Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [solved] pfSense (2.6.0 & 22.01 ) is very slow on Hyper-V

    Scheduled Pinned Locked Moved Virtualization
    187 Posts 36 Posters 113.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wicked1
      last edited by

      Me too..
      Hyper-v. Intel i350-t4 nic. Everything fine in 2.5.2. In 2.6, I'm having issues w/ NAT reflection. Some banking type websites never load. And, everything is slow. About 1.7Mb, when it should be 400.

      For my internal things where nat reflection isn't working, and for the bank logins which never load, if I kill the states, parts of the sites show up. Then I can wait a while and kill the states again, and another section of the site loads.
      I think that's all I've got to add at the moment. I'm happy to test and get logs or whatever.

      1 Reply Last reply Reply Quote 0
      • D
        DonZalmrol
        last edited by

        Same issues here on two sites. All worked well on v2.5.2 with normal speeds for my ISPs (+-300/30). Both virtualized on Hyper-V.

        Now the speeds are either very slow or very "wobbly"

        Specs of servers are almost the same:

        • HP DL380 Gen9
        • Intel Xeon E5-2650L V3
        • 192GB DDR4 ECC
        • Full flash SSD array
        • Server 2019
        • Gen2 machines
        • Each VLAN has its own network adapter from Hyper-V
        • Server A: (Mellanox) HP 10G 2-Port 546FLR SFP+ LOM in LACP with 10GB uplink
        • Server B: QLogic BCM578110-10GB in LACP with 2GB uplink

        Site A speed:
        c932056a-5056-4e14-bcff-95c9e60edcc3-image.png
        3f094147-f3d3-4fa2-97d1-8459f2cded40-image.png

        Site B speed:
        475639ce-75d8-406f-85cf-7491a1fdf983-image.png
        bb359176-c78e-4f23-aaa2-b3d0e29e495d-image.png
        Tested with enabling/disabling SR-IOV and VMQ, other hardware offloading is disabled per Netgates best-practices for Hyper-V.

        Tried also the suggested disabling of ALTQ and rebooted both firewalls = no real change in speeds.

        All NICs are horribly slow, inter-vlan traffic is so slow I cannot open certain programs that are hosted on another guest.

        HN0 output:
        9ae0933b-7cdc-4437-ab6a-3490071972db-image.png

        I noticed that when I do a ping test to one of my switches from my laptop via cable the reply time is quite high, the should be less then <1ms for healthy switches:
        74cd2648-1009-4f32-9999-3b1b879bd401-image.png

        Note 1: The upgrade to v2.6.0 took a very long time for both FWs

        Note 2: From what I find on the internet/forums/Reddit is that is seems to be "only" happening to MS Hyper-V FWs, perhaps a faulty driver in FreeBSD?

        Note 3: Site B firewall is now running on v2.7.0 as a test -> no improvement.

        At this point planning to do a rollback, never done it for PFSense, so need to research it.

        If the Netgate team needs more information/ testing, I'll happily provide it.

        W 1 Reply Last reply Reply Quote 2
        • D DonZalmrol referenced this topic on
        • W
          whiteshadow @DonZalmrol
          last edited by

          @donzalmrol : can you get a TCPDUMP and see if we have loss or other odd behavior's

          1 Reply Last reply Reply Quote 0
          • D DD referenced this topic on
          • D DD referenced this topic on
          • D DD referenced this topic on
          • D
            DonZalmrol
            last edited by DonZalmrol

            @whiteshadow

            The TCP dump returns a 503 error when running, so I pulled a states dump for you

            The are currently 9151 states on my FW, so I've provided a very short & minor redacted overview so you can see inter(v)lan/wan communication.

            Better than nothing:

