To the OP… just curious did you ever have success on this? I'm also a former Tomato user....

@autotalon:

You'd probably want to find out the DNS names of Google/Youtube, and specify an alias with those as a source to set the gateway for that traffic.  Have those rules first on your LAN interface and they will get directed out the proper WAN connection.

Thank sideout and autotalon very much, this design has not been done. Because a lot of games use Port 80/443 to launch from before connecting on the gaming ports. I am intending to buy a pfsense router to find the difference between a pfsense router and a computer using pfsense software.

I do have VLAN's running over the LACP and they do show up, just not the non-VLAN.

There are some packages on pfSense 2.4.0 that do not work with traffic shaping. I forget what they are?

I just ended up using dummynet and fq_codel which is LACP agnostic and it is working well!

Your floating rules should be for WAN, and leave the Source as *****.

Sorry for the late update. Thanks JIM I did as you instructed and it now works great

Yes.  The LAN is set to interface speed with qInternet set to 95% of link speed and WAN set to 95% of upstream.  I have noticed it is partly a software issue, but I still think there is room for this to be improved.

Ok… suggestions on what I should be setting there? Lets say that I want to set a limit of 5 Mbps down and 2 Mbps up for device with IP of 192.168.1.2.  I've created the limiter with the bandwidth parameters set.... now in the firewall rule, it requires me to set both a Source and Destination as well as specifying the In/Out pipes in the Advanced section of the rule. I (wrongly?) assumed that since I was setting both the In and Out pipes, that I would have to specify 192.168.1.2 as both source and destination?

EDIT:::  So it appears that setting the device in question (ex. 192.168.1.2) as the Source, and set Destination to "any" does the trick!

Thanks to w0w for pointing out my error!

very fine.
I have been regularly upgrading with the Betas.
I will try to do some testing to see how it is working.
I thought today I had a failure while on the phone and doing some large net traffic so I'm wondering….

thanks
oldunixguy

The local wasn't really my concern, as much as I need the users to have the ability to change their passwords, and I was being lazy, not wanting to recode a new portal page.

@optix:

Is it possible bcs the SW is a little stupid when i change manualy speed  interface in pfsense  dosent work or problem to be from the cable?
Bcs when i change WAN interface speed to 1 Gps it shows red x.

Your first suspect should be the cables.  The switch you're using is a gigabit switch, you should be getting gigabit at least on the LAN.  WAN is a different story, the hardware provided by your ISP may only handle 100 Mbps, depending on the speed you're paying for.

Especially suspect the cables if forcing gigabit mode on the LAN interface causes it to disconnect as you're seeing.

If the cables are good, then you might have an issue with the gigabit cards you installed in the box.  (The BSD driver might not want them to go into gigabit mode).  Unlikely this is the problem, but not impossible.

AFAIK, there is no simple solution with FreeBSD/pfSense. I think it's possible with a Captive Portal or possibly custom scripting.

I am pretty sure Linux has the capability but I couldn't find the feature with a quick Google search.

Do you mean enable traffic shaping on the Wan of the Client side(main office)? Or the Off-Site(server) side? I have traffic shaping enabled on the wan of the Server Side and that is definitely capping the bandwidth, but it seems to be super inefficient. :/ I'm getting 20mbps worth of traffic on the wan and only about 10mpbs actually going through the tunnel.

Has anyone tried the gpo way?

By "gpo way" I mean tweaking Windows Delivery Optimization settings, as mentioned here(https://forums.whirlpool.net.au/forum-replies.cfm?t=2530363&p=9#r180), and here (https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization) (the latest, a more in-depth and "official" explanation)

Maybe this is an off-topic comment, but maybe it can shed light into another direction (the right one?) regarding a feature that doesn't seem to be well understood by the majority (me included) and, at the same time, is causing undeniable issues for many (again, me included).

I'm really not sure if I should try to address this aggressive Windows update mode in pfSense or try to shape it in Windows itself by tweaking its settings via gpo.

I am not familiar with CBQ, but they way you are using is almost exactly the way I use HFSC. I wonder if you could just set it to HFSC and not change any of your settings. Hopefully someone with more experience/knowledge can chime in.