@chain:

I don't have a floating rule on the firewall just phone zone and shaper configuration that is the default setting I just adjusted it 200Kb. Do you what to see something different?

I see a rule that allows OpenVPN from the phones? Do the phones actually VPN back to the server? If so, you need to set the queues for the VPN rule since the traffic is tunneled internally.

Thanks man, that's what I've been doing, I am just hoping to get a one liner rule for this. My rule list are becoming convoluted..

Does anybody know where the root cause of the problem is?
Is it into the base FreeBSD kernel, into pfSense patches to FreeBSD kernel, into the userspace ipfw-classifyd?

Ahh.. Seems to be a text field. I wonder if it's actually internally doing string compares. If it is, shorter strings are better.

@MordyT:

All traffic to / from OPT5 - get a minimal of 1/1Mbps (because phones are important). Highest priority.
All traffic to / from OPT4 - get a maximum of 1/1Mbps (because a guest shouldn't be able to eat more). Lowest priority.
All traffic to / from OPT3 - get a minimum of 3/3Mbps (Because corp needs some speed). 2nd highest.
Rest of traffic to / from OPT2, LAN - whatever is there. 3rd highest.

I have dual WAN links, although they are for failover. The speeds are not the same (40/15Mbps and 6/768Kbps) but the rules can apply to either equally.

You say it's simple, and yet you start with wanting to guarantee 1/1 Mbps when you might have a failed-over situation where you could only have 6Mbps/768Kbps. given that 768K is less than 1M, you cannot guarantee 1M up in that situation.

I don't have multi-WAN at present. I fought with the shaper for a long time, and especially the shaper AND transparent Squid, which is a complete bust in any 2.2 version…

I gave up on transparent squid. I also gave up on anything to do with …the wizard (I'd rather have this bottle infrontofme than a frontal lobotomy) I run codelq, no settings, on WAN and LAN. Codelq should not need any settings, so I ignore the fact that the GUI brings up settings with it selected. I run the limiter. I get something more closely approximating fair sharing (with priority sensitivity) than anything I did with the shaper before.

I should have another post describing what I do with it more fully around here someplace. Here we go:
https://forum.pfsense.org/index.php?topic=99529.msg555886#msg555886

I guess that does not specifically mention "weight" which is hiding under "advanced" for each child limiter. That's how you do priority in the limiter. Help is vague but range is from 1-100 and I have made the assumption in lack of documentation that the total weight should add to 100. So I'd give your phoneQs 40, your corpQs 30 your general Qs 20 or 25 and your guestQs 10 or 5 for a total of 100.

You need to provide a lot more detail, such as:

What type of NICs do you have? (from Interfaces > assign, e.g. emX, vmxY) What type of interface is WAN (Static IP, DHCP, etc)? If WAN is static, do you have a gateway selected on Interfaces > WAN? (you should) What type of interface is LAN (Static IP)? If LAN is static, do you have a gateway selected on Interfaces > LAN? (you should not)

The shaper error is telling you that the count of interfaces you gave does not match the type and number of interfaces capable of using shaping, so like the note on the ticket said, the two most common explanations are that it either doesn't think you have enough WANs (e.g. missing gateway on WAN), or you don't have enough LANs (gateway set on LAN when it shouldn't be), or perhaps the type of NIC you have no longer supports altq.

You might want to take a look at this thread and sideout's config for LAN party use. It is made specifically for giving priority to gaming.

https://forum.pfsense.org/index.php?topic=99503.0

@Harvy66:

The numbers may be wrong, but the ratios shouldn't be far off, and that's a lot of qLink traffic relative to the other queues.

It looks off by about 100x (assuming a 4mbps down rated DSL line), so that would be about 300Kbit/s of traffic on qLink.

I agree that there shouldn't be any traffic on qLink by default (if he ran the shaper wizard) since there are no auto-generated rules to pipe into qLink.

Without knowing exactly what the rule-set are, it'd be difficult to nail this down. For all we know, he's managed to get a floating rule in to pipe SQUID or local traffic down qLink (which is what I'd do but I create my entire shaper config by hand).

You can't do that, at least not on inbound traffic if you have more than 1 internal interface.

For outbound, you can use PRIQ or CBQ and allow the weight ratio to distribute accordingly.

Maybe if you post in the Traffic Shaping forum, complete with details about your configuration and the exact way it isn't working anymore, perhaps someone could try to help you.

Unless you have multi-WAN/multi-LAN, you only need create the 2 qIMAP and qHTTP queues. Set the WAN interface (root queue) to some number under 12Mbit (a few % below whatever you real-world download throughput is). Use link-share.

Also, are you referring to download or upload?

known issue, refer to this post: https://forum.pfsense.org/index.php?topic=90486.0

Try just using CoDel or FairQ schedulers. They both should reduce bufferbloat and semi-fairly distribute bandwidth. They're dead simple to use and may be good enough. If you're trying to control download, you need to rate limit your LAN interface.

@Nullity:

If you use a standard, 2 interface LAN & WAN setup, qLink is unneeded. I think it is only useful for multi-LAN setups.

It's also useful if you run proxy caching on pfSense. Otherwise, the local cache stream would be limited by the default internet download speed setting.

@Harvy66:

So limiters are not working? I never use those.

When there is a limiter on a rule where NAT forward or reflection applies.

https://redmine.pfsense.org/issues/4326
https://redmine.pfsense.org/issues/4590

Well, my question was if that were a problem which has been ever seen and/or fixed in some newer release.

"Real" bandwidth is always given, no matter what. It ignores link share and upper limit. But any bandwidth consumed by real will still count against link share and upper for all non-real bandwidth.

example

Say qInternet is 0.5Mb, and qVoIP is 1Mb and under qInternet. qVoIP will not only get at least 1Mb, even thought qInternet is only assigned a minimum of 0.5Mb, but when qVoIP attempts to use more than 0.5Mb/s. Well.. Simple math. 0.5Mb - 0.5Mb is 0Mb and 0.5Mb - 1.0Mb is -0.5Mb. Of course you can't have negative bandwidth. This just means there will be 0 bandwidth left to distribute among the child queues under qInternet, starving them.

Yes, however at the time my entire network had stopped working, prime time and all.  First and foremost that I needed to get the link back up.  I intend to revisit this again, I have another pfsense router coming in so I will be able to do some testing.  We are a software development company and Internet is important lol.  I am going to look at the blank value when I redo this.