Proxmox with a FreeBSD guest
Proxmox recommends using ntpd daemon in a FreeBSD client to maintain client real time synchronization. See pve.proxmox. com/wiki/FreeBSD_Guest_Notes and forum.proxmox. com/threads/time-drift-in-windows-7-guest.41268/#post-198848

Real time is set in the guest when it first starts. After which the guest clock drifts with the hosts processor crystal.

ntpd is the ntp daemon. See www.freebsd. org/cgi/man.cgi?query=ntpd&apropos=0&sektion=8&manpath=FreeBSD+12.2-stable&arch=default&format=html

Configured via /etc/ntp.conf

Command line interface ntpq See www.freebsd. org/cgi/man.cgi?query=ntpq&sektion=8&apropos=0&manpath=FreeBSD+12.2-RELEASE+and+Ports

11 minute hardware real time clock update can be enable by adding the line "SYNC_HWCLOCK=yes" to /etc/sysconfig/ntpdate

date gives time of day to 1 second resolution

Qemu guest agent
I think qemu can also sync time between the guest and Porxmox host.

Doing so is suggested github. com/aborche/qemu-guest-agent/blob/master/supported_command_reference.md

Other virtualization systems such as vmware have time synchronization between host and guest via the agent

Time synchronization should be done via only one system otherwise interaction between them decreases time system accuracy. Which mean if an agent and ntpd is used then there would need to be a way of disabling time synchronization via the agent. I'm not sure how to do this.

pfsense guest on Proxmox host
Given it is probably best to run ntp (chrony) on Proxmox then synch time in pfsense to the Proxmox host via ntpd over the LAN interface. Ideally I would like to do the following but not sure how to acheive that in pfsense

Enable ntpd on pfsense but not listening to clients on any interface. Selecting no interfaces in the GUI does the reverse.

Disable hardware real time clock update by pfsense. This is done every 11 minutes by chronyd on the Proxmox host. In pfsense the directory structure is different, so I can't goto to /etc/sysconfig/ntpdate and set SYNC_HWCLOCK=no

@jimp i just ended up reinstalling because nothing else was working. thanks for the help though

As an update on the topic, I have updated to 2.4.5-p1 and changed the virtual driver to virtio instead of e1000.
This has greatly improved the stability of the pfSense and the high traffic induced network loss have disappeared.

We still experience some random network loss that are under investigation.

@firerobin said in pfSense VM latency and WAP performance issues:

@bmeeks Thanks again for the info. I'll ask around in neighborhood forums to see if anyone else is having issues with their xfinity connection. Hopefully I can find someone as knowledgeable as the folks in this forum, but then they'd probably already be on top of the issue 😬

Would this problem be as noticeable if they have a higher bandwidth service plan?

If you have issues with the node you are served from, a higher speed tier is not likely to help. An overloaded or malfunctioning node would be expected to affect all speed tiers. The one exception might be if they moved you to another node for a higher tier, but that is extremely unlikely as the node serving you is usually fixed due to the realities of coax cable routing on the poles.

To test and make sure a saturated uplink is not your issue, play your game at a time when you are 100% certain nobody else is using your Internet connection but you and your gaming machine. No streaming or anything else going on. If you have problems then, it is likely to be an upstream ISP problem. If you have no issues, then somebody really loading up on downloads can hurt your gaming and ping times as all the ACKs from the busy downloads can eat up the upload bandwidth.

@viragomann said in Running pfSense 2.4.4 over a KVM VM in PROXMOX 6.1.5.:

You will get the best benefits of the processor features, when using host type. This passes all the features of the processor through to the VM, while KVM64 provides only a small amount of common features. For instance, KVM64 doesn't make use of AES-NI, even if your host CPU supports it.

with kvm64 you can set extra cpu flags though, including AES. All via proxmox gui.

Bonjour,

Alors moi aussi je suis en train de faire ce setup avec comme but de garder Livebox , TV et phone de coté.
Donc je regarde cette doc :
https://wiki.csnu.org/index.php/Fibre_orange_en_DHCP_avec_routeur_pfsense
J'ai acheté un switch microtik 260gs, parce que je suis un geek et que c'est bien foutu ces switch pour pas chère :)

Bref en attendant d'avancer sur ce setup j'ai ma solution intermédiaire pour la partie TV
Sur un switch qui supporte les vlan je créé un vlan spécial ou je branche et j'isole du reste de mon réseau la livebox et la box tv. Bien entendu j'ai du tirer un câble de mes serveurs vers ma tv mais je suis bien content du résultat.
Après je n'ai rien inventé j'ai suivi l'idée de la doc ci dessus :
"Enfin, dans le cas ou vous ne pourriez pas brancher directement le port LAN de la livebox à votre décodeur, il est possible (à condition que le switch gérant votre lan soit manageable et supporte les VLANs) de brancher le port LAN de la livebox directement à votre switch de LAN et d'y taguer les paquets sur un VLAN (666 dans cet exemple). Cela impose d'avoir un second switch sur votre lan, qui sera, lui, directement connecté au décodeur et qui doit être lui aussi manageable afin de détaguer du VLAN 666 les paquets pour le décodeur. "

Tous ça pour dire que je pense que virtualiser pfsense dans proxmox peut ajouter plus de complication que de solution. Mais c'est intéressant de monter ce setup

Quand j’aurais le temps d’avancer sur ce setup j'ajouterais des infos.

@+

@stephenw10

I have rechecked my NAT rules and it appears it was natting on the Vlan, which was causing a double NAT, which was why it was showing PFsense's Interface address! Thanks for the help anyhow