Proxmox PFSense speed problem

[p-assheton]

Hello all,

I have a micro-PC brought to run PFSense (MinisForum GK41). It worked at the full speed of my internet (900/100) but the network cards are Realtek and periodically crashed. This could only be fixed by a reboot.

So I installed Proxmox and installed PFSense into a VM. I followed the PFSense guide to install on Proxmox.

Once the VM was setup it runs nicely and is much more stable but the speeds are now 600/100. Nothing I have done has changed this at all. I have followed many guides on the web.

Is it possible that the mini-PC is simply not powerful enough to run both PFSense and Proxmox? It has an Intel Celeron J4125 CPU (4 core 2.7GHz) and 8GB of ram. All the resources are being assigned to the VM running Proxmox. Proxmox does not show the VM as using more than 10% CPU generally.

I would appreciate your opinions.

More information below,

Thank you.

VM config

# cat 100.conf
boot:
cores: 4
cpu: x86-64-v2-AES,flags=+aes
machine: q35
memory: 8192
meta: creation-qemu=9.2.0,ctime=1745999819
name: pfsense
net0: virtio=BC:24:11:15:5D:E1,bridge=vmbr0,firewall=1
net1: virtio=BC:24:11:50:80:77,bridge=vmbr1,firewall=1
numa: 0
onboot: 1
ostype: other
scsihw: virtio-scsi-single
smbios1: uuid=d0c62014-9b70-4e9d-b760-76625b6c3efa
sockets: 1
vga: qxl
virtio0: Second-disk:vm-100-disk-0,iothread=1,size=122108M
vmgenid: fa246a93-fcc5-489c-b2d3-abcae81597de

I have turned off the hardware offloading in PFSense.

 

[chrcoluk]

pfSense doesnt utilise multi queue for the vtnet driver. So you limited to the core speed of one CPU for interrupts.

Longer answer, the virtio network driver in FreeBSD can support multiqueue or ALTQ, not both at the same time, pfSense developers consider ALTQ a core feature so thats the mode the driver operates in, sadly I cannot share my compiled kernel probably without upsetting pfSense developers but dont mind providing steps to fix the problem.

Download the kernel src tree for the correct build of pfSense from their repo.
Remove ALTQ from the kernel config file.
Compile the kernel and modules.
Overwrite existing kernel and modules on the pfSense install. (make sure you do backup or snapshot before this stage to be on safe side)
Enable multiqueue if not already enabled on network config for the VM.
Shutdown and start pfSense VM if you had to enable multiqueue in VM config, otherwise reboot pfSense VM.

You will lose traffic queueing support, make sure any traffic queue configuration is disabled. (not traffic limiter which is dummynet so is fine). There is a warning about missing ALTQ as it boots when starting DNS resolver, but I have not seen any ill effects.

--

OPNsense doesnt use ALTQ and hence doesnt have the same issue.

 

[p-assheton]

Thank you for the information.

Would you recommend that I migrate to OPNsense? I have not used that and I am familiar with PFSense.

Otherwise I will have a go at the kernel compile.

 

[rtorres]

Thank you for the information.

Would you recommend that I migrate to OPNsense? I have not used that and I am familiar with PFSense.

Otherwise I will have a go at the kernel compile.

OPNsesne and pfSense are pretty similar. You can try OPNsense but I think kernel compile would be your best bet

 

[p-assheton]

Thank you for your advice.

 

[chrcoluk]

Thank you for the information.

Would you recommend that I migrate to OPNsense? I have not used that and I am familiar with PFSense.

Otherwise I will have a go at the kernel compile.

Personally I prefer pfSense. But OPNsense might work out ok for you, depends on your own needs.