PFsense on VM - HW offload cannot be enabled

[KozzyVizzy]

So first of all. I am relatively new on TrueNAS. I have used XenServer in the past so hypervisors are not new thing for me.

But now i hitted the wall when i was installing PFsense in Scale.
PFsense is working as planned but speed is only 200mb/s of 1gb/s internet connection. I tried to disable HW offload on interfaces related to PFsense VM but i get error.

Show : Error Message

Error: Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/middlewared/utils/service/call.py", line 25, in _method_lookup
methodobj = getattr(serviceobj, method_name)
AttributeError: 'CompoundService' object has no attribute 'disable_capabilities'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 150, in call_method
result = await self.middleware._call(message['method'], serviceobj, methodobj, params, app=self,
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1262, in _call
return await methodobj(*prepared_call.args)
File "/usr/lib/python3/dist-packages/middlewared/service.py", line 838, in update
rv = await self.middleware._call(
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1262, in _call
return await methodobj(*prepared_call.args)
File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1092, in nf
res = await f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1182, in nf
return await func(*args, **kwargs)
File "/usr/lib/python3/dist-packages/middlewared/plugins/network.py", line 1774, in do_update
await self.middleware.call('interface.disable_capabilities', iface['name'])
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1300, in call
serviceobj, methodobj = self._method_lookup(name)
File "/usr/lib/python3/dist-packages/middlewared/utils/service/call.py", line 27, in _method_lookup
raise CallError(f'Method {method_name!r} not found in {service!r}', CallError.ENOMETHOD)
middlewared.service_exception.CallError: [ENOMETHOD] Method 'disable_capabilities' not found in 'interface'

Is there something that i do wrong or is this feature still in developement?

Server is Fujitsu PRIMERGY RX2540 M2 with Fujitsu own 4 port ethernet card.

 

[KozzyVizzy]

I did not find way to disable HW offload. Now everythting works when i changed the nic devices to pci passthrus for the nic's.

 

[DaSnipe]

How do you enjoy pfsense as a VM in scale? I was debating leaving my TrueNAS server (repurposed workstation) to run other VM’s and backups and use a small NUC type PC from work to run pfsense. Might be best to keep it that way but interested in how well it runs for you

 

[KozzyVizzy]

Download is ~600mb and upload 100mb. If I test internet directly from cable from 5G router it gives me 650-700mb. So some loss somewhere but I think my NIC's are the bottleneck now. CPU usage in PFsense is in full download speed 3% on 1/4/4 cpu configuration. In scale I don't even notice change in CPU usage. Haven't tried VPN or IPS yet. I have some what powerful server so I don't know this works on ex. old workstation.

Creating VM vas littlebit misleading. First GUI that makes the VM don't have all options available and I thinked that is this really this crippled system. Then i did find out that you have to configure devices afterwards if you have anything special in mind.

VirtIO wont work on cards that have multiples NIC's and you want to use example 2 ports out of 4 for pf sense. and bridges wont work like in WMware. When I made bridge for WAN and LAN and pointed VM NIC's to it. Everything looked ok until I turned VM on. Bridges went missing and two of my NIC's that where assigned to the bridge was inoperative. I had to restore my backup config.zip to server. No matter what did to the two NIC's, I did not get them working without restoring the backup to the server.

Only way I did get everything working was to use PCI passthrou for both NIC's and let the PFsense handle everything.
And this had hiccup also. Scale wont show anything else in GUI then the PCI ID. I had to go to the shell and use LSPCI command to see the PCI ID and device name. After finding ID's for the NIC's everything was easy.

Only problem with PFsense is that i had to forward 80 and 442 ports to my PS4 becouse even with UPnP on i would get NAT type 3 on PS. With all proper forwards to PS4 and Outbound rule to wan and now I have NAT 2 on PS. If somebody have any knowledge why UPnP is not working with PS4. I would like to know.

And sorry my english...

 

[DaSnipe]

Your English is great don’t worry. I have a second NIC with two ports. I could just pass it through and have 1 WAN, 1 LAN, and just try with that. I’m new to pfsense so dunno if running it in a VM is the best idea lol

 

[KozzyVizzy]

Your NIC will show each port as own devices. you have to passthrough both ports to pf sense. Virtualization is almost identical to Proxmox and there is very good results on PFsense over Proxmox. TrueNAS only lacks some usability on GUI compared to Proxmox. I my opinion many features in TrueNAS are are very non intuitive to use. I know that scale is in beta but some problems that I had with core is still present in scale and i am thinking that they are not going to change them.

backside is solid and every service works as it should after you get all settings right. Only thing nagging me is the GUI.