PfSense and VLANs disappear

Discussion in 'Proxmox VE: Installation and configuration' started by check-ict, Jan 4, 2018.

  1. check-ict

    check-ict Member

    Joined:
    Apr 19, 2011
    Messages:
    93
    Likes Received:
    1
    Hi,

    We have a 6-node Proxmox cluster. Recently we updates from Proxmox 4 / Debian 8 to Proxmox 5 / Debian 9.

    Since the upgrade, we have many failed PfSense firewalls running as VM on Proxmox.

    We run every PfSense firewall with 2 adapters. 1 adapter is for WAN without a VLAN, the other adapter is for LAN with a VLAN tag.

    Every day, 1 or 2 PfSense VM's (we run 12 PfSense VM's) loosse their connection with the VLAN adapter (LAN). We can't ping from the LAN side servers to the PfSense. The PfSense can't ping to the LAN side servers, only WAN works.

    When we change the VLAN or even remove it, it has no effect. When we restart the PfSense VM, everything works again.

    Any idea why this happends and how to solve it?
     
  2. Fredrik R

    Fredrik R New Member
    Proxmox Subscriber

    Joined:
    Jan 4, 2018
    Messages:
    1
    Likes Received:
    0
    Hi,

    I do not have a solution but I can confirm the problem.
    If I disable and then enable the interface within pfSense it temporarly solves the problem for me, if that gives any clues
     
  3. carles89

    carles89 Member
    Proxmox Subscriber

    Joined:
    May 27, 2015
    Messages:
    49
    Likes Received:
    2
    Dark26 likes this.
  4. check-ict

    check-ict Member

    Joined:
    Apr 19, 2011
    Messages:
    93
    Likes Received:
    1
    Hi,

    We use E1000 because Virtio has a lot of bugs (really slow).

    I will disable the hardware checksum offload and reboot the PfSense, see if it helps.
     
  5. carles89

    carles89 Member
    Proxmox Subscriber

    Joined:
    May 27, 2015
    Messages:
    49
    Likes Received:
    2
    Hi,

    Disable hardware checksum offload and change network adapters to virtio. You'll see a huge performance improvement, I have lots of pfsense vms with this config.

    Regards
     
  6. latosec

    latosec New Member

    Joined:
    Jul 12, 2015
    Messages:
    12
    Likes Received:
    3
    I've a 3 nodes cluster with 60 pfsense and 60 vlan with other vm.
    Every pfsense has 1 lan (virtio) 1 opt (virtio) and 1 wan (e1000 to internet). This configuration is needed cause of backup run on opt network.
    Still everyday one or two pfsense lost connection to every network (lan,wan,opt).
    Disable hardware checksum offload was done at installation more than 1 year ago.
    Problem started in september where we have upgraded all proxmox servers and upgraded all pfsense
     
  7. mbaldini

    mbaldini Member

    Joined:
    Nov 7, 2015
    Messages:
    167
    Likes Received:
    20
    It's the same for me. I have a cluster with 2 pfSense VMs with CARP configuration (master/backup) and if I don't disable hardware checksum offload in pfSense I have huge problems with network. Disabling it and using VirtIO drivers, the two pfSense boxes work great.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice