Zenarmor + Azure VM + hn1: offloads cannot be fully disabled?

[QuisaZaderak]

Hi all,

I am running OPNsense 26.1.6 on an Azure VM and I am trying to use Zenarmor.
However, the Zenarmor engine stops shortly after startup with this error:

netmap_register_if: hn1: failed to disable offloads for interface

I already disabled the usual hardware offloading options under System > Settings > Networking and also enabled interface-level hardware override on the LAN interface.
The following options are disabled:

Disable hardware checksum offload

Disable hardware TCP segmentation offload

Disable hardware large receive offload

Disable VLAN hardware filtering

I rebooted the firewall after applying the changes.
I also tested both native and emulated netmap modes in Zenarmor, but the result is the same.

The problem is that ifconfig hn1 still shows offload-related capabilities after reboot, including:

VLAN_HWCSUM, VXLAN_HWCSUM, VXLAN_HWTSO

MTU is 1500, so that does not seem to be the issue.

My question is:
Has anyone successfully run Zenarmor on OPNsense inside an Azure VM / Hyper-V hn interface and found a way to fully disable the remaining offloads so that netmap can start correctly?

I would especially like to know:

• whether there is an additional OPNsense tunable or loader/sysctl setting required for hn interfaces
• whether this is a limitation of the Azure/Hyper-V network driver
• whether anyone has a working Azure VM configuration for Zenarmor with hn interfaces

Any advice or working example would be greatly appreciated.

Thanks!

[sopex8260]

This is an azure limitation, you need azure accelerated networking. Otherwise it doesn't respect your settings...