XCP-NG+PFSense weird routing issue

Hi guys.

Hoping someone has a clue here.

Weird Routing issue. Internet traffic works to about half the internet and I cant fine a common reason. Firewall reports ALL Green/No blocking but ping to some sites 100% loss. I route traffic via same IP and just move machine to LAN network and works 100%. Seems all VLans are affected. PFsense and VM running in XCP-NG. Makes 0 Difference if I route via IP’s from main router or different IP’s inside a vlan. Only traffic out seems to be affected. traffic does not leave the HOST Server and is all routed internally.

I can pick 10 random sites and about half will not have any issues and work 100% and the other half just dont work. internal ip 172.16.x.x, → pfsense>direct to 1000/1000.
It will complete the traceroute so i am clueless. It seems to fail on the same sites regardless what IP I am coming from as long as its inside any vlan

Thank you guys in advance

image

Probably an issue with the TX Checksum Offload not being correctly setup

https://xcp-ng.org/docs/guides.html#xcp-ng-in-a-vm

Hi Tom.
Love the Videos.
In regard to that I have already done that via the web interface and ssh.
PFSense has it excluded in the same fashion as well for all interfaces.
I even restarted the Host. Everything has guest tools installed, and windows also has the Xen PV tools installed. This seems to be anything running inside a vlan only. This is running on a HP DL360 G8 which has HP Network cards which are actually Broadcom.
Thank you in advance

Are you defining the VLAN tags in pfsense or in the XCP-NG server?

Vlan interfaces defined in pfsense.
And added as a vlan interface to xcp-ng so to the vm it appears like a network card. (Xcp-ng recommend method)
The VM picks up the vlan correct and I get dhcp and everything else. I can go to google and use the internet as normal but I can’t go to about half the websites on the internet. (Just about half the websites I can think of don’t work)
The issue is not limited to that VM and persists if the VM is on the same server as pfsense or on a 2nd xcp-ng server.

Thank you in advance

They should be defined in XCP-NG and only as a NIC in pfsense. There should be no VLANs inside pfsense, just interfaces.

hmm. I think that’s the answer.
I did see that in your video but I guess it didn’t sink in at the time.
Thanks a lot of pointing me in the right direction.

DeNNii

1 Like

Hi Tom
I am probably missing something as your tutorials kind of just glance over this with pfsense as a vm.
I am not sure I am understanding this correctly but I am not sure if this way will allow me to push vlans to devices outside of that interface.
My plan was to run XCP-NG on 4 servers and eth2 ->managed switch (linking all via vlans).
I have around 25~vlans at the moment and will have another 18~ over the next few months.
This is all happening in a DataCenter (have 7RU).
I plan to run 2 pfsense (with carp) eventually so I require the flexibility to move things around fluently.
I could run pfsense in each but this will waist a IP WAN side and complicate things way more.

Guides | XCP-ng documentation
I could pass the network port directly to pfSense to a switch and then intake the traffic via eth1 and pass that to the VM’s but this looks like double handling.