Virtualization

• T

  Multiqueue Virtio?
  • tibere86

  1
  0
  Votes
  1
  Posts
  8
  Views

  No one has replied

• M

  Very slow traffic from other VM's through pfSense on XenServer
  • mortenchristensen

  46
  0
  Votes
  46
  Posts
  43435
  Views

  W

  Hi. Much better https://xcp-ng.org/ + https://xen-orchestra.com/docs/
• W

  Proxmox, Ceph, ZFS, pfsense
  • werter

  1
  0
  Votes
  1
  Posts
  7
  Views

  No one has replied

• F

  Virtualizate an appliance in production
  • franjgl

  3
  0
  Votes
  3
  Posts
  49
  Views

  

  Do a fresh Install in your VM, take a Backup for the appliance in Diagnostics > Backup & Restore and Restore this Backup to your VM. More Information here: https://www.netgate.com/docs/pfsense/backup/configuration-backup-and-restore.html -Rico
• 

  Hyper V 2012 Pfsense NIC deX efect?
  • periko

  1
  0
  Votes
  1
  Posts
  30
  Views

  No one has replied

• E

  Installing virtual pfsense after update broke router hardware
  • eiger3970

  15
  0
  Votes
  15
  Posts
  334
  Views

  

  The guide is like that because running with only two NICs total is not recommended. It states: Host has at least two network interfaces available for WAN and LAN. If you have used a NIC for the management port then you don't have two available. However it should work with two NICs total and no dedicated management port as you found. Steve
• T

  Does Enabling Powerd for a pfSense VM do anything?
  • tibere86

  1
  0
  Votes
  1
  Posts
  51
  Views

  No one has replied

• E

  1 dual port NIC or 2 x NICs for LAN and WAN port?
  • eiger3970

  2
  0
  Votes
  2
  Posts
  90
  Views

  

  @eiger3970 Buy any NIC you want, so long as it's supported by FreeBSD. Stick with Intel if you can. However not sure if pfSense is clever enough to allocate the 2 ports to LAN and WAN? pfSense doesn't allocate anything. You define WAN and LAN yourself during setup by telling pfS which NIC is WAN and which is LAN.
• C

  PfSense on Hyper-V - lower WAN speed
  • codera

  2
  0
  Votes
  2
  Posts
  368
  Views

  W

  refer to this thread https://social.technet.microsoft.com/Forums/exchange/en-US/ca93a8bc-500a-49e3-be6e-bf3407d8d798/hyperv-is-not-configured-to-enable-processor-resource-controls?forum=win10itprovirt i used bcdedit /set hypervisorschedulertype classic to fix the latency, intermittent, and bandwidth issues this is needed on win10 1803 and 1809 also in pfsense under System/Advanced/Networking make sure Disable hardware checksum offload Disable hardware TCP segmentation offload Disable hardware large receive offload are checkmarked with certain networkcards such as realteks
• A

  hyper-v on windows 10 1809
  • Actionhenk

  2
  0
  Votes
  2
  Posts
  375
  Views

  W

  refer to this thread https://social.technet.microsoft.com/Forums/exchange/en-US/ca93a8bc-500a-49e3-be6e-bf3407d8d798/hyperv-is-not-configured-to-enable-processor-resource-controls?forum=win10itprovirt i used bcdedit /set hypervisorschedulertype classic to fix the latency, intermittent, and bandwidth issues this is needed on win10 1803 and 1809
• P

