Problems with Suricata in pfSense on Proxmox running inline mode

Bob.Dig · Apr 24, 2024, 8:20 AM

vtnet should be supported by inline mode and while it is running flawlessly on a pfSense VM in the oracle cloud free tier using this driver, I had no luck running it at home on my proxmox, there is no connectivity after enabling it. So maybe I am missing something?

bmeeks · Apr 24, 2024, 2:32 PM

If it runs on a pfSense VM in one hypervisor (or virtual environment), then I would hazard a guess that the failure to run in another (Proxmox in your case) points to a problem with vtnet emulation in that hypervisor.

Translated -- I suspect a problem with vtnet within Proxmox, and thus there is nothing wrong nor nothing to fix on the pfSense side since other hypervisors have no problem with vtnet drivers and IPS Inline Mode in pfSense.

In my experience here on the Netgate forum over the years, I've seen the most "issues" with hypervisors and pfSense when the hypervisor is either Hyper-V or Proxmox. I've seen the fewest issues when it was VMware (either Workstation or ESXi).

Bob.Dig · Apr 24, 2024, 2:32 PM

@bmeeks Hyper-V doesn't use vtnet so sure, it won't run.

But maybe someone else has it running without a problem and I only have to tweak "something".

bmeeks · Apr 24, 2024, 2:42 PM

@Bob-Dig said in Problems with Suricata in pfSense on Proxmox running inline mode:

Hyper-V doesn't use vtnet so sure, it won't run.

I didn't mean to imply Hyper-V supported vtnet. Only mentioned Hyper-V because a number of other issues have been surfaced there by users attempting to run pfSense. My point was that these two hypervisors (Hyper-V and Proxmox) tend to show up most often when someone posts with a pfSense issue in a virtual environment. I notice much fewer issues posted when virtualizing pfSense in a VMware environment.