PfSense Guest Notes: Difference between revisions
Jump to navigation
Jump to search
Line 21: | Line 21: | ||
In the guest network interfaces names are like 'vtnetX' | In the guest network interfaces names are like 'vtnetX' | ||
'''IMPORTANT:''' Enter the web GUI and go in System > Advanced > Networking and flag '''Disable hardware checksum offload'''. If you don't do it layer3 traffic from lan to wan will not work, or will be really slow (but traffic to/from the firewall will work fine) | '''IMPORTANT:''' Enter the web GUI and go in System > Advanced > Networking and flag '''Disable hardware checksum offload'''. If you don't do it layer3 traffic from lan to wan will not work, or will be really slow (but traffic to/from the firewall will work fine: see the pf sense wiki about virtio for details https://doc.pfsense.org/index.php/VirtIO_Driver_Support ) |
Latest revision as of 11:12, 17 December 2015
Tweaks and tips for better performance with pfSense >= 2.2 on Proxmox >= 3.4.
- Note: This has been tested with pfSense 2.2 and Proxmox 3.4 (qemu 2.1)
Create VM
- Download the pfSense 2.2 amd64 "Live CD with installer" ISO .gz (from here), extract (gunzip) and transfer the ISO to your Proxmox server.
- Create a new VM:
- CPU: dual-socket or dual-core
- IMPORTANT: cpu type 'default kvm64' works, but if pfSense does not boot try 'qemu64' instead.
Alternatively do the following:
Either by escaping to boot prompt and run:- set hw.mca.enabled=0
- boot
- Or start with CPU emulation qemu64
- After successful boot: echo "hw.mca.enabled=0" >> /boot/loader.conf.local
Above fix means that any CPU model can be used (verified on Opteron). Documentation here -> pfSense forum
- IMPORTANT: cpu type 'default kvm64' works, but if pfSense does not boot try 'qemu64' instead.
- RAM: 512 MB (minimum)
- Network: 2 or more Virtio (bridged)
- Create a 8GB primary disk, Virtio (scsi, qcow2)
- Add pfSense-LiveCD-2.2-RELEASE-amd64.iso ISO as an optical drive
- Options, use tablet for pointers: No (you don't have to use mouse to manage it, if disabled reduces interrupts)
- CPU: dual-socket or dual-core
Network Virtio consideration
In the guest network interfaces names are like 'vtnetX'
IMPORTANT: Enter the web GUI and go in System > Advanced > Networking and flag Disable hardware checksum offload. If you don't do it layer3 traffic from lan to wan will not work, or will be really slow (but traffic to/from the firewall will work fine: see the pf sense wiki about virtio for details https://doc.pfsense.org/index.php/VirtIO_Driver_Support )