Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Virtio - broken checksums

    2.1 Snapshot Feedback and Problems - RETIRED
    3
    3
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      got0
      last edited by

      2.1-BETA0 (amd64) built on Sat Sep 1

      I have pfsense running as VM on a KVM/qemu. If I use virtio for the NICs, TCP connections over pfsense (e.g. from LAN to WAN) cannot be set up anymore: SYN packets are dropped(?) at the destination, no SYN/ACK are sent back. Pinging over pfsense, however, does work as well as all connection types to pfsense itself.

      Found these symptoms described in blogs/forums with hints that the current virtio kernel module of FreeBSD has trouble calculating checksums correctly. Didn’t dig any deeper, but found the following working for me.

      Workaround: disable hardware checksum offloading

      Around two month ago, I had a pfsense devel built without this issue.

      1 Reply Last reply Reply Quote 0
      • P
        pringlescan
        last edited by

        I'm having the same issue with virtio on a KVM guest (SmartOS). Did you ever find a resolution?

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          you have to disable hardware checksum offloading. That, as he noted, is the work around.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post