OK I'll try that, thanks. Just because I'm curious, how will using a virtual nic allow for more control+ flexibility?

The problem has been resolved.
I tested a machine on a local network with an OVPN server to which the client was connected. Somewhere the network is looped, apparently.

I've setup a new pfsense vm with nothing on it. Results were more or less the same, so the packages weren't interfering.

So, I've setup a new bridge and set MTU to 9000 and now I'm getting about 9 Gbits/s (sometimes 10 with pf disabled). I don't understand networking enough as to why linux VMs work at 20 Gbits/s with MTU 1500.

Other settings such as CPU type, machine type, rx off on the bridge, didn't affect results that much.

Now I'm curious what it would take to get to 20 Gbits/s

I virtualized mine maybe 3 months ago partly as an "I'm stuck at home and need a project" and partly for energy savings. My server has the ram and plenty of CPU so what the hey lets try. I didn't passthrough. Decided instead to setup separate vswitches/portgroups and just dedicate nics that way; one for WAN and another for LAN and put PFSense VM in both portgroups. I'm using the free ESXI 6.7.

These days, mixing servers/IOT and desktops in the same LAN is probably a bigger security issue than virtualizing PFSense.

I am having the same issue.

A iperf to the WAN side of the pfSense VM over the internet shows 900Mbps. When I try and punch it through OpenVPN site-to-site using the same config as you, 80Mbps. Both sides are 3.5GHz+ Xeon/Ryzen CPUs, but CPU usage on pfSense on both sides is 5%.

An iperf from the WAN -> LAN interface (on a different KVM bridge) also shows 800Mbps+.

Similar issue here under ESXi 7.0 and pfSense 2.4.5-RELEASE-p1.
Created a VM with one virtual NIC, booted installed OK.
Powered off, added 2 other NICs, booted and they are OK.
Added a 4th NIC while powered on, the VGA console shows that at operating system level it was detected hotplugged with correct MAC address, but in pfSense web interface did not appear.
Rebooted, still not there.
Powered off and back on, still not there.

Deleted the whole VM, re-created from scratch with 4 NICs, re-installed pfSense from ISO, all NICs present.

192.168.195.60 is my WAN address (sorry had to change it in the meanwhile)

yes when i use vmbr0 browsing is working.

i can reach the pfsense from my local browser (not in the 192.168.x.x Network)

thanks for your help
regards

@jimp said in bug with inputs on ESXi?:

You hit Scroll Lock on your keyboard

This is definitely a plausible explanation, however:

I was doing other linux-based VM installs on the same ESXi machine at the same time and only had a problem with the pfSense instances, multiple times. I am working from a MacBook which does not have a Scroll Lock key (that I'm aware of). Is there a way to unwittingly send a Scroll Lock equivalent key stroke - perhaps with the right key combo?

I researched this a bit, and found some indication that Fn + Shift + F12 is the equivalent Macbook key combo for activating Scroll Lock. I wouldn't have ver had any reason to use those keys while doing my ESXi or pfSense tasks. I also found an old thread here where someone seems to have the same problem with Macbook randomly activating Scroll Lock and people discuss other possible key combos.

Still, it's hard for me to buy the explanation that this bug would only manifest itself in an ESXi console window and only for pfSense.

Unfortunately, I've finished those projects for now and don't know when I'll next have the opportunity to explore the possibilities of what might have been behind this bug.

Next two, top best solution :
Use a vanilla Windows Pro : I was using pre-2.4.5 using FreeBSD 1.1 and FreeBSD 11.3 using pfSense 2.4.5-p1, and have not seens any issues. But notre that this is a @home setup - more or like a test bed install - as VM are ment to be.
The real setup shouldn't be discarded :

ba92613d-d81a-4a9b-82aa-a44e6dfbba09-image.png

You could even hide it into the Win 2012 device if you have space constraints. No VM code here so many things that can't go wrong.

I was having some issues but seems most of them were fixed with ESXi 7. I’d say if you have the horsepower and RAM, use ESXi.

Status >> System Logs >> Settings
Set the logging of things you want...
Remote Logserver = Kibana

On Kibana open up port 514 for accepting logs.

I hand also an idea to migrate from physical hardware to virtualization the pfsense box .

Tried esxi an unraid , KVM with pass-trough , the results where horrible . Even on vmxnet3/virtio the results are poor .
The machine is capable of delivering 20Gb/s between 2 VM Linux hosts with vmxnet3 , but with pfsense in between max 700-800Mb :(

With pfsense with passtrough I maxed out an i5-4570 with an i350-t4 adapter and did not reach gigabit speed(only pfsense was running on the hardware).On bare metal it works perfect

Now I'm running pfsense on E3-1220L v3 (13W)CPU bare metal and it still beats the crap of i5-4570 in virtualization 😂 .

Pfsense is simple not designed to run properly in virtualized env.

@asdkjw I think that this error will be never fixed because it is old error with UEFI - http://freebsd.1045724.x6.nabble.com/failing-to-install-11-1R-on-VMWare-td6249644.html or http://freebsd.1045724.x6.nabble.com/Boot-failure-svn-up-from-this-morning-td6170968.html
Solution is to reinstall pfSense on Hyper-V 2012R2 as Gen1 VM and then everything will be working ok. It is same in pfSense 2.5 version.

Can't tell you for sure, but I've used both without issue. Currently using an IBM branded i340-T4. Any severe packet loss that I've experienced were ISP related. But the cards a certainly cheap enough to try. OEM versions from Dell, HP, IBM and others for about $25. Here's a good link to find the OEM equivalents of that chipset and several others. Many on EBay include both height brackets.
https://forums.servethehome.com/index.php?threads/list-of-nics-and-their-equivalent-oem-parts.20974/

@Bob-Dig said in Boottime on Hyper-V still slow on 2.4.5-RELEASE-p1:

that I route all traffic from the OVPNServer to a OVPNClient

The OpenVPN client tunnel isn't up at that moment, but the OpenVPN server daemon is already starting, using 'route's to the OpenVPN client. This might explain the 'route' messages.

What happens if you de activate the OpenVPN client - and activate it manually, after the system booted ?
Does it boot faster this way ?

Maybe you could start the OpenVPN client with a cron command that start a serveice (OpenVPN Client) 30 seconds after booting ?
And have it killed before you shut down, so it gets marked as "non running" and won't start during the next boot.

We have the "earlyshellcmd" commands. Let's invent the "lateshellcmd" ;)