Hetzner Host with PFSense and additional IPV4 address slow internet

[thefuzz4]

So I have my proxmox host running with its VMs which get their access to the internet through the pfsense VM. The VM uses MAC address cloning to get its IP address from Hetzner since I bought a 2nd IP from them.

On the Proxmox host itself the internet screams but on the PFSense VM it just crawls. I've looked at everything I can from both the PFSense side as well as the Proxmox side and I cannot find anything that looks like it would be the source. I've followed all of the guides that I can find and made sure that all of my settings are set according to the guides. Has anyone else had this issue with Hetzner? Thanks for your help with this.

 

[MoxBob]

First think that comes to my mind: Do you have the Hetzner Firewall activated for the host?

If yes, afaik you have to allow incoming connections for the second IP

 

[jlebherz]

Hello,

i think you should not clone the mac and then bride etc.

You should route the connection....
We are doing this on an hetzner root server and it is running very great....

follow this guide

https://dominicpratt.de/hetzner-proxmox-network-configuration/

If you need more help, please post your network configuration (host and pfsense), of course you can obfuscate your ip-addresses

 

[thefuzz4]

Ok after following that guide I now have the network setup to go through that route. So yay however I'm still only seeing 270.25Mb on the speedtest on the VM where the host is flying at 900+. Just trying to get the speeds to be somewhat the same.

 

[jlebherz]

OK,

we need some more information

• Operating System of the VM
• Network Config of the VM and the host
• which network interface did you use for the VM? E1000 / VirtIO / Realtek ??
• Firewall enabled?
• Rate Limit ?

 

[thefuzz4]

No problem at all @jlebherz

1. The VM is running PFSense v2.4.5-release-1
   1. Network is
      vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
      options=c00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
      ether c6:95:59:e2:3d:77
      hwaddr c6:95:59:e2:3d:77
      inet6 fe80::c495:59ff:fee2:3d77%vtnet0 prefixlen 64 scopeid 0x1
      inet 178.63.xx.xxx netmask 0xffffffc0 broadcast 178.63.xx.xxx
      nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
      media: Ethernet 10Gbase-T <full-duplex>
      status: active
   2. Using Virtio as the HW NIC for the VM
   3. FW disabled all around
   4. No rate limits that I know of off hand
2. The host
   1. [*]### Hetzner Online GmbH installimage source /etc/network/interfaces.d/* auto lo iface lo inet loopback iface lo inet6 loopback auto eno1 iface eno1 inet static address 178.63.xxx.xxx netmask 255.255.255.192 gateway 178.63.xx.xxx pointopoint 178.63.xx.xxx auto eno1.4001 iface eno1.4001 inet manual mtu 1400 auto eno1.4002 iface eno1.4002 inet manual mtu 1400 auto vmbr0 iface vmbr0 inet static address 178.63.xxx.xxx netmask 255.255.255.192 bridge_ports none bridge_stp off bridge_fd 0 bridge_maxwait 0 up ip route add 178.63.xxx.xxx/32 dev vmbr0 auto vmbr1 iface vmbr1 inet static address 192.168.91.3 broadcast 192.168.91.255 netmask 24 bridge_ports eno1.4001 bridge_stp off bridge_fd 0 mtu 1400 up ip route add 192.168.91.0/24 dev vmbr0 #LAN Traffic auto vmbr2 iface vmbr2 inet static address 192.168.92.1 broadcast 192.168.92.255 netmask 24 bridge_ports eno1.4002 bridge_stp off bridge_fd 0 mtu 1400 #/29 subnet

I am using their Virtual VLAN trunking so that my servers can talk to each other since I have multiple proxmox hosts but I'm running all of my tests directly on this host only because I don't want to incorporate any LAN stuff with the vlan as a source of the isssue. I don't need the vmbr2 but I just never removed it someday I will but I didn't figure it would cause any issues with anything for now.

 

[jlebherz]

ok, how are you doing the speed test?
directly from the pfsense Vm or from a Vm behind the pfsense?

maybe you can try using a debian vm instead of the pfsense..

 

[thefuzz4]

Yeah I'm running it directly on the PFSense CLI as well as on the debian host itself. Figure that would provide the least latency results.

 

[jlebherz]

how are you doing the speedtest?
downloading a file?

please make sure that the storage is not the limiting factor...
if not please try with a debian VM

what hardware do you use?
CPU?
network card?
HDDs / SSDs?
RAID / ZFS ?

 

[thefuzz4]

CPU: 12 x Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz (1 Socket)
NIC: 00:19.0 Ethernet controller: Intel Corporation 82579LM Gigabit Network Connection (rev 06)
HDD
Raid 1 software level

I'm doing the speed test using the speedtest-cli. On the side I'll have to spin up a VM and assign it the new IP address to that and see what the result is there. Just weird that it would be so slow. I don't have a lot of things turned on, on pfSense since its mainly just serving up websites. I'll dig around some more and see if I can find something weird.

 

[naga-champa]

have you tried disabling the tcp offloading in pfsense vm? its in the advanced settings.

 

[thefuzz4]

Yeah I have everything disabled in the advanced settings for this as well. I followed the guide from netgate about setting up pfsense on proxmox.

 

[DerDanilo]

Yeah I have everything disabled in the advanced settings for this as well. I followed the guide from netgate about setting up pfsense on proxmox.

Try to set an MTU of 1400 directly within the VM for the corresponding nics. Even though the bridge has the mtu, some OS needs to know how to talk correctly.