@Gblenn I too run pfsense virtualised (proxmox) on old hardware (i7-3770S) alongside containers. I don't see any performance issues with pfsense either, in the webUI or otherwise.
I don't use pfBlocker's DNSBL just the IP blocking. Whilst I understand downloading and updating DNSBL may be CPU intensive, why would that impact performance on every visit to the dashboard? Is the pfblocker widget CPU intensive with respect to building DNSBL stats counters?

With my attempts to build small images with VB, I found the easiest way to get the image to be small is to do the install on as small of a virtual disk as possible. In your case try installing pfSense on a 1.3 or 1.4GB disk. I do not know what the minimum install disk size is, but experimentation will get you there. Once there you can always restore the config you have if needed.

There are VB options to reduce the disk, but in this case I suspect it will be easier to just re-install.

@jprez1980 Well., this hardware is 12 years old and considered obsolete.
So what do you mean by lower priced?
If you consider power consumption, this equipment is a money burner.

Gut feeling it probably tops at 3Gbit routing but you should check it with iperf and two pc's connected at 10g speeds with pf in between to be sure.
Of courseif we add packet filtering ids/ips etc this will be much less.

@JonathanLee Yeah maybe a virtual router. I'll consider that,
Thanks for the advice.

If you followed the guide (Tx checksuming of for the NICs, guest tools installed, etc), the VM is hardware virtualised (HVM), same CPU and RAM parameter as the one of ESXi and the XCP-NG host is reasonably fast then I can't see a reason why you have that limit.

I ran pfsense (plus 3 other VMs) with XCP-NG on a J3455 CPU with 16GB RAM on a 400/90 MBits PPPoE connection. That was pretty much the limit but your can be done with even quite slow hardware

What hardware to you use as a host. And what is the output of top -HaSP while you do the speedtest. I assume you run the speedtest from a client (client -> pfsense -> ISP -> speedtest server), not from pfsense itself.

And again, a network diagram would help. How are you connecting to the ISP?

@eiger3970-0 It appears I may have to move the virtual pfSense router to a hardware device.
However, I'm unsure if I could also build some 24 hour systems on the hardware device as well?

For example, a separate hardware device rather than this Desktop with 2 NICs, running a type 1 hypervisor with various 24 hour VMs.

Can a new and separate hardware device be run for a 24 hour router and 24 hour VMs?

Then this desktop can be powered on and off when needed.

@viragomann Thanks!

@viragomann The machine's Ethernet is set to a static IP 192.168.1.110/24 gateway 192.168.1.170.
The Wi-Fi is DHCP I guess?
I set up a new Network location on the machine and the Ethernet DHCP would not connect, so I switched back to the original network with the Ethernet static IP and it connected.
Guess I'll see how long it stays online until the problem returns.

@JonathanLee This is solved, somehow, I don't remember...just noting the thread can be closed.

Just in case anyone find this thread, i did a better article:

pfSense on TrueNAS Scale KVM, What is the best Virtual Custom CPU to choose? | QuantumWarp

https://forum.proxmox.com/threads/dhcp-on-pfsense-vm-not-handing-out-addresses-past-the-host.102763/

Seems like I'm not the only one..

To bad it's Intel driver "igc" that is the problem.. i226-LM and i226-V is having the same problem and i even think i saw i225..

@saluteferux said in Help with High CPU Usage in OPNSense/Pfsense VM inside Proxmox:

and using additional bridges to assign an IP on the proxmox host

If any of those bridges are connected in Promox to any of the I226-V NICs then you are not using pass through of the I226-V.

Pass through is done via Proxmox GUI -> pve -> VM -> Hardware -> Add -> PCI device Virtual switches / bridges via Proxmox GUI -> pve ->Network-> create (to create a virtual switch), then Proxmox GUI -> pve -> VM -> Network device -> Add (to plug the VM into the virtual switch).

But I assume you already knew this & I'm just not understanding what you are saying.

As for why there is a difference between VM load inside a VM compared to the Load measure outside the VM by the hypervisor, I believe the difference is overhead (including task switching, virtual device emulation, interrupt pre processing etc)

@johnpoz Oki