How to setup an isolated Hyper-V lab with internet access
ฝัง
- เผยแพร่เมื่อ 26 ก.ย. 2024
- Learn how to setup Hyper-V so that you can use it to create a test lab environment. In this example, I show you how to setup pfSense and virtual switches so that the test lab virtual machines can only communicate with other lab virtual machines but also still reach the internet.
View the blog post with all the commands and step-by-step instructions here: www.dannymoran...
Hi, I’m Danny, a London based IT consultant and sporadic blogger. You can view all my blog posts at: www.dannymoran...
Pleasant voice and good teaching speed, not too slow. Clear and logical instruction. Thank you
Thanks for watching!
Danny you have the bad habit of making training videos easy to follow. Thank you and hope you tackle more advanced videos.
Thanks for watching!
I have been reading articles on how to do this and struggling for days.
This is straight forward and useful, thank you.
Thanks for watching!
This is fantastic. Thanks so much for creating this.
Thanks for watching!
Great guide, Thanks for sharing your knowledge.
Thanks for watching!
Excellent stuff Danny. Thanks
Thanks for watching!
Great video, I would like to see a video on using HV Manager which is the web interface to access Hyper-V via a web browser? That would be good to see since not everyone wants to use ESXi or Proxmox to build their lab environments
Without integrating to something like WAC or Azure Stack HCI, there are no official web interfaces for Hyper-V. I don't cover anything that is developed by third-parties unless it's something that I personally use.
I think it's best to just stick with the Hyper-V Manager and PowerShell to manage Hyper-V.
Thanks for watching!
Awesome explanation Danny, seriously, straight to the point and no BSs in the middle
1 question tho, how do I go about setting up vlans? Do i still assign the same LAN network/switch and enable VLAN ID?
I haven't used VLANs for Hyper-V for a while, but, you should still be able to do this under the network adapter settings in the Hyper-V settings for the VM.
Thanks for watching!
Great job done!
Thanks for watching!
Must say, this is a really good video and thanks for that. I have subscribed your and given a like. BTW, I was thinking couldn't you install pfsense with Gen 2 but disable Secure Boot?
I've never actually tried using a Gen2 VM for pfSense. If it lets your install it on a Gen2 with Secure Boot disabled, then I can't see it causing any issues.
Thanks for watching!
Thanks for the video! ✅But do you have another tip for me?
I want to provide as many isolated networks on a Hyper-V environment as many students I have (for example 15 networks for 15 students), so that they can install their own servers in each of these networks. How should I proceed?
Can't you just follow this process on each students machine?
Thanks for watching!
Awesome video. Thanks
Thanks for watching!
Holy damn it works!
One question though, if the domain controller VM got infected with virus, it shouldn't be able to infect the main host right?
Thanks for the video!
Technically, I think it might be able to. I wouldn't use this to test malware, I would use a dedicated sandbox solution.
Thanks for watching!
Amazing video! Thank you so much. I had a quick question however and was wondering if it was necessary to have your own domain for the DNS/DHCP configuration part of this video?
No, you can just use the pfSense for DHCP and DNS.
Thanks for watching!
Interesting series of videos. Is there any advantage to running Hyper V directly on bare metal rather than doing it via Win 10 or 11?
So how is it that the DC01 is on lab-switch-lan and can still reach the internet?
The internet traffic goes through the LAN side of the pfSense firewall and then out of the WAN side of the pfSense firewall to reach the internet.
Thanks for watching!
Thank you!
Thanks for watching!
Hi, I have an issue while setting up the Firewall for the WAN(hn0) the IP address is not showing automatically as shown in the video is there any solution for that?
Is the virtual switch that your WAN interface is connected to connected to a network that has DHCP on it?
Hi Danny, excellent videos, in this video towards the end you cover DC, DNS, ADDS, DHCP. I love the list of Windows 2022 server vids, but 96 is a lot to go through - Would it be possible to list the individual videos required for what you are doing at the back of this lab starter video.
My aim is simple, I am looking at doing multiple farms to cover ADDS, Exchange and Some other MS apps as part of a wider scale personal learning activity. having the "beginners" guide to the Hyper V FW01 is excellent, but it would help if I new which videos from your list of 95 would be better in the order that is best suited. Can you advise?
