"
I know this is necro'ing, but I wanted to share something here since this thread pulls up in searches.
It would appear I've set on the path of a determined few to try vf's with promoxmox and opnsense.
Env: Proxmox 9.1, Opnsense 25.7, Intel x540.
On the Intel x540, it also does not work. In fact, on Opnsense 25.7, freebsd will kernel panic when trying to enable promisc for carp, on a vf port.
I tried all the things: spoof off, trust on, enable promiscuous on the entire phys port- Kernel Panic.
It took me a while to dig in and see the kernel panic was in fact on freebsd taking promisc on the vf. I thought it was an opnsense problem.
Fortunately I found this thread before going through the effort to flash the firmware on the nic, as that would have wasted even more time.
The solution for me.. more ports. Got a 4 port x540 for $40 on ebay to just passthrough 2 full ports.
It is interesting to me how this whole sriov vf scene is so- undocumented? Wild west for home labs. Yet, when you know what to look for, it does seem like it is reported that sriov vf's and carp do not play nice. Despite sources saying that simply making the vf trusted should enable promisc, in fact it does not unless the nic also complies.
Chat-GPT seemed so certain it would work, and I was the problem. :D Long live chat gpt.
It would appear I've set on the path of a determined few to try vf's with promoxmox and opnsense.
Env: Proxmox 9.1, Opnsense 25.7, Intel x540.
On the Intel x540, it also does not work. In fact, on Opnsense 25.7, freebsd will kernel panic when trying to enable promisc for carp, on a vf port.
Code Select
carp_alloc_if ifpromisc failed 5I tried all the things: spoof off, trust on, enable promiscuous on the entire phys port- Kernel Panic.
It took me a while to dig in and see the kernel panic was in fact on freebsd taking promisc on the vf. I thought it was an opnsense problem.
Fortunately I found this thread before going through the effort to flash the firmware on the nic, as that would have wasted even more time.
The solution for me.. more ports. Got a 4 port x540 for $40 on ebay to just passthrough 2 full ports.
It is interesting to me how this whole sriov vf scene is so- undocumented? Wild west for home labs. Yet, when you know what to look for, it does seem like it is reported that sriov vf's and carp do not play nice. Despite sources saying that simply making the vf trusted should enable promisc, in fact it does not unless the nic also complies.
Chat-GPT seemed so certain it would work, and I was the problem. :D Long live chat gpt.
