pfSense + OpenVswitch issues
-
In the guide listed here: https://docs.netgate.com/pfsense/en/latest/virtualization/virtualizing-pfsense-with-proxmox.html it mentions that conventional Linux bridges are required for both the LAN and WAN interfaces. This does match my experiences as I have tried to get pfSense working entirely under OpenVswitch and have experienced routing issues on the LAN and WAN interfaces.
While this is not a problem in most installations, it does prevent pfSense use in some situations. Nutanix Community Edition and Nutanix production versions that use the AHV hypervisor use OpenVswitch to manage internal traffic. This means that pfSense either fails to route or needs to be installed on external devices in these Nutanix environments. I have tested this. It also means that Proxmox environments that use only OpenVswitch are subject to the same limitations.
What confuses me is that OPNsense will route traffic in both of these types environments when only OpenVswitch is available. Unfortunately OPNvswitch does not currently support Snort, which is my IPD/IPS of choice.
Is there a plan to address the issues with OpenVswitch under pfSense in the future? While I'm sure the impact of this problem is relatively small for the pfSense community at present, OpenVswitch use is continuing to grow steadily.
Thank you.