ESXi/PFSense on a SparkFibre

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › ESXi/PFSense on a SparkFibre

waikariboy

902 posts

Ultimate Geek

ID Verified

Trusted

#206067 8-Dec-2016 16:10

So I have a small ESXi machine, and wanting to setup pfsense on it for my spark fibre connection. I have everything setup, but nothing happening on my WAN port.

ESXi - PFSense - LAN/STATIC, WAN/VLAN10/PPPoE,

I have read other posts here, but it seems like people are running it a barebones machine and not virtual.

Anyone here doing the same thing?

Balm its gone!

1 | 2

1140 posts

Uber Geek

#1684911 8-Dec-2016 20:44

How is the esxi box connected to ONT? How many nics in the esxi box? Add what kind?

Help me build a better way of doing politics in Aotearoa New Zealand

political.nz

sparkz25

750 posts

Ultimate Geek
Inactive user

#1685449 9-Dec-2016 18:30

you may need to allocate a particular port in esxi to the vm so like eth0 is directly allocated to pf sense in esxi settings as the wan port of the virtual machine, i have a friend that runs sophos in a vm and it works fine but he had to do this to make it work

danfaulknor

939 posts

Ultimate Geek

Trusted

Prodigi

#1685454 9-Dec-2016 18:49

You can use VLAN10 to your advantage and only need one physical network card.

Plug the ONT into your switch. If it's managed you'll need to tag VLAN 10 through to your ESX host, if not, most dumb switches will allow VLAN tags to pass without an issue.

Create a new VM network, set the VLAN to 10 and give pfsense that network as it's WAN.

Then don't use a VLAN inside pfsense, just dial the PPPoE directly on the interface.

they/them

Prodigi - Optimised IT Solutions
WebOps/DevOps, Managed IT, Hosting and Internet/WAN.

macuser

2120 posts

Uber Geek

#1685458 9-Dec-2016 19:08

Don't know why you've set the IP config to static. Try automatic/DHCP from isp.

Unless of course you do have a static IP (but then usually a static IP is assigned by DHCP by most ISPs anyway)

Intravix

110 posts

Master Geek

#1685469 9-Dec-2016 19:40

I'm using pfsense on Bigpipe fibre. Try the above ^

waikariboy

902 posts

Ultimate Geek

ID Verified

Trusted

#1685537 9-Dec-2016 21:59

mcraenz: How is the esxi box connected to ONT? How many nics in the esxi box? Add what kind?

4 Port Intel NIC. Have setup one PORT as WAN and another one as LAN with a third PORT as Management.

WAN Port connected to ONT. LAN Port connected to switch as with Management Port.

Balm its gone!

waikariboy

902 posts

Ultimate Geek

ID Verified

Trusted

#1685538 9-Dec-2016 22:00

sparkz25:

you may need to allocate a particular port in esxi to the vm so like eth0 is directly allocated to pf sense in esxi settings as the wan port of the virtual machine, i have a friend that runs sophos in a vm and it works fine but he had to do this to make it work

Have done this, One port of Management, One port for WAN and one port for LAN. Still not getting DHCP settings from Spark.

Balm its gone!

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

waikariboy

902 posts

Ultimate Geek

ID Verified

Trusted

#1685539 9-Dec-2016 22:00

macuser: Don't know why you've set the IP config to static. Try automatic/DHCP from isp.

Unless of course you do have a static IP (but then usually a static IP is assigned by DHCP by most ISPs anyway)

LAN port has STATIC, WAN port has DHCP.

Balm its gone!

waikariboy

902 posts

Ultimate Geek

ID Verified

Trusted

#1685540 9-Dec-2016 22:02

danielfaulknor:

You can use VLAN10 to your advantage and only need one physical network card.

Plug the ONT into your switch. If it's managed you'll need to tag VLAN 10 through to your ESX host, if not, most dumb switches will allow VLAN tags to pass without an issue.

Create a new VM network, set the VLAN to 10 and give pfsense that network as it's WAN.

Then don't use a VLAN inside pfsense, just dial the PPPoE directly on the interface.

Interesting, I have a switch that can do this. So leave out the VLAN within PFSENSE, setup VLAN on WAN Virtual Port within ESXi and on Switch and I should be good to go? Will I have to worry about any security issues on the switch, due to it being on the WAN? PFSENSE WAN Port --> SWITCH --> OTA --> Internet

Balm its gone!

sparkz25

750 posts

Ultimate Geek
Inactive user

#1685546 9-Dec-2016 22:32

so for the wan port you need to assign it directly to the vm in these settings in esxi

and as every one else has said in the pf sense side of thing you need to set a vlan10 and so on and then assign a virtual nic to the pf sense vm and make that the lan port for the v switch, then its just configuring a port on the nic to act as a port from the v switch for the lan

i would start by working my way through and getting the nic assigned to the vm first and making sure i can connect to the internet within the console of the vm and slowely work my way around to the v switch or the lan port

waikariboy

902 posts

Ultimate Geek

ID Verified

Trusted

#1685591 10-Dec-2016 08:29

sparkz25:

so for the wan port you need to assign it directly to the vm in these settings in esxi

and as every one else has said in the pf sense side of thing you need to set a vlan10 and so on and then assign a virtual nic to the pf sense vm and make that the lan port for the v switch, then its just configuring a port on the nic to act as a port from the v switch for the lan

i would start by working my way through and getting the nic assigned to the vm first and making sure i can connect to the internet within the console of the vm and slowely work my way around to the v switch or the lan port

Thanks for this, I understand how ESXi works and what I need to do. Going to test it with the VLAN setup on the ESXi side of it and no VLAN within PFSENSE.

Balm its gone!

macuser

2120 posts

Uber Geek

#1685600 10-Dec-2016 09:20

If you don't end up liking PFsense, I'm using Sophos UTM for my Bigpipe Gigabit connection and it works great.

I have server 2016 as my hypervisor though and it multi roles as a media server

hio77

12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

#1685623 10-Dec-2016 10:12

Set your VLAN tag in esxi for the interface port in the vSwitch to 4095 (ALL)

This will allow you to pass any VLAN traffic from a VM inside ESXi to the Physical network.

Very handy to do it this way, as if you ever need to expand your network across VLANs, you can just do it in the one place (PfSense) and it is happy.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

waikariboy

902 posts

Ultimate Geek

ID Verified

Trusted

#1685691 10-Dec-2016 13:18

macuser:

If you don't end up liking PFsense, I'm using Sophos UTM for my Bigpipe Gigabit connection and it works great.

I have server 2016 as my hypervisor though and it multi roles as a media server

Thanks, have just installed this and it work straight away, I did setup VLAN not he ESXI side of the things and not the VM side. I think ill give it ago, but there is a lot of learning with this.

Balm its gone!

waikariboy

902 posts

Ultimate Geek

ID Verified

Trusted

#1685692 10-Dec-2016 13:19

hio77:

Set your VLAN tag in esxi for the interface port in the vSwitch to 4095 (ALL)

This will allow you to pass any VLAN traffic from a VM inside ESXi to the Physical network.

Very handy to do it this way, as if you ever need to expand your network across VLANs, you can just do it in the one place (PfSense) and it is happy.

Thank you, ill try this out.

Balm its gone!

1 | 2