Und wenn das auch nicht geht, dann geht das 🙂
ps aux | grep "/usr/bin/kvm -id VMID" kill -9 PIDProxmox - pfSense einrichten
-
Da ich mit dem Gedanken spielen, alles was hier an Servern läuft aufzulösen und es auf dem Proxmox laufen zu lassen, fangen wir heute Nachmittag mal an
Netzwerk Anfang
Der Internetanschluss fängt mit einer Fritzbox 6490 an (meine ). Da ich denen nicht besonders traue, kommt danach meine Firewall. Lange Zeit habe ich IPFire eingesetzt, seit dem ich mal IPv6 testen wollte, bin ich auf pfSense gewechselt. Somit muss das mal als erstes auf die Kiste
Installation Hardware
Für die Installation einer pfSense auf dem Proxmox braucht man zwei zusätzliche Netzwerkkarten. Schublade auf, da liegen noch welche rum. Müssten von meinen ersten Versuchen mit IPFire über sein Ab damit in den Proxmox.
Damit haben wir jetzt zwei zusätzliche Netzwerkkarten im Proxmox. Nach Anleitung vorgegangen und hier ist das Ergebnis.
Danach muss noch neugestartet werden!
Installation pfSense
Ok, ich erspare mir das Abtippen der sehr guten Anleitung.
Hier nur ein paar Bilder!
Oh, ein Fehler. Da habe ich doch versehentlich das Image auf dem falschen Laufwerk installiert (NFS). Schnell mal verschieben.
Gut das ist erledigt.
Netzwerk Plan
Testlauf
Dann wollen wir das mal ein paar Tage beobachten. Und das hier unbedingt machen, davor hatte ich eine grottenschlechte Verbindung.
To disable hardware checksum offload, navigate under System > Advanced and select Networking tab. Under Networking Interfaces section check the Disable hardware checksum offload and click save. Reboot will be required after this step.
Zum Schluß, erst mal aufräumen
-
Schade, der Netzwerkdurchsatz ist nicht optimal
AtomicPI
Notebook
root@thinkpad:/home/frank# iperf3 -R -c 136.243.102.106 Connecting to host 136.243.102.106, port 5201 Reverse mode, remote host 136.243.102.106 is sending [ 5] local 192.168.3.108 port 43354 connected to 136.243.102.106 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 2.05 MBytes 17.2 Mbits/sec [ 5] 1.00-2.00 sec 10.1 MBytes 84.8 Mbits/sec [ 5] 2.00-3.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 3.00-4.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 4.00-5.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 5.00-6.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 6.00-7.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 7.00-8.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 8.00-9.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 9.00-10.00 sec 12.4 MBytes 104 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 114 MBytes 95.3 Mbits/sec 3 sender [ 5] 0.00-10.00 sec 112 MBytes 93.7 Mbits/sec receiver iperf Done. root@thinkpad:/home/frank# iperf3 -c 136.243.102.106 Connecting to host 136.243.102.106, port 5201 [ 5] local 192.168.3.108 port 43358 connected to 136.243.102.106 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 759 KBytes 6.22 Mbits/sec 22 42.6 KBytes [ 5] 1.00-2.00 sec 632 KBytes 5.18 Mbits/sec 0 50.9 KBytes [ 5] 2.00-3.00 sec 632 KBytes 5.18 Mbits/sec 2 46.8 KBytes [ 5] 