Virtualized pfSense on QNAP NAS
-
Alright, it looks like the biggest problem is the fake intel emulated card:
0 root -92 - 0K 256K CPU0 0 441:25 100.00% [kernel{em0 taskq}]
For starters, give the VM more memory, like, 2GB. Then, see if you can use a virtio/virtual network card instead of emulated Intel.
-
Wow.. I hope solve my issue,
Fine tonight, I will stop my vm, add the new interfaces with device type virtIO and force same mac Adress than old nic..
If everything work fine, my pfsense assign the new interface at the right vlan (mac is the same) right?
-
Wow.. I hope solve my issue,
Fine tonight, I will stop my vm, add the new interfaces with device type virtIO and force same mac Adress than old nic..
If everything work fine, my pfsense assign the new interface at the right vlan (mac is the same) right?
yes
-
fine…
there two news, one good, one bad :P
the good is, the cpu consumption is now normal.... when i launch a transfert the cpu up at 3 or 5% ....
the bad is the bandwitch is worse for than before..... (mi ISP connexion is up 250Mbps / down 1Gbps) the bandwitch test down 15Mbps / up 1Mbps) .....any ideas ?
-
fine…
there two news, one good, one bad :P
the good is, the cpu consumption is now normal.... when i launch a transfert the cpu up at 3 or 5% ....
the bad is the bandwitch is worse for than before..... (mi ISP connexion is up 250Mbps / down 1Gbps) the bandwitch test down 15Mbps / up 1Mbps) .....any ideas ?
That is because of this: https://forum.pfsense.org/index.php?topic=88467.0
Disable checksums! On both sides (host and vm)
-
OK, I'm check this tonight, have a good day
-
hi….
good news, the network speed is good :D
i am install pfsense from scratch with 2.3.5. (i don't know if virtualization station support freebsd 11), i restore my conf, reassign the interface, reboot, disable checksum offloading, reboot, and after... everythink works fine, except the openvpn layer... the daemon don't start....
-
so….
after troubleshooting, the issu was the loose of auth digest algo config and encryption algo.. i remake it, reload conf and everything works fine...
thank you very much for your precious help, and time :D
-
Excellent work! good to know that you can use virtio and disable checksum offloading without any extra hacking. Should keep the CPU usage low, but the performance high.
-
@killpilot , as I'm sure you know, Netgate just released pfSense as a Virtualization Station app for QNAP devices. I know your TVS-663 supports VS. I'm just curious if you have tried running this app, and if so, any issues? Also, if you don't mind me asking, are you running pfSense with any of the security packages (like Snort, pfBlocker, OpenVPN, LightSquid)? If so, are you able to maintain bandwidth with all of these running?
I ask because I am in need of a new firewall/UTM (to replace an ageing Zyxel device) as well as a new NAS. So I'm thinking of buying a supported QNAP device and running pfSense (kill two birds with one stone). My main concern, aside from stability (which seems good from what I've read) is not throttling my bandwidth when running pfSense with the various packages. Any thoughts on this?
Hopefully you're still following this thread. Thanks!
.
-
hi, i so sorry for the long wait....
so.... finally i remove the Nas pfsense to a dedicated hardware. after this topic, i have a issue with the bandwitch performance.i have a Gigabit Fiber connection, and with my TVS-663 and CPU at 100%, i can exceed 250mbps. and when i installed ntopng, the performance is worse.......
finally i move the pfsense into the minipc with i5 and AESNI support.
I think that the qnap solution is not yet mature enough to be effective
-
@killpilot , thanks for the follow-up. After giving it a lot of thought, I also decided against virtualizing pfSense. I decided it would would be better to run something this critical on dedicated hardware. I ended up going with a different solution (Fortigate) as I wanted something pretty robust with good support. So far it's working well.