  pfSense on QNAP NAS
  • pmk3

  11
  0
  Votes
  11
  Posts
  1380
  Views

  F

  Ran into an interesting issue with the QNAP's default gateway config after switching my router from an external device to virtualized PFSense on the QNAP. Wondering if anyone else has noticed or run-into this? My TVS-1282T will no longer acknowledge it's default gateway route now that my "router" has an IP address on the QNAP's own Virtual Switch. There seems to be some additional configuration needed or perhaps a bug with the QNAP OS/config utilities in this regard? Installed PFSense in a VM on my QNAP NAS using the network topology itemized below. Everything seemed fine until I discovered that the QNAP refused to assign its own default gateway to an IP allocated within a virtual switch config assigned to a VM (for the internal LAN interface to pfSense). pfSense seems to be operating just fine, everything else on my network can access the configured "default gateway" to the PFSense LAN interface - the only problem came on the QNAP side of things where it is refusing to talk to it's gateway IP anymore, and wouldn't let me confirm/update the setting to the 192.168.4.1 IP since it belonged to a virtual device. The virtual switch Any suggestions on how to maybe get this working without having to move pfSense to a separate HW device? Physical Topology: wan: cable modem -> QNAP eth4 lan: switch LAG (ports 21-23) -> QNAP bond0 (eth1+eth2+eth3) QNAP switch config: virtual switch 1: qnap bond0, static IP on 192.168.4.0/24, gw: 192.168.4.1 virtual switch 4: qnap eth4, no IP config, no dhcp... (assigned dhcp by modem in pfSense) VM network config for pfSense: Adapter 1 - vmeth0 (virtIO driver) <- QNAP virtual switch 4 (WAN), dhcp via cable-modem Adapter 2 - vmeth1 (virtIO driver) <- QNAP virtual switch 1 (LAN), static IP 192.168.4.1 TIA, -Fabrizio
• A

  pfSense on Hyper-V Server 2016: Strange Issues, Need Help!
  • AGnet

  2
  0
  Votes
  2
  Posts
  111
  Views

  B

  Did you get your hyper-v pfsense running? If not, feel free to post again. I have a couple of pfsense instances running on a hyper-v server, so it's definitely possible to get it working properly.
• B

  port mirroring pfsense stream to virtual ids analysis machine
  port mirroring • • BxuEyE4

  2
  0
  Votes
  2
  Posts
  65
  Views

  B

  i found the link below and a few others on the net but this one explains what i'm trying to do, at least from a vm perspective: dailysysadmin.com/KB/Article/965/port-mirroring-cisco-switch-virtual-machine-vmware-esxi-host/ made those configurations & mirrored the pfsense LAN switch port to security onion. checking now if i have the VLAN option correct but for now seeing a lot of traffic on the securityonion " ens192 " interface, the one without an ip that, i think, captures on all interfaces. getting there. i want to get the actual traffic to securityonion for analysis, say versus streaming pfsense syslog to securityonion. so port mirroring the pfsense LAN port is the way to do so, yes?
• J

  PfSense 2.2 not passing traffic, but ping does get through
  • jpsense42

  30
  0
  Votes
  30
  Posts
  20042
  Views

  

  1.6 Gbit/sec between two VMs in each direction. Single-stream TCP. iperf3 hosts are on 1302 and 1201.
• M

  pfsense on kvm -- slow network speed
  • macduke

  2
  0
  Votes
  2
  Posts
  99
  Views

  M

  i installed a freebsd 11.2. and this vm worked as expected. So it doesn't seem to be a basic freebsd problem. Unfortunately my freebsd knowledge are less than basic, so I have no idea at which place I could look. Does anyone here have pfsense running on kvm and no network performance problems?
• G