I agree that the playlist has gotten a bit out of control, and it's something that I need to sort out.
I wouldn't really say there is a recommended process to follow, this is just one of the ways I set up my lab when I need to test things. Depending on what you are trying to do and what you are trying to test, the lab would probably be setup differently. With it being a test lab, there isn't really a wrong way to do it.
Thanks for watching!
I'm having trouble doing the same setup but with VLANs. I have setup the dhcp relay in pfsense and have 2 scopes in the dhcp server and setup the vlan in each machine
I've never set it up using VLANs, unfortunately.
Thanks for watching!
Awesome. Thanks
Thanks for watching!
Could you do a guide on setting up Hyper-V across two hosts so that I can spread the load across multiple PCs? (i.e. PC1 has all my DCs on, PC2 has my other application servers, e.g Exchange), all domain joined. Been trying to find guides on this and haven't found anything that explains it simply enough!
I do plan on doing a guide which covers this, however, I don't have the hardware available in my lab at the moment to do this, unfortunately.
Thanks for watching!
can you do a video on how to unistall server core 2022 and go back to gui verson
You can't change from server core to server gui without doing a full re-install of the operating system.
You would need to boot from the installation media and do a full re-installation.
Thanks for watching!
Thanks it was very informative. I was just wondering couldn't you just assign a static IP or a reserved dhcp IP for the vm, then on the host firewall just block all incoming traffic from that ip?
I'm not sure I understand the question. Do you mean do this instead of the using the pfSense?
You could do that, however, I think using the pfSense would give better results when expanding the lab and it also gives the ability to easily create more subnets and route them to test multi-site setups better, or even test setting up site-to-site vpns if needed. The addition of the pfSense opens up a lot more testing opportunities and I feel it makes the lab more like a production network that would be in use within a business.
Thanks for watching!
@@danny_moran hey Danny, thanks for the response. Yes, I was wondering for simplicity if doing the firewall+static IP block would yield you the same results in terms of protection and internet access (vm isolated from host+can access the net).
I agree that this would be good for expansion of large number of vms, since once its setup you can just keep adding.
Would one be more secure/reliable than the other? If the pfsense vm stopped or froze, you'd lose internet to all vms connected to it. Whereas host firewall should be stable.
Once again I'm still learning a lot about this and would most likely be applying the pfsense route over the firewall method, but I just wanted to confirm that the firewall would be an acceptable backup plan if I wasn't able to set up the pfsense vm.
As it's a lab, I wouldn't say one was better than the other. It's just whatever is easier or more convenient for you to setup.
I can't think of any reason why the method you are suggesting wouldn't work.
@@danny_moran SUBSCRIBED!
fascinating stuff. I've been playing around with Pfsense and Hyper-V.
Using PFsense as DHCP server
I've tried to create 2 private LAN swtiches using your guide and it works
I've tried creating 2 internal LAN switches and it also works
Ive also tried creating 1 private LAN with multiple vlans underneath the LAN and it works as well
May i ask, what are the differences from these 3 methods i used? pros and cons of each?
Within Hyper-V there are three different virtual switch types. External, Internal, and Private.
Depending on which one you select, it gives different types of network access.
learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-hyper-v-networking-in-windows-server
when turning on my DC01 VM , it says Start PXE over IPv4, and then it fails and goes into Virtual Machine Booty Sumary - Network adapter - a boot image was not found
I fixed it.. I moved IPv4 all the way down on boot configuration and moved the boot from cd to the top
Glad you got it fixed updating the boot order. Thanks for watching!
@@danny_moran You have helped me tremendously. I am terrible at networking things let alone VMs. Thanks Danny!
Great guide - but I seem to have hit a snag. When I turn on the pfsense vm, and tell it to use hn0 for the wan (configured as external on hyperv), it hangs for a few minutes, i see an error message about dhcp client on hn0, and no IP is given.
Been pulling my hair out, this should work, but I cant get pass this one point. The virtual adapter is getting a dhcp address for hyperv (laptop).
any clue on what I should look at?
