How do I configure pfSense in a virtual machine as a firewall?

Question

Here is my network:

Client -- WAN -- PfSense(VMWare) -- LAN -- vSwitch (Promiscuous)
                                           \-- ESXi Management (192.168.2.1)
                                           \-- VM PC1 (192.168.2.100)
                                           \-- RealSwitch -- Server_1 (192.168.2.201)

OpenVPN server is configured as followed:

• IPv4 Tunnel Network : 192.168.10.0/24
• IPv4 Local Network : 192.168.2.1/24
• Client can connect to VPN with success

And when I ping various machine, I saw this behavior:

• Client -> PING 192.168.2.1 OK
• Client -> PING 192.168.2.100 OK
• Client -> PING 192.168.2.2 KO
• Client -> PING 192.168.2.201 KO

So I can ping the two virtual machine located on my vSwitch. But I am not able to ping the network management of ESXi and I can't also ping other machine connected to the vswitch through an other switch...

All those pings work when I'm connected directly to my local network.

Do you have an idea what could be this problem?

Answer 1

You need two network ports on VMware to use pfSense effectively as a virtual machine.

vmnic0 - connect this to a separate vSwitch (named 'WAN'). vmnic1 - connect this to your existing vSwitch (rename it 'LAN'). This is the vSwitch serving the VMware management network.

vSwitchA (named 'WAN') -- \pfSense (NIC vmnicX interface configured for WAN access)
-------------------------------------\WAN link (cable modem or whatever)

vSwitchB (named 'LAN') -- \pfSense (NIC vmnicY interface configured for LAN access)
------------------------------------\ESXi management interface (192.168.2.1)
------------------------------------\VM_PC1 (192.168.2.100)
------------------------------------\Server_1