just want to ask how to add a 1mbit guarantee to a voice vlan on the limiter? I am a bit scared that voip does not work if someone in the network max out upload/download ... i already use QoS as best i can, but i think reserved bandwith for the vlan is maybe safer?
I found that the Comcast/Xfinity speed test site is testing about 40 Mbps downloading to our office
Finally tracked this part down, and kinda feel dumb, but speedtest.xfinity.com has a gear in the upper right to change protocols. Testing over IPv6 tunneled through Hurricane Electric is throttled to around 40. Testing over IPv4 is the expected speed.
My provider used to source RTP directly from the carrier servers (not their own) but always had their own SIP.. (has since changed)
Depending on what you have on your end.. Server or Clients.. Look to see what your clients are connecting to. If you have a local on site SIP server it will still act as a client to go out to the providers server generally.
Look at connection states to see what things are trying to connect to. Do you have DNS of their stuff? sip.frontier.com?? ect..??
Outbound everything is allowed by default. In some cases the provider does want inbound NAT (I don't usually agree with) and in some cases you will only need firewall rules to allow the traffic to the client.
This video explained it all. The other documentation was either unclear or the process was not intuitive.
For example I needed to make the firewall rule on the LAN and use the source IP. I assumed the WAN is needed to be limited to a destination address - and that didn't work. I also needed traffic limiter entries for In and Out.
It worked for the videos. 10Mbps still invoked HDR for Amazon but 6Mbps brightened the picture considerably. I will experiment with other speeds a bit later.
@emikaadeo Hi, can you show me your rules?
I have a similar setup with some traffic through the WAN and some through the load-balanced VPNs.
I would like to add traffic shaping to improve the overall internet experience in my home.
@kom Although I am using "multi WAN" (WAN and VPN), my applications are running on the WAN interface. There are no Gateway Groups or anything, I just have the VPN assigned as a gateway for a couple of devices (not for the server running the torrent client).
@psilospiral A shaper is better than a limiter because the low-prio stuff can use full bandwidth if the network isn't busy. You don't have to guess how much bandwidth might be needed. When other stuff starts happening, the low-prio traffic gets dropped. You can also try the fq_codel shaper as it's reportedly easy to setup. There are good YouTube videos on how to configure it from Netgate and Lawrence Systems.
Thanks for your fast answer.
But with multiple VLANs on the lagg, I cannot Set an WAN download Bandwith for shaper on LAN vlans without also limiting lan to lan traffic.
This statement is correct isn't it? LAN-to-LAN will also limited, because the egress traffic on an interface will match the shaping rules. This means LAN-to-LAN will be handled like WAN-to-LAN Traffic.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.