In order to fully use the 1.4 gbps service from my ISP, I needed to install a 2.5gbps NIC in my pfSense system hosted in Proxmox. From my research, the Realtek RTL8125b appeared to be the only NIC that could fit my system, but a lot of people have posted online about their problems with Realtek RTL8125b running on pfSense. This guide will show you how to get the Realtek RTL8125b working smoothly with pfSense.

Proxmox Configuration

First, I had to fix my issues with the NIC dropping from Proxmox due to power management failures. Add the following to /etc/default/grub, reload grub, and then reboot Proxmox:

nano /etc/default/grub

Add the following to the end of the line for GRUB_CMDLINE_LINUX_DEFAULT so it looks similar to this:

GRUB_CMDLINE_LINUX_DEFAULT="pcie_aspm.policy=performance pcie_port_pm=off"

Update grub and then reboot Proxmox:

update-grub
reboot

Next, passthrough the NIC to the pfSense VM as a PCIE device.

Note: If for whatever reason you need Proxmox to use the r8169 kernel driver for the RTL8125b device instead of the vfio-pci kernel driver, run the following commands in the console of the pve host (replacing 0000:03:00.0 with your respective device ID):

echo 0000:03:00.0 > /sys/bus/pci/drivers/vfio-pci/unbind
echo 0000:03:00.0 > /sys/bus/pci/drivers/r8169/bind

And then check to confirm it’s using the r8169 driver:

lspci -v

pfSense Configuration

SSH into pfSense or use the console from Proxmox to access the pfSense shell.

Install the package for the Realtek driver:

pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/quarterly/All/realtek-re-kmod-197.00.pkg

Note: The above link is working for pfSense 2.6 as of the date of this post, but you might need to find a different link for a different package version.

Next, edit the file /boot/loader.conf.local:

nano /boot/loader.conf.local

Add the following lines to the file, and then save and exit the file editor:

if_re_load="YES"

if_re_name="/boot/modules/if_re.ko"

Reboot pfSense and then check to see if the if_re.ko module is loaded:

kldstat

That’s it. The only thing left to do is make sure the re_0 interface is assigned as WAN in pfSense. No additional configuration is needed. I didn’t need to disable hardware offloading in pfSense.