Friday, June 10, 2016

PFsense on Xenserver 6.5



PFsense has a few issues with XenServer. First the nic offloading on FreeBSD is not compatible with the virtual nics on XenServer. This causes very slow throughput on the virtual nics. Second PFsense doesn't see the xn nics as supporting Vlans even though they do.  And last XenServer tools needs to be installed.



So first disable the offloading on the nics.  

1.
First find the UUID of the virtual interfaces for the VM running PFsense, type the following in the XenServer console: 

xe vm-vif-list uuid=VMUUID


Then using each of those UUIDs

2.
xe vif-param-set uuid=VIFUUID other-config:ethtool-tx="off"
xe vif-param-set uuid=VIFUUID other-config:ethtool-rx="off"



http://think-brick.blogspot.com/2016/02/pfsense-on-xenserver-enable-vlan.html
Next you must trick PFSense into allowing vlans on the xen nic.
This needs to be done in the PFSense webpage

1.
Go to Diagnostic -> Edit File

2.
Load file /etc/inc/interfaces.inc

3.
Add the "//hack for XenServer" to the file after the "//hack for some lagg modes", and before the "return false;":
// hack for some lagg modes missing vlanmtu, but work fine w/VLANs
if (substr($iface, 0, 4) == "lagg")
return true;

 // hack for XenServer xn interfaces
if (substr($iface, 0, 2) == "xn")
return true;


return false;




Last install XenServer tools

1. 
pkg install xe-guest-utilities

2.
echo "xenguest_enable=\"YES\"" >> /etc/rc.conf.local
ln -s /usr/local/etc/rc.d/xenguest /usr/local/etc/rc.d/xenguest.sh

3.
service xenguest start



That's it!  Your done...  BUT WARNING!!! If you upgrade to a newer version that overwrites interfaces.inc PFsense may not boot.  At this point I plan on Backing up my config and taking a snapshot each time I test an upgrade.  If the upgrade breaks things then i'll install from scratch and run the above fixes then restore my config.  Not fun, no... But until they start better supporting XenServer we don't have much of an option.


References:

Disable nic offloading
https://forum.pfsense.org/index.php?topic=85797.0

Enable vlans
http://think-brick.blogspot.com/2016/02/pfsense-on-xenserver-enable-vlan.html

Install XenServer tools
https://blog.feld.me/posts/2014/07/pfsense-on-citrix-xenserver/