            ![c053bd75-b8d8-49c2-8b9d-cba0721263ca-image.png]([[error:parse-error]]) code_text
Interface	Protocol	Source (original source) -> Destination (original destination)	State	Packets	Bytes
VOICE	udp	X.X.70.100:5060 -> X.X.10.3:5060	MULTIPLE:MULTIPLE	592 / 411	290 KiB / 210 KiB
CAMS	udp	X.X.80.20:17423 -> 34.250.216.38:6000	MULTIPLE:MULTIPLE	215 / 214	18 KiB / 15 KiB
DATA	tcp	X.X.90.70:27820 -> 151.236.217.85:443	ESTABLISHED:ESTABLISHED	544 / 544	29 KiB / 52 KiB
LAN	udp	X.X.65.101:54915 -> X.X.65.255:54915	NO_TRAFFIC:SINGLE	6.263 K / 0	1.74 MiB / 0 B
DATA	udp	X.X.90.70:60922 -> X.X.90.255:32412	NO_TRAFFIC:SINGLE	1.064 K / 0	51 KiB / 0 B
CAMS	udp	X.X.80.20:17423 -> 99.81.240.103:6000	MULTIPLE:MULTIPLE	215 / 214	18 KiB / 15 KiB
LAN	udp	X.X.65.101:65512 -> X.X.90.10:53	MULTIPLE:MULTIPLE	38 / 33	3 KiB / 5 KiB
WAN	udp	Site A IP:56833 -> 185.100.84.135:4431	MULTIPLE:MULTIPLE	109.301 K / 67.3 K	89.35 MiB / 8.50 MiB
DATA	udp	X.X.90.70:38558 -> X.X.90.255:32414	NO_TRAFFIC:SINGLE	1.064 K / 0	51 KiB / 0 B
WAN	tcp	Site A IP:44706 (X.X.90.70:27820) -> 151.236.217.85:443	ESTABLISHED:ESTABLISHED	543 / 544	29 KiB / 52 KiB
LAN	tcp	X.X.65.101:59454 -> 51.104.30.131:443	ESTABLISHED:ESTABLISHED	294 / 228	28 KiB / 22 KiB
WAN	tcp	Site A IP:36187 (X.X.65.101:59454) -> 51.104.30.131:443	ESTABLISHED:ESTABLISHED	294 / 228	28 KiB / 22 KiB
LAN	tcp	X.X.65.101:59456 -> 52.114.92.88:443	ESTABLISHED:ESTABLISHED	397 / 592	84 KiB / 366 KiB
VPNAC	icmp	openvpn..220.10:59534 -> openvpn..100.1:59534	0	10.368 K / 10.355 K	294 KiB / 293 KiB
WAN	tcp	Site A IP:38134 (X.X.65.101:59456) -> 52.114.92.88:443	ESTABLISHED:ESTABLISHED	397 / 592	84 KiB / 366 KiB
WAN	ipv6-icmp	IPV6 Address[58806] -> 2001:4860:4860::8888[58806]	NO_TRAFFIC:NO_TRAFFIC	10.366 K / 10.366 K	496 KiB / 496 KiB
WAN	icmp	Site A IP:59176 -> 8.8.8.8:59176	0	10.367 K / 10.367 K	294 KiB / 294 KiB
DATA	udp	X.X.90.70:50780 -> 239.255.255.250:1900	NO_TRAFFIC:SINGLE	533 / 0	67 KiB / 0 B
DATA	udp	X.X.90.4:1024 -> X.X.90.1:123	MULTIPLE:MULTIPLE	84 / 84	6 KiB / 6 KiB
LAN	tcp	X.X.65.101:59484 -> 20.54.37.73:443	ESTABLISHED:ESTABLISHED	245 / 129	17 KiB / 30 KiB
WAN	tcp	Site A IP:35549 (X.X.65.101:59484) -> 20.54.37.73:443	ESTABLISHED:ESTABLISHED	245 / 129	17 KiB / 30 KiB
IOT	udp	X.X.25.100:64149 -> X.X.25.1:53	MULTIPLE:MULTIPLE	60 / 60	4 KiB / 5 KiB
WAN	udp	Site A IP:123 -> 109.68.160.220:123	MULTIPLE:MULTIPLE	65 / 65	5 KiB / 5 KiB
WAN	udp	Site A IP:123 -> 188.165.224.178:123	MULTIPLE:MULTIPLE	65 / 65	5 KiB / 5 KiB
WAN	udp	Site A IP:123 -> 87.233.197.123:123	MULTIPLE:MULTIPLE	65 / 65	5 KiB / 5 KiB
WAN	udp	Site A IP:123 -> 185.159.125.100:123	MULTIPLE:MULTIPLE	65 / 65	5 KiB / 5 KiB
DATA	udp	X.X.90.10:54826 -> X.X.65.99:161	NO_TRAFFIC:SINGLE	547 / 464	52 KiB / 57 KiB
LAN	udp	X.X.90.10:54826 -> X.X.65.99:161	SINGLE:NO_TRAFFIC	547 / 0	52 KiB / 0 B
WAN	udp	Site A IP:123 -> 45.83.233.8:123	MULTIPLE:MULTIPLE	66 / 56	5 KiB / 4 KiB
WAN	udp	Site A IP:123 -> 45.87.77.15:123	MULTIPLE:MULTIPLE	65 / 65	5 KiB / 5 KiB
DATA	udp	X.X.30.31:35453 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 178	10 KiB / 15 KiB
WAN	esp	Site B IP -> Site A IP	MULTIPLE:MULTIPLE	66.862 K / 72.161 K	18.25 MiB / 33.13 MiB
DATA	udp	X.X.30.32:47631 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 178	10 KiB / 15 KiB
LAN	tcp	X.X.65.101:49416 -> 20.54.37.73:443	ESTABLISHED:ESTABLISHED	188 / 99	19 KiB / 23 KiB
WAN	tcp	Site A IP:32590 (X.X.65.101:49416) -> 20.54.37.73:443	ESTABLISHED:ESTABLISHED	188 / 99	19 KiB / 23 KiB
