https://drive.google.com/open?id=0B7QyEupT1XZLTjZleG1scktKUW8

@heper: https://redmine.pfsense.org/issues/6296 This is almost certainly the cause. Don't switch to e1000, that won't make it any better, it's best to be on vmxnet3.

i did not test traffic shaper since i don't use it in my environement For VLAN, the only thing you can't do is a trunk on Virtual NICs. You will have to create a separate network on your XenServer (XenCenter Networking tab) for each VLAN. Then, add a network card to your PFSense for each VLAN (Each network created earlier). After that, you can create trunk using the NICs of you XenServer (XenCenter NICs tab). You can also do a trunk with a LAGG under XenServer for more network performance depending of your setup. Don't forget to configure your switch accordingly. That'S the way i'm able to make VLANs for in a clear manner with the logic of XenServer. EDIT: working with and without Xen-toolson PFSense

yeah, I think the "magic setting" I had to activate last time I installed a new ISO image in a VM was pressing "I" to install and then getting up and making some waffles until the webgui was loaded on the IP it said it was

Yes, any gateway latency reporting issues that still exist in latest versions (and most in older versions) with Hyper-V are because you have both NTP enabled inside the VM, and Hyper-V's time sync enabled. That does bad things to the system clock, which makes gateway monitoring inaccurate. Disable NTP or Hyper-V's time sync.

@johnpoz: what setup below? Meant here, sorry: https://forum.pfsense.org/index.php?topic=110768.msg617019#msg617019 INTERNET -> Firewall (DMZ public IP to 192.168.168.5) -> VMWare ESXi -> pfsense pfsense WAN: 192.168.168.5 pfsense LAN: 10.0.10.X (DHCP is enabled for the other VMs) Basically, the 192.168.168.5 address is what the other firewall has setup for DMZ with a public IP. How can I configure pfsense to work with the public IP, do I need to do anything specific? How should any firewall rules be setup for OpenVPN to work with this setup? Any traffic coming into my public IP is being routed to 192.168.168.5 which (I thought) pfsense was setup to receive traffic from. For whatever reason, nothing can connect. I know it works because if I setup another machine and configure the IP to be 192.168.168.5, and it works fine. However, pfsense does have an internet connection, it can connect out.

There are several threads around for Hyper-V on 2.3 and disk issues – search and you'll find them. IIRC some people have changed the disk controller type in Hyper-V to get it working, others had to set a specific sysctl on the firewall.

Here are some Xen HVM results: iperf client sends traffic server disgards iperf test one: iperf -c 10.100.10.245 iperf -s -i 1 router to client (i3 laptop): [  4]  0.0-10.0 sec  317 MBytes  266 Mbits/sec iperf test two: iperf -c 10.100.10.1 iperf -s -i 1 client to router (i3 laptop): [  4]  0.0-10.0 sec  182 MBytes  152 Mbits/sec

Who cares what that guy says.  I would set that stuff manually. I just installed Proxmox, set 4 queues to the VM network interface. I then put 1 cpu and 4 cores to it. client to freebsd 10.3 [  3]  0.0-10.0 sec  943 MBytes  791 Mbits/sec freebsd 10.3 to client [  3]  0.0-10.0 sec  769 MBytes  644 Mbits/sec This is on an i3 laptop with 4gb memory.  Also who knows how good the network equipment is between here and there. I do not know much about proxmox at this point but the only way I could get to to boot virtio with 4 queues was to put 4 cores into the VM itself. randyrulz it really seems like you should be able to make it run faster. I am about to install pfsense next.  This was just a freebsd 10.3 test which pfsense 2.3 runs on at this point.

To clarify, based of a question of one of the posters here, I am guessing you want one connected virtual trunk (or LAN/untagged, VLAN99/tagged, VLAN10/tagged) to your pfSense VM so all traffic in an out are expected to be tagged/untagged as normal with no adjustments by VMware, is this correct?  Typically to do all VLANs and pass tagging to the VM, you would use VLAN 4095 on the host level, I have never tested using the VLAN trucking selection option in the dvSwitch setting.  I have done this once a long time ago and had no issues (but tested with just all tagging with Avaya and Cisco gear).  However, research shows that you would be better off letting VMware Host accept the tag and process it for you, sending the VM the untagged packet.  Is this just an exercise? I believe by default Cisco sends VLAN 1 as untagged (native) when you create a trunk, so specifying is redundant, otherwise if it was a different value, the show config would have noted the different setting.  But these are my recollections if it's IOS. When you have this setup up on the trunk port, do any of the VLANs ping at all?  I guess I am asking for connectivity status for each VLAN from the pfSense perspective.  Do you have CDP enabled and confirmed the port/switch connectivity?  I know dumb question, but have to get the simple ones out of the way first. I ask all this, because I found this note: "Caution: Native VLAN ID on ESXi/ESX VST Mode is not supported. Do not assign a VLAN to a port group that is same as the native VLAN ID of the physical switch. Native VLAN packets are not tagged with the VLAN ID on the outgoing traffic toward the ESXi/ESX host. Therefore, if the ESXi/ESX host is set to VST mode, it drops the packets that are lacking a VLAN tag." Trying not using the Native VLAN on the Cisco, try create VLAN 2 on the switch (if it doesn't exist) and then set the native VLAN to 2 instead of the default of 1.

I had a problem with Proxmox and pfSense. Network speeds were slow and the only way to fix it was to install ethtool, change to Virtio NICs and by adding two lines on the Proxmox host /etc/network/interfaces file. pre-up /sbin/ethtool -s eth1 speed 1000 duplex full autoneg off pre-up /sbin/ethtool -K eth1 tx off After host reboot the speeds were back to several hundred Mbs. Sam

you would have to verify that on the switch.. I have not used HP in many many years..  But assume there is a way to see which path in a lagg/etherchannel a specific connection is using.  something along the lines of test etherchannel load-balance interface port-channel 1 ip 10.10.10.2 10.10.10.1

That explain a lot of things ! I've check the bug report and it does not seem to catch the attention or get any priority at the time of writing. Is there any way to put pressure or ask for a possible ETA for this bug ? I think that if many people "push" the bug report, we could get a resolution soon.

The ruleset is generated from config.xml, where the rules are strictly associated with wan/lan/opt. The back end writes out the ruleset automatically replacing wan/lan with hn0/hn1/etc. based on what your assignment is. Other than WAN -> hn0, LAN->hn1, etc. there is no mention of hnX in the config.

If you want to use more of your NICs, I would set up a portchannel between ESXi and your Cisco switch. (This is what I've done with my own ESXi host.) You could either trunk all the VLANs over this portchannel to let pfSense do the routing (and record logs, and apply firewall rules, etc) or you could let your intra-VLAN routing be handled by your Cisco, as you suggest… or a combination of these. If a combination, make sure that the Cisco has no IP in the VLANs that should be handled by pfSense, or a host in that VLAN could set the Cisco as its gateway to get around whatever firewall restrictions you put in place (unless of course you want this capability!) If you want the Cisco to handle the routing, just set up pfSense so that it has a static route to 10.0.0.0/8 pointing to the Cisco. (You don't want this traffic going out anyway, so no harm in making this overly broad.) If you want pfSense to handle the routing, only give the Cisco a management IP, and turn off routing. (no ip route) then it will act as a layer 2 switch.

Hello everybody, I fix it as shown in this article: https://forum.pfsense.org/index.php?topic=85797.0 The download speed from the pfsense console doesn't rise, but the virtual machine placed behind it can now download at full speed. So do not trust the speed shown by the fetch command :-) Have a nice day, Ivo

Are you the OP??  Who are you thanking??