Proxmox 6.1.5 and hanging pfsense

asatecnologia

Member
Aug 29, 2017
4
0
6
39
Hello !

I have problem with hanging pfsense. Everythings works few days and suddenly "puff".
Traffic is stopped … and pfsense is hang.

I've used virtio ports, e1000.
Enable Disable hardware checksum offload.
Multiple servers, this happens after a few days. After a reboot everything works.
PVE 6.1-5
Pfsense 2.4.4-p3
 
Hi,

generall is pfsense perfect working as VM on PVE.
You have to provide a bit more information about the error.
What is your config and what is the error message?
 
1579080966434.png
Follows the settings, all right. Suddenly traffic stops working. Interestingly, I left a NAT for direct external access on it. Consequently I can access pfsense from the outside. But internally neither ping works.
 
Why you use numa (2 sockets)?
It is better to use 6 cores. Or do you have a numa machine?

q35 with OpenBSD is not recommended.
Use i440x instead.

You should use virtio nics instead of e1000.
 
Hello !

I have problem with hanging pfsense. Everythings works few days and suddenly "puff".
Traffic is stopped … and pfsense is hang.

I've used virtio ports, e1000.
Enable Disable hardware checksum offload.
Multiple servers, this happens after a few days. After a reboot everything works.
PVE 6.1-5
Pfsense 2.4.4-p3



I'm exactly with the same problem here.

I have only one bridge vlan aware instead of mutiples bridges.
My server offers two NICS, so it's setting as LACP bond and over the bond0 the guest pfsense opens vlans.

1579093934906.png


Early I've setting multiples Network Devices, one for each subnets. I have at least 15 subnets.

The problem was the same. Traffic is stopped.
 
Last edited:
Again e1000 is not recommended.
Use virtio instead.
 
Why you use numa (2 sockets)?
It is better to use 6 cores. Or do you have a numa machine?

q35 with OpenBSD is not recommended.
Use i440x instead.

You should use virtio nics instead of e1000.

Ok, I will make these settings to see if it normalizes.
 
Again e1000 is not recommended.
Use virtio instead.

Hi!

I had setted as virtio nic, but it was very slow traffic even with the offload as off.
Now I've created a new VM, from zero and using virtio, since last night.

Everything looks fine. I think I was using Traffic Shap and Limiter before and maybe that was the problem. Not now.
 
Hi, Can you confirm if you're using traffic shaping / limiter within pfSense (BSD) or at the VM-level within Proxmox (QEMU).
 
pfSense and OpnSense both operate fine within a KVM VM on Proxmox. I have used them extensively.

The issue will be due to your configuration. Remember that traffic shaping/limiting and any IDS/IPS processes you use are very CPU heavy and will effect your throughput dramatically. Also be aware of tcp queues and buffers.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!