Okay, I've looked at this again. Interestingly, while my circuit speed is "rated" at 50 Mbps, I found that I was getting more than that. I raised the limits in the wizard to 60 Mbps, and that seemed to help. But my upload speed used to be 58-59 Mbps, but with traffic shaping, it's down to 52 Mbps. That's a 10% hit. What sort of hit should I expect here? I was under the impression that PRIQ shaping would not affect circuit speed at all, but may not guarantee minimum bandwidth for services if there's a lot of demand. I could live with that, but that's not what I'm seeing. Are my expectations unrealistic? Below is the shaper config (the altq sections of /tmp/rules.debug): set loginterface igb1 set skip on pfsync0 scrub on $WAN all    fragment reassemble scrub on $LAN all    fragment reassemble altq on igb0 priq bandwidth 60Mb queue {  qACK,  qDefault,  qP2P,  qOthersHigh,  qOthersLow  } queue qACK on igb0 priority 6 priq (  ecn  ) queue qDefault on igb0 priority 3 priq (  ecn  , default  ) queue qP2P on igb0 priority 1 priq (  ecn  ) queue qOthersHigh on igb0 priority 4 priq (  ecn  ) queue qOthersLow on igb0 priority 2 priq (  ecn  ) altq on igb1 priq bandwidth 62914.56Kb queue {  qLink,  qACK,  qP2P,  qOthersHigh,  qOthersLow  } queue qLink on igb1 priority 2 qlimit 500 priq (  ecn  , default  ) queue qACK on igb1 priority 6 priq (  ecn  ) queue qP2P on igb1 priority 1 priq (  ecn  ) queue qOthersHigh on igb1 priority 4 priq (  ecn  ) queue qOthersLow on igb1 priority 3 priq (  ecn  ) no nat proto carp no rdr proto carp nat-anchor "natearly/*" nat-anchor "natrules/*"

I fixed the issue. The number of slots in the bucket needed to be updated. I set it to 250 and it can handle the full stream at 180M/bit without issue. Thank you :)

Thanks for the help, it seems to be working alot more smoothly.

Here's some more RRUL & DSLReports output using fq_codel without the VPN variable. The DSLReports output and the last two pictures are over wifi, an old crappy Intel 6205 Advanced-N card. I had to limit the dummynet down to 40Mbps to get fq_codel to capture this slow card. I made an alias for all of my slow wifi devices and made a firewall rule to pass their traffic with the Slower dummynet pipe. I am very pleased with the wifi performance, RRUL tests without fq_codel were averaging in the 3-5000ms range, often spiking into the 8000ms range and sometimes more. I tried adjusting txqueuelen and setting SFQ instead of pfifo_fast on the AP (Ubiquiti AP AC Pro) but it didn't improve performance much. Simply setting fq_codel to handle it on pfSense dramatically improved wifi. [image: 21450944.png] [image: wired1.png] [image: wired1.png_thumb] [image: wired2.png] [image: wired2.png_thumb]    

To the OP… just curious did you ever have success on this? I'm also a former Tomato user....

@autotalon: You'd probably want to find out the DNS names of Google/Youtube, and specify an alias with those as a source to set the gateway for that traffic.  Have those rules first on your LAN interface and they will get directed out the proper WAN connection. Thank sideout and autotalon very much, this design has not been done. Because a lot of games use Port 80/443 to launch from before connecting on the gaming ports. I am intending to buy a pfsense router to find the difference between a pfsense router and a computer using pfsense software.

I do have VLAN's running over the LACP and they do show up, just not the non-VLAN. There are some packages on pfSense 2.4.0 that do not work with traffic shaping. I forget what they are? I just ended up using dummynet and fq_codel which is LACP agnostic and it is working well!

Your floating rules should be for WAN, and leave the Source as *****.

Sorry for the late update. Thanks JIM I did as you instructed and it now works great

Yes.  The LAN is set to interface speed with qInternet set to 95% of link speed and WAN set to 95% of upstream.  I have noticed it is partly a software issue, but I still think there is room for this to be improved.

Ok… suggestions on what I should be setting there? Lets say that I want to set a limit of 5 Mbps down and 2 Mbps up for device with IP of 192.168.1.2.  I've created the limiter with the bandwidth parameters set.... now in the firewall rule, it requires me to set both a Source and Destination as well as specifying the In/Out pipes in the Advanced section of the rule. I (wrongly?) assumed that since I was setting both the In and Out pipes, that I would have to specify 192.168.1.2 as both source and destination? EDIT:::  So it appears that setting the device in question (ex. 192.168.1.2) as the Source, and set Destination to "any" does the trick! Thanks to w0w for pointing out my error!

very fine. I have been regularly upgrading with the Betas. I will try to do some testing to see how it is working. I thought today I had a failure while on the phone and doing some large net traffic so I'm wondering…. thanks oldunixguy

The local wasn't really my concern, as much as I need the users to have the ability to change their passwords, and I was being lazy, not wanting to recode a new portal page.

@optix: Is it possible bcs the SW is a little stupid when i change manualy speed  interface in pfsense  dosent work or problem to be from the cable? Bcs when i change WAN interface speed to 1 Gps it shows red x. Your first suspect should be the cables.  The switch you're using is a gigabit switch, you should be getting gigabit at least on the LAN.  WAN is a different story, the hardware provided by your ISP may only handle 100 Mbps, depending on the speed you're paying for. Especially suspect the cables if forcing gigabit mode on the LAN interface causes it to disconnect as you're seeing. If the cables are good, then you might have an issue with the gigabit cards you installed in the box.  (The BSD driver might not want them to go into gigabit mode).  Unlikely this is the problem, but not impossible.