@nzkiwi68 With 2.4.5 utterly broken in multi-core virtualized environments, it's hard to say. I won't be able to upgrade my environment until this pfctl issue is fixed, which means waiting another 6-12 months for a 2.4.5-p1.

One step forward, one step back.

I see this issue too (lockups, no network for long duration's randomly, overall slowness) on my server 2016 datacenter hyper-v pfsense vms, but not on my windows 10 1909 x64 hyper-v pfsense vms with 2.4.5.

doing more tests, reloading the firewall filter does cause the issue on windows 10 1909 hyper-v as well. vm config: gen 2, zfs, 6GB ram, 4x cpu cores assigned.

gonna try the same vm in virtual box and see if the issue exists there too. at this point i've seen the issue on 2016 server hyper-v and windows 10 1909.

Thank you Gertjan. I watched the video.

In the meantime I have been able to set up my ASUS router with DD-WRT transforming it in a managed switch :)

Now, if I am right, I have to connect my fritxbox with 1 port to my Asus (as switch) and tag this with a VLAN for WAN and I will switch off wifi from it and do not connect the other fritzbox ports.

I will tag the other ASUS ports as a different VLAN (and also add wifi to the same vlan) to have separated LAN and WAN networks.

I will connect my NAS with the virtualised pfSense on one LAN port of my ASUS router.
In my virtual pfSense I can set up two different virtual NICs and I have to link them to two different VLAN on pfSense with the same tag I defined in ASUS router.

Is this correct?

thanks
Chris

What do you mean by stop/brake connection? Just trying to get a better picture as to what is happening. What are your KVM NIC settings?

@SoulChild Thanks for the write-up, been looking for something like this. I do have a slightly different setup and would like to get your opinion on how to set it up correctly.

I installed a 2-port PCIe NIC card on my server so pfSense would have its own NIC ports....1 for WAN which is connected directly to my modem (we'll call it NIC port A) and 1 for LAN which is connected to port 1 on my managed switch (we'll call this NIC port B). I have the VLANs set as follows for port 1 on my switch....VLAN 1 for default/mgmt [untagged], VLAN 100 for LAN [tagged], VLAN 200 for WLAN [tagged], and VLAN 201 for Guest WLAN [tagged]. I have also setup the VLANs accordingly on pfSense.

The devices that are hardwired to the switch are able to get and IP from pfSense and can connect to the internet. I experimented with setting VLANs in OVS using other guides and my VMs were able to get an IP from pfSense as well, however they were not able to connect to the internet (I can ping the VMs from my hardware). I assume it has something to do the with the VLAN settings in OVS (trunking to the switch?).

What would your suggestion be on how to properly setup this network? I've scoured all over and have found things that say one thing and another. Looking for something more straightforward. Would my connections be the best way? Or should I go about it your way in the sense of having the modem connected to the managed switch on a VLAN vs having the pfSense NIC WAN port connect to it directly?

@voipuser said in pFsense stops routing every day at random for 7-15 seconds the resumes.:

upgraded to 2.4.5 so hopefully the problem dissapears...

Well it seems 2.4.5 cleared the problems, not had any disruption yet since: 2 days and 2 hours.

So far, much better!

Thank you

How could I miss that

I have been using a gen 1 VM so unfortunately that doesn't resolve the issue.

@rnormore I do know one adapter needs to be set to bridged mode and the other internal mode from what you just asked.

whaoo , ok thanks for this quick answers , so adding a nic with e1000 drivers don't alter order of the previous nics ...
i know what to do if i want to use another vmxnet drivers ;)

Thanks heper ;) have nice day ;)

@Zung said in Hyper-V pfsense setup with no internet behind LAN interface:

I am not sure if this issue was recorded in certain log or not.

WAN events are always logged.
In the logs.
Not a question of being sure : if you want to know, you have a look.

Well, I tried a little more investigation on this and solved the problem.

At first I checked IP's generating the messages.

They were all android devices (Google homes, android phones etc.).

Then I discovered these were from the Squid addon - caching.

I removed Squid and its reporter from installed packages - restarted the VM and CPU Usage returned to normal.

Obviously Squid went haywire on android devices.

Don't know why - but will not install again - don't really want this problem to crop up again.

Cheers

@skogs
So obviously Proxmox tries to use the guest agent if it's activated and does not send ACPI signals, even if it has recognized that the agent isn't running. 🙄
Didn't know that. However, since pfSense has no Qemu guest agent there's no reason for activating it.

Sorry but I am with @ITFlyer - and I edited your post to remove what amounts to keywords and a link..

Glad your wanting to help - but keep it on topic to the question at hand.. And why would you join a forum, minutes latter add such a post to a almost year old thread, because it mentions something related to what your wanting to promote is what it looked like.

Nothing unique to your issue about being on a fiber connection... Anyone behind a nat would have to open up the router in front of pfsense..

Glad you got it sorted.