A question about interfacing between Hyper-V & pfSense (Server 2022)

Hello community! I’d like to request some help with my home network. I’m learning and have apparently hit the limitation of my knowledge. Have spent 6+ hours reading guides, following tutorials, and trying everything I can. All ultimately ending in failure, so I’d like to recover some sanity by asking you guys about it.

First off, the network works great right now. I’m very pleased with what I have and while some would say it’s a bit complex, the speeds and stability are the best I’ve ever been able to achieve. Let me explain how it’s setup and we can go into what I’m trying to do next.

First our internet comes in so of course there’s a Modem. That runs to a server with Windows 2022 Datacenter on it. This system has three nics; one onboard and two extra I installed. The aftermarket ones are considerably better so in Hyper-V I have isolated and dedicated them to a virtualized pfSense installation.

One is used for WAN, which is where our modem plugs in. Then the other is used for LAN which runs out to a Netgear R9000 Nighthawk X10 router that’s been flashed with DD-WRT and converted into an access point.

Now the remaining onboard nic on the server is then plugged in via the access point. This is shared via an external hyper-v switch with the windows operating system and a virtualized install of pi-Hole via Ubuntu Server.

So not counting the modem, we’ve got four configurable systems running to serve our internet; Server 2022, pfSense (virtualized), pi-Hole (virtualized), & DD-WRT. This is beautiful and I’ve really gone the extra mile to tweak each aspect of it as much as I can or even find guides detailing.

Example: the pi-hole updates nightly not only across 30 firelists but also checks whitelists so the modern internet still works properly and doesn’t get accidently blacklisted. It has custom fixes to stop roku spying, make fitbits work properly, stop unhinged windows machines, etc.

So what I’d like to do here, is get rid of the cable that runs from the access point back to the onboard nic that gives the server and pi-hole internet. I don’t really see a reason this cable should exist. I’ve been trying to create two new nics inside Server 2022 via the Hyper-V switch manager.

Then assign those to the LAN side of pfSense and have the current DHCP server accept them into / onto the same network. This way I can unplug that cable, leave the onboard nic empty, open up another port on the back of the access point, and while I haven’t been able to do this and there for benchmark it; hopefully ??? get performance gains ??? by eliminating a physical cable bottleneck.

Now this seems very easy in concept. All we’re talking about here is adding two more virtual nics to the system, attaching them to the lan side of pfSense, creating a bridge between the three of them, and having pfSense serve DHCP across that new bridge. Nothing really changes, the house moves on completely as normal as they’re all connecting to the access point.

Though now I would have the ability to create new virtual nics every time I start up an additional virtual machine and directly add them to the network via the bridge. These would use internal switches with full bandwidth for each connection instead of splitting up the single external switch (onboard nic) between them all.

Now I’ve spent hours trying to do this and everything goes exactly to plan, as all the guides walk you through …UNTIL the last step in pfSense of swapping your DHCP server from the singular DD-WRT Access Point connection (hn1) to the newly created Bridge (B0). Simply put, DHCP stops at that point and doesn’t seem to work at all.

I’ve thought for sure it was a firewall rule or maybe I didn’t do the bridge right or who knows but I’ve tried it all. Simply put once I click the button for the last step, I can see it properly issuing DHCP via the pfSense console to the Bridge. It looks perfect. But in reality, nobody is getting leases anymore, there’s no dhcp server action happening.

If you manually configure static IP addresses you can still connect to both the pi-Hole and the DD-WRT access point. Though you’re done on connecting to pfSense, no matter what you cannot pull that system up anymore. The only solution is going through the pfSense console and changing the interfaces back to making the Access Point the LAN again instead of the Bridge.

Surely I’m making some n00b mistake here. Every video and guide I can find shows pfSense just picking right back up with the DHCP Server after the switch is made and it working across all the interfaces you’ve just added via the bridge. It literally appears to be just that simple. But nope, not for me.

I guess I would ask you all a number of questions. Is my understanding of what I’m trying to do correct? Can you just create two new internal switches inside Server 2022 via the hyper-v manager and then add them to pfSense’s LAN side?

If yes, then surely I can isolate and dedicate each one afterwards. To be honest I don’t even need the DHCP server for these additional nics, I just need them to be on the same network so I can keep the static IP addresses they have now.

Is my quest to eliminate the cable going from the access point back to the server pointless? I feel like I have multiple very valid reasons for wanting to do this. Though having spent this much time not getting it to work, I’m starting to question if I’m nuts.

Once again, I’m not a professional, just having fun (…uuhh) learning something new. Always trying to build a better more optimized network out of the same ol’gear. Though this particular journey has left me scratching my head.

Thanks in advance for any tips or helpful advice! I’m just not sure what I’m doing wrong here.