If you use a VPS with pfSense and use it as a firewall and/or load balancer, it may then in some cases sporadically happen (after an upgrade within pfSense or, for example, after an automatic migration) that problems arise with the passing of internal traffic to one or more VPSs within the private network. This is a problem caused by the use of the virtual NICs we use (VirtIO) and the underlying physical NICs.
This can be remedied by disabling two specific options in the network configuration of pfSense itself. You do this by checking 'Disable hardware checksum offload' and 'Disable hardware TCP segmentation offload'. These options must therefore always be checked. If the latter option is enabled, for example, network traffic will still be possible, but this will be considerably slower.
If the option is undesirably disabled by an update, you can enable this option under System > Advanced and then the Networking tab. Once enabled, problems with routing should be corrected immediately.
Please note: it may be necessary to reboot your VPS if after the above modification the changes cannot be seen immediately.
More information on this can also be found in the documentation of pfSense itself: https://doc.pfsense.org/index.php/Lost_Traffic_/_Packets_Disappear
Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach us via the ‘Contact Us’ button at the bottom of this page.
If you want to discuss this article with other users, please leave a message under 'Comments'.