XCP-NG+PFSense weird routing issue

Hi guys.

Hoping someone has a clue here.

Weird Routing issue. Internet traffic works to about half the internet and I cant fine a common reason. Firewall reports ALL Green/No blocking but ping to some sites 100% loss. I route traffic via same IP and just move machine to LAN network and works 100%. Seems all VLans are affected. PFsense and VM running in XCP-NG. Makes 0 Difference if I route via IP’s from main router or different IP’s inside a vlan. Only traffic out seems to be affected. traffic does not leave the HOST Server and is all routed internally.

I can pick 10 random sites and about half will not have any issues and work 100% and the other half just dont work. internal ip 172.16.x.x, → pfsense>direct to 1000/1000.
It will complete the traceroute so i am clueless. It seems to fail on the same sites regardless what IP I am coming from as long as its inside any vlan

Thank you guys in advance


Probably an issue with the TX Checksum Offload not being correctly setup


Hi Tom.
Love the Videos.
In regard to that I have already done that via the web interface and ssh.
PFSense has it excluded in the same fashion as well for all interfaces.
I even restarted the Host. Everything has guest tools installed, and windows also has the Xen PV tools installed. This seems to be anything running inside a vlan only. This is running on a HP DL360 G8 which has HP Network cards which are actually Broadcom.
Thank you in advance

Are you defining the VLAN tags in pfsense or in the XCP-NG server?

Vlan interfaces defined in pfsense.
And added as a vlan interface to xcp-ng so to the vm it appears like a network card. (Xcp-ng recommend method)
The VM picks up the vlan correct and I get dhcp and everything else. I can go to google and use the internet as normal but I can’t go to about half the websites on the internet. (Just about half the websites I can think of don’t work)
The issue is not limited to that VM and persists if the VM is on the same server as pfsense or on a 2nd xcp-ng server.

Thank you in advance

They should be defined in XCP-NG and only as a NIC in pfsense. There should be no VLANs inside pfsense, just interfaces.

hmm. I think that’s the answer.
I did see that in your video but I guess it didn’t sink in at the time.
Thanks a lot of pointing me in the right direction.


1 Like

Hi Tom
I am probably missing something as your tutorials kind of just glance over this with pfsense as a vm.
I am not sure I am understanding this correctly but I am not sure if this way will allow me to push vlans to devices outside of that interface.
My plan was to run XCP-NG on 4 servers and eth2 ->managed switch (linking all via vlans).
I have around 25~vlans at the moment and will have another 18~ over the next few months.
This is all happening in a DataCenter (have 7RU).
I plan to run 2 pfsense (with carp) eventually so I require the flexibility to move things around fluently.
I could run pfsense in each but this will waist a IP WAN side and complicate things way more.

Guides | XCP-ng documentation
I could pass the network port directly to pfSense to a switch and then intake the traffic via eth1 and pass that to the VM’s but this looks like double handling.