Proxmox 6.1.5 and hanging pfsense

asatecnologia

Member
Aug 29, 2017
4
0
6
36
Hello !

I have problem with hanging pfsense. Everythings works few days and suddenly "puff".
Traffic is stopped … and pfsense is hang.

I've used virtio ports, e1000.
Enable Disable hardware checksum offload.
Multiple servers, this happens after a few days. After a reboot everything works.
PVE 6.1-5
Pfsense 2.4.4-p3
 

wolfgang

Proxmox Staff Member
Staff member
Oct 1, 2014
6,177
418
103
Hi,

generall is pfsense perfect working as VM on PVE.
You have to provide a bit more information about the error.
What is your config and what is the error message?
 

asatecnologia

Member
Aug 29, 2017
4
0
6
36
1579080966434.png
Follows the settings, all right. Suddenly traffic stops working. Interestingly, I left a NAT for direct external access on it. Consequently I can access pfsense from the outside. But internally neither ping works.
 

wolfgang

Proxmox Staff Member
Staff member
Oct 1, 2014
6,177
418
103
Why you use numa (2 sockets)?
It is better to use 6 cores. Or do you have a numa machine?

q35 with OpenBSD is not recommended.
Use i440x instead.

You should use virtio nics instead of e1000.
 

diogoroedel

New Member
Oct 29, 2019
2
0
1
37
Hello !

I have problem with hanging pfsense. Everythings works few days and suddenly "puff".
Traffic is stopped … and pfsense is hang.

I've used virtio ports, e1000.
Enable Disable hardware checksum offload.
Multiple servers, this happens after a few days. After a reboot everything works.
PVE 6.1-5
Pfsense 2.4.4-p3


I'm exactly with the same problem here.

I have only one bridge vlan aware instead of mutiples bridges.
My server offers two NICS, so it's setting as LACP bond and over the bond0 the guest pfsense opens vlans.

1579093934906.png


Early I've setting multiples Network Devices, one for each subnets. I have at least 15 subnets.

The problem was the same. Traffic is stopped.
 
Last edited:

wolfgang

Proxmox Staff Member
Staff member
Oct 1, 2014
6,177
418
103
Again e1000 is not recommended.
Use virtio instead.
 

asatecnologia

Member
Aug 29, 2017
4
0
6
36
Why you use numa (2 sockets)?
It is better to use 6 cores. Or do you have a numa machine?

q35 with OpenBSD is not recommended.
Use i440x instead.

You should use virtio nics instead of e1000.
Ok, I will make these settings to see if it normalizes.
 

diogoroedel

New Member
Oct 29, 2019
2
0
1
37
Again e1000 is not recommended.
Use virtio instead.
Hi!

I had setted as virtio nic, but it was very slow traffic even with the offload as off.
Now I've created a new VM, from zero and using virtio, since last night.

Everything looks fine. I think I was using Traffic Shap and Limiter before and maybe that was the problem. Not now.
 

cloudguy

Active Member
Jan 4, 2012
32
0
26
Hi, Can you confirm if you're using traffic shaping / limiter within pfSense (BSD) or at the VM-level within Proxmox (QEMU).
 

tomstephens89

Active Member
Mar 10, 2014
165
2
38
Kingsclere, United Kingdom
pfSense and OpnSense both operate fine within a KVM VM on Proxmox. I have used them extensively.

The issue will be due to your configuration. Remember that traffic shaping/limiting and any IDS/IPS processes you use are very CPU heavy and will effect your throughput dramatically. Also be aware of tcp queues and buffers.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!