  PFsense with SR-IOV virtual function NIC
  • gandolf

  4
  0
  Votes
  4
  Posts
  1360
  Views

  R

  Im trying to do the same thing in ESXi 6.7 and pfSense. What did you do?
• E

  IP-Based Failover with AWS Marketplace pfSense App
  • Erez Buchnik

  8
  0
  Votes
  8
  Posts
  224
  Views

  E

  @netblues Hi, following up on this, below is a small and crude (sorry...) script for setting up a basic UDP LB with Nginx on-board pfSense. This script assumes that the directory /root/NGINX exists, and you have your custom nginx.conf file in it. #!/bin/sh if [ -f /usr/local/etc/rc.d/nginx ] then echo "Backup and rename nginx service" cp /usr/local/etc/rc.d/nginx /root/NGINX/nginx-dist mv /usr/local/etc/rc.d/nginx /usr/local/etc/rc.d/nginx.sh cp /usr/local/etc/nginx/nginx.conf-dist /root/NGINX/nginx.conf-dist echo 'nginx_enable="YES"' >> /etc/rc.conf.local fi echo "Update nginx config" cp /root/NGINX/nginx.conf /usr/local/etc/nginx/nginx.conf echo "Restart nginx" service nginx.sh restart ...and this is the diff between the default nginx.conf and my custom one, which balances two AWS instances (addresses intentionally changed): [2.4.4-RELEASE][ec2-user@MY-pfSense.localdomain]/home/ec2-user: diff /usr/local/etc/nginx/nginx.conf-dist /usr/local/etc/nginx/nginx.conf 0a1 > load_module /usr/local/libexec/nginx/ngx_stream_module.so; 15a17 > user root wheel; 122a125,142 > > stream { > > upstream lb_instances { > server 1.1.1.17:1234; > server 1.1.1.147:1234; > server 1.1.1.140:1234; > } > > server { > listen 2.2.2.1:5678 udp; > proxy_pass lb_instances; > proxy_bind $remote_addr:$remote_port transparent; > proxy_responses 0; > } > } > It seems that the failover feature is an Nginx+ feature, which requires a paid subscription. Thanks a lot for your help! Erez
• M

  Watchdog timeout on queue 0
  • megapearl

  7
  0
  Votes
  7
  Posts
  2867
  Views

  R

  @erutan409 it happened one more time in the last month, and just like before I really don't have any explanation as to why. Sorry :(
• D

  Loving pfSense in my vSphere environment, but...high CPU...
  • david_harrison

  2
  0
  Votes
  2
  Posts
  155
  Views

  D

  Surely someone at pfSense must know the solution to this issue... A simple google search suggests I’m certainly not the only person who is suffering this issue!
• E

  pfsense virtual machine on esxi not detecting more than NIC
  • elyp

  2
  0
  Votes
  2
  Posts
  89
  Views

  E

  @elyp Got it working. I had to blow away the whole virtual machine, and recreate it in esxi. Even though I had previously tried adding more nics in esxi, and then reinstalling pfsense all over again from scratch, it wasn’t getting more nics. So problem seems like it is on the esxi side with adding more nics to this type of vm after initial vm creation.
• G

  Azure - Marketplace - Virtual Appliance pfSense environment
  • genesis_mp

  7
  0
  Votes
  7
  Posts
  111
  Views

  

  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 -Rico
• U

  pfSence network order and VM ware 15
  • unsunghero

  10
  0
  Votes
  10
  Posts
  218
  Views

  N

  @unsunghero The sort answer is unfortunately, NO. pf is an enterprise grade firewall solution. It is never meant to be a plug and play box. It can do many complicated things, but then its like driving a racing car. You have more things to do apart from the steering wheel and the gas pedal. Here is a great reference for all things pfsense https://www.netgate.com/docs/pfsense/book/ It will answer all your questions, but then you need to invest some time and effort.
• C

  1&1 IONOS Cloud Server - Routing Socket - Network is Unreachable
  • coolesticeking

  8
  0
  Votes
  8
  Posts
  99
  Views

  C

  @rico said in 1&1 IONOS Cloud Server - Routing Socket - Network is Unreachable: Glad you have it working now. I would not open Management Port 80 and 443 to the whole Internet. Maybe you could lock it down to only a few Source IPs in your Firewall Rules. The best Solution is to use some VPN. -Rico Thanks Rico - I have a static IP so locked it down just down just to this one. Thanks again David
• O

  Timing issue with HyperV 2012R2 core
  • OutbackMatt

  4
  0
  Votes
  4
  Posts
  161
  Views

  T

  This isn't directly related to your probably but you probably don't want to use a VM as a time source as the VM and the Hyper-V host tend to fight about the time...possibly the cause of the jumps you mention. https://blogs.msdn.microsoft.com/virtual_pc_guy/2010/11/19/time-synchronization-in-hyper-v/ "...the rate at which the time in a virtual machine drifts is affected by the total system load of the Hyper-V server. More virtual machines doing more stuff means time drifts faster." Aside from that 2.4.4 upgraded FreeBSD so you might look into the NIC settings on the host. I am not really pointing to you anything specific but maybe there were driver changes in FreeBSD related to Hyper-V NICs. Oh, how about this bit in the blog post for 2.4.4-p1? "Fixed issues with Hyper-V hn(4) network interfaces and IPv6 as well as issues with ALTQ."
• C

