@macduke I got it running, seems like everything is fine so far. I’m using unraid with virtio nics (also shared with the server as I only have 2 nic ports for now I have only got enabled the hardware checksum preference. I haven’t touched any other preference on unRaid or the VM

Do have configured pfSense via LAN interface and disabled it after? If so, that wasn't a good idea, as long as you haven't configured the WAN interface for accessing the firewall before. You will have to set rules on WAN to allow the access for the clients and for management. In addition there is also a rule on WAN by default which blocks any access from private networks. It's set in the WAN interface settings.

The main reason is the windows client required to maintain XenServer - I pretty much never have to boot that windows VM any more. They also removed a bunch of functionality I used from the free product. I was "stuck" at XenServer 6.2. Citrix basically lost me. I do pay Proxmox but since it's just one socket (with 12 cores) it is quite reasonable. Even for a home lab. I have some Dells in the garage and it's on the list to build a Ceph cluster with them.

@tibere86 Don't think so. In Hyper-V, I get the same response in the shell to "powerd -v" enabled or not. [2.4.4-RELEASE][root@fw.workgroup]/root: powerd -v powerd: no cpufreq(4) support -- aborting: No such file or directory

@isaacfl Running on 2012R2, I use Shutdown. In the past I had tried Save, but I think I was getting a panic and crash before it saved and the disk would come up dirty. I would need to restore a checkpoint. Shutdown seems to work fine, though when host reboots are required, I do a manual shutdown from the H-V Manager first, and Always Start. On reasonable hardware, there's not too much time required to cold boot. HTH

Perhaps you might benefit from running two instance in pfSense HA mode, or using VMware HA.

@johnpoz So did I but you are missing the point. A config that works for four hours should work for four days too. The issue I have seen is that the Vlan trunk stops working after a few days. Not even arp will see the nic of the VM. The "workaround" I found was to add or remove a nic to the VM (just a non connected nic) and it will work for a couple of days again With 2016 the same config (actually it's the same VM) works if you can read this ;)

Now it's 2019 and this is still a problem :-) I have been struggling with this for a week; I couldn't work out why ICMP from the host and another VM through the pfSense VM would work, but nothing else. I could only SSH into the host if I SSH to the pfSense VM first. In order to have the host be able to connect out I installed Squid and set it up as a transparent proxy, but I shouldn't have had to do this. Researching, I finally found this thread. I'm replying because I just wanted to say that after I enabled "Disable hardware checksum offload" and pressed save, immediately traffic started flowing to/from the host, and the other VM which had basically been unreachable. No reboot or reconfig or anything else was required. I now see it's fairly well documented here.. https://docs.netgate.com/pfsense/en/latest/virtualization/virtio-driver-support.html Perhaps it would be nice if pfSense could automatically disable hardware checksum offload on the virtio driver/NICs :-)

@viragomann But that was after letting him select the .gz in the first place. It was smart enough to know it can't connect to a gzip, but not smart enough to filter out all non-ISO files in the image picker dialog? I just tried it myself with ESXi 6.7 and it doesn't show any non-ISO files. I couldn't select one even if I wanted to. Bizarre.

@johnpoz just for learning sake, if this was a cisco router, how would one set the NAT? anyone happen to know the command? is it enable configure terminal ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length } access-list access-list-number permit source [source-wildcard ] ip nat inside source list access-list-number pool name interface type number ip address ip-address mask ip nat inside exit interface type number ip address ip-address mask ip nat outside end

I've never seen such a thing work with pfSense and a VM host. pfSense doesn't include the binaries to mount smb/cifs, I don't think nfs is there either (client or server). Are you trying to copy from the VM host to pfSense, or from pfSense to the VM host? Why not use scp/rsync? The VM host may be able to use ssh as a filesystem, connecting to pfSense. But that wouldn't work the other way.

@tibere86 I'm using Open vSwitch (OVS) instead Linux bridge on PVE. Show from your PVE: ip a s ethtool -I <interface-name-from-previous-command> and cat /etc/network/interfaces And why ethX ? Latest PVE using enpX. Or you wrote that just as example? :) Maybe you must also enable multiqueue inside pfsense VM ? https://bsdrp.net/documentation/technical_docs/performance http://docs.openvswitch.org/en/latest/topics/dpdk/vhost-user/ If one wishes to use multiple queues for an interface in the guest, the driver in the guest operating system must be configured to do so https://cloudblog.switch.ch/2016/09/06/tuning-virtualized-network-node-multi-queue-virtio-net/ This should be done during interface initialization, for example in a “pre-up” action in /etc/network/interfaces P.s. Bingo! (Maybe this step not needed ?) Add something like in PVE network config: ... pre-up ethtool -L enpX combined N ... Then reboot PVE host and check is multiqueue enabled: ethtool -I <PVE-interface-name> And then https://forum.proxmox.com/threads/kvm-and-multi-queue-nics.27213/ set on PVE side in VM config file (pfsense VM must be stopped!): ... -netX virtio=XX:XX:XX:XX:XX:XX,bla-bla-bla,queues=N ... Starting pfsense VM and enable multiqueue within https://www.freebsd.org/cgi/man.cgi?query=vtnet reboot VM check is multiqueue worked https://forums.freebsd.org/threads/multiple-network-queues-on-vmx-interface.49080/ P.p.s. https://forum.proxmox.com/threads/virtio-multi-queue-balancing.43744/

Ok, thank you for the clarification. The setup seems correct then.

You probably want to put the pfSense on its untagged interface (ao1) and let vmware do the tagging. In order to pass vlan tags to the VM interface I'm pretty sure you have to put VLAN 4095 on it in vmware. Moving to Virtualization.

It works, thank You very much!

Hi sorry. Forget this one, I had found the issue I was having, thanks.

Hi. Much better https://xcp-ng.org/ + https://xen-orchestra.com/docs/