LAN	tcp	X.X.65.101:59602 -> 217.146.21.137:5938	ESTABLISHED:ESTABLISHED	517 / 474	176 KiB / 271 KiB
IPsec	udp	X.X.30.32:47631 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 178	10 KiB / 15 KiB
WAN	tcp	Site A IP:61981 (X.X.65.101:59602) -> 217.146.21.137:5938	ESTABLISHED:ESTABLISHED	517 / 474	176 KiB / 271 KiB
LAN	udp	X.X.65.1:52209 -> 239.255.255.250:1900	SINGLE:NO_TRAFFIC	3.916 K / 0	1.77 MiB / 0 B
LAN	tcp	X.X.65.101:59603 -> 35.83.91.138:443	ESTABLISHED:ESTABLISHED	40 / 52	4 KiB / 10 KiB
WAN	tcp	Site A IP:39983 (X.X.65.101:59603) -> 35.83.91.138:443	ESTABLISHED:ESTABLISHED	40 / 52	4 KiB / 10 KiB
IPsec	udp	X.X.30.31:35453 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 178	10 KiB / 15 KiB
IPsec	udp	X.X.30.30:56690 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 178	10 KiB / 15 KiB
IPsec	udp	X.X.10.3:5060 -> X.X.70.100:5060	MULTIPLE:MULTIPLE	411 / 587	210 KiB / 287 KiB
DATA	tcp	X.X.90.30:41948 -> 52.36.125.178:8883	ESTABLISHED:ESTABLISHED	373 / 212	28 KiB / 25 KiB
WAN	tcp	Site A IP:40143 (X.X.90.30:41948) -> 52.36.125.178:8883	ESTABLISHED:ESTABLISHED	373 / 212	28 KiB / 25 KiB
DATA	udp	X.X.30.30:56690 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 178	10 KiB / 15 KiB
DATA	udp	X.X.90.30:3478 -> X.X.30.33:35855	MULTIPLE:MULTIPLE	179 / 178	15 KiB / 10 KiB
IPsec	udp	X.X.90.30:3478 -> X.X.30.33:35855	MULTIPLE:MULTIPLE	179 / 178	15 KiB / 10 KiB
WAN	udp	Site A IP:40339 (X.X.80.20:17423) -> 99.81.240.103:6000	MULTIPLE:MULTIPLE	214 / 214	18 KiB / 15 KiB
WAN	udp	Site A IP:23739 (X.X.80.20:17423) -> 34.250.216.38:6000	MULTIPLE:MULTIPLE	214 / 214	18 KiB / 15 KiB
DATA	udp	X.X.90.30:1900 -> 239.255.255.250:1900	NO_TRAFFIC:SINGLE	267 / 0	77 KiB / 0 B
LAN	tcp	X.X.65.101:59614 -> 52.97.183.194:443	ESTABLISHED:ESTABLISHED	421 / 591	206 KiB / 257 KiB
WAN	tcp	Site A IP:13434 (X.X.65.101:59614) -> 52.97.183.194:443	ESTABLISHED:ESTABLISHED	421 / 591	206 KiB / 257 KiB
DATA	udp	X.X.65.101:65512 -> X.X.90.10:53	MULTIPLE:MULTIPLE	37 / 33	2 KiB / 5 KiB
IPsec	udp	X.X.30.35:49238 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 177	10 KiB / 15 KiB
VOICE	udp	X.X.70.100:5060 -> Site B IP:5060	NO_TRAFFIC:SINGLE	483 / 0	307 KiB / 0 B
WAN	udp	Site A IP:16751 (X.X.70.100:5060) -> Site B IP:5060	SINGLE:NO_TRAFFIC	483 / 0	307 KiB / 0 B
DATA	udp	X.X.30.35:49238 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 177	10 KiB / 15 KiB
DATA	udp	X.X.90.50:60719 -> X.X.65.99:161	NO_TRAFFIC:SINGLE	348 / 281	37 KiB / 38 KiB
LAN	udp	X.X.90.50:60719 -> X.X.65.99:161	SINGLE:NO_TRAFFIC	348 / 0	37 KiB / 0 B
DATA	udp	X.X.90.65:51413 -> 93.158.213.92:1337	MULTIPLE:MULTIPLE	67 / 67	5 KiB / 10 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 93.158.213.92:1337	MULTIPLE:MULTIPLE	67 / 67	5 KiB / 10 KiB
DATA	udp	X.X.90.65:51413 -> 186.10.172.120:1337	MULTIPLE:MULTIPLE	57 / 57	4 KiB / 7 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 186.10.172.120:1337	MULTIPLE:MULTIPLE	57 / 57	4 KiB / 7 KiB
DATA	udp	X.X.90.65:51413 -> 185.181.60.155:80	MULTIPLE:MULTIPLE	57 / 57	4 KiB / 6 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 185.181.60.155:80	MULTIPLE:MULTIPLE	57 / 57	4 KiB / 6 KiB
DATA	udp	X.X.90.65:51413 -> 45.152.209.49:63510	MULTIPLE:MULTIPLE	204 / 204	28 KiB / 38 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 45.152.209.49:63510	MULTIPLE:MULTIPLE	204 / 204	28 KiB / 38 KiB
DATA	udp	X.X.90.3:123 -> X.X.90.1:123	MULTIPLE:MULTIPLE	81 / 81	6 KiB / 6 KiB
DATA	udp	X.X.90.65:51413 -> 193.77.58.163:49486	MULTIPLE:MULTIPLE	442 / 369	42 KiB / 59 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 193.77.58.163:49486	MULTIPLE:MULTIPLE	442 / 369	42 KiB / 59 KiB
