Hello All, Got this working…  So the following rules which can be added by the traffic shaper gui set the queues for VOIP traffic from LAN <-> WAN. block in all tag unshaped label "SHAPER: first match rule" pass in on  $lan proto tcp from 192.168.10.0/24  to any port 5060:5080  keep state tagged unshaped tag qVOIPDown pass out on $wan proto tcp from any to any port 5060:5080 keep state tagged qVOIPDown tag qVOIPUp pass in on  $wan proto tcp from any  to 192.168.10.0/24 port 5060:5080  keep state tagged unshaped tag qVOIPUp pass out on $lan proto tcp from any to 192.168.10.0/24 port 5060:5080 keep state tagged qVOIPUp tag qVOIPDown pass in on  $wan proto udp from any  to 192.168.10.0/24 port 5060:5080  keep state tagged unshaped tag qVOIPUp pass out on $lan proto udp from any to 192.168.10.0/24 port 5060:5080 keep state tagged qVOIPUp tag qVOIPDown pass in on  $lan proto udp from 192.168.10.0/24  to any port 5060:5080  keep state tagged unshaped tag qVOIPDown pass out on $wan proto udp from any to any port 5060:5080 keep state tagged qVOIPDown tag qVOIPUp pass in on  $wan proto udp from any  to 192.168.10.0/24 port 16384:32768  keep state tagged unshaped tag qVOIPUp pass out on $lan proto udp from any to 192.168.10.0/24 port 16384:32768 keep state tagged qVOIPUp tag qVOIPDown pass in on  $lan proto udp from 192.168.10.0/24  to any port 16384:32768  keep state tagged unshaped tag qVOIPDown pass out on $wan proto udp from any to any port 16384:32768 keep state tagged qVOIPDown tag qVOIPUp Nothing special there. However, as stated previously unless additional rules are added the FreeSwitch process on the box does not have its traffic sent through the Voip queues.  The default pfSense configuration sends the traffic through the wan default queues without priority elevation. /etc/inc/filter.inc needs to be modified to add the following rules. Setup FreeSwitch Server <-> Provider Traffic Shapper pass out on $wan proto udp from 192.168.0.12 port 16384:32768 to any keep state tag qVOIPUp pass out on $wan proto udp from 192.168.0.12 port 5060:5080 to any port 5060:5080 keep state tag qVOIPUp pass out on $wan proto tcp from 192.168.0.12 port 5060:5080 to any port 5060:5080 keep state tag qVOIPUp pass in on $wan proto udp from any to 192.168.0.12 port 16384:32768 keep state tag qVOIPUp pass in on $wan proto udp from any port 5060:5080 to 192.168.0.12 port 5060:5080 keep state tag qVOIPUp pass in on $wan proto tcp from any port 5060:5080 to 192.168.0.12 port 5060:5080 keep state tag qVOIPUp Note that this takes care of box <-> wan  it does nothing about prioritizing traffic to the LAN.  In our setup traffic to the LAN was fast enough not to require queuing so we just send the traffic through the default lan queue. However, a mirror set of rules could be added to also elevate LAN <-> FreeSwitch on pfSense router. Take care. --luis

You need to run the wizzard and do not choose any thing till you get to the section on P2P And in there add a host and choose the otions Once you come out of the wizard, customize to your hearts content. The defaults are "basic" lan defaults wan defaults and ACK queues. if you set you maximum internet speed for upload and download. Setting your up and down speeds auto shapes the default queues to those values.

I just pushed a fix for that error value. You have to wait for a new snapshot to come out since its a binary file fix. Thanks for reporting.

You can perform traffic shaping without NAT.  i.e.  pfsense box has 2 interfaces (2 VLANs) but you disable NAT. Basically, you retain pfsense as a routing firewall but without NAT.  I believe what you have done is to disable the packet filter (which is what the traffic shaper is based on).

First: You must have pf 1.2.3 Final Realease - not 1.2.2! Second: Use Traffic Shaper wizard again and then delete(disable) unused rules. Don't check "Random Early Detection In and Out". Settings created by Wizard's are TRUE . Don't change their unnecessarily. That's all.

Great, will try that and post back, thanks a lot  :)

PRIQ has this limitation as part of its algorithm. I will try to teach the GUI about this so people get a reasonable message. Otherwise there is a limitation of 4096 iirc on other algorithms.

You can make a WAN rule with a destination of the LAN IP involved (NAT happens before the rules are processed) or you could put a rule on the floating tab, on lan, in the 'out' direction.

Need a pictorial representation of your setup for a more complete answer. The short of it is:  Catch your VOIP traffic by using the IP address of the Asterisk server in the rules.  Catch your OVPN traffic by using the destination port (address as well if both sides have static IPs).

Adjust your TBR size for starters.  This will prevent large downloads from hogging the line. If using Squid, look under Bandwidth management, you should be able to set it to throttle by extension or throttle per HOST.  The former will allow you to target downloads specifically without throttling webpages (the content might be affected if you don't do up the extensions properly).

Funny, I've got just the same question, after an otherwise totally smooth upgrade from 1.2.3 to 2.0-RC1.  I tried walking through the traffic shaper wizard last night, and wound up cutting my throughput in half … so I disabled the shaper until I could tailor it to my VOIP setup more accurately. I haven't gone rooting around in the 2.0 docs to see if there's a how-to.  I'm guessing there must be, somewhere.

Thanks, sounds like it's just the thing. Time to go off and have a poke around…

I tried to change the port assuming that since there isnt a rule to block it then it should work but for some reason no matter what port I try to make it, I can only connect on port 80. When I go back it shows in the webui that the new port is still in the settings but not working….. anyone have any ideas?? thanks. Update So I tried to do it and I think its working ..... I took. Had to restart to get the new http port to become active. Then ended up reinstalling squid because it was complaining about some bogus setting. So did that and now everythings running but I still dont have qOthersDownH in my queues. I have: qwanRoot   qwandef  qwanacks  qVOIPUp    qPenaltyUp  qlanRoot  qlandef    qlanacks  qVOIPDown  qPenaltyDown I used the defaults from the wizard but setup a penalty box, voip priority and thats it any ideas?