Pfsense not working very well anymore
-
Yep.
I ran pf on a considerably robust esxi system, and it never ran 100%. And I also experienced the same thing you are, over time the system became less and less useful/stable/happy, sorta like a Windows machine that's getting a little long in the tooth.
Went back to bare metal for pf, never going back to VMs, period.
-
hrmph!
thanks for the info all. wonder if i would have different results on hyperv?
-
hrmph!
thanks for the info all. wonder if i would have different results on hyperv?
I had a great experience with pf on parallels when I was first checking it out. I think the problem has something to do with bare metal hypervisors. This is just a guess.
I am not sure how efficient the networking would be on something like hyper-v sitting on top another OS. Does network activity hit the cpu in this case or can it do the passthrough stuff that I could not manage to get working in esxi?Lots of questions.
-
Can I assume you guys are using consumer-grade gear? I've been running pfSense on ESXi for years without issue with a 100/100 Mbps fibre link. The servers I'm using are HP ProLiant and Dell NX series blades.
-
@KOM:
Can I assume you guys are using consumer-grade gear? I've been running pfSense on ESXi for years without issue with a 100/100 Mbps fibre link. The servers I'm using are HP ProLiant and Dell NX series blades.
Probably certified to be working with vmware in the first place, too. 8)
-
i mean the hyper v server, i have access to it free as my student status in a MSCS program. yes, consumer grade hardware for home use, on a 30mbps cable modem connection. and I rarely ever even use that much bw, especially when im at home alone on my corp laptop trying to SSH to equipment in the network
-
I saw the same sort of thing, but with pfsense running on a physical box.
I have 3m/768k DSL and with the Frontier supplied firewall, buffer bloat would make my network unusable when any sort of data was going upstream. I implemented pfsense on an old AMD system, set up some rudimentary traffic shaping (mostly so that ACK packets go to the head of the queue) and life was good.
At some point, my performance just started to suck for N devices when N+1 devices were transferring data across the Internet connection - it didn't even have to come close to saturating the link. I jacked around with the traffic shaping, then deleted it. No help.
Now admittedly, the AMD box wasn't high power, but it ran pfsense just great for a long time and I seldom saw more than 3% sustained utilization.
I finally gave up and moved to the free Sophos UTM for home product. I'm running it under ESXi 6 on the cheapest AMD quad core CPU available (along with an asterisk based PBX and a Server 2003 file server) with no problems at all.
-
I saw the same sort of thing, but with pfsense running on a physical box.
I have 3m/768k DSL and with the Frontier supplied firewall, buffer bloat would make my network unusable when any sort of data was going upstream. I implemented pfsense on an old AMD system, set up some rudimentary traffic shaping (mostly so that ACK packets go to the head of the queue) and life was good.
At some point, my performance just started to suck for N devices when N+1 devices were transferring data across the Internet connection - it didn't even have to come close to saturating the link. I jacked around with the traffic shaping, then deleted it. No help.
Now admittedly, the AMD box wasn't high power, but it ran pfsense just great for a long time and I seldom saw more than 3% sustained utilization.
I finally gave up and moved to the free Sophos UTM for home product. I'm running it under ESXi 6 on the cheapest AMD quad core CPU available (along with an asterisk based PBX and a Server 2003 file server) with no problems at all.
I liked the GUI for Sophos and tried the same thing. I had to reinstall several times as it wouldn't take the root password I set. I felt like I was being trolled.
Then I was like, "Dude it took you 3 years to grasp pfsense, do you really want to learn it all again?"
My issues on one pf install was strange, I got a ton of php errors in the log. I backed up and opened the .xml and found a ton of ungraceful things about old packages still leaving remnants in the config. I cleared all of it out and did a simple reload and it solved the issue.
-
Then I was like, "Dude it took you 3 years to grasp pfsense, do you really want to learn it all again?"
I figured Sophos UTM out enough to get up and running in an hour. I've spent about 20 hours more digging around and I I understand it better than I understand pfsense after using it for 5 years.
In some areas, Sophos UTM isn't nearly as complex or flexible as pfsense, so that eliminates a LOT to have to understand. Traffic shaping for example - in Sophos, it is fairly simple. In pfsense, it could be the subject of a college masters program.
Sophos also has a 900 page admin guide which is actually fairly useful - you can typically find the info you want in a few minutes, as opposed to scouring wikis and forum posts for hours for pfsense.
-
Then I was like, "Dude it took you 3 years to grasp pfsense, do you really want to learn it all again?"
I figured Sophos UTM out enough to get up and running in an hour. I've spent about 20 hours more digging around and I I understand it better than I understand pfsense after using it for 5 years.
In some areas, Sophos UTM isn't nearly as complex or flexible as pfsense, so that eliminates a LOT to have to understand. Traffic shaping for example - in Sophos, it is fairly simple. In pfsense, it could be the subject of a college masters program.
Sophos also has a 900 page admin guide which is actually fairly useful - you can typically find the info you want in a few minutes, as opposed to scouring wikis and forum posts for hours for pfsense.
There's a pfsense book that should be pushed more on the community as it really is extremely helpful.
But sure, I like sophos and everything. It just gave me a bad first impression whereas I have yet to find fault with pfsense - if something is wrong it's usually something else. 8)
-
There's a pfsense book that should be pushed more on the community as it really is extremely helpful.
Are you talking about the official book? It is for version one and is seven years old.
The book for version two is due "real soon now", or so says a two year old post on the documentation forum.
-
There's a pfsense book that should be pushed more on the community as it really is extremely helpful.
Are you talking about the official book? It is for version one and is seven years old.
The book for version two is due "real soon now", or so says a two year old post on the documentation forum.
I bought it and it cleared up so many misconceptions that I had immediately. I could easily be where I'm at with it within a week compared to the years I spent. Not a huge deal as the move to pfsense has been very solid compared to where we came from. I can do a lot more with it now, is all.
-
Probably certified to be working with vmware in the first place, too.
Of course. Why would I run critical stuff on RandomCo hardware??
Are you talking about the official book? It is for version one and is seven years old.
No, he's probably talking about this one. There will never be another hardcopy book, says JimP. This is a living document and will get updated as required. Available to Gold subscribers only.