Friday, June 10, 2016

PFsense on Xenserver 6.5

PFsense has a few issues with XenServer. First the nic offloading on FreeBSD is not compatible with the virtual nics on XenServer. This causes very slow throughput on the virtual nics. Second PFsense doesn't see the xn nics as supporting Vlans even though they do.  And last XenServer tools needs to be installed.

So first disable the offloading on the nics.  

First find the UUID of the virtual interfaces for the VM running PFsense, type the following in the XenServer console: 

xe vm-vif-list uuid=VMUUID

Then using each of those UUIDs

xe vif-param-set uuid=VIFUUID other-config:ethtool-tx="off"
xe vif-param-set uuid=VIFUUID other-config:ethtool-rx="off"
Next you must trick PFSense into allowing vlans on the xen nic.
This needs to be done in the PFSense webpage

Go to Diagnostic -> Edit File

Load file /etc/inc/

Add the "//hack for XenServer" to the file after the "//hack for some lagg modes", and before the "return false;":
// hack for some lagg modes missing vlanmtu, but work fine w/VLANs
if (substr($iface, 0, 4) == "lagg")
return true;

 // hack for XenServer xn interfaces
if (substr($iface, 0, 2) == "xn")
return true;

return false;

Last install XenServer tools

pkg install xe-guest-utilities

echo "xenguest_enable=\"YES\"" >> /etc/rc.conf.local
ln -s /usr/local/etc/rc.d/xenguest /usr/local/etc/rc.d/

service xenguest start

That's it!  Your done...  BUT WARNING!!! If you upgrade to a newer version that overwrites PFsense may not boot.  At this point I plan on Backing up my config and taking a snapshot each time I test an upgrade.  If the upgrade breaks things then i'll install from scratch and run the above fixes then restore my config.  Not fun, no... But until they start better supporting XenServer we don't have much of an option.


Disable nic offloading

Enable vlans

Install XenServer tools