PfSense 2.2 on VMware ESXi 5.5 hangs

  • I installed several times pfSense 2.2, both x86 and x64, as VM's in VMware ESXi 5.5

    All instances have the same symptom,
    after a few changes on the firewall (NAT/Rules),
    pfSense stops working on the Webconfigurator and on the Interfaces.

    Only rebooting the VM through the VMware Console brings back a working pfSense.

    Anybody else with this Problem? Does someone have a solution for this?


  • LAYER 8 Global Moderator

    nope no problems.. Been running 2.2 on esxi 5.5 build 2403361, and before that running snapshots of 2.2 and RC on previous build 2143827, and on update2 build 2068190

    So multiple builds of esxi, and multiple iterations of 2.2 without any issues.

  • Same here.  No problems like those that you have described.

  • I run a slightly older ESX Version, 1892794, but i think that does not make the difference.

    What type of NIC you are using? (Flexible/E1000/VMXNET2/VMXNET3). Maybe i missed something there.

    What vHardware else are you using, vRAM, vCPU, etc.


  • I always use the E1000.  I know it puts a higher load on the CPU, but I seem to have nothing but problems with the vmx drivers.  I typically use 2 vCPU and 2 GB RAM.  I haven't moved my production stuff to 2.2 yet, but I'm thinking about 4 CPU since I have tons of cycles to spare, and with FreeBSD 10.1 I might actually see some use out of the extra cores.

  • LAYER 8 Global Moderator

    running vmxnet3 since pfsense 2.2 has built in support for it now.

    Running x64, hardware version i have set to 10, just because I like to be current even though limited to hardware 8 edits with vclient.  has 2GB ram given to it - which way to much prob going to trim that back to 512, or at most 1GB.  2 cpus - prob lower that to 1, etc.  Thought I was going to play with some packages which why gave it a bit more umph.. But not really going to happen any time soon so might as well trim back its given resources.

    that build is what from july of last year.. Kind of OLD ;)  Lots of bug fixes in patches since then.. Why such old build??

    There is nothing special in the setting for the vm required.  pick freebsd and 32 or 64 and your good.

  • Thank you both!

    Now i have a few tests with some other hardware settings i can do over the next few days.

    Will get back to you with results.

  • Just to add an additional feedback, I've been running pfsense on ESXi 5.5 for more than a year without any kind of problem.
    Started with pfsense 2.1, updated to 2.2 1 month ago.

    2 vcpu out of an octa-core dual Xeon setup, 1 GB ram and 20GB hard drive space on a blazingly fast SSD drive. Open vm tools installed.
    Not much to say but the fact that pfsense is running smooth 24/7.

    Happily upgraded v-nics to vmxnet3 (data transfer across networks routed through the fw and throughput stability improved by a fair amount) upon upgrading to 2.2 build. :)

  • Two things to check:

    • Did you make the mistake of setting up a Linux VM instead of FreeBSD

    • Are you sure you matched the 32/64-bit VM setup to the pfSense you installed?

    Sorry if these seem obvious to you.  Both situations have appeared in these forums before.

  • Did the same install (2.2 x64 full image) on 2 vm's in order to test CARP and seems to work just fine.

    • freebsd x64 + 3 nics (all as E1000) on LSI Logic parallel
      seems to work fine

  • I reported the exact same problem on 2.2-RC. Did you manage to fix this Ha-Pe ?

  • Brainlesscurls, are you using the same ancient version of ESXi as Ha-Pe?

    Ha-Pe, can you describe exactly what you did when you say you made some changes to the firewall and then everything stopped working?

  • No, I'm using ESXI 5.5 build 2302651. The VM is configured as FreeBSD (64-bit), I've installed the amd64 iso and the open-vm-tools package. I tried both E1000 and VMXNet 3 adapters, it changes nothing.
    Strange thing is, it always either crashes right away, or around an hour later.

    I have another 2.2 VM on another host and it doesn't have this problem.

  • So it's isolated to that one ESXi host?  What's so special about that host as compared to the other(s)?  Does pfSense live on if you don't configure the CARP stuff?

  • I tried disabling a lot of things, but not CARP. See you in 2 hours (or less if it crashes before that).

    Edit: Uptime 01 Hour 09 Minutes 10 Seconds. Still running for now (I'm playing WoW so I'll now when/if it crashes).

  • Uptime 08 Hours 06 Minutes 01 Seconds, still running. CARP was probably the culprit here.

  • I could do some test based on the recommendations by KOM and johnpoz. For my situation, it seems i was to stingy with the hardware settings on my vm's.

    Since i upgraded vCPU's from 1 to 2 and vRAM from 512mb to 1024mb, the problems are gone.

    While setting up the appliances i configured with this guide:
    There they speak about 1vCPU and 512mb vRAM if you have e few or no packages. I only use OPENVPN Client Export Packages in addition to the baseimage. So i thought 512mb will be enough.

    Now the error/problem is reproducable. when i go back to 512mb vRAM and change some NAT/firewall rules (only enabling/disabling) pfSense stops working as described earlier after about 20-30klicks.
    With 1024mb vRAM the error does not occour, even with 100dreds of klicks.  ;)

    My presumption ist that pfSense 2.2 with FreeBSD 10.x requires more vRAM the in older releases.

    Here for Reference my complete seetings:
    ESXi 5.5 Build 2456374 / pfSenseVM: HW-Version 8, FreeBSD 64bit, 2vCPU, 1024MB vRAM, 8GB vDisk Thick, 2xE1000 NIC

    BTW: the ancient ESXi Version i was using before has nothing to do with the problem. the problem is reproduced on the my old ESXi box aswell on the new.

  • That would be quite a regression if it was true. I'm currently running 2.2 with 256MB of vRAM on another host without any issue (11+ days of uptime as we speak).

Log in to reply