If you deploy pfSense on a XenServer, you may be shocked at the performance loss-specially on interface speed! But wait, there are some tweaks to make this usable.
Installing pfSense
Go ahead and setup pfSense like normal, and when you are done, perform the following tweaks. (the day till it’s tested on pfsense version 2.5.2 and xen on scp-ng 8.1)
XenServer tweaks
Find UUID for the pfSense VM you just installed.
xe vm-list
You should get something like the following
uuid ( RO) : b435d920-eb22-b45d-5058-091619ed427f name-label ( RW): pfSense power-state ( RO): running uuid ( RO) : 42626f69-6185-4aa6-a125-839700f96828 name-label ( RW): Control domain on host: xenserver-000 power-state ( RO): running
We want the UUID of the instance running pfSense, b435d920-eb22-b45d-5058-091619ed427f in this case.
export UUID=b435d920-eb22-b45d-5058-091619ed427f
Next we need to find the internal ID for the interfaces you assigned to the pfSense install.
xe vm-vif-list uuid=$UUID
The output should look something like the following,
uuid ( RO) : 0d3408aa-76a8-c67f-103f-1a1ad8b74a84 vm-name-label ( RO): pfSense device ( RO): 1 MAC ( RO): ea:30:29:df:cd:66 network-uuid ( RO): 6480f142-8024-b07e-7a6c-e7483d89229c network-name-label ( RO): Pool-wide network associated with eth1 uuid ( RO) : b5cfe2a7-c7dc-d9db-b43c-3cfb1395f09c vm-name-label ( RO): pfSense device ( RO): 0 MAC ( RO): ba:cf:a9:e1:c9:49 network-uuid ( RO): 4dee415a-e497-0370-09e1-eb56145b69b4 network-name-label ( RO): Pool-wide network associated with eth0
You can see this install has 2 NIC’s assigned. we are looking for the ‘uuid’ of each of them
export VIF_1_UUID=0d3408aa-76a8-c67f-103f-1a1ad8b74a84 export VIF_2_UUID=b5cfe2a7-c7dc-d9db-b43c-3cfb1395f09c
Now for each of the VIF UUID’s we want to disable the offload settings:
xe vif-param-set uuid=$VIF_1_UUID other-config:ethtool-gso="off" xe vif-param-set uuid=$VIF_1_UUID other-config:ethtool-ufo="off" xe vif-param-set uuid=$VIF_1_UUID other-config:ethtool-tso="off" xe vif-param-set uuid=$VIF_1_UUID other-config:ethtool-sg="off" xe vif-param-set uuid=$VIF_1_UUID other-config:ethtool-tx="off" xe vif-param-set uuid=$VIF_1_UUID other-config:ethtool-rx="off" xe vif-param-set uuid=$VIF_2_UUID other-config:ethtool-gso="off" xe vif-param-set uuid=$VIF_2_UUID other-config:ethtool-ufo="off" xe vif-param-set uuid=$VIF_2_UUID other-config:ethtool-tso="off" xe vif-param-set uuid=$VIF_2_UUID other-config:ethtool-sg="off" xe vif-param-set uuid=$VIF_2_UUID other-config:ethtool-tx="off" xe vif-param-set uuid=$VIF_2_UUID other-config:ethtool-rx="off"
Install Xen Tools on pfSense and set hardware checksum disable
Connect to the pfSense terminal and select option 8 to get shell access. Then copy and past the following to install the xen tools into the VM.
pkg install xe-guest-utilities echo 'xenguest_enable="YES"' >> /etc/rc.conf.local ln -s /usr/local/etc/rc.d/xenguest /usr/local/etc/rc.d/xenguest.sh service xenguest start
Because you are running your pfSense as a VM you do not need hardware checksum enabled, so you can disable it.
In pfSense GUI, System > Advanced > Networking >Tick the option for “Disable hardware checksum offload”
Src: https://voice1.me/running-pfsense-in-xenserver/
