Virtio - broken checksums

  • 2.1-BETA0 (amd64) built on Sat Sep 1

    I have pfsense running as VM on a KVM/qemu. If I use virtio for the NICs, TCP connections over pfsense (e.g. from LAN to WAN) cannot be set up anymore: SYN packets are dropped(?) at the destination, no SYN/ACK are sent back. Pinging over pfsense, however, does work as well as all connection types to pfsense itself.

    Found these symptoms described in blogs/forums with hints that the current virtio kernel module of FreeBSD has trouble calculating checksums correctly. Didn’t dig any deeper, but found the following working for me.

    Workaround: disable hardware checksum offloading

    Around two month ago, I had a pfsense devel built without this issue.

  • I'm having the same issue with virtio on a KVM guest (SmartOS). Did you ever find a resolution?

  • you have to disable hardware checksum offloading. That, as he noted, is the work around.

Log in to reply