to me the problem should be investigated on the vm side more than from inside pfsense. i see on google that people tend to bridge the interface instead off using the passthrough for unraid.
personally, for example, i was never able to make pfSense work reliable under virtualbox and i had to change the vm to qemu/kvm
@corotte said in Very slow traffic from other VM's through pfSense on XenServer:
updated my XenServer 6.2 to 6.5 a few day ago with my VM pfsense 2.1.5 with no issue
updated pfsense to 2.2 WITH XENTOOLS (xe-guest-utilties 6.0.2_3) and got the same issue ! installed xentool using that method:
http://blog.feld.me/posts/2014/07/pfsense-on-citrix-xenserver-essays.agency (Thanks feld !)
look like issue remain even with Xentools :/
anyone can confirm ?
FreeBSD does not accept traffic in case the checksum on the TCP packet isn't valid. A guy from the Netherlands tested it - Koen van der Gaag: https://projects-42.nl/index.php/2018/citrix-xenserver-and-pfsense-not-as-smooth-as-expected/
@ITFlyer According to this article you have to change the mac address on the virtual switch after disabling VMQ.
When you say you used a fixed disk size are you sure? In 2016/2019 you have to create the fixed disk outside the new VM wizard. You have to go to new > disk in the upper right hand side and select fixed disk type. Then attach it to your new VM that you created with the "attach a disk later" option. If you manually typed in something other then 127GB in the wizard it is still a dynamic vhdx.
With a dynamic vhdx I get between 40-60ish MB/s typically in my guests. In my guests that are fixed vhdx I get 113 MB/s without waiver.
You can convert a disk from dynamic to fixed via the disk tools, or create a new disk and reinstall pfsense if you are in fact using a dynamic disk.
So your saying pfsense without any dns is reaching out to a specific IP? So the IP must be hard coded into pfsense to check for X?
I don't think so to be honest, hard coding IPs is horrible coding!
Lets see these logs, or the IP that its reaching out to.. And we can prob figure out what is going on.. But I would be very surprised if the pfsense dev's hardcoded an IP into anything they are running. Best would also be these sniffs you took.
You have no packages installed?
You sure its just not the ping to the gateway of pfsense wan? That would be reaching out to an IP without dns to resolve it.. You do know that pfsense even if you turn off unbound, will try and grab dns from dhcp on its wan. And then would attempt to use that for dns..
Also how are you sure its not something on the lan side trying to get to X?
What about NTP? If pfsense at any time had dns, it would of resolved some IPs in the ntp.pool and be trying to set time with those, etc.
TL;DR going to need way more info to try and help you figure out what your seeing.
Also, I have a few pfsense vms I could fire up and try and duplicate what your doing/seeing..
i am also having issue with carp running kvm/qemu with libvirt.
the devices see each other and choose master and slave respectively but if i turn one off the clients cannot access the virtual ip anymore.
is this fix applicable in my case and if so how do i do it?
I came across similar NIC ordering issue some time ago. When I added more than 4 vmxnet3 adapters to the machine, FreeBSD numbered interfaces differently in comparison to VM ethernet adapter order, that issue is described here. When I used E1000 interfaces, the problem disappeared. I had to use workaround script that renamed vmx interfaces in FreeBSD based on their mac address, so that interface order was the same on VM and FreeBSD.
This is however something different. I'm not touching interfaces on the VM, I'm just unassigning/disabling interfaces in pfSense GUI under Interfaces -> Assignments. Though it definitely bears some similarity with aforementioned NIC order bug (meaning that everything is fine with only 4 interfaces on the machine).
Like @KOM said, most Linux flavours use /etc/resolv.conf for DNS resolution. You can manually set a static DNS entry in there by specifying the correct nameserver as the pfSense box. chattr +i /etc/resolv.conf should prevent changes to it being made on reboot.
Does pfSense receive the WAN address via DHCP from some external router/DHCP server? Can you post a screenshot of your outbound NAT rules? Might be something you want to fix there. Also make sure the firewall rules allow for ICMP echo requests outbounds.
It has been a while but if I remember correctly you need to tweak Xenserver to fix that problem. I think these are the correct instructions, at least the ones I used, to address that problem. Running pfSense in XenServer
So, I may have found a fix for my configuration - accounting for bufferbloat:
vSphere - 6.7 - VMXNET3 on all 4 network adapters I have configured on the VM
Internet speed - 250 Mbps/30 Mbps
pfSense version - latest (2.4.4_3)
Following this guide, I seemed to have avoided getting this issue when (a reoccurring issue) I'd set a couple downloads going on my PS4 and max out the download speed during the night. This seems to be the best reproduction of this issue, without fail, when I'd wake up in the morning.
The Internet would get sluggish and eventually stop working all together. Then, I'd log into vSphere and see the issue in the VM console.
But, after following that guide, it seems like my Internet is overall stable. I'll update if it still happens in the future. Hoping this IS the fix.
@eiger3970 said in No WAN IP:
I connected the bridged ISP modem’s LAN cable to another device and Internet works.
One more thing to check : the WAN NIC on the pfSense device.
Invert LAN and WAN during setup - console access - and retest.
A pfSense can be hookup up after any (router or modem or something else) that has a DHCP server on it's LAN.
pfSense, using DHCP client should and will receive an IP.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive for past announcements.