  Hyperv Pfsense NAT public to lan NOT WORKING
  hyperv pfsense • • chetansonawane

  1
  0
  Votes
  1
  Posts
  65
  Views

  No one has replied

• S

  pfsense vtnet lack of queues
  • sheptard

  8
  0
  Votes
  8
  Posts
  195
  Views

  

  Mystery solved! Thanks @jimp
• I

  Creating Hyper-V VM to be exported on Azure
  • insalata_fresca

  9
  0
  Votes
  9
  Posts
  2932
  Views

  S

  @vkappas Can you share an working image of pfsense that can be uploaded to Azure, i have been trying to do this for quite some time. I was able to upload and get it started, im stuck with HTTP referer error.
• 

  Advice to installing on linux/virtualbox host and VIRTIO driver (for maximum nic performance and stability)
  • Babiz

  11
  0
  Votes
  11
  Posts
  242
  Views

  

  @netblues Thank so much for your detailed feedback here, is great to see high bandwidth under iperf test, for me. It's outstanding all my thinks! Now I'm hurry to do my iperf result too. And I also happy to try with my bare hardware! Hmmm See you soon, regards.
• J

  10gigabit pfSense 2.4.4-RC on HyperV max speeds of 600mbits
  • Jonatino

  4
  0
  Votes
  4
  Posts
  405
  Views

  M

  Interested in knowing what you are testing with? Iperf? Did you find a solution or at least a root cause?
• P

  Create new vmx interface ...
  • pfrossard

  3
  0
  Votes
  3
  Posts
  108
  Views

  P

  Correct, but I need to restart pfsense ... Thanks.
• 

  QNAP and AES-NI
  • Gil

  6
  0
  Votes
  6
  Posts
  170
  Views

  

  The CPU is: Intel Celeron J1900 Confirm no AES-NI support.
• F

  QNAP behind PFSense in virtual station
  • foo_001

  2
  0
  Votes
  2
  Posts
  264
  Views

  

  Just doing the same process, had any success?
• L

  PFSense on KVM Proxmox - Suricata/Snort performance issues
  • linkdragon70

  3
  0
  Votes
  3
  Posts
  210
  Views

  N

  What is the question? Proxmox is using kvm to virtualize cpu's. Pfsense runs fine under virtualization platforms in general, and proxmox (among others) in particular.
• 

  [SOLVED] vNICs degraded - Hyper-V Server 2016
  • _neok

  2
  0
  Votes
  2
  Posts
  129
  Views

  

  @_neok said in vNICs degraded - Hyper-V Server 2016: I'm running pfSense 2.4.4-RELEASE (amd64) on Hyper-V Server 2016 in a generation 2 VM. The server is recently updated. The administration console, in the tab "Network Functions" informs me that the status of my vNICs is "Degraded (Integration services update required)". I'm not sure if this is simply because I'm using the latest versions of both pfSense and Hyper-V. Does anyone know if there are updates of the integration services for my VM and if there are, how to install them? I really appreciate your help and experience. PD. I haven't found any performance problems. Best regards, Gabriel It's for the reason I imagined. https://social.technet.microsoft.com/Forums/en-US/06796c00-547a-4856-8e3f-2800d2653096/vnics-degraded-hyperv-server-2016?forum=winserverhyperv
• M

