like OPNsense).

Keep in mind that 16.1 will most likely not work on Hyper-V 2012 R2.

I don't get you. Mine is almost working, except port forwarding (haven't configured rules yet).

[weust]

Same here. Never noticed that. It should say 10G I guess (like Windows).

You run Hyper-V 2012 R Free or normal (Standard/Datacenter), or another Hyper-V version?
I'm running Hyper-V 2012 R2 Free and I can't get it working with any 10.2 kernel or 11 from the Hardened BSD test builds. Only 15.x works here.

Have you enabled the Integration Tools for the VM? And if so, which options are enabled?

For me, after either upgrading the kernel in 15.x to FreeBSD 10.2, or installing 16.1 means I can resolve only using the OPNsense VM as DNS server. But clients can only ping, not download any web page data.
Plus my internal DNS servers can't resolve at all.

Really wonder what your setup is like, and the settings for the VM.

[DirtySpiv]

I'm on Server 2012 R2 Datacenter. I do not install Integration Tools on VMs.

- Barebone with 1 NIC connected to ISP (static IP + 1 Failover IP on different subnet);
- vSwitch has two virtual networks: External (WAN) (connected to NIC, shared with management OS) and Internal (LAN);
- VM has both virtual networks, MAC address spoofing is enabled on LAN.

[weust]

You don't install the Integration Tools for any VM, or just this one?

You use VLANs then? Don't have that set up.
Can't imagine that being the culprit for me.

[DirtySpiv]

I don't install Integration Tools on linux machines and I don't use VLANs.

Btw, I have reinstalled OPNsense and on initial config it says that my network adapters are Synthetic, but I can't make port forwarding to work. I want to publish DNS server on VM with Windows Server 2012 R2 - no success. Looks like I will fallback to pfSense :{

[weust]

This is based on FreeBSD, not Linux. But why do you not install the tools?

You have one physical NIC which you use as a uplink for a VMswitch.
There is no way to have a VMswitch with two virtual networks unless you use VLANs.

I doubt pfsense can do what you describe. It just doesn't make any sense based on what you describe.

[DirtySpiv]

This is based on FreeBSD, not Linux. But why do you not install the tools?

For newer FreeBSD releases, BIS is built in to the FreeBSD operating system, and no separate download or installation is required except for a KVP ports download that is needed for FreeBSD 10.0.

Latest pfSense is 10.1, OPNsesne 10.2 - why would I bother installing something?

You have one physical NIC which you use as a uplink for a VMswitch.
There is no way to have a VMswitch with two virtual networks unless you use VLANs.
I doubt pfsense can do what you describe. It just doesn't make any sense based on what you describe.

Would you clarify this statement? Because my setup is working right now with pfSense.

[franco]

Weust seem to have a pretty unique issue we are trying to pin down. It's a little difficult since Hyper-V seems to work for others. There have been reports like:

https://lists.freebsd.org/pipermail/freebsd-questions/2015-September/268138.html

but they ought to be fixed in 10.2-RELEASE already.

So just to be clear, DirtySpiv, you don't experience issues with Hyper-V on FreeBSD 10.2/OPNsense 16.1?