Running pfSense in a XenServer with xenguest Rumi, November 19, 2022 If you deploy pfSense on a XenServer, you may be shocked at the performance loss-specially on interface speed! But wait, there are some tweaks to make this usable. Installing pfSense Go ahead and setup pfSense like normal, and when you are done, perform the following tweaks. (the day till it’s tested on pfsense version 2.5.2 and xen on scp-ng 8.1) XenServer tweaks Find UUID for the pfSense VM you just installed. xe vm-list You should get something like the following uuid ( RO) : b435d920-eb22-b45d-5058-091619ed427f name-label ( RW): pfSense power-state ( RO): running uuid ( RO) : 42626f69-6185-4aa6-a125-839700f96828 name-label ( RW): Control domain on host: xenserver-000 power-state ( RO): running We want the UUID of the instance running pfSense, b435d920-eb22-b45d-5058-091619ed427f in this case. export UUID=b435d920-eb22-b45d-5058-091619ed427f Next we need to find the internal ID for the interfaces you assigned to the pfSense install. xe vm-vif-list uuid=$UUID The output should look something like the following, uuid ( RO) : 0d3408aa-76a8-c67f-103f-1a1ad8b74a84 vm-name-label ( RO): pfSense device ( RO): 1 MAC ( RO): ea:30:29:df:cd:66 network-uuid ( RO): 6480f142-8024-b07e-7a6c-e7483d89229c network-name-label ( RO): Pool-wide network associated with eth1 uuid ( RO) : b5cfe2a7-c7dc-d9db-b43c-3cfb1395f09c vm-name-label ( RO): pfSense device ( RO): 0 MAC ( RO): ba:cf:a9:e1:c9:49 network-uuid ( RO): 4dee415a-e497-0370-09e1-eb56145b69b4 network-name-label ( RO): Pool-wide network associated with eth0 You can see this install has 2 NIC’s assigned. we are looking for the ‘uuid’ of each of them export VIF_1_UUID=0d3408aa-76a8-c67f-103f-1a1ad8b74a84 export VIF_2_UUID=b5cfe2a7-c7dc-d9db-b43c-3cfb1395f09c Now for each of the VIF UUID’s we want to disable the offload settings: xe vif-param-set uuid=$VIF_1_UUID other-config:ethtool-gso="off" xe vif-param-set uuid=$VIF_1_UUID other-config:ethtool-ufo="off" xe vif-param-set uuid=$VIF_1_UUID other-config:ethtool-tso="off" xe vif-param-set uuid=$VIF_1_UUID other-config:ethtool-sg="off" xe vif-param-set uuid=$VIF_1_UUID other-config:ethtool-tx="off" xe vif-param-set uuid=$VIF_1_UUID other-config:ethtool-rx="off" xe vif-param-set uuid=$VIF_2_UUID other-config:ethtool-gso="off" xe vif-param-set uuid=$VIF_2_UUID other-config:ethtool-ufo="off" xe vif-param-set uuid=$VIF_2_UUID other-config:ethtool-tso="off" xe vif-param-set uuid=$VIF_2_UUID other-config:ethtool-sg="off" xe vif-param-set uuid=$VIF_2_UUID other-config:ethtool-tx="off" xe vif-param-set uuid=$VIF_2_UUID other-config:ethtool-rx="off" Install Xen Tools on pfSense and set hardware checksum disable Connect to the pfSense terminal and select option 8 to get shell access. Then copy and past the following to install the xen tools into the VM. pkg install xe-guest-utilities echo 'xenguest_enable="YES"' >> /etc/rc.conf.local ln -s /usr/local/etc/rc.d/xenguest /usr/local/etc/rc.d/xenguest.sh service xenguest start Because you are running your pfSense as a VM you do not need hardware checksum enabled, so you can disable it. In pfSense GUI, System > Advanced > Networking >Tick the option for “Disable hardware checksum offload” Src: https://voice1.me/running-pfsense-in-xenserver/ Related Administrations Configurations (Linux) pfsenseXCP-NGXen
Nagios JBoss Plugin June 25, 2012 Perl script to check thread and memory usage of a Jboss server. I didn't like the Jboss checks that I've found which require Java or remote-run, so I wrote this. It's a simple check that looks at memory usage and busy threads. I did this with percentage thresholds to make… Read More
Fixing phpmyadmin login on MySQL 5.7 and Debian 9 May 4, 2018 Once setting up the LAMP stack, you must be wondering to see that you no longer been able to login phpmyadmin using root credentials. MySQL 5.7 changed the secure model: now MySQL root login requires a sudo (while the password still can be blank). I.e., phpMyAdmin will be not able… Read More
Install Poppassd in CentOS 7 July 19, 2019November 15, 2019 Steps for configuration change password plugin for squirrelmail/Horde/Rainloop using poppassd are: Download poppassd.c from https://netwinsite.com/poppassd/ Look at poppassd.c and make sure it looks safe yum -y install gcc gcc poppassd.c -o poppassd -lcrypt mv poppassd /usr/local/bin/ yum -y install xinetd cp /etc/xinetd.d/time-stream /etc/xinetd.d/poppassd nano /etc/xinetd.d/poppassd Update “service time” to “service… Read More