pfSense VM issues

QNAP NAS solution for server virtualization and clustering/HA/FT
Post Reply
P3R
Guru
Posts: 13183
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

pfSense VM issues

Post by P3R »

I'm a happy user of pfSense on both dedicated hardware and VMware but finally got around to test pfSense on the Qnap as well.

I downloaded the VM from this page and followed the instructions for importing a VM on this page.

As this pfSense instance is intended to be only a test installation at this point I have the VM configured to have it's WAN interface on my physical LAN and it's LAN on another virtual switch to which I have Linux VM connected for testing.

The problem I noticed before even starting to do any testing was that when the pfSense VM have been running for a while, the Virtualization Station administration no longer opens once it have been closed. It just stay a white window for a long time and eventually (15-30 minutes or something) time out with an error message. As soon as I initate a halt of the pfSense VM, the VS administration windows open normally again

Is anybody else noticing this behaviour or is a pfSense VM working for you?

I'm running this on a TS-1277-1600 with 32 GB RAM (43 % used), QTS 4.3.4.0551 build 2018-04-13 and Virtualization Station version 3.1.51 (2018-03-28).
pfSense_VM.jpg
You do not have the required permissions to view the files attached to this post.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
pkelecy
Starting out
Posts: 37
Joined: Fri Mar 09, 2018 11:56 pm

Re: pfSense VM issues

Post by pkelecy »

Hi P3R. I don't have an answer to your question, but I just got a reply from someone on the Netgate forum who is running the pfSense app on their TS-677. You might be able to compare notes. If there is a bug in the app, I would think Negate might want to help. Good luck with it.

https://forum.netgate.com/topic/131972/ ... qnap-nas/3
P3R
Guru
Posts: 13183
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: pfSense VM issues

Post by P3R »

Thank you for responding!

This was only a first pfSense-in-VS test for me and currently I don't have the time to investigate it further so it's not a problem and this thread was only to possibly catch anyone running into the same issue, in case many did experience the same thing. Apparently other people with TS-X77 don't have the same so maybe it's just me?
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
Tryphon
Getting the hang of things
Posts: 57
Joined: Sat Jul 24, 2010 3:02 am

Re: pfSense VM issues

Post by Tryphon »

I faced this situation when I forgot to change the gateway in my physical routeur having exactly the same default gateway in pfSense. I changed the gateway in the physical router and everything came back to normal behavior.

TVS-872XT
P3R
Guru
Posts: 13183
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: pfSense VM issues

Post by P3R »

Tryphon wrote: Wed Feb 26, 2020 12:02 am I faced this situation when I forgot to change the gateway in my physical routeur having exactly the same default gateway in pfSense. I changed the gateway in the physical router and everything came back to normal behavior.
Please explain how you have the pfSense VM in relation to to the router and how you changed the gateway addresses.

I had my pfSense test VM behind my production firewall (router) so the default gateway of the pfSense was the LAN interface of the production firewall (router).

Internet---WAN-|FW/router|-LAN---|LAN_switch|---WAN-|pfSense_test_vm|-LAN
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
Tryphon
Getting the hang of things
Posts: 57
Joined: Sat Jul 24, 2010 3:02 am

Re: pfSense VM issues

Post by Tryphon »

I have a physical router connected to a 1 Gb NAS adapter. pfSense is inside a VLAN connected to the 10 Gb adapter. Both LANs are independent. During the conflict, because of same gateway in these LANs, I had a very limited access to the administration page with blank pages in many features. My solution was not heroic : I restarted the NAS and just after the ready status of it, and I quickly powered off the pfSense virtual machine before its complete loading (virtual machines take a while to load after a NAS restart). I changed the NAS network setting on 1 Gb adapter (new fixed IP and new gateway different from the pfSense one) and applied the changes. Next, I changed the gateway in the physical router according to the new gateway set on the NAS. After the router restarted, I accessed the NAS with the new fixed IP and I started pfSense virtual machine. No more conflicts and reactive admin page.

Well, your situation is different and I am not enough expert to understand why you saw a blank window too.
leon.jehae
New here
Posts: 4
Joined: Sun Mar 07, 2021 1:09 am

Re: pfSense VM issues

Post by leon.jehae »

Just installed PfSense on my TVS872XT (2x1Gbe and 3x10Gbe) and installed my WAN-side on NIC1 (1Ggbe) and my LAN-side on NIC2 (1Gbe).
Everything works like i wanted but...........................as PfSense is even in the Virtualization Station Marketplace there bust be a logic reason to use PfSense virtual on a QNAP.

I mean, when you want to update the QNAP's firmware you need an internet connection right? But you need to reboot the NAS after (almost) every update, so you don't have access to the internet because PfSense is down before you update the firmware, otherwise the VM would be forced to shut down.?????????? I can't imagine that i am the only one who think of that so i must missing something here?

Best regards,
Léon
P3R
Guru
Posts: 13183
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: pfSense VM issues

Post by P3R »

leon.jehae wrote: Sun Mar 07, 2021 2:18 am I mean, when you want to update the QNAP's firmware you need an internet connection right?
For the QTS firmware download yes, not for the actual update.

But you have identified something that may in hindsight be a big issue for many that use a virtualized pfSense as their only internet firewall/router to the internet. The Qnap need to be updated far more often than pfSense and with every Qnap update come, most of the time two (it's recommended to reboot before the QTS update as well), reboots that take a very long time. Both Qnap shutdown and reboot times are huge compared to pfSense and many other comparable systems. Add to that the Virtualization Station updates that will also take your internet connection down every time.

Integrating many features in one box is a dream for many home and SMB users but the disadvantage is that it make you much more vulnerable. When that single extremely critical system is down, you lose everything. I wouldn't recommend running pfSense virtualized on a Qnap as your only internet firewall/router. It could be great as a backup in a high availability configuration though but as multiple static (not even reserved DHCP is enough) IP addresses is a requirement for pfSense HA it's out of reach for almost all home and SMB users, those that are the most likely to be attracted by this system integration possibility.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
leon.jehae
New here
Posts: 4
Joined: Sun Mar 07, 2021 1:09 am

Re: pfSense VM issues

Post by leon.jehae »

That was what i meant, i'm running websites, HomeAssistant, MS Exhange2019, PRTG, PfSense, Veeam, vCenter and even two ESXi machines (nested VM on a iscsi NAS with 64GB and 4TB Nvme in RAID0.) on it. Fun to see everything is using less powerconsumption than 10 separate machines but.................nothing when the NAS is going down indeed.

I've have two (extra) hardware Pfsenses in spare.......ahum

Compromise : HA.
Post Reply

Return to “Server Virtualization & Clustering”