 Managed to convert my Kerio Control 9.4 install to UEFI, but new kernel not new enough for Hyper-V [message #153590] |
Fri, 20 January 2023 19:56  |
keriofan
Messages: 5
Registered: January 2023
|
|
|
|
Great that we finally have a newer kernel in Kerio Control. 
This helped me create a UEFI version of my Hyper-V Kerio Control guest for testing purposes. 
However saddened to find that not only does it not support SR-IOV in hyper-v, but also DDA (PCI passthrough) via hyper-V doesn't work.
It seems the kernel that was chosen may not have the supporting Hyper-V enlightenment to support SR-IOV for VF support (virtual function) and DDA (PCI passthrough).
On the other side, with KVM it all works fine, both SR-IOV VFs and physical ethernet nic device passthrough VFIO.
I hope the Kerio Control dev(s), add in the hyper-v SR-IOV and DDA (direct device assignment) support as part of the UEFI milestone, UEFI without the aforementioned will still keep Kerio severely restricted as far as performance is concerned.
Could someone pass the above notes onto the dev(s) please? 
|
|
|
|
|
|
|
|
| Re: Managed to convert my Kerio Control 9.4 install to UEFI, but new kernel not new enough for Hyper-V [message #153690 is a reply to message #153672] |
Wed, 01 February 2023 15:44  |
keriofan
Messages: 5
Registered: January 2023
|
|
|
|
It would take a little too much time to write up a step-by-step.
However if you are pro-efficient in linux, the below high-level steps should guide you:
a) create a UEFI ubuntu install, but also create partitions that match kerio (not counting first partition in kerio though)
b) create a 9.4.2p1 Kerio non-uefi install
c) add the kerio vhd to the ubuntu guest as another drive
c) using a live boot ubuntu image, boot up the uefi ubuntu install
d) load up terminal, and mount the partitions, source and dest (for each partition), copy over the parition contents.
e) update the grub to load kerio's vmlinuz and initramfs images.
f) all then works, but you get a few messages on bootup you can safely ignore, however for completeness just go through the kerio scripts and fix the couple of errors.
g) all works perfectly. Of course this is only for testing purposes because there would be no automatice upgrade path for future kerio revisions.
The thing that held it back originally was the old kernel as it used the old identifier for drive identifiers, which is why it never worked before because UEFI gives different identifiers for the drives, but with the newer kernel the drive identifiers are now consistent with UEFI.
Kerio should be able to quite easily create an iso that can easily work for both pre-uefi for backwards compatibility and uefi, just like Ubuntu/Debian.
Looking forward to a full UEFI supporting release, which includes support for Hyper-V SR-IOV and DDA.
Honestly at one point I thought GFI were just going to let Kerio rot away, just didnt' make sense, it is clearly the FINEST UI for firewall configuration out there, second to none! Would be a traversty if they let it fall behind the competition which sure supports all the latest hardware etc, but the configuration UI is a royally painful learning curve.
Thank you GFI for keeping Kerio going, with the newer kernels, I foresee glory.
|
|
|
|
|
|
Members
Search
Help
Register
Login
Home
