@remlei said in Inaccessible pfsese web admin page when traffic shaping is enabled: internet speed to compensate the congestion with the bandwidth. You looking to mitigate the bufferbloat on WAN ? http://www.dslreports.com/speedtest

found this Bandwidth (root queues) The amount of bandwidth available on this interface in the outbound direction. For example, WAN-type interface root queues list upload speed. LAN-type interfaces list the sum total of all WAN interface download bandwidth. https://docs.netgate.com/pfsense/en/latest/book/trafficshaper/advanced-customization.html so set 32 Mbit on the WAN interface and 50mbit on LAN Interfaces. These settings are not limiting the max bandwith in case I would get more bandwith, just used for the algorithm priorizing the packets, right?

Thanks! That worked for the ping issue. I managed to get the traffic shaping queues to work by modifying the rules and setting the traffic to outbound and adding the codel queues to the in and out pipes and then I set the main CoDel Queue rule below the traffic shaping rules.

@daemonix you should see a difference in pfsense but i would use flent for testing just because it's easier and it utilizes download and upload at the same time.

@johnpoz Thanks. That proves your point about the missinformation out there and why it's a good thing that it's back on default. Will give an update if my issues remain after what I did before and/or if I gathered more insights. Vincent

@Gertjan Yes, the R6900 is from Netgear, and with ASUS-merlin firmware(not pfSense), but it is working great.

Jim, I installed cron and see this: /etc/rc.filter_configure_sync scheduled every 15 minutes, which you suggest in another thread is probably because of using a schedule. So I guess if you use a schedule, Queue stats are cleared every 15 minutes. Thanks, -Steve

No, I didn't make any adjustments. Everything has been working fine regardless of my drop count. It seems like it doesn't matters unless there is actual contention for bandwidth. In that case, I would assume the higher priority queues such as VOIP will "win". As you mentioned, the speed test may not be the best metric even if it appears to correlate to drops. I wish I could suggest a better test, but I really don't know how to properly test traffic shaping otherwise I would have done it to test my setup. I'm simply going by my end users phone call quality. If those drops were really impacting my setup I would have had people complaining about call quality.

Some more information on what you have done so far is needed then.

Same here. I haven't managed to figure out whats going on. My only clue is that this specific line of code in /usr/local/www/firewall_shaper_vinterface.php loads something : require_once("shaper.inc"); if you check it, you'll find that it's a humongous piece of code: [2.4.4-RELEASE][root@test]/root: wc -l /etc/inc/shaper.inc 5281 /etc/inc/shaper.inc Other than that, no clues.

Still haven't got this working. Can anyone help me out? Usenet traffic is hitting queue but not utilizing all of the available bandwidth.

Some further explanation, for what it's worth. We have an OpenBSD 5.5 firewall in production that I would like to replace with pfSense. It connects a number of wireless clients to the internet. The existing firewall has been configured to shape traffic for each of the existing customers, however we now do the shaping on the customer premise, so we no longer need or wish to have any shaping rule on the firewall for individual customers. The exception to this is customer A. Customer A has a wired connection to a backhaul radio, so we have no ability to shape their traffic on customer premise, and need to continue to do it in the firewall. Additionally, we need to shape all customer traffic to 290 mbps collectively, and VoIP traffic (also from the customers) to 10 mbps. It's easy enough to create three limiters of 290, 100 and 10 mbit and apply these to 1:non-voip, 2:customer A, and 3:voip traffic respectively, but this doesn't prevent the scenario where customer A is using 100 mbps and the other customers use up to 290 mbps concurrently, for a total of 390 mbps of non-voip traffic. I need to be able to limit customer A to 100 mbps and all customers to 290 mbps in total at the same time. Here is the existing code from the pf.conf file in production that I'm trying to port from OpenBSD. queue rootq on { em0, em1 } bandwidth 300M max 300M queue VoIP parent rootq bandwidth 10M max 10M queue wispq parent rootq bandwidth 290M max 290M queue deflt parent wispq bandwidth 100M max 100M default queue customer_A parent wispq bandwidth 100M min 50M max 100M queue customer_B parent wispq bandwidth 30M min 20M max 35M burst 40M for 500ms queue customer_C parent wispq bandwidth 30M min 20M max 35M burst 40M for 500ms As previously mentioned, I'm not trying to implement individual limits for customers B through Z in pfSense; it's the first 5 lines here that really matter. I included a couple more lines to illustrate the fact that all customers still need to fall under the 290 mbit parent queue or limiter. Any recommendations on good/better/best ways to do this in pfSense are appreciated.

Actually what happens is that I have packed drops/high latency when transfers over VPN are getting very slow, not fast. Then VPN server can easily reach half of the speed of my download DSL link (i.e 300Mbit/2=150Mbit) and then everything is OK. There are no issues when VPN is not used at all either. Problem is when the remote end behind VPN (=torrent sources) isn't that fast and download speed drops to say 10Mbit. Then torrent transfers are causing high latency/high packet drop on my link. This is very similar case to this one (unresolved issue): https://forum.netgate.com/topic/125639/lots-of-packet-loss-and-high-ping-when-torrenting-through-pia-vpn But it's not PIA VPN that I'm using (it's NordVPN). What is surprising to me that, as said before, I had no such issues when Asus RT-AC68U was my router.