Virtualization

• E

  PFsense VLAN on Hyper-v
  • eddiema68  

  3
  0
  Votes
  3
  Posts
  26
  Views

  M

  what version of Windows/Hyper-V is it?
• D

  Loving pfSense in my vSphere environment, but...high CPU...
  • david_harrison  

  9
  0
  Votes
  9
  Posts
  441
  Views

  

  Seems like classic CPU overcommitment to me. If you have "high CPU" or you think you have, check your VMware stats and get info about how many physical/logical AND virtual CPUs are working. The virtual to phys/logical should be around 1/2.5 according to best practices from VMware itself. So if you run 1/3 or higher and have high crunching CPUs you may see "high load" or "high CPU" in pfSense that is mostly pfSense not getting CPU ticks when it needs them and so has to wait for number crunching time. Also it's recommended you only give VMs the amount of CPUs they actually need, not more "just in case" as these "idling" vCPUs in VMs also get their ticks even if only idling and "stealing" them from VMs that are in dire need for CPU ticks - so if 1 or 2 vCPUs are good - go with it and add more later if needed instead of going full in and throw 4 or 6 vCores into it :)
• S

  Vmware Workstation or vSphere with powerful PC
  • skalyx  

  6
  0
  Votes
  6
  Posts
  34
  Views

  B

  No, as far as I know, it's not possible to add another NIC to that machine. If you are pushing 100GBytes/day through that one NIC, bear in mind that its 1Gb/s bandwidth will be pretty much split between WAN and LAN. If you aren't on gigabit fibre, it probably won't make much difference. You can use VLANs on ESXi in much the same way as you do with your managed switch. You will probably want to allocate at least two cores to pfSense, given the packages you run. I don't know much about the disk space or memory requirements for those packages but I suspect 6GB of RAM would be plenty. Someone else might be able to help with those numbers.
• D

  How to install pfsense on DigitalOcean droplet
  • dhiyogroup  

  13
  0
  Votes
  13
  Posts
  879
  Views

  U

  finally got it to work with this life savior of a video https://www.youtube.com/watch?v=k02MlP8B-FY
• J

  Home Lab Addition
  • JohnOrion  

  1
  0
  Votes
  1
  Posts
  33
  Views

  No one has replied

• P

  Realtek physical NIC config on host server
  • provels  

  1
  0
  Votes
  1
  Posts
  25
  Views

  No one has replied

• A

  pfsense and cloud provider vultr.com, having issues
  • asdffdsa6131  

  2
  0
  Votes
  2
  Posts
  20
  Views

  

  I suggest you give us some details to work with. How does it fail exactly? Any error messages? How does Vultr tell you to login to WebGUI? Usually they will assign you an IP address. Is your WAN configured with a public IP?
• C

  Azure and WAN public IPs
  • ChrisT  

  1
  0
  Votes
  1
  Posts
  21
  Views

  No one has replied

• A

  PfSense in Oracle Cloud
  • alessandro.parreiras  

  1
  0
  Votes
  1
  Posts
  27
  Views

  No one has replied

• K

  Install qemu-guest-agent?
  • killmasta93  

  6
  0
  Votes
  6
  Posts
  2404
  Views

  M

  Has anyone tried this yet
• B

  Passthrough Intel Pro/1000 with ntopng only 500 Mbits/s
  • bluepr0  

  3
  0
  Votes
  3
  Posts
  84
  Views

  B

  Used 4000000 but I'm unable to improve it further. I honestly don't know what I should tweak or what's going on. On this image below, orange arrow shows when I downloaded the file from the pfSense VM. Green arrow shows when I used my server (where pfSense is running) EDIT: Adding a video where you can see how it looks downloading from pfSense vs server (both connected with LAN). Looks like the pfSense is being limited to around 250mb? while the server can download at more speed for a limited amount of time. This is driving me crazy haha Video: https://d.pr/v/1OYQeP
• S