3.00-4.00 sec 506 KBytes 4.14 Mbits/sec 1 37.1 KBytes [ 5] 4.00-5.00 sec 632 KBytes 5.18 Mbits/sec 0 46.8 KBytes [ 5] 5.00-6.00 sec 632 KBytes 5.18 Mbits/sec 4 41.2 KBytes [ 5] 6.00-7.00 sec 506 KBytes 4.14 Mbits/sec 0 49.5 KBytes [ 5] 7.00-8.00 sec 632 KBytes 5.18 Mbits/sec 2 42.6 KBytes [ 5] 8.00-9.00 sec 632 KBytes 5.18 Mbits/sec 2 34.4 KBytes [ 5] 9.00-10.00 sec 506 KBytes 4.14 Mbits/sec 0 46.8 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 5.93 MBytes 4.97 Mbits/sec 33 sender [ 5] 0.00-10.00 sec 5.80 MBytes 4.87 Mbits/sec receiver iperf Done. root@thinkpad:/home/frank#
Serverseite
----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from 37.201.194.117, port 58628 [ 5] local 136.243.102.106 port 5201 connected to 37.201.194.117 port 58635 [ ID] Interval Transfer Bandwidth Retr Cwnd [ 5] 0.00-1.00 sec 2.07 MBytes 17.4 Mbits/sec 0 110 KBytes [ 5] 1.00-2.00 sec 10.7 MBytes 89.8 Mbits/sec 0 606 KBytes [ 5] 2.00-3.00 sec 12.9 MBytes 108 Mbits/sec 2 708 KBytes [ 5] 3.00-4.00 sec 12.4 MBytes 104 Mbits/sec 0 822 KBytes [ 5] 4.00-5.00 sec 13.0 MBytes 109 Mbits/sec 1 634 KBytes [ 5] 5.00-6.00 sec 11.8 MBytes 99.2 Mbits/sec 0 683 KBytes [ 5] 6.00-7.00 sec 12.4 MBytes 104 Mbits/sec 0 716 KBytes [ 5] 7.00-8.00 sec 12.5 MBytes 105 Mbits/sec 0 736 KBytes [ 5] 8.00-9.00 sec 12.5 MBytes 104 Mbits/sec 0 745 KBytes [ 5] 9.00-10.00 sec 12.5 MBytes 105 Mbits/sec 0 748 KBytes [ 5] 10.00-10.04 sec 740 KBytes 152 Mbits/sec 0 748 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr [ 5] 0.00-10.04 sec 114 MBytes 94.9 Mbits/sec 3 sender [ 5] 0.00-10.04 sec 0.00 Bytes 0.00 bits/sec receiver ----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from 37.201.194.117, port 58677 [ 5] local 136.243.102.106 port 5201 connected to 37.201.194.117 port 58628 [ ID] Interval Transfer Bandwidth [ 5] 0.00-1.00 sec 576 KBytes 4.72 Mbits/sec [ 5] 1.00-2.00 sec 593 KBytes 4.85 Mbits/sec [ 5] 2.00-3.00 sec 595 KBytes 4.88 Mbits/sec [ 5] 3.00-4.00 sec 593 KBytes 4.85 Mbits/sec [ 5] 4.00-5.00 sec 593 KBytes 4.85 Mbits/sec [ 5] 5.00-6.00 sec 591 KBytes 4.84 Mbits/sec [ 5] 6.00-7.00 sec 594 KBytes 4.87 Mbits/sec [ 5] 7.00-8.00 sec 591 KBytes 4.84 Mbits/sec [ 5] 8.00-9.00 sec 547 KBytes 4.48 Mbits/sec [ 5] 9.00-10.00 sec 639 KBytes 5.24 Mbits/sec [ 5] 10.00-10.05 sec 30.2 KBytes 4.74 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 5] 0.00-10.05 sec 0.00 Bytes 0.00 bits/sec sender [ 5] 0.00-10.05 sec 5.80 MBytes 4.84 Mbits/sec receiver
Das entspricht dem, was mein Anbieter so verspricht
Proxmox
Vom Hauptrechner aus
frank@debian:~$ iperf3 -R -c 136.243.102.106 Connecting to host 136.243.102.106, port 5201 Reverse mode, remote host 136.243.102.106 is sending [ 5] local 192.168.3.213 port 42098 connected to 136.243.102.106 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 1.92 MBytes 16.1 Mbits/sec [ 5] 1.00-2.00 sec 10.0 MBytes 84.2 Mbits/sec [ 5] 2.00-3.00 sec 11.9 MBytes 99.7 Mbits/sec [ 5] 3.00-4.00 sec 10.1 MBytes 84.4 Mbits/sec [ 5] 4.00-5.00 sec 7.25 MBytes 60.8 Mbits/sec [ 5] 5.00-6.00 sec 8.32 MBytes 69.8 Mbits/sec [ 5] 