Bug #6205
closed
VLAN tagging in Hyper-V guest not working?
0%
Description
Hi,
after upgrading a virtualized (Hyper-V 2012R2) installation from 2.2.6 to 2.3, I am not able to access anything internal. Internal being defined here as local subnets connected via tagged VLANs. That was working perfectly fine in 2.2.6. I am still able to access that VM by HV-console (sure) and over an OpenVPN site-to-site tunnel, so WAN is working fine. No changes made aside from the upgrade.
Setup:
Single WAN on separated NIC (hn0)
Trunked Hyper-V vSwitch for LANs (hn1, nearly a dozen local LANs separated by VLAN tags on the same physical interface, see below)
hn1_vlan600: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 hn1_vlan720: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 hn1_vlan721: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 [...] OpenVPN tunnel
First, it looked like the tunnel was down, serveral users reported they can't access resources on the other side. But the tunnel is up and running, I'm able to access the pfSense VM via browser and SSH over that tunnel - but nothing behind it. When I try to ping something from the GUI or shell, I do get this:
[2.3-RELEASE][root@somewhere.with.fqdn]/root: ping -S 10.60.0.1 10.60.0.50 PING 10.60.0.50 (10.60.0.50) from 10.60.0.1: 56 data bytes ping: sendto: Host is down ping: sendto: Host is down ping: sendto: Host is down ping: sendto: Host is down ping: sendto: Host is downRouting table also looks good and as I said, WAN and OpenVPN is working perfectly fine. Some things I've spotted so far:
- Can't arp (or ping) anything on local subnets. For example, there's a switch (10.60.0.100, DHCP, may not have an IP right now) and at least the hypervisor (10.60.0.50 with static IP) which should respond to a ping (it's configured like that and worked before). ARP-table is empty expect for local interfaces of that VM
- Can - for example - dig a DNS on WAN and also over the tunnel
- Can access pfSense over the tunnel
I'm nearly sure it is somehow related to VLAN tagging - is there some major change in FreeBSD 10.3?
Please note: First thing I'll do tomorrow is to create a clone of that VM for debugging purposes and then revert a snapshot I did before I've kicked off that upgrade to restore connectivity.
Updated by Chris Buechler about 8 years ago
- Subject changed from Can't access any internal resource after upgrading from 2.2.6 to 2.3, WAN ok to VLAN tagging in Hyper-V guest not working?
- Category set to Operating System
- Status changed from New to Feedback
- Priority changed from High to Normal
Guessing issue is subject. Please report back what you find.
Updated by Thorsten Windrath about 8 years ago
Thanks for getting back Chris.
I've checked all the configuration and everything is fine on the hypervisor and uplink switch. Physical NIC 1 (hn0) is configured as Access Port (VLAN 599) while pNIC 2 (h1) is configured as Trunk (1,600-999, just for testing purposes).
Anyway, I've rolled back the VM snapshot - which reverted the pfSense VM back to 2.2.6-amd64 - and things started working immediately.
So the issue is clearly related to 2.3 (and I bet it is more specifically related to FreeBSD 10.3, not pfSense) on Hyper-V, at least 2012R2. Is there any additional info I can provide to aid you in hunting that bug down?
Updated by Thorsten Windrath about 8 years ago
Update:
Just faced a very weird issue: Whenever I do a reboot from within the VM (# reboot, for example), virtual NICs won't work (reproduceable). When I gracefully restart the VM using the hypervisor (PowerShell: Stop-VM / Start-VM / Restart-VM), NICs will work.
So it seems this bug isn't related to 2.3 at all.
Update-2016-04-22:
Need to be more precise here: Whenever I issue a reboot from within the VM, the TRUNKED NIC won't work, the other one will do just fine. hn0 is just a plain NIC with no VLAN as seen by the VM - VLAN is done on the hypervisor level. hn1 on the other side has VLAN tagging from within the VM (due to a limit of Hyper-V, you can't add more than 8 vNICs (+4 legacy) to a VM).
Updated by Jim Pingle over 6 years ago
- Status changed from Feedback to Resolved
Lots of changes in FreeBSD for Hyper-V since this went in, try again on 2.4.x.