DATA	udp	X.X.90.65:51413 -> 208.83.20.20:6969	MULTIPLE:MULTIPLE	70 / 69	5 KiB / 9 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 208.83.20.20:6969	MULTIPLE:MULTIPLE	70 / 69	5 KiB / 9 KiB
IPsec	tcp	X.X.30.50:50774 -> X.X.90.50:389	ESTABLISHED:ESTABLISHED	179 / 90	28 KiB / 30 KiB
IPsec	tcp	X.X.30.10:59464 -> X.X.90.50:389	ESTABLISHED:ESTABLISHED	179 / 90	28 KiB / 30 KiB
DATA	udp	X.X.90.65:51413 -> 49.12.86.202:6888	MULTIPLE:MULTIPLE	33 / 32	4 KiB / 4 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 49.12.86.202:6888	MULTIPLE:MULTIPLE	33 / 32	4 KiB / 4 KiB
DATA	udp	X.X.90.65:51413 -> 192.184.193.177:53687	MULTIPLE:MULTIPLE	170 / 168	25 KiB / 27 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 192.184.193.177:53687	MULTIPLE:MULTIPLE	170 / 168	25 KiB / 27 KiB
DATA	tcp	X.X.30.10:59464 -> X.X.90.50:389	ESTABLISHED:ESTABLISHED	179 / 90	28 KiB / 30 KiB
DATA	tcp	X.X.30.50:50774 -> X.X.90.50:389	ESTABLISHED:ESTABLISHED	179 / 90	28 KiB / 30 KiB
CAMS	tcp	X.X.80.20:51382 -> 3.249.4.57:31006	ESTABLISHED:ESTABLISHED	586 / 424	171 KiB / 17 KiB
WAN	tcp	Site A IP:1105 (X.X.80.20:51382) -> 3.249.4.57:31006	ESTABLISHED:ESTABLISHED	586 / 424	171 KiB / 17 KiB
CAMS	tcp	X.X.80.22:38743 -> 52.16.133.176:6800	ESTABLISHED:ESTABLISHED	156 / 152	37 KiB / 11 KiB
WAN	tcp	Site A IP:35184 (X.X.80.22:38743) -> 52.16.133.176:6800	ESTABLISHED:ESTABLISHED	156 / 152	37 KiB / 11 KiB
LAN	udp	X.X.65.101:51999 -> 52.114.88.86:3478	MULTIPLE:MULTIPLE	95 / 176	31 KiB / 29 KiB
WAN	udp	Site A IP:38817 (X.X.65.101:51999) -> 52.114.88.86:3478	MULTIPLE:MULTIPLE	95 / 176	31 KiB / 29 KiB
DATA	tcp	X.X.90.50:54785 -> X.X.30.50:49751	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.90.50:54785 -> X.X.30.50:49751	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	tcp	X.X.30.50:50789 -> X.X.90.50:51553	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	tcp	X.X.30.10:59485 -> X.X.90.50:51553	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	tcp	X.X.90.50:54789 -> X.X.30.10:56896	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.90.50:54789 -> X.X.30.10:56896	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.30.50:50789 -> X.X.90.50:51553	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.30.50:50793 -> X.X.90.10:53367	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	tcp	X.X.90.10:54915 -> X.X.30.10:56896	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.90.10:54915 -> X.X.30.10:56896	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	tcp	X.X.30.10:59481 -> X.X.90.10:53367	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	tcp	X.X.30.50:50793 -> X.X.90.10:53367	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.30.10:59485 -> X.X.90.50:51553	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.30.10:59481 -> X.X.90.10:53367	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	udp	X.X.90.65:51413 -> 185.38.14.195:13709	MULTIPLE:MULTIPLE	137 / 136	17 KiB / 18 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 185.38.14.195:13709	MULTIPLE:MULTIPLE	137 / 136	17 KiB / 18 KiB
CAMS	tcp	X.X.80.21:56003 -> 52.17.254.178:6800	ESTABLISHED:ESTABLISHED	155 / 150	37 KiB / 11 KiB
WAN	tcp	Site A IP:57272 (X.X.80.21:56003) -> 52.17.254.178:6800	ESTABLISHED:ESTABLISHED	155 / 150	37 KiB / 11 KiB
DATA	tcp	X.X.90.10:54924 -> X.X.30.50:49751	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.90.10:54924 -> X.X.30.50:49751	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
