@sysadminfromhell Благодаря этой фирме я получил визу в Великобританию https://edmansco.com/tier-2-visa-general/ без лишних хлопот. Они предоставили мне всю необходимую информацию и поддержку.

Forget to add the VOIP server IP, added it in and now appears to working as expected - needs more testing to be sure.

@peppa-oink777
Same for me. Both on the LAN rule or on the floating rule only the download is limited.
I see this bug but I think their workaround is just the floating rule, which either doesn't work or I'm not understanding how to setup the rule.
https://redmine.pfsense.org/issues/14039

I know why the IPv6 rule was not matching, my aliases was only targeting IPv4 addresses!

Just an update for any others who may come looking in the forum for a similar answer.

I could not get a decent buffer bloat score when using the traffic shaper by itself, or with limiters on top.

I can get an A with the limiters by themselves, so I have setup a number of different pipes to have different levels of bandwidth which I can then apply to various vlans. For example IOT devices wont require that much bandwidth so I can throttle those at the VLAN level and use them like pseudo queues.

If you require a specific device routing to a particular pipe you will need to tag it with a firewall rule in the appropriate interface and then match that tag in a floating rule or you will end up with all your pipes getting matched which will see your traffic flitter between the queues. Don't forget to do it for all traffic types, e.g TCP/UDP.

I see this very much as a fudge and to be honest with just one floating rule and multiple clients trying to do a buffer bloat test it does ok at limiting the bandwidth out to the WAN and keeping latency under control, I post the above if you want a smidgin more control.

Of course I may be in the minority with this, and once my new hardware arrive I may try again to get it working a bit better

I came here looking for this, too. I'd be real interested if there's ever a way to achieve it. It applies to SSH connections too - they can be either interactive (typing) or bulk transfer (scp/sftp). SSH may set the differentiated services header, but it would be easier to deal with a rule based on average throughput (maybe over the last minute).

@emad4

Post here : pfSense > pfSense Packages >Cache/Proxy as Traffic shaping isn't related to your question.

@gateway0 I did try this when I first encountered the bug and yes, artificially increasing the limits helps the issue. However I found a lot more than just doubling the figure was required in my case. In fact I found it was more like a factor of 5 needed to be added. Also it's not the download speed that impacts me - it's the upload speeds that get nailed and download speeds are not affected. So maybe your issue is not the same as mine?

@SteveITS

Thanks so much for the explanation.

the UI lets you put a mask direction and bits on the queue, but this makes sense to me now.

@Bob-Dig And that fixed my problem. Thanks!

The best values for those are the defaults.

Hardware Checksum Offloading = Unchecked
TSO = Checked
LRO = Checked

You do not want TSO or LRO active on a firewall/router.

@johngoutbeck

So NO answer.

Does this mean traffic shaping cannot be done for a transparent tunnel?