In the vain hope this'll help others having this issue...
Having looked at this now for some time - and run a lot of tests, the
current best solution to allow a FreeBSD domU under XenServer 6.5 to act as
a gateway, or run OpenVPN (or dhcpd etc.) and remain agile - is to switch
to VirtIO NIC's
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=154428
--- Comment #13 from Bryan Drewery ---
(In reply to Bryan Drewery from comment #11)
> I just hit this on 10.1-GENERIC on EC2. Empty pf.conf with pf enabled =
> horrible performance. Disabling pf or TSO with pf fixes it.
My exact issue with