6.00-7.00 sec 7.27 MBytes 61.0 Mbits/sec [ 5] 7.00-8.00 sec 7.06 MBytes 59.2 Mbits/sec [ 5] 8.00-9.00 sec 6.57 MBytes 55.1 Mbits/sec [ 5] 9.00-10.00 sec 6.08 MBytes 51.0 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 77.5 MBytes 65.0 Mbits/sec 214 sender [ 5] 0.00-10.00 sec 76.5 MBytes 64.1 Mbits/sec receiver iperf Done. frank@debian:~$ iperf3 -c 136.243.102.106 Connecting to host 136.243.102.106, port 5201 [ 5] local 192.168.3.213 port 42102 connected to 136.243.102.106 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 729 KBytes 5.97 Mbits/sec 0 42.6 KBytes [ 5] 1.00-2.00 sec 575 KBytes 4.71 Mbits/sec 3 45.4 KBytes [ 5] 2.00-3.00 sec 637 KBytes 5.22 Mbits/sec 1 39.9 KBytes [ 5] 3.00-4.00 sec 524 KBytes 4.29 Mbits/sec 0 49.5 KBytes [ 5] 4.00-5.00 sec 634 KBytes 5.19 Mbits/sec 1 45.4 KBytes [ 5] 5.00-6.00 sec 553 KBytes 4.53 Mbits/sec 1 34.4 KBytes [ 5] 6.00-7.00 sec 628 KBytes 5.15 Mbits/sec 0 46.8 KBytes [ 5] 7.00-8.00 sec 623 KBytes 5.10 Mbits/sec 2 38.5 KBytes [ 5] 8.00-9.00 sec 593 KBytes 4.86 Mbits/sec 0 48.1 KBytes [ 5] 9.00-10.00 sec 544 KBytes 4.46 Mbits/sec 2 41.2 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 5.90 MBytes 4.95 Mbits/sec 10 sender [ 5] 0.00-10.00 sec 5.81 MBytes 4.88 Mbits/sec receiver iperf Done.
Server
----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from 37.201.194.117, port 58679 [ 5] local 136.243.102.106 port 5201 connected to 37.201.194.117 port 58714 [ ID] Interval Transfer Bandwidth Retr Cwnd [ 5] 0.00-1.00 sec 1.95 MBytes 16.4 Mbits/sec 0 104 KBytes [ 5] 1.00-2.00 sec 10.4 MBytes 87.5 Mbits/sec 0 604 KBytes [ 5] 2.00-3.00 sec 12.0 MBytes 101 Mbits/sec 92 308 KBytes [ 5] 3.00-4.00 sec 10.2 MBytes 85.6 Mbits/sec 2 242 KBytes [ 5] 4.00-5.00 sec 7.43 MBytes 62.3 Mbits/sec 43 195 KBytes [ 5] 5.00-6.00 sec 8.18 MBytes 68.6 Mbits/sec 0 224 KBytes [ 5] 6.00-7.00 sec 7.37 MBytes 61.8 Mbits/sec 25 188 KBytes [ 5] 7.00-8.00 sec 6.92 MBytes 58.0 Mbits/sec 33 150 KBytes [ 5] 8.00-9.00 sec 6.83 MBytes 57.3 Mbits/sec 0 179 KBytes [ 5] 9.00-10.00 sec 6.12 MBytes 51.3 Mbits/sec 19 151 KBytes [ 5] 10.00-10.04 sec 0.00 Bytes 0.00 bits/sec 0 153 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr [ 5] 0.00-10.04 sec 77.5 MBytes 64.8 Mbits/sec 214 sender [ 5] 0.00-10.04 sec 0.00 Bytes 0.00 bits/sec receiver ----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from 37.201.194.117, port 58660 [ 5] local 136.243.102.106 port 5201 connected to 37.201.194.117 port 58717 [ ID] Interval Transfer Bandwidth [ 5] 0.00-1.00 sec 576 KBytes 4.72 Mbits/sec [ 5] 1.00-2.00 sec 594 KBytes 4.87 Mbits/sec [ 5] 2.00-3.00 sec 595 KBytes 4.88 Mbits/sec [ 5] 3.00-4.00 sec 591 KBytes 4.84 Mbits/sec [ 5] 4.00-5.00 sec 594 KBytes 4.87 Mbits/sec [ 5] 5.00-6.00 sec 590 KBytes 4.83 Mbits/sec [ 5] 6.00-7.00 sec 594 KBytes 4.87 Mbits/sec [ 5] 7.00-8.00 sec 594 KBytes 4.87 Mbits/sec [ 5] 8.00-9.00 sec 591 KBytes 4.84 Mbits/sec [ 5] 9.00-10.00 sec 593 KBytes 4.85 Mbits/sec [ 5] 10.00-10.07 sec 39.9 KBytes 4.87 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 5] 0.00-10.07 sec 0.00 Bytes 0.00 bits/sec sender [ 5] 0.00-10.07 sec 5.81 MBytes 4.84 Mbits/sec receiver ----------------------------------------------------------- Server listening on 5201 -----------------------------------------------------------