  pfsense 2.4.4 not showing additional vNICs on ESXi 6.7
  • mephisto

  22
  0
  Votes
  22
  Posts
  411
  Views

  M

  @johnpoz said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7: I moved to just the virtual machine manager on my NAS, synology ds918+ it allows me to run the vms I need to play with.. Since I moved my router to hardware (sg4860).. The only use of VMs are really light my unifi controller running on ubuntu as vm, couple other play linux vms. And some windows vms I only fire up when testing something.. 2k16 server, 2k12 server, windows 7, etc.. Only thing that is restrictive is limits you to 4 vswitches if you don't by the pro license, etc. But does what I need it to do.. Moved my pi-hole to actual pi vs a vm, etc.. So far its working out fine - also liking ability to run dockers on the nas as well.. Not exactly sure what VMM is based on for the underlaying tech, maybe its their own sort of build.. Haven't bothered to look that deep into as of yet... But clearly does what I need it to do.. I have run some virtual pfsense on it as well for testing. But its not really type 1, since its a package you added to DSM its type 2. 6.7U1 is not supported by Veeam for example and some other backup software, so no go for anyone on production. I would not agree.. Only those using those softwares and don't follow through with their vendors https://forums.veeam.com/vmware-vsphere-f24/vsphere-6-7-u1-support-t54673.html [UPDATE] October 19th All auto-tests of Update 3a with the workaround enabled have completed successfully, so all base Veeam Backup & Replication functionality is now confirmed to work with vSphere 6.7 U1. I will provide another update once the full regression testing cycle completes. The same contradicts afterwards: Important This is a temporary workaround against the specific error, which will allow the jobs to complete successfully. Overriding VMware API version may potentially cause issues with other Veeam functionality, because we don't know all the specific API changes that made VMware increment the API version. We're working with VMware to obtain these details while continuing to test vSphere 6.7 U1 with the workaround applied.bolded text Never play with backups
• R

  Veaam and pfSense
  • riahc3

  12
  0
  Votes
  12
  Posts
  280
  Views

  

  I don't even bother backing up pfSense because like I said earlier, it's dead-simple to install fresh and import your config. It might take less time to do that than to restore from a backup.
• D

  Pfsense 2.4.4 on ESXI 6.5 performance issues
  • d_chad

  2
  1
  Votes
  2
  Posts
  223
  Views

  D

  I believe I may have figured this out or at least improved speeds a lot. I manually set all the mtu speeds to 1500 which is supposed to be the default.
• J

  VMWare vs Netgate appliance in terms of performance
  • jamesp81

  1
  0
  Votes
  1
  Posts
  109
  Views

  No one has replied

• 

  HyperV VLANs inquiry
  • _neok

  8
  0
  Votes
  8
  Posts
  232
  Views

  

  @_neok said in HyperV VLANs inquiry: @CPrat I correct myself. I thought I was wrong. But I didn't... My VM doesn't keep the Trunk configuration in the vNIC when I restart the VM. And although I can apply it with the VM turned on and I have connectivity of my VLAN interfaces again and of course this is not optimal. My HyperV server is 2012 R2. The curious thing is that if I review the configuration of my vNIC with Get-VMNetworkAdapterVlan -VMName firewall01 -VMNetworkAdapterName Trunk_WAN -Verbose | select * This I get: it comes out as if it is well configured with my Trunk and the VLANs that I assigned to it, but I just don't have connectivity on my pfSense until I run (live) again Set-VMNetworkAdapterVlan -VMName firewall01 -VMNetworkAdapterName Trunk_WAN -Trunk -AllowedVlanIdList 0-600 -NativeVlanId 0 I tried VM generation 1 and 2 and I have the same problem. This sounds to me like 2012R2 and 2016 work differently at this point. A real shame... I will try do this on HyperV Server 2016. I will come later y let feedback. Seeya
• D

  How to install pfsense on DigitalOcean droplet
  • dhiyogroup

  7
  0
  Votes
  7
  Posts
  500
  Views

  

  @drcstang said in How to install pfsense on DigitalOcean droplet: @stephenw10 said in How to install pfsense on DigitalOcean droplet: Ooo, nice. Is that custom images part new then? According to this blog post, it appears they started supporting custom images in September. It's not a feature I've used or even looked for previously, I just happened to notice it in my DO console the other day, then I saw this thread. Didn't know about that, As I have tried it before September.