This weekend, I cutover my home network to OPNsense on Proxmox.

So far, it’s been… OK. I’m having some issues with state tracking on a couple of VLANs, so need to dig into some pcaps from my switch and see what’s going on there.

But one question I have is how to get the best out of my hardware, as it seems my WAN speed is a lot less than it should be.

I’m running Proxmox on a HP DL360 G6, with the pair of built-in 1Gbps NICs. One NIC is dedicated to my WAN connection, using a bridge in Proxmox, and it’s plugged in directly to my 1Gbps fibre internet.

The OPNsense VM has 4 cores, 8GB of RAM, and a 40GB volume.

Using my previous hardware router/firewall (Draytek VIgor 2865), I was easily getting some decent speeds - 500Mbps to 700Mbps+. But, I’m lucky if I can get speeds any higher than about 120Mbps right now through OPNsense.

I’ve disabled hardware checksum offload and hardware TCP segmentation in the OPNsense firewall. Then I found this post that suggested doing the same to the NIC and bridge in Proxmox as well.

I’ve even tried rate limiting the interfaces on the OPNsense VM to 1000Mbps (OPNsense says they’re 10Gbps), but nothing’s made a difference.

So, throwing out to my newfound Lemmy network: does anyone have any suggestions on what to try, or look at, next, please? Kinda worried I might have to go back to the Draytek, which would be a real shame. OPNsense has already proven to be far superior in every other way.

  • @JoCrichton
    link
    English
    31 year ago

    That seems strange I’m running a pfSense VM on proxmox with a Core i3 5010u. The VM has 2 cores and 1GB ram and I’m getting around 500 Mbit on my Gigabit cable in download. I only disabled hardware checksum on the pfSense side. What CPU exactly do you have? Also make sure to set the CPU type for the OPNsense to „host“. That helped quite a bit for me.

    • @[email protected]OP
      link
      fedilink
      English
      31 year ago

      Ah - good tip. Thanks. The guide I followed when I first tried pfSense suggested that, but the OPNsense guide I followed didn’t. I’ll switch that over when I can reboot without incurring teenager tears, and see how it goes.