Nicht optimal
Proxmox
18:00.0 Ethernet controller: Intel Corporation 82541PI Gigabit Ethernet Controller (rev 05) 18:01.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8169 PCI Gigabit Ethernet Controller (rev 10) 19:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)
-
Ok, das mit den uralten Karten, die hier rumlagen, war dann doch nicht so eine tolle Idee. Mit beiden Karten bekomme ich keine vernünftigen Geschwindigkeiten hin.
Heute kam noch eine Realtek-Karte, die war eigentlich für Orange gedacht, aber jetzt musste sie erst mal für die Fehlersuche herhalten. Aktuell läuft die Realtek als WAN und ein USB-C to LAN-Adapter als LAN mit ordentlicher Leistung.
frank@debian:~$ iperf3 -R -c 136.243.102.106 Connecting to host 136.243.102.106, port 5201 Reverse mode, remote host 136.243.102.106 is sending [ 5] local 192.168.3.213 port 57392 connected to 136.243.102.106 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 1.91 MBytes 16.1 Mbits/sec [ 5] 1.00-2.00 sec 9.08 MBytes 76.2 Mbits/sec [ 5] 2.00-3.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 3.00-4.00 sec 12.5 MBytes 105 Mbits/sec [ 5] 4.00-5.00 sec 12.5 MBytes 104 Mbits/sec [ 5] 5.00-6.00 sec 12.5 MBytes 105 Mbits/sec [ 5] 6.00-7.00 sec 12.5 MBytes 104 Mbits/sec [ 5] 7.00-8.00 sec 12.5 MBytes 104 Mbits/sec [ 5] 8.00-9.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 9.00-10.00 sec 12.5 MBytes 104 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 112 MBytes 94.2 Mbits/sec 2 sender [ 5] 0.00-10.00 sec 111 MBytes 92.8 Mbits/sec receiver iperf Done.
Da muss ich noch mal über Netzwerkkarten nachdenken, da muss was vernünftiges her. Im Moment zum Testen reicht es erst mal
-
Gut, nachdem heute eine Netzwerkkarte mit zwei LAN.Schnittstellen gekommen ist baue ich das mal so um, wie ich es gerne hätte.
Proxmox
So sieht das jetzt im Proxmox aus.
pfSense
Und so in der pfSense
Tests
LAN
frank@debian:~$ iperf3 -R -c 136.243.102.106 Connecting to host 136.243.102.106, port 5201 Reverse mode, remote host 136.243.102.106 is sending [ 5] local 192.168.3.213 port 51848 connected to 136.243.102.106 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 11.8 MBytes 98.8 Mbits/sec [ 5] 1.00-2.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 2.00-3.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 3.00-4.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 4.00-5.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 5.00-6.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 6.00-7.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 7.00-8.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 8.00-9.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 9.00-10.00 sec 12.4 MBytes 104 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 125 MBytes 105 Mbits/sec 2 sender [ 5] 0.00-10.00 sec 124 MBytes 104 Mbits/sec receiver iperf Done.
