PfSense Guest Notes: Difference between revisions

From Proxmox VE
Jump to navigation Jump to search
No edit summary
Line 7: Line 7:
* Create a new VM:
* Create a new VM:
** CPU: dual-socket or dual-core
** CPU: dual-socket or dual-core
*** '''IMPORTANT:''' cpu type 'default kvm64' works, but if pfSense does not boot try 'qemu64' instead.
*** '''IMPORTANT:''' cpu type 'default kvm64' works, but if pfSense does not boot try 'qemu64' instead.<br />Alternatively do the following:<br />Either by escaping to boot prompt and run:
**** set hw.mca.enabled=0
**** boot
**** Or start with CPU emulation qemu64
***After successful boot: echo "hw.mca.enabled=0" >> /boot/loader.conf.local<br />Above fix means that any CPU model can be used (verified on Opteron).
** RAM: 512 MB (minimum)
** RAM: 512 MB (minimum)
** Network: 2 or more Virtio (bridged)
** Network: 2 or more Virtio (bridged)
Line 13: Line 17:
** Add pfSense-LiveCD-2.2-RELEASE-amd64.iso ISO as an optical drive
** Add pfSense-LiveCD-2.2-RELEASE-amd64.iso ISO as an optical drive
** Options, '''use tablet for pointers: No''' (you don't have to use mouse to manage it, if disabled reduces interrupts)
** Options, '''use tablet for pointers: No''' (you don't have to use mouse to manage it, if disabled reduces interrupts)
==Network Virtio consideration==
==Network Virtio consideration==
In the guest network interfaces names are like 'vtnetX'
In the guest network interfaces names are like 'vtnetX'


'''IMPORTANT:''' Enter the web GUI and go in System > Advanced > Networking and flag '''Disable hardware checksum offload'''. If you don't do it layer3 traffic from lan to wan will not work, or will be really slow (but traffic to/from the firewall will work fine).
'''IMPORTANT:''' Enter the web GUI and go in System > Advanced > Networking and flag '''Disable hardware checksum offload'''. If you don't do it layer3 traffic from lan to wan will not work, or will be really slow (but traffic to/from the firewall will work fine).

Revision as of 08:37, 13 July 2015

Tweaks and tips for better performance with pfSense >= 2.2 on Proxmox >= 3.4.

Note: This has been tested with pfSense 2.2 and Proxmox 3.4 (qemu 2.1)

Create VM

  • Download the pfSense 2.2 amd64 "Live CD with installer" ISO .gz (from here), extract (gunzip) and transfer the ISO to your Proxmox server.
  • Create a new VM:
    • CPU: dual-socket or dual-core
      • IMPORTANT: cpu type 'default kvm64' works, but if pfSense does not boot try 'qemu64' instead.
        Alternatively do the following:
        Either by escaping to boot prompt and run:
        • set hw.mca.enabled=0
        • boot
        • Or start with CPU emulation qemu64
      • After successful boot: echo "hw.mca.enabled=0" >> /boot/loader.conf.local
        Above fix means that any CPU model can be used (verified on Opteron).
    • RAM: 512 MB (minimum)
    • Network: 2 or more Virtio (bridged)
    • Create a 8GB primary disk, Virtio (scsi, qcow2)
    • Add pfSense-LiveCD-2.2-RELEASE-amd64.iso ISO as an optical drive
    • Options, use tablet for pointers: No (you don't have to use mouse to manage it, if disabled reduces interrupts)

Network Virtio consideration

In the guest network interfaces names are like 'vtnetX'

IMPORTANT: Enter the web GUI and go in System > Advanced > Networking and flag Disable hardware checksum offload. If you don't do it layer3 traffic from lan to wan will not work, or will be really slow (but traffic to/from the firewall will work fine).