LAN	tcp	X.X.65.101:64367 -> 20.54.37.73:443	ESTABLISHED:ESTABLISHED	126 / 120	7 KiB / 13 KiB
WAN	tcp	Site A IP:60327 (X.X.65.101:64367) -> 20.54.37.73:443	ESTABLISHED:ESTABLISHED	126 / 120	7 KiB / 13 KiB
DATA	udp	X.X.90.65:51413 -> 85.224.212.37:22494	MULTIPLE:MULTIPLE	526 / 449	48 KiB / 82 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 85.224.212.37:22494	MULTIPLE:MULTIPLE	526 / 449	48 KiB / 82 KiB
DATA	udp	X.X.90.65:51413 -> 94.60.204.24:11126	MULTIPLE:MULTIPLE	171 / 171	24 KiB / 28 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 94.60.204.24:11126	MULTIPLE:MULTIPLE	171 / 171	24 KiB / 28 KiB
DATA	udp	X.X.90.65:51413 -> 111.201.55.100:23553	MULTIPLE:MULTIPLE	222 / 146	23 KiB / 23 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 111.201.55.100:23553	MULTIPLE:MULTIPLE	222 / 146	23 KiB / 23 KiB
LAN	tcp	X.X.65.100:58508 -> 17.57.146.162:5223	ESTABLISHED:ESTABLISHED	150 / 149	34 KiB / 32 KiB
WAN	tcp	Site A IP:13811 (X.X.65.100:58508) -> 17.57.146.162:5223	ESTABLISHED:ESTABLISHED	150 / 149	34 KiB / 32 KiB
WAN	tcp	5.100.32.41:63430 -> Site A IP:443	FIN_WAIT_2:ESTABLISHED	184 / 262	19 KiB / 211 KiB
WAN	tcp	5.100.32.41:63429 -> Site A IP:443	FIN_WAIT_2:ESTABLISHED	153 / 205	21 KiB / 134 KiB
WAN	tcp	5.100.32.41:63444 -> Site A IP:443	FIN_WAIT_2:ESTABLISHED	100 / 105	5 KiB / 12 KiB
LAN	udp	X.X.65.101:50005 -> 52.115.136.178:3480	MULTIPLE:MULTIPLE	80.818 K / 39.756 K	17.43 MiB / 5.91 MiB
WAN	udp	Site A IP:2006 (X.X.65.101:50005) -> 52.115.136.178:3480	MULTIPLE:MULTIPLE	80.818 K / 39.756 K	17.43 MiB / 5.91 MiB
LAN	udp	X.X.65.101:50021 -> 52.112.172.243:3478	MULTIPLE:MULTIPLE	153 / 153	37 KiB / 30 KiB
WAN	udp	Site A IP:51518 (X.X.65.101:50021) -> 52.112.172.243:3478	MULTIPLE:MULTIPLE	153 / 153	37 KiB / 30 KiB
LAN	udp	X.X.65.101:50045 -> 52.115.136.178:3481	MULTIPLE:MULTIPLE	60.36 K / 6.246 K	47.26 MiB / 1.12 MiB
WAN	udp	Site A IP:49178 (X.X.65.101:50045) -> 52.115.136.178:3481	MULTIPLE:MULTIPLE	60.36 K / 6.246 K	47.26 MiB / 1.12 MiB
DATA	udp	X.X.90.65:51413 -> 116.54.103.93:51413	MULTIPLE:MULTIPLE	143 / 141	17 KiB / 29 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 116.54.103.93:51413	MULTIPLE:MULTIPLE	143 / 141	17 KiB / 29 KiB
LAN	udp	X.X.65.101:50005 -> 52.112.175.13:3478	MULTIPLE:MULTIPLE	153 / 153	37 KiB / 30 KiB
WAN	udp	Site A IP:18532 (X.X.65.101:50005) -> 52.112.175.13:3478	MULTIPLE:MULTIPLE	153 / 153	37 KiB / 30 KiB
LAN	udp	X.X.65.101:50042 -> 52.112.175.8:3478	MULTIPLE:MULTIPLE	153 / 152	37 KiB / 30 KiB
WAN	udp	Site A IP:52439 (X.X.65.101:50042) -> 52.112.175.8:3478	MULTIPLE:MULTIPLE	153 / 152	37 KiB / 30 KiB
LAN	udp	X.X.65.101:50042 -> 52.115.136.178:3480	MULTIPLE:MULTIPLE	3.445 K / 3.441 K	477 KiB / 352 KiB
WAN	udp	Site A IP:19557 (X.X.65.101:50042) -> 52.115.136.178:3480	MULTIPLE:MULTIPLE	3.445 K / 3.441 K	477 KiB / 352 KiB
LAN	udp	X.X.65.101:50021 -> 52.115.136.178:3480	MULTIPLE:MULTIPLE	236.582 K / 893.433 K	179.50 MiB / 869.62 MiB
WAN	udp	Site A IP:29482 (X.X.65.101:50021) -> 52.115.136.178:3480	MULTIPLE:MULTIPLE	236.582 K / 893.433 K	179.50 MiB / 869.62 MiB
DATA	udp	X.X.90.65:51413 -> 132.147.100.36:63465	MULTIPLE:MULTIPLE	131 / 131	19 KiB / 21 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 132.147.100.36:63465	MULTIPLE:MULTIPLE	131 / 131	19 KiB / 21 KiB
DATA	udp	X.X.90.65:51413 -> 141.98.103.77:53831	MULTIPLE:MULTIPLE	340 / 351	31 KiB / 58 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 141.98.103.77:53831	MULTIPLE:MULTIPLE	340 / 351	31 KiB / 58 KiB
