There are providers in the web which allow the usage of virtualized NICs. In this case, it is easy because you can clearly assign one NIC as WAN interface to your VM and one NIC as LAN interface to your VM.
This means everything is very similar to a setup which you would do when doing it at a machine locally.

The only task for you is to find a provider which allows the usage of virtualized NICs. But there are many of them in the web!

@viragomann so I used route -n and it was indeed missing a gateway. I updated the VMs interface and added pfsense as the gateway. Now when I ping the gateway (10.10.1.1) I'm getting From 10.10.2.2 icmp_seq=1 Destination Host Unreachable whereas before it just said Network Failure

Edit: nvm I got it.

I gave the VM's network interface a static IP with /etc/network/interfaces and had to set its gateway as the IP of the linux bridge on the VE.

Do you know what they changed? It would be nice to know in case someone else hits this.

@heper OK. I realized my ISP also has iperf3 server listening so I tried that instead of speedtest. I attached a virtio vtnet interface to pfsense and made a better comparison with single vs. parallel flows, IPv4 vs. IPv6, and coming from physical port (ix) vs. virtio (vtnet). WAN is always physical port.

You had right, I think it is related to tx/rx queue issue you also linked above.

My test results show a single flow (ix or vtnet) can support around 5Gb/s on my system (packet filtering enabled). If I enable parallel, ix reaches to 9Gb/s, it does not matter IPv4 (NAT) or v6 (no NAT), and it consumes around 70% CPU (4 cores). However, when using vtnet with parallel flow, neither throughput nor CPU use changes and it is still around 5-6Gb/s (similar to single flow). It is actually very good for a single flow (as good as physical) and CPU consumption is not different (only a few percents higher maybe).

@viragomann I can confirm your diagnosys, removing the "10" IP, now the sessions from external "10" to "100" work and are stable.

Thank you very much again.

Hi,

I have pfSense 22.05 virtualized in proxmox 7.3: I had strange network performance issue with it and also with a plain debian install.

Turned out issue was NIC used (intel 210) belonged to a PCIE card, while in proxmox grub I had pcie passthrough option active: once removed all back to normal.
Not sure if that could be related though

@ar-ptg-co I would suspect that it doesn't come with support other than here at the forum since it's a Microsoft product...anymore and you should expect to pay; let hope that support staff verify.

@gulzoa712 You need to provide a diagram of your network.
Why are you using two routers on the same segment?
Separate the pfsense network from your other segment.

@urbaman75
I would restore the existing config on the new, then reassign the vlans to the new interfaces. Worked fine for me in the past.


So first I did not have my adaptors setup and it was wanting me to setup a vlan through a cryptic command line, then I could not access it because my router had the same IP now finally I can continue following the course. I did try to change the IP through the cryptic menu and that did not work out. So I went back and changed the IP on my linksys. that was less complex. Maybe changing the ip the web access works better.

@provels Thanks a bunch! Mediacom had to send out a tech and then a follow maintenance truck to find and remove the problem in my neighborhood and they finished an hour ago. Speed is running 20% over what I'm supposed to get with zero packet loss.

**** UPDATE ****

I found that there was a new FIRMWARE update for the HP 331T-Quad card, and I applied it. It is like 2 versions higher now than where it was.

Did a brand new install of Proxmox, and enabled the IOMMU settings.

Still seeing the PCI Bus errors, and found an article to add 'pci=nommconf' to the loader.conf section.

Been running more than 2 hours - no PCI Bus errors.

So I built a new pfSense VM and added the PCI directly for 0000:01:00.0 and 0000:01:00.1 as two NICs to the VM (direct access not virtualized ports).

Software installs - but only one Interface is seen (not 2)....and just repeated errors about a Firmware Link - over and over and over.

Oh Well - according to UPS, my INTEL i5-T4V2 card should be here tomorrow.