DMZ
root@thinkpad:/home/frank# iperf3 -R -c 136.243.102.106 Connecting to host 136.243.102.106, port 5201 Reverse mode, remote host 136.243.102.106 is sending [ 5] local 192.168.5.2 port 52736 connected to 136.243.102.106 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 4.49 MBytes 37.7 Mbits/sec [ 5] 1.00-2.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 2.00-3.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 3.00-4.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 4.00-5.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 5.00-6.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 6.00-7.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 7.00-8.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 8.00-9.00 sec 12.4 MBytes 104 Mbits/sec [ 5] 9.00-10.00 sec 12.4 MBytes 104 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 118 MBytes 99.0 Mbits/sec 2 sender [ 5] 0.00-10.00 sec 116 MBytes 97.6 Mbits/sec receiver iperf Done.
Meine Rules rein gemacht und meine virtualisierte pfSense auf der Proxmox ist einsatzbereit Bei der ganzen Testerei konnte ich auch die Backups gut testen. Wenn dann mal nichts mehr ging ein Klick aufs Backup, danach lief sie wieder.
Damit ist das Thema hier durch. So als kleines Fazit, achtet auf die Netzwerkkarten. Da muss was aktuelles und leistungsfähiges rein. Sonst macht die Kiste hinterher zu Hause einfach keinen Spaß! Und darum geht es ja, es soll Spaß machen
-
Als kleine Ergänzung. Von einer VM aus zum Hauptrechner.
frank@debian:~$ iperf3 -R -c 192.168.3.8 Connecting to host 192.168.3.8, port 5201 Reverse mode, remote host 192.168.3.8 is sending [ 5] local 192.168.3.213 port 42102 connected to 192.168.3.8 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 112 MBytes 943 Mbits/sec [ 5] 1.00-2.00 sec 112 MBytes 941 Mbits/sec [ 5] 2.00-3.00 sec 112 MBytes 941 Mbits/sec [ 5] 3.00-4.00 sec 112 MBytes 941 Mbits/sec [ 5] 4.00-5.00 sec 112 MBytes 941 Mbits/sec [ 5] 5.00-6.00 sec 112 MBytes 941 Mbits/sec [ 5] 6.00-7.00 sec 112 MBytes 941 Mbits/sec [ 5] 7.00-8.00 sec 112 MBytes 941 Mbits/sec [ 5] 8.00-9.00 sec 112 MBytes 941 Mbits/sec [ 5] 9.00-10.00 sec 112 MBytes 941 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.04 sec 1.10 GBytes 940 Mbits/sec 10 sender [ 5] 0.00-10.00 sec 1.10 GBytes 941 Mbits/sec receiver iperf Done. frank@debian:~$ iperf3 -c 192.168.3.8 Connecting to host 192.168.3.8, port 5201 [ 5] local 192.168.3.213 port 42106 connected to 192.168.3.8 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 114 MBytes 953 Mbits/sec 0 281 KBytes [ 5] 1.00-2.00 sec 112 MBytes 940 Mbits/sec 0 293 KBytes [ 5] 2.00-3.00 sec 112 MBytes 944 Mbits/sec 0 293 KBytes [ 5] 3.00-4.00 sec 112 MBytes 938 Mbits/sec 0 293 KBytes [ 5] 4.00-5.00 sec 113 MBytes 945 Mbits/sec 0 293 KBytes [ 5] 5.00-6.00 sec 112 MBytes 939 Mbits/sec 0 293 KBytes [ 5] 6.00-7.00 sec 112 MBytes 944 Mbits/sec 0 305 KBytes [ 5] 7.00-8.00 sec 112 MBytes 939 Mbits/sec 0 305 KBytes [ 5] 8.00-9.00 sec 113 MBytes 945 Mbits/sec 0 305 KBytes [ 5] 9.00-10.00 sec 113 MBytes 947 Mbits/sec 0 438 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 1.10 GBytes 943 Mbits/sec 0 sender [ 5] 0.00-10.04 sec 1.10 GBytes 938 Mbits/sec receiver iperf Done.
-
-
-
-
-
-
-
-
Proxmox - TOTP
Verschoben Proxmox -
Proxmox - VE 6.0-4
Verschoben Proxmox