  Advice needed on virtualising pfSense
  • stroble  

  1
  0
  Votes
  1
  Posts
  90
  Views

  No one has replied

• N

  SOLVED: pfSense crashes when another VM is used with video card passthrough
  • nick13  

  1
  0
  Votes
  1
  Posts
  47
  Views

  No one has replied

• V

  PfSense in VirtualBox
  • veriqster  

  12
  0
  Votes
  12
  Posts
  168
  Views

  

  how larger of an exposed footprint do I have compared to a bare metal install? How is anybody supposed to answer such a question? How would you even quantify that? Your attack surface needs to be as small as possible because you're trying to guard against unknown vulnerabilities in your platform. The more complex & comprehensive the platform, the more likely a vulnerability exists.
• M

  pfsense on kvm -- slow network speed
  • macduke  

  3
  0
  Votes
  3
  Posts
  267
  Views

  B

  @macduke I got it running, seems like everything is fine so far. I’m using unraid with virtio nics (also shared with the server as I only have 2 nic ports for now I have only got enabled the hardware checksum preference. I haven’t touched any other preference on unRaid or the VM
• K

  Span port on openstack
  • Knudn  

  1
  0
  Votes
  1
  Posts
  53
  Views

  No one has replied

• J

  pfsense on a VM vmware workstation - noob
  • joebhoy  

  4
  0
  Votes
  4
  Posts
  99
  Views

  V

  Do have configured pfSense via LAN interface and disabled it after? If so, that wasn't a good idea, as long as you haven't configured the WAN interface for accessing the firewall before. You will have to set rules on WAN to allow the access for the clients and for management. In addition there is also a rule on WAN by default which blocks any access from private networks. It's set in the WAN interface settings.
• S

  Pfsense 2.4 HA on Xenserver 7.2, a good idea?
  • Stanislasss  

  7
  0
  Votes
  7
  Posts
  211
  Views

  

  The main reason is the windows client required to maintain XenServer - I pretty much never have to boot that windows VM any more. They also removed a bunch of functionality I used from the free product. I was "stuck" at XenServer 6.2. Citrix basically lost me. I do pay Proxmox but since it's just one socket (with 12 cores) it is quite reasonable. Even for a home lab. I have some Dells in the garage and it's on the list to build a Ceph cluster with them.
• H

  pfSense on ESXi 6.7 - slow throughput
  • helger  

  12
  0
  Votes
  12
  Posts
  249
  Views

  H

  @johnpoz Getting the full gbit speed, tried between firewall zones, but inside the ESXi host. pfSense pushing just shy of 3Gbit. Guess thats quite fair with a dual core. With suricata turned on I got just above 1Gbit. Physical workstation to a VM traversing zones (client<->server) [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 1.06 GBytes 913 Mbits/sec I'm happy!
• T

  Does Enabling Powerd for a pfSense VM do anything?
  • tibere86  

  2
  0
  Votes
  2
  Posts
  197
  Views

  P

  @tibere86 Don't think so. In Hyper-V, I get the same response in the shell to "powerd -v" enabled or not. [2.4.4-RELEASE][root@fw.workgroup]/root: powerd -v powerd: no cpufreq(4) support -- aborting: No such file or directory
• 

  pfSense on Server 2016 Hyper-v, what do you use for autostop
  • IsaacFL  

  2
  0
  Votes
  2
  Posts
  126
  Views

  P

  @isaacfl Running on 2012R2, I use Shutdown. In the past I had tried Save, but I think I was getting a panic and crash before it saved and the disk would come up dirty. I would need to restore a checkpoint. Shutdown seems to work fine, though when host reboots are required, I do a manual shutdown from the H-V Manager first, and Always Start. On reasonable hardware, there's not too much time required to cold boot. HTH
• H

  Pfsense stopped allowing traffic after a vMotion. It seemed "hung".
  • Hank6  

  4
  0
  Votes
  4
  Posts
  124
  Views

  

  Perhaps you might benefit from running two instance in pfSense HA mode, or using VMware HA.
• 