DATA	tcp	X.X.90.65:24224 -> 194.5.49.226:6881	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:24224 (X.X.90.65:24224) -> 194.5.49.226:6881	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:36064 -> 154.160.24.40:12285	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:36064 (X.X.90.65:36064) -> 154.160.24.40:12285	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:15684 -> 124.168.48.234:49767	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:15684 (X.X.90.65:15684) -> 124.168.48.234:49767	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10775 -> 197.185.98.220:45682	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10775 (X.X.90.65:10775) -> 197.185.98.220:45682	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10778 -> 169.1.247.231:13285	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10778 (X.X.90.65:10778) -> 169.1.247.231:13285	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10790 -> 216.131.84.117:10951	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10790 (X.X.90.65:10790) -> 216.131.84.117:10951	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10794 -> 185.159.158.108:51413	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10794 (X.X.90.65:10794) -> 185.159.158.108:51413	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10817 -> 188.155.251.19:51413	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10817 (X.X.90.65:10817) -> 188.155.251.19:51413	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10825 -> 41.13.82.160:40464	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10825 (X.X.90.65:10825) -> 41.13.82.160:40464	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10826 -> 5.29.16.216:24616	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10826 (X.X.90.65:10826) -> 5.29.16.216:24616	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10829 -> 77.137.78.115:24616	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10829 (X.X.90.65:10829) -> 77.137.78.115:24616	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10832 -> 14.200.21.147:58070	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10832 (X.X.90.65:10832) -> 14.200.21.147:58070	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10835 -> 117.20.67.130:60637	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10835 (X.X.90.65:10835) -> 117.20.67.130:60637	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10844 -> 154.70.58.233:53333	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10844 (X.X.90.65:10844) -> 154.70.58.233:53333	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	udp	X.X.90.65:51413 -> 146.70.61.139:20121	MULTIPLE:MULTIPLE	354 / 296	35 KiB / 43 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 146.70.61.139:20121	MULTIPLE:MULTIPLE	354 / 296	35 KiB / 43 KiB
DATA	tcp	X.X.90.65:10847 -> 37.120.131.189:16881	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10847 (X.X.90.65:10847) -> 37.120.131.189:16881	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10856 -> 109.202.196.152:51413	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10856 (X.X.90.65:10856) -> 109.202.196.152:51413	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10860 -> 37.120.157.21:6882	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10860 (X.X.90.65:10860) -> 37.120.157.21:6882	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10796 -> 176.182.231.224:53033	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10796 (X.X.90.65:10796) -> 176.182.231.224:53033	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10799 -> 119.18.2.241:51413	CLOSED:SYN_SENT	1 / 0	60 B / 0 B

