@Derelict:

The hard part is identifying the traffic.  Limiting identified traffic is pretty easy.  I think most people who go down this rabbit hole are overthinking things. (Facebook bad, google, ok, googlevideo bad, cnn ok).  Fuck it.  Just limit/shape them all and make the internet work.

HAHAHA!  I like your attitude!  I am starting to really think in this direction as well!  I have set up limiters (1/2/3Mb/s).  It works, but after I implemented your solution, I am looking at making this more "smove" :)

cyber7

And you, Derelict, my dear sir ARE A GENIUS!  Re-Wrote all my Limiters with your specs and WOW, soooo smove!

cyber7-out

https://forum.pfsense.org/index.php?topic=96941.msg543955#msg543955

You would, of course, tweak the firewall rule to match any address on the specific ports.

If you want a separate pool for each port you'll need to define a different set of limiters for each one.

As far as I know if you set the same limiters on different rules they're all pooled together.

the ports I mentioned above are just examples, and yes, I have those ports already listed on the alias page.
the ones that you also posted is for steam, dota 2 have these ports according to: http://dev.dota2.com/showthread.php?t=15261

What protocol and ports does Dota 2 use?
Dota 2 uses the UDP protocol and communicates on ports 27015 through 28999 to our dedicated servers. By default, your client opens UDP port 27005 or your computer to connect to the game servers.

and I have added them also and all is working great for dota 2…, just need some other games which does not post their port(s) on their websites :(

but anyways, for my other games, I'll just add the port(s) accordingly and reboot pfsense if needed.

I don't think OP was talking LAG as in link aggregate group.  I think he was talking lag like my gaming session is lagging.

Nope.

You want to forget about everything VoIP and OpenVPN and prioritize the tunnel endpoints and the VPN tunnel itself.

You will have a firewall rule on the server passing inbound traffic to your OpenVPN server.  Prioritize that traffic using that rule.

On the client, you will need a floating rule on WAN out UDP source WAN address dest Remote VPN Server address port OpenVPN port.  Prioritize that using a match rule.

Like any other devices, without any settings, PFSense will forward packets first come first serve at full line rate and let something else worry about congestion.

WFM…

Firewall > Traffic Shaper > Limiter Mask on source address for inbound and and destination address for outbound.

There was a walkthrough posted on this very subject a couple days ago.  Look at the posts.

@casper001:

yes my friend i configured squid + squidguard and when enable traffic shaper i cound not access anything at all. I am sorry it's may be my mistake but I have read on forum that they can't work on same machine.

Same issue with mine…  As soon as shaper enabled, all connectivity is lost. Even from the localhost of the pfsense box. I am running 2.2.4

In-fact after completing the shaper wizard, I go to check the status-queues and nothing is listed.... But when I go to the firewall-traffic shaper they are all listed... Not sure whats going on or why this isnt working. So for now I troll the board and have my shaper disabled. Would love to get it going soon thou!

@KOM:

Is there a particular reason you didn't address my last comment?  You're not going to make many friends here if that's the way you treat people who try to help you, and slamming ESF/pfSense because I couldn't come up with a fix for your squid problem is just unfair and unnecessary.

@KOM
Please see my reply on this matter in topic: https://forum.pfsense.org/index.php?topic=97108.0 …

The topic in hand has nothing to do with squid

cyber7-out
ps - You will see that your last comment was addressed factually...

Oh it is the IP of a LAN client for testing purposes. Goal is to create an alias of several client IPs for this rule if successful.

If you want to limit wan traffic to a specific site, you can also have a look at my Definitive Guide to Limit Facebook traffic:
https://aubreykloppers.wordpress.com/2015/07/22/pfsense-and-shaping-facebook-the-definitive-guide/
It really works and it works well!

cyber7-out

Most current shapers support a form of sharing. FairQ doesn't really "shape", it just evenly distributes bandwidth over the flows. Codel, as a scheduler, only manages packet dropping.

The limiter won't help because the limiter doesn't manage buffer bloat. HFSC works great for me, 0ms increase in latency during saturation.

I got it working.  The direction was tripping me up.

Thanks all!

for me, I just create via Wizard and have nothing checked and work from there :(

I really don't know why creating them manually don't work for me.

Multi-WAN/LAN is difficult to traffic shape since you need a queue for every combination of interfaces you plan to shape.

Example
If you have 1 WAN and 1 LAN, to shape VOIP, you need one rule/queue
If you have 2 WAN and 1 LAN, you need 2 rule/queue
If you have 2 WAN and 2 LAN, you need 4 rule/queue

If you're just concerned about VoIP getting through correctly, you could try just enabling FairQ on every interface, set your interface bandwidth, and let us know if it helped.

Have you run the wizard and created a default VoIP queue by filling in the Voice over IP page of the wizard?  For traffic-shaping you use the Floating rules tab.  Add a rule that directs traffic from your VoIP phones into qVoIP with your preferred WAN as the gateway.