Just create 2 queues that are childs of either qWANroot/qLANroot and setup only their realtime m2 parameter to 50%(literally).

Its not that simple lot of changes were required in the core of pfSense to accomodate the new traffic shaper.
So the answer is no, it is not just a matter of copy paste on the gui but also no changes are needed to the core altq support in pf.

I'm not really familiar with custom traffic shaping rules, but your first rule shows:
source: LAN-net, source-port:28960
destionation: any, destination-port: any

This will never happen, because the source port is something random.

I suppose this rule should look like:
source: LAN-net, source-port: any
destionation: any, destination-port: 28960

I've experienced some shoddy network experiences when running VMWare and pfSense…

Packet drops here and there, flaky speeds, MTU issues...

It's not pfSense's fault though. It's not the best idea to run a firewall inside a VM due to security holes (your firewall is supposed to be your overall network protection, currently your system is reling on the security of VMWare's virtual NICs...)

Hope that makes sense cheers

1.2 cannot really shape ipsec, search for in the bounty section and you will find a solution or wait for 1.3

Regards
heiko

@bertw:

@datafirm

So from what I understand your PBX is on the WAN side of the pfsense, no IPsec. I would suggest not filtering on ports but on PBX IP. Try changing the rules like this:

WAN->LAN  *   <ip of="" pbx="">*                   qVOIPDown/qVOIPUp    VOIP Adapter         
   
LAN->WAN  *   *                  <ip of="" pbx="">qVOIPUp/qVOIPDown    VOIP Adapter

Regards,
Bert</ip></ip>

Thanks for the suggestion, but that is what I am currently doing.  We are filtering all the VoIP phones and the asterisk box, all of which are on the LAN side connected through pfSense.

We still do not get much if any traffic through qVOIPDown.

@YeOldeStonecat:

Try the "BandwidthD" plugin.

"BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded."

Wow! That's it! I forgot about packages… Though I installed nmap package before... :)

Thank you so much, sir! :) Would you like to point me, when I can see results of bandwidthd package job? I surfed through almost all menus and submenus and didn't find such a graphs (or I saw them but didn't understand this is bandwidthd's graphs... :)

Sure, there's several ways to make it work.
You could also just use the standard:
UDP * * 5060
UDP * * 10000-20000
In fact after running the shaper wizard, check queue status while making a call and it should already work pretty well for you.
I would tweak queue bandwidth and and RED to the VoIP queues but that's about it.

with QoS you will ALWAYS need to drop your overall bandwidth to 20 % less than the actual WAN connection up/down speeds from your ISP.

Otherwise the ACK packets on your upload get jammed in a queue at the ISP equipment killing your attempts to do QoS.

Yes it sounds like a waste of bandwidth but its a small price to pay for better traffic management.

You have to use upperlimit parameter to setup the hard upperlimit as you are requesting. Search the forum for explanations of how HFSC works.

I have had success with this by creating an IP group with my subnet.  Then I got in and out traffic.

besides the security aspect ..you can also improve your VoIP by using traffic shaping i.e. prioritizing VoIP packets and/or making sure it always have available bandwidth

if you do decide to place your VoIP device (ATA, etc.) behind the pfsense router, make sure you search and read the forum/wiki about NATing and random ports - you'll need to disable this feature or you will get one-way audio issues

Great thats what i thought too. i am not lookin to do a "in tunnel" shape, just the overall tunnel to get a throttle on how much of the pipe it can use. right now it is hogging all of my upload. it is cool to see but a real pain in the rear.  Thanks Guys!

Hey guys, how are you??

I need to make a little upgrade in this configuration (pfsense node) and want your opinion:

I need to add a 3rd network card and create a static route to a new network, that is in another internet link I have purchased, and I think it should be done on NAT pfsense; so I would add a 3rd NIC on my NAT pfsense and configure a static route (200.123.x.x go to 3rd NIC) and my question is that, as this config is not being done on my shaper pfsense (this is another box running only shaper), so I think I would not have problems with traffic shaper; is it right??

thanks a lot

srs

After long time I decided to test Pfsense some more.

It seems that all the traffic from LAN -> Pfsense box go automaticly to the Default queue. This includes Shell and Webgui traffic. Why my webgui has been slowing down is that I had put the Default queue rule on a low priority queue. Have not managed to find out any way to shape this traffic and apparently it is not even possible.