This is weird - I took the box home, and it works as expected. Something is going on with my AD DHCP not giving out an IP to the box when pfsense is asking for one.
Something to dig into later...
Glad you've managed to get it working.
Thanks for watching!
hello pfSense Virtual iso is not working it not boot can you help ? 🤔
Are you getting any error messages?
I got a question is this useful if i wanna download viruses and infect my vm because i have a itch to destroy vms with viruses and to have a windows destruction. Also i use virtual box
Personally, I would look into the Windows Sandbox for this
Guide on how to enable the Windows Sandbox: th-cam.com/video/D0qz9YX5k7k/w-d-xo.html
Guide on how to configure the Windows Sandbox: th-cam.com/video/n1caXD2WLC0/w-d-xo.html
Thanks for watching!
Why not just setup a VLAN on the firewall and set the port which the machine is connected on at the switch? Does Hyper-V not allow you to set the VLAN on each of the VM's?
Yes, you can setup VLANs and use that method, if you prefer.
Thanks for watching!
I’d like to be able to attach test devices to the dev environment using a managed switch. Say vlan20 for the lab. Any good guides on doing that?
I don't have any guides on this, unfortunately.
Thanks for watching!
nice one bruv
Thanks for watching!
Nah thankyou. I had already subbed, I had pf sense VMd before, but never did anything with it, was on bucket list, but was looking at the Hyper V switch and running server with office and was going to link a DC with an AWS route 53 hosted zone and lab a hybrid, and came across ya videos, and you were using pfsense, so i thought sweet!!!.... been through a few of your vids, now in my save list... really good content. Good luck to you. Appreciate the channel. @@danny_moran
I'm glad you are finding them useful!
Can this be done over wifi?
Yes, this can be done over wifi. You just need to select your wifi network card when setting up the virtual switch.
Thanks for watching!
Hey!
This is gonna sound very stupid, but I have no idea what all of this was about, all I know is that I wanted to setup an isolated virtual machine that has access to the internet, but can't send stuff to the host. So now if I install a normal windows 11 inside this using the "lab-switch-lan" option, will that be a safe enviroment for me to run a software that potentially contains a trojan virus? Like will it not spread to my host because of the isolation? And also if I set up gpu sharing will it still be isolated.
I know I'm propably asking some stupid stuff but I'm clueless of what I'm doing XD
Ideally, before you run software that might contain viruses, you would disconnect fully from any network so that it has no way to potentially spread. The method shown in this video is good for setting up test networks so that the two networks don't conflict with each other, but I wouldn't really use it to check if things contain viruses.
Thanks for watching!
Well I need internet connection to use a sofrware. It is a software that a lot of people say is safe, but some warn that it might contain trojan, that's why I'm trying this method. So does this somewhat prevent the trojan to go straight to my main netwrok, and infect other devices, or it doesn't do anything like that?@@danny_moran
Danny, when I try to sign into my VM with windows 10, in the lab environment you setup in the video, it says " to sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you're in doesn't have this right, or if the right has been removed from the Remote Desktop Users group, you need to be granted this right manually." Do I need to adjust group policy for this users OU ? Or do I need to install a Remote feature on my server ( roles and features) ? Thanks
That will be because the user account you are trying to login to the Windows 10 machine with isn't a member of either the Administrators or Remote Desktop Users group on the Windows 10 machine.
If you add the user you are trying to login to the machine with to one of those groups, it should then work fine.
As it's a lab, it's probably easier to just give all the user account Domain Admin and then you won't run into any permission issues. But don't give everyone Domain Admin in a production environment.
Thanks for watching!
@@danny_moran Danny, I've noticed that when my Domain Controller VM is turned off, I'm not getting any internet connection on my other VM Server.. I'm not sure the reasoning behind this.
Is your domain controller hosting the DNS for your lab? If it is, other VMs won't be able to resolve any hostnames to IP addresses.
It could also be that if your domain controller is hosting your DHCP server, then the other VMs in the lab won't be getting an IP address.
@@danny_moran Ahh! So I just let the DC run in the background?
Yes, I always have my dc running when using the lab.
hi, is this a suitable setup for malware reversing ?
I would look into dedicated sandbox environments for testing malware.
Thanks for watching!