Difference between revisions of "PfSense Guest Notes"
Jump to navigation
Jump to search
| Line 11: | Line 11: | ||
**** boot | **** boot | ||
**** Or start with CPU emulation qemu64 | **** Or start with CPU emulation qemu64 | ||
| − | ***After successful boot: echo "hw.mca.enabled=0" >> /boot/loader.conf.local<br />Above fix means that any CPU model can be used (verified on Opteron). | + | ***After successful boot: echo "hw.mca.enabled=0" >> /boot/loader.conf.local<br />Above fix means that any CPU model can be used (verified on Opteron). Documentation here -> [https://forum.pfsense.org/index.php?topic=30593.0 pfSense forum] |
** RAM: 512 MB (minimum) | ** RAM: 512 MB (minimum) | ||
** Network: 2 or more Virtio (bridged) | ** Network: 2 or more Virtio (bridged) | ||
Revision as of 08:41, 13 July 2015
Tweaks and tips for better performance with pfSense >= 2.2 on Proxmox >= 3.4.
- Note: This has been tested with pfSense 2.2 and Proxmox 3.4 (qemu 2.1)
Create VM
- Download the pfSense 2.2 amd64 "Live CD with installer" ISO .gz (from here), extract (gunzip) and transfer the ISO to your Proxmox server.
- Create a new VM:
- CPU: dual-socket or dual-core
- IMPORTANT: cpu type 'default kvm64' works, but if pfSense does not boot try 'qemu64' instead.
Alternatively do the following:
Either by escaping to boot prompt and run:- set hw.mca.enabled=0
- boot
- Or start with CPU emulation qemu64
- After successful boot: echo "hw.mca.enabled=0" >> /boot/loader.conf.local
Above fix means that any CPU model can be used (verified on Opteron). Documentation here -> pfSense forum
- IMPORTANT: cpu type 'default kvm64' works, but if pfSense does not boot try 'qemu64' instead.
- RAM: 512 MB (minimum)
- Network: 2 or more Virtio (bridged)
- Create a 8GB primary disk, Virtio (scsi, qcow2)
- Add pfSense-LiveCD-2.2-RELEASE-amd64.iso ISO as an optical drive
- Options, use tablet for pointers: No (you don't have to use mouse to manage it, if disabled reduces interrupts)
- CPU: dual-socket or dual-core
Network Virtio consideration
In the guest network interfaces names are like 'vtnetX'
IMPORTANT: Enter the web GUI and go in System > Advanced > Networking and flag Disable hardware checksum offload. If you don't do it layer3 traffic from lan to wan will not work, or will be really slow (but traffic to/from the firewall will work fine).