Running PFSense on my Mac Mini through VirtualBox

bluepr0 · Dec 14, 2015, 6:46 PM

Hello!

First of all, let me thank you for this great piece of software! I'm in the process of building my own router and firewall but I'm finding some issues.

I have a Mac mini (late 2012) (specs http://d.pr/i/NbTE/t30pCACe). The HD is not SSD, but I get around 90mb read/write so it should be fine.

I've setup Virtualbox with 8GB of RAM and all available cores. I have a thunderbolt to eth adapter in order to have 2 physical ethernets. You can see an screenshot from Virtualbox setup here http://d.pr/i/18zxd/3fHDY4m8

I get PFSense to work perfectly, but my problem is that I don't get all my available internet speed (200mbps/20mbps)… I only get about 125mbps/20mbps. Also the CPU goes at 100%

It's very weird because I also have a NAS, and it happens the same there. I thought it will be fine on the Mac Mini due to the great specs, but it's more of the same. Here's an screenshot of PFSense (I had that one running, but as you can see I tried OPNSense and IPFire with same results) http://d.pr/i/Yp9Z/4R14Rq9l

I have also tried to use the Virtual Ethernet adapters on VirtualBox (virtio) but same results. I have no idea what else to try, I don't understand why it uses so much resources and I don't even get my full internet speed.

Note: as you can see I have my ISP router (set to bridge, so it's basically a modem) connected directly to the eth port of my mac mini

Thanks for any help!

arduino · Dec 14, 2015, 8:38 PM

Try and disable TCP Checksum yet? Not sure if that will help but it helped me when using VirtIO.

What are you using for a NAS? FreeNAS perhaps?

bluepr0 · Dec 14, 2015, 9:06 PM

Thanks for your reply!

I actually disabled it previously, but it didn't make any difference (restarted the Vm). These tests are made over my Mac Mini, but on the NAS I have experienced the same issues (using VIRTUALIZATION station, which is what QNAP uses, I think it's based on QEMU)

My NAS is a 451+, but I decided to try with my Mac mini because I thought that the hardware wasn't good enough or that the virtual environment wasn't the best, but it seems that is something else.

bluepr0 · Dec 14, 2015, 9:54 PM

This is a screenshot from of top command on pfsense running over VirtualBox. I was download a file at around 60mbps (I have 200mbps). Using all the CPU. It actually got worse now I'm using the Virtuo drives :(

johnpoz · Dec 14, 2015, 10:03 PM

why don't you try putting esxi on the mini, looks like 6 works on them without anything special..

http://www.virtuallyghetto.com/2015/02/esxi-6-0-works-ootb-for-apple-mac-mini-mac-pro.html

How many nics does this mini have? Are you hairpinning your connection for both wan and lan on the same physical interface?

bluepr0 · Dec 14, 2015, 11:16 PM

hey, thanks for your reply!

Yes, I think that testing ESXI will be my last resource before I think about building a mini-itx PC (as far as I read it ESXI seems to be free with limitations after the 60 days evaluation period, but will have to read more on that).

I have 2 NICs on the Mac Mini, the integrated one and a thunderbolt to ethernet one (Apple original adapter)

bluepr0 · Dec 14, 2015, 11:22 PM

I have also tried all from the Broadcom section (both NICs are broadcom) https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards but got no luck :(

bluepr0 · Dec 15, 2015, 9:32 AM

Well, I've finally tried ESXI and it seems now I'm getting my 200mbps. Still it seems the CPU usage is a bit high (around 30%) but at least I can use this for now and in the future build a native pc for this!

thanks!

johnpoz · Dec 15, 2015, 3:38 PM

So why do you consider 30% high, is that what pfsense is reporting or what the host is reporting. What is the mhz being used by the vm showing 30%? Can we see the rrd graph of cpu usage on pfsense. What does your host cpu usage look like?

What is the point of using 0% cpu, just tells me your box is way over powered ;) The advantage of vm's is to use up those unused cycles of boxes that sit there idle most of the time anyway.

My little hp n40l has 6 vms running 24/7/365.. And don't have any issues.. Can fire up multiple more vms to play with etc.. and never maxing out the thing..

bluepr0 · Dec 17, 2015, 7:47 PM

I have updates!

I've installed natively pfSense on the Mac Mini (I thought it was almost impossible and actually it was pretty simple, both LANs recognised and all!).

Now I'm getting around 8% cpu usage when using all my internet with lots of services (snort, squid, ntop, etc). If I do a iperf to use all my LAN bandwidth I get around only 30% of CPU usage

Regarding VMWare ESXi, It was the host who was reporting around 30% of usage when for 200mbps

TommyBoyChicago · Jan 18, 2016, 4:14 AM

So…. how DID you get it running natively?

I'm anxious to find out because there is little to no information on doing this on a mac machine. I have a old mac Mini that I would love to run this on natively. There's no point to wasting resources on a VM if it's not necessary.

Any additional info you can provide is much appreciated.

Tom

bluepr0 · Jan 18, 2016, 11:50 PM

I just booted directly from an USB installer and everything went smoothly. My Mac mini is from 2012, if you have an older one might be different!