VMware Cloud Community
myvwmare12
Contributor
Contributor

create WAN and LAN on esxi 6.5 for pfsense installation

Hi,

I am very very new to vmware and with multiple tries and spending 2 days I was finally able to install esxi 6.5 Build 7388607.

My final goal is to create pfsense on this esxi 6.5

I am trying to connect a cable from att modem to port 1 on the esxi 6.5 and port 2 to normal unmanged switch.

I did looked at various step by step guide and most of the guide says to create wan and lan connection first before installing and configuring pfsense.

I am struggling to create wan and lan on the esxi 6.5 first. Can you please provide me guide on how to do that? if you can do it with screen shots that will be great.

Thank you for your help on this.

Tags (2)
Reply
0 Kudos
7 Replies
bateau59
Contributor
Contributor

Hi,

How about PfSense on VMware vSphere / ESXi - pfSense Documentation ?

That shows how to create LAN and WAN.

Before starting, you must:

* know what DHCP, IP address ranges and NAT mean. No use continuing if you don't.

* have a host computer with at least 2 network ports (ILO/IPMI not included)

* make up your mind on the LAN and the WAN network address ranges. They MUST be different, and not overlapping.

* determine the IP address of ESXi itself. I suggest that you set the ESXi server itself to be in the LAN range, via a static address. It is strongly discouraged to make it use DHCP from pfSense, as the host must be up before the guest VMs (hence: pfSense) start.

Reply
0 Kudos
myvwmare12
Contributor
Contributor

Please see my answers below.

Thank you for providing the link for pfsense documentation. I did went through the pfsense documentation but I am stuck at step 1 where it says "Add two Virtual switches, one for WAN and another for LAN. For uplink select two separate available ports." The problem I am facing is, after adding WAN and LAN, as said in the documentation, when I try to add a uplink I am getting a message saying "There are no free physical adapters to attach to this virtual switch." Please see the attached screen shots.esxi 6.5 - 2.JPGesxi 6.5 - 3.JPGesxi 6.5 - 1.JPG

Before starting, you must:

* know what DHCP, IP address ranges and NAT mean. No use continuing if you don't.

-- yes i have knowledge of this.

* have a host computer with at least 2 network ports (ILO/IPMI not included)

--my computer has 2 physical network ports

* make up your mind on the LAN and the WAN network address ranges. They MUST be different, and not overlapping.

--LAN Range - do i setup this range in pfsense or on ESXI? I am looking for range 192.168.35.1 to 192.168.35.250

-- WAN Range - I think I will be getting this ip address from my att fiber router which is in ip pass through mode. If I am wrong on this, how I am suppose to setup WAN Range?

* determine the IP address of ESXi itself. I suggest that you set the ESXi server itself to be in the LAN range, via a static address. It is strongly discouraged to make it use DHCP from pfSense, as the host must be up before the guest VMs (hence: pfSense) start.

--I have attached my ESXI to monitor directly and was able to assign a static address to it in the range of pfsense 192.168.35.251.

Reply
0 Kudos
bateau59
Contributor
Contributor

Well, as the image with "virtual switches" says, you used up the 2 physical NICs (the physical network ports) for the default "vSwitch0" "network". See the 'uplink' column. There are no more network ports available for neither "WAN" nor "LAN". You cannot use a physical NIC in more than 1 virtual switch.

When I look at the networks you foresee, "192.168.35.1 to 192.168.35.250" is going to be VERY hard to do. I strongly suggest you make LAN a full subnet: "192.168.35.0 to 192.168.35.255", or "192.168.35.0 mask 255.255.255.0" or "192.168.35.0/24" as it is supposed to be noted now. Wikipedia "Subnetwork", and once you understand that, Google/Bing/Whatever "ipcalc" and "subnet calculator" or the like.

The ESXi IP address MUST be inside that LAN range if you want to be able to talk to it later on. I hope you know that the extremities of a subnet cannot be used. So the available IP addresses in a network "192.168.x.0 - 192.168.x.255" are "192.168.x.1 - 192.168.x.254", the .1 or the .254 often used for gateways to other networks. That address (I suggest the .1) will be the LAN address of pfsense.

So I suggest:

* remove LAN. Use vSwitch0 as your LAN, but leave the name vSwitch0. It'll be easier for you later on.

* remove the one physical NIC that you want to use for WAN from vSwitch0

* assign that freed up NIC to WAN

If you do not understand the above, please read up on IPv4 networking before continuing. pfSense is easy to install and use, but you cannot forego on basic network knowledge when using it.

Reply
0 Kudos
myvwmare12
Contributor
Contributor

I did went into pfsense from esxi and changed lan (em1 to 192.168.35.1/24).

I did assigned 1 physical port to wan.

I have got att fiber with modem/router as BGW210-700. On BGW210-700 I did configured IP PASSTHROUGH and did put wan mac address there. now on esxi box, I can see when I am doing dhcp, to get ip address automatically, it is assigning public ip address to esxi, like 172.34.58.19.

Now I am not even able to login to my esxi and more confused on what is going on here.

my eventually goal was att BGW210-700 to ESXI to pfsense (192.168.35.1/24) to a switch and I can connect my ap, and other devices to switch.

Sorry if I am confusing more on this, I am trying to figure out this from last 3 days now and just stuck in configuring lan and wan connections itself.

Reply
0 Kudos
bateau59
Contributor
Contributor

So you see pfsense, but not esxi?

Then you probably either removed the "Management network" (with kernel port vmk0) port group from the port that you use for LAN, or you gave it a bad address. Give it a fixed address in the LAN range, and link it to the same port that you use LAN on (which should be vSwitch0)

The interface of esxi is on the 'management network' port group. You can attach that port group to any physical NIC you want, but make sure you attach it and that you know it's address.

You can see the network address on screen when you attach a screen to the VGA port of the host. You can also change things there when you connect a keyboard.

Reply
0 Kudos
sarikrizvi
Enthusiast
Enthusiast

1. Default vswitch0 use for lan with 1 uplink ( 1 physical network adapter)

2. Create one more vswitch for WAN with 1uplink ( 1physical network adapter)

Above setting for esxi host, now when you deploy pfsense use lan and wan on different vswitch.

Regards,
SARIK (Infrastructure Architect)
vExpert 2018-2020 | vExpert - Pro | NSX | Security
vCAP-DCD 6.5 | vCP-DCV 5.0 | 5.5 | 6.0 | vCA-DCV 5 | vCA-Cloud 5 | RHCSA & RHCE 6 | A+ (HW & NW)
__________________
Please Mark "Helpful" or "Correct" if It'll help you
_____________________________________
@Follow:
Blog# https://vmwarevtech.com
vExpert# https://vexpert.vmware.com/directory/1997
Badge# https://www.youracclaim.com/users/sarik
Reply
0 Kudos
myvwmare12
Contributor
Contributor

so for some reasons I believe there is an issue with ATT Fiber Modem/Router BGW 710. When I was trying to connect that device to esxi directly it was not working. Wan was not getting proper ip address.

so now I connected asus router in between att fiber modem/router and esxi box and did put att modem/router in ip passthrough mode.

By doing that my asus router is now getting public ip address on wan side.

now i connected a cable from asus router to esxi box and configured pfsense accordingly

By doing this, any thing connected to pfsense is getting proper ip address and speeds. I am not sure how asus router is able to get public wan ip address but esxi does not gets that.

Reply
0 Kudos