            Update: was able to get a Wireshark capture of my WAN: https://cloud.gregoir.be/index.php/s/yf8awxHbDbpGDHm

            1 Reply Last reply Reply Quote 0
            • Bob.DigB
              Bob.Dig LAYER 8
              last edited by Bob.Dig

              Today tried changing settings wildly in Windows but nothing changed. Again, went back.

              2.5

hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: WAN
	options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
	capabilities=48071b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6,LRO,LINKSTATE,TXCSUM_IPV6>
	ether 00:15:5d:8c:c0:1f
	inet6 fe80::215:5dff:fe8c:c01f%hn0 prefixlen 64 scopeid 0x5
	inet6 2003:da:a718:4300:215:5dff:fe8c:c01f prefixlen 128
	inet 172.25.0.2 netmask 0xffffff00 broadcast 172.25.0.255
	media: Ethernet autoselect (10Gbase-T <full-duplex>)
	status: active
	supported media:
		media autoselect
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

hn1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: LAN
	options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
	capabilities=48071b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6,LRO,LINKSTATE,TXCSUM_IPV6>
	ether 00:15:5d:8a:c0:20
	inet6 fe80::215:5dff:fe8a:c020%hn1 prefixlen 64 scopeid 0x6
	inet6 fe80::1:1%hn1 prefixlen 64 scopeid 0x6
	inet6 2003:da:a718:43f0:215:5dff:fe8a:c020 prefixlen 64
	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
	groups: GroupNTP GroupDNS
	media: Ethernet autoselect (10Gbase-T <full-duplex>)
	status: active
	supported media:
		media autoselect
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

2.6

hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: WAN
	options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
	capabilities=48071b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6,LRO,LINKSTATE,TXCSUM_IPV6>
	ether 00:15:5d:8c:c0:1f
	inet6 fe80::215:5dff:fe8c:c01f%hn0 prefixlen 64 scopeid 0x5
	inet6 2003:da:a718:4300:215:5dff:fe8c:c01f prefixlen 64 autoconf
	inet 172.25.0.2 netmask 0xffffff00 broadcast 172.25.0.255
	media: Ethernet autoselect (10Gbase-T <full-duplex>)
	status: active
	supported media:
		media autoselect
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