  (solve)HyperV 2012 vlans support(hn0)
  • periko  

  17
  0
  Votes
  17
  Posts
  428
  Views

  M

  @johnpoz So did I but you are missing the point. A config that works for four hours should work for four days too. The issue I have seen is that the Vlan trunk stops working after a few days. Not even arp will see the nic of the VM. The "workaround" I found was to add or remove a nic to the VM (just a non connected nic) and it will work for a couple of days again With 2016 the same config (actually it's the same VM) works if you can read this ;)
• A

  Pfsense kvm guest and host/guest internet connectivity
  • Asgaroth  

  6
  0
  Votes
  6
  Posts
  2122
  Views

  S

  Now it's 2019 and this is still a problem :-) I have been struggling with this for a week; I couldn't work out why ICMP from the host and another VM through the pfSense VM would work, but nothing else. I could only SSH into the host if I SSH to the pfSense VM first. In order to have the host be able to connect out I installed Squid and set it up as a transparent proxy, but I shouldn't have had to do this. Researching, I finally found this thread. I'm replying because I just wanted to say that after I enabled "Disable hardware checksum offload" and pressed save, immediately traffic started flowing to/from the host, and the other VM which had basically been unreachable. No reboot or reconfig or anything else was required. I now see it's fairly well documented here.. https://docs.netgate.com/pfsense/en/latest/virtualization/virtio-driver-support.html Perhaps it would be nice if pfSense could automatically disable hardware checksum offload on the virtio driver/NICs :-)
• O

  Unable to install pfSense on ESXi
  • Octopuss  

  9
  0
  Votes
  9
  Posts
  208
  Views

  

  @viragomann But that was after letting him select the .gz in the first place. It was smart enough to know it can't connect to a gzip, but not smart enough to filter out all non-ISO files in the image picker dialog? I just tried it myself with ESXi 6.7 and it doesn't show any non-ISO files. I couldn't select one even if I wanted to. Bizarre.
• M

  Watchdog timeout on queue 0
  • megapearl  

  9
  0
  Votes
  9
  Posts
  3252
  Views

  R

  @Erutan409 if this happens to me again, I'll change my virtual NICs over to fully-emulated hardware. I hate to have to do that, but I'm glad it seems to be a viable fix!
• K

  Setting up a home lab- need NAT to have internal virtual switch to go into the internet
  • korr2221  

  42
  0
  Votes
  42
  Posts
  850
  Views

  K

  @johnpoz just for learning sake, if this was a cisco router, how would one set the NAT? anyone happen to know the command? is it enable configure terminal ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length } access-list access-list-number permit source [source-wildcard ] ip nat inside source list access-list-number pool name interface type number ip address ip-address mask ip nat inside exit interface type number ip address ip-address mask ip nat outside end
• F

  How to use unraid mount tag in pfsense vm
  • fallingsloth  

  2
  0
  Votes
  2
  Posts
  117
  Views

  

  I've never seen such a thing work with pfSense and a VM host. pfSense doesn't include the binaries to mount smb/cifs, I don't think nfs is there either (client or server). Are you trying to copy from the VM host to pfSense, or from pfSense to the VM host? Why not use scp/rsync? The VM host may be able to use ssh as a filesystem, connecting to pfSense. But that wouldn't work the other way.
• T

