PFsense - KVM



  • Hello Fellow PFSense Guru's,

    We are having a few issues and would like to know if you could help.

    First of all we have PFSense setup on a KVM VPS within Proxmox, it has 1GB RAM and access to 2 cores of our i7 CPU. It's connected to 3 NIC's (2 WAN, 1 LAN)

    The first issue is CPU usage, the router/firewall idles at 9%-15% CPU - We tried fixing this by changing the NIC's to virtio after reading that the Intel NIC's cause CPU load (This caused another issue which will be explained below). Changing NIC's didn't fix the issue so we tried enabling/switching to the SMP or Multi-Processor Kernel. Still the same issue.

    The second issue is with the virtio NIC's, we want to use these as they improve network performance. We added the virtio function to the kernel and rebooted with successful results. The router/firewall was getting internet access and DHCP was working. The issue was DNS did not work what so ever, all VM's could ping IP's but could not resolve DNS. We enabled and changed some settings in the DNS forwarder and set the DHCP server give our the Router/Firewall's IP for DNS. Resolving DNS worked but only if you tried to ping the hostname, all browser or hostname/DNS related connection other than ping did not work. The issue was resolved by changing back to the Intel NIC's but caused a noticeable network performance drop.

    If anyone here has seen these issues and would help us resolve them please comment bellow with possible fixes.

    Thanks a lot in advance.



  • No one can help ?



  • I dont think it's that nobody wants to help, but the only really supported vm is Vmware.  The others can work, but with no official support, it seems to be just a few random people running outside of vmware.  I know I would rather be on hyper-v, but there always seems to be issues and it's unsupported (not really a pfsense thing, but a freebsd thing).



  • Well, at least this is something, now I have an idea about why all this is happening.

    Thanks for clarifying tester :)


Log in to reply