hn1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: LAN
	options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
	capabilities=48071b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6,LRO,LINKSTATE,TXCSUM_IPV6>
	ether 00:15:5d:8a:c0:20
	inet6 fe80::215:5dff:fe8a:c020%hn1 prefixlen 64 scopeid 0x6
	inet6 fe80::1:1%hn1 prefixlen 64 scopeid 0x6
	inet6 2003:da:a718:43f0:215:5dff:fe8a:c020 prefixlen 64
	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
	groups: GroupNTP GroupDNS
	media: Ethernet autoselect (10Gbase-T <full-duplex>)
	status: active
	supported media:
		media autoselect
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Only thing I've seen so far is this post on reddit:
                https://www.reddit.com/r/PFSENSE/comments/ssabdz/pfsense_plus_version_2201_and_pfsense_ce_version/hwznlap/

                Which suggests it's an issue with the VMQ support that is now functioning in 2.6.
                However it looks like several of you have tried running SR-IOV or were already with no improvement?

                Steve

                D 1 Reply Last reply Reply Quote 0
                • D
                  DonZalmrol @stephenw10
                  last edited by

                  Hi @stephenw10 just checked on my Hyper-V PFSense guest SR-IOV has failed for my interfaces. I'm quite sure it worked without any issues when I set up my installation from scratch.

                  Is there a way to reactivate it?

                  FYI: Disabling SR-IOV, VMQ has no effect on the speed.

                  1 Reply Last reply Reply Quote 1
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Not in pfSense. I have little to no experience in Hyper-V so I can't really help with that.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • M
                      mxkied2
                      last edited by

                      The nics I am using for pfsense (Intel i210) do not support VMQ or SR-IOV, not sure if that information helps at all but I thought I would mention it at least.

                      1 Reply Last reply Reply Quote 0
                      • M
                        mxkied2 @stephenw10
                        last edited by

                        @stephenw10 I am not running vlans but I do have snort running so that might explain the promiscuous mode.

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          Yup, that probably would. There is clearly something else at work here though and it appears to be beyond just the NIC/driver.

                          1 Reply Last reply Reply Quote 0
                          • R
                            RMH 0
                            last edited by

                            I have same issue as covered here:

                            Win 2019 Server running Hyper-V

                            All Ok on 2.5.2 moved to 2.6 and network speed dropped from, 500mb to 2.5mb. I did all the changes suggested here with VMQ etc. Also swapped WAN interface from Intel Pro 1000 PT Dual NIC to onboard Marvell Yukon 88E8059 and no difference.

                            What did weirdly make a massive difference was using a VPN on my PC, I started NordVPN and my speed jumped back to 488mb. Strange thing was in pfsense it showed my WAN speed as 60mb. Dropping the VPN and speed dropped back bown to a couple of MB.

                            Essentially the connection via pfsesne 2.6 runs at normal speed if your client is conencting through it on a VPN. All be pfsense thinks it is running at nearly 10x a slower speed.

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              TCP vs UDP maybe? Some hardware off-loading happening?

                              Do you see error in the interfaces when it's slow?

                              D 1 Reply Last reply Reply Quote 0
                              • D
                                Dominixise @stephenw10
                                last edited by

                                @stephenw10

                                Hi Steve I can setup a zoom session with you on my server unless that requires paid tech support from netgate?

                                Dom

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  I'm not the guy for that, I know next to nothing about hyper-v. 😉

                                  D 1 Reply Last reply Reply Quote 0
                                  • D
                                    Dominixise @stephenw10
                                    last edited by

                                    packetcapture.zip @stephenw10

                                    Could be a Microsoft error too, I remember just after Christmas there was an windows update that cause some Hyper-V errors and maybe some are still present. My Server is up to date.

                                    But heres a packet capture of a speed testpacketcapture.zip

                                    D 1 Reply Last reply Reply Quote 0
                                    • D
                                      Dominixise @Dominixise
                                      last edited by

                                      @dominixise
                                      Also pftop while doing a speed testdom pfsense pftop.jpg

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        No actual speedtesting shown there, was it filtered?

                                        All small packets, some MTU issue?

                                        Steve

                                        D 1 Reply Last reply Reply Quote 0
                                        • D
                                          Dominixise @stephenw10
                                          last edited by

                                          @stephenw10
                                          Sorry i am new to getting logs, try this onepacketcapture (1).zip

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Nearly! 😉

                                            You probably want to filter by the client IP you are running the test on, if you're capturing on LAN. And set the capture to, say, 5000 packets.

                                            Steve

                                            D 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.