  Multiqueue Virtio?
  • tibere86  

  6
  0
  Votes
  6
  Posts
  354
  Views

  W

  @tibere86 I'm using Open vSwitch (OVS) instead Linux bridge on PVE. Show from your PVE: ip a s ethtool -I <interface-name-from-previous-command> and cat /etc/network/interfaces And why ethX ? Latest PVE using enpX. Or you wrote that just as example? :) Maybe you must also enable multiqueue inside pfsense VM ? https://bsdrp.net/documentation/technical_docs/performance http://docs.openvswitch.org/en/latest/topics/dpdk/vhost-user/ If one wishes to use multiple queues for an interface in the guest, the driver in the guest operating system must be configured to do so https://cloudblog.switch.ch/2016/09/06/tuning-virtualized-network-node-multi-queue-virtio-net/ This should be done during interface initialization, for example in a “pre-up” action in /etc/network/interfaces P.s. Bingo! (Maybe this step not needed ?) Add something like in PVE network config: ... pre-up ethtool -L enpX combined N ... Then reboot PVE host and check is multiqueue enabled: ethtool -I <PVE-interface-name> And then https://forum.proxmox.com/threads/kvm-and-multi-queue-nics.27213/ set on PVE side in VM config file (pfsense VM must be stopped!): ... -netX virtio=XX:XX:XX:XX:XX:XX,bla-bla-bla,queues=N ... Starting pfsense VM and enable multiqueue within https://www.freebsd.org/cgi/man.cgi?query=vtnet reboot VM check is multiqueue worked https://forums.freebsd.org/threads/multiple-network-queues-on-vmx-interface.49080/ P.p.s. https://forum.proxmox.com/threads/virtio-multi-queue-balancing.43744/
• E

  How many bridges needed for pfSense vm?
  • eiger3970  

  9
  0
  Votes
  9
  Posts
  269
  Views

  E

  Ok, thank you for the clarification. The setup seems correct then.
• C

  Nic down with vlan wan connection
  • castiel  

  2
  0
  Votes
  2
  Posts
  87
  Views

  

  You probably want to put the pfSense on its untagged interface (ao1) and let vmware do the tagging. In order to pass vlan tags to the VM interface I'm pretty sure you have to put VLAN 4095 on it in vmware. Moving to Virtualization.
• V

  Accessing Web GUI from bridged virtual WAN interface
  • vzr  

  3
  0
  Votes
  3
  Posts
  117
  Views

  V

  It works, thank You very much!
• N

  configuration master/backup loadblancer and connectivity failure
  • NOC  

  1
  0
  Votes
  1
  Posts
  73
  Views

  No one has replied

• 

  (Solve)Hyper V 2012 Pfsense NIC deX efect?
  • periko  

  3
  0
  Votes
  3
  Posts
  163
  Views

  

  Hi sorry. Forget this one, I had found the issue I was having, thanks.
• P

  VMware ESXi 6.7 increased latency with NIC Passthrough
  • pfsvrb  

  1
  0
  Votes
  1
  Posts
  185
  Views

  No one has replied

• M

  Very slow traffic from other VM's through pfSense on XenServer
  • mortenchristensen  

  46
  0
  Votes
  46
  Posts
  45090
  Views

  W

  Hi. Much better https://xcp-ng.org/ + https://xen-orchestra.com/docs/
• W

  Proxmox, Ceph, ZFS, pfsense
  • werter  

  1
  0
  Votes
  1
  Posts
  131
  Views

  No one has replied

• F

  Virtualizate an appliance in production
  • franjgl  

  3
  0
  Votes
  3
  Posts
  148
  Views

  

  Do a fresh Install in your VM, take a Backup for the appliance in Diagnostics > Backup & Restore and Restore this Backup to your VM. More Information here: https://www.netgate.com/docs/pfsense/backup/configuration-backup-and-restore.html -Rico
• E

  Installing virtual pfsense after update broke router hardware
  • eiger3970  

  15
  0
  Votes
  15
  Posts
  562
  Views

  

  The guide is like that because running with only two NICs total is not recommended. It states: Host has at least two network interfaces available for WAN and LAN. If you have used a NIC for the management port then you don't have two available. However it should work with two NICs total and no dedicated management port as you found. Steve
• E

  1 dual port NIC or 2 x NICs for LAN and WAN port?
  • eiger3970  

  2
  0
  Votes
  2
  Posts
  171
  Views

  

  @eiger3970 Buy any NIC you want, so long as it's supported by FreeBSD. Stick with Intel if you can. However not sure if pfSense is clever enough to allocate the 2 ports to LAN and WAN? pfSense doesn't allocate anything. You define WAN and LAN yourself during setup by telling pfS which NIC is WAN and which is LAN.