[SOLVED] OPNsense 21.1 on PVE 6.4

[vesalius]

As far as I understand OPNsense needs disabled hardware offloading even if you are not virtualizing the NIC so every packets needs to be processed by the CPU and that is bottlenecking the speed.

Would be interested if you have any reference for this as that is not my understanding for either of the *sense firewalls.

 

[Dunuin]

Would be interested if you have any reference for this as that is not my understanding for either of the *sense firewalls.

Atleast the documentation is recommending to disable every hardware offloading technique so that everything is done by the CPU. And stuff like the intrusion prevention and so on needs to process every single packet so stuff like hardware TCP segmentation offload can't be used.

 

[peterka]

Check the linked thread below. The I219-LM coupled with the Intel-E1000 seems likely the issue.

https://forum.proxmox.com/threads/e1000e-unexpected-adapter-resets.89459/

Thank You. I will stay with VirtIO. It is said to be better and I do not need to change the eth interface config of PVE.

 

[peterka]

I "solved" the issue, found a workaround, which is not too funny:

As a test, I cloned the well-running VM/OPNsense, added a new netwok-device and got:
=======
bridge 'vmbr5' does not exist
kvm: network script /var/lib/qemu-server/pve-bridge failed with status 512
TASK ERROR: start failed: QEMU exited with code 1
=======

After a reboot of the node, the cloned VM/OPNsense runs again.