@theskelly Traffic not assigned a queue will go into the default queue. You can go to Status/Queues and watch them to see if yours is getting into the right queue.
If it isn't working, look at open states and see if the state matches your rule. For instance to de-prioritize a certain web site, it's not a matter of matching traffic from the web site to *, it's from * to the web site, and the reply/download just matches the open state.
I found that the Comcast/Xfinity speed test site is testing about 40 Mbps downloading to our office
Finally tracked this part down, and kinda feel dumb, but speedtest.xfinity.com has a gear in the upper right to change protocols. Testing over IPv6 tunneled through Hurricane Electric is throttled to around 40. Testing over IPv4 is the expected speed.
My provider used to source RTP directly from the carrier servers (not their own) but always had their own SIP.. (has since changed)
Depending on what you have on your end.. Server or Clients.. Look to see what your clients are connecting to. If you have a local on site SIP server it will still act as a client to go out to the providers server generally.
Look at connection states to see what things are trying to connect to. Do you have DNS of their stuff? sip.frontier.com?? ect..??
Outbound everything is allowed by default. In some cases the provider does want inbound NAT (I don't usually agree with) and in some cases you will only need firewall rules to allow the traffic to the client.
This video explained it all. The other documentation was either unclear or the process was not intuitive.
For example I needed to make the firewall rule on the LAN and use the source IP. I assumed the WAN is needed to be limited to a destination address - and that didn't work. I also needed traffic limiter entries for In and Out.
It worked for the videos. 10Mbps still invoked HDR for Amazon but 6Mbps brightened the picture considerably. I will experiment with other speeds a bit later.
@kom Although I am using "multi WAN" (WAN and VPN), my applications are running on the WAN interface. There are no Gateway Groups or anything, I just have the VPN assigned as a gateway for a couple of devices (not for the server running the torrent client).
@psilospiral A shaper is better than a limiter because the low-prio stuff can use full bandwidth if the network isn't busy. You don't have to guess how much bandwidth might be needed. When other stuff starts happening, the low-prio traffic gets dropped. You can also try the fq_codel shaper as it's reportedly easy to setup. There are good YouTube videos on how to configure it from Netgate and Lawrence Systems.
Thanks for your fast answer.
But with multiple VLANs on the lagg, I cannot Set an WAN download Bandwith for shaper on LAN vlans without also limiting lan to lan traffic.
This statement is correct isn't it? LAN-to-LAN will also limited, because the egress traffic on an interface will match the shaping rules. This means LAN-to-LAN will be handled like WAN-to-LAN Traffic.
Interestingly I ran into a similar scenario today. A client with an SG-2440 and pfSense 2.4.5 upgraded cable from 75/15 to 300/30. Shaping had been configured and working fine when I started. With shaping configured and the numbers adjusted upwards, I couldn't get above 90-100 download after raising the bandwidth. I tried deleting shaping and recreating it a couple of times.
With shaping off, testing could get up to 350 down but the CPU was maxing out (it also had Suricata). With it on, downloading was around 100 Mbps but only 40% CPU.
based on this netgate forum post, I simply added the same WAN queues I was using in the Floating rule to the LAN rule for openvpn clients. I just reversed the order for the in/out pipes. I ran the waveform.com test and download speed increased 10% and 'active download latency' dropped from 129ms to 94ms. Significant improvement - I'm just not sure if this is the best solution for handling openvpn clients via traffic shaping.