pfsense 2.2 under PVE 4, Cannot define table bogons

W

weppa

New Member
Nov 2, 2015
6
0
1
Hi

Many people, including myself, seems to have problems runnings latest pfsense under proxmox >3.4,
I have tried under PVE 4 myself

Multiple threads at pfsense.org point fingers towards Proxmox ( calling it a "piece of shit" )


The problem is real and easily reproductible

- default PVE4
- start a VM (with no hardware VT), E1000x2
- install pfsense
- will never forward traffic, errors in the logs right after install, firewall simply doesn't work.
- network itself does work ( DHCP on LAN & WAN side works for example )


Also, I was unbale to install pfsense (in the same conditions) with VIRTIO : pfsense sends errors every 5 seconds about a "timeout watchdog on vtnet0"

Short story is ; it seems impossible to install pfsense under pve in the above conditions...

Any help appreciated...
 
https : / / forum.pfsense.org/index.php?topic=89005.0


https : / / forum.pfsense.org/index.php?topic=90838.15


And a few others.
 
It runs here on proxmox without issues....
I ve put in a dual Networkcard and used it as vmbr 1 and 2 (lan and wan for pfsense)
cu Peje
 
Are you sure you are running pfsense un "software" virtualisation (hardware vt option turned to off ?)

I know pfsense works on Proxmox, I've read it over here.

However there seems to be a major issue with it when running in software virt ; with virtio network it doesn't work at all (watchdog timeout on vtnet), with e1000 installation does work, but later it sends weird errors (dannot defien table bogons) which makes it unusable.

I also think the problem is inside pfsense, which is imho the worst piece of opensource software I've been working with. And I find it sad that their support forums put the blame on proxmox. (It could be a qemu problem, but certainly not a proxmox-only problem as they seem to imply)

I'll do other attempts. Some say Pfsense 2.1 works and 2.2 does not. I'll try to reproduce that.
 
Last edited:
I have pfsense-2.2p15 running in proxmox-3.4 with virtio nics and virtio disks without any problems what so ever. This also implies a working firewall.
 
Have you tried with hardware virtualization on, virtio nics, and virtio disks? Virtio drivers are since FreeBSD 10 build into the kernel and requires no kdload or change in /boot/loader.conf.local.
 
Hi

If I could use hardware virt ; I would :)

I'm also testing the level of support/care that proxmox gives away by opening this thread. As I'm currently evaluating it for a large infrastructure for a customer of mine. This infrastructure demo is currently running, virtualised inside parallels, on my laptop. WHich is why all PVE VMs are in "no VT mode".

For what I can see, it seems pfsense simply doesn't work in software virtualisation mode under proxmox (and probably under qemu/kvm itself)
 
Yeah mate. I've had this problem ever since 2.2 came out. I still continue to use 2.1.5 on Proxmox just to have a firewall working.
 
Is running virtualized on top of QEMU/KVM something supported by pfSense ? I know for instance this is not advised by the FreeNAS project.
 
manu said:
Is running virtualized on top of QEMU/KVM something supported by pfSense ? I know for instance this is not advised by the FreeNAS project.
Click to expand...

Hello manu ... I'm not quite sure but I saw some reference of using pfSense in virtual machines on the documentation page. IMHO I don't think there would be issues running pfSense on QEMU/KVM. pfSense only requires little processing power and memory requirements unless more plugins and services were turned on.

FreeNAS on the other has a minimum 8GB memory recommendation for it to run optimally so I guess that would probably be one reason why it is not advisable to run in a virtual environment. More memory = more processing power?

Something definitely broke on v2.2 so I still continue to use v2.1.5
 
Hi guterkerel
I stumpled yesterday on this Thread in the pfsense forum mentionning a bug in the FreeBSD virtio drivers causing packet drops when using the virtio net driver and checksum offloading.
https://forum.pfsense.org/index.php?topic=88467.0
It seems the fix would be to deactivate cheksumming on the tap device you pass to the Pfsense VM.

If your pfsense has a VM id of say for instance 103, the tap devices assiociated to the VM will be numbered tap103i0, tap103i1, etc

you should try to disable the checksumming with:

ethtool -K tap103i0 tx off

I don't have at the moment a pfsense box in my lab to test this, so please report if it fixed the problem on your side.
 
manu said:
It seems the fix would be to deactivate cheksumming on the tap device you pass to the Pfsense VM.
Click to expand...
This is not required. All you need to do is turn checksum offloading off in pfsense, which if I remember is also the default setting for pfsense.
 
tcp segmentation offloading is turned off by default, but checksum offloading is on by default, I have just checked that on a 2.2 system runnning on phys hardware
pfsense has a wiki article about running on virtio, i will link it from our wiki ( https://doc.pfsense.org/index.php/VirtIO_Driver_Support)
 
The wiki adds no valuable value for pfsense-2.2 since virtio drivers are compiled into the kernel and is automatically loaded by the kernel. pfsense-2.1 is officially EOL.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom