I have try different scheduler, but i can't find right floting rules to match connection originated from openvpn server running on top of pfsense itself.

i used both the wizard and a manual configuration and both result to sluggish interface (although apparently one faster than the other - thinking about it now the difference in speed reflects the speed differences between the default queues at each example).

and yes, wizard creates floating rules reflecting my selections but i dont see any rule regarding the LAN traffic. just noticed there's just "qInternet" in the LAN portion of the shaper, and no "qLink". this example defaults to qP2P but i've had examples to default other queues reflecting my choices in the wizard…

lets just say that neither the wizard nor the (previous) manual configuration creates a "qLink", but i can add it afterwards.
what is the floating rule gonna be like to throw LAN traffic in the "qLink" queue?

i am currently using 2.0.3.

IP limit is working when I limit them to IP addresses. Only when I use limit on L7 youtube and flash, it cause that problem. Any idea how I can check what is the exact problem? Should I post my configs here? BTW, I am using LIMITER in the L7 config not QUEUE.

thanks for the reply, Do you have steps how to do that?

@myke:

Hi,
You can add a queue on your two lans interfaces with your bandwith.

Lan 1 –->QParent = 2MO
Lan 2 --->QParent = 2MO

you add also floating rules to use the queue that's all.

Best regards.
Myke.

IT just blocks the whole connection if a packet that matches is received.
Not whole packets.

You may want to consider use of limiters to reserve bandwidth for your VoIP traffic.  2/2 doesn't leave a lot of room to let the shaper work it out.

Yes, you are right.
Maybe jimp could change the wording of the statement to avoid any confusion (at least for me).

Thanks

This is in 2.1 snapshots.

Just don't match them in the rule.

Either:

pass from !(those users in an alias) to * with a limit
pass from (that subnet) to * without a limit

or

pass from (those users) without a limit
pass from (the whole subnet) with a limit

@markluhde
thanks for the reply ,,, btw can you give an example on how to use it, it is my first time to use limiters with schedule. thanks again.  ;)

@abdurrahman:

For example, I created a limiter as below
Name : download_limit
Mask : Source
Bandwitdh: 512K

I created a schedule as below
after-work: 17:30-23:59

I want this limiter to be scheduled at after-work.. this limiter will be active only between 17:30-23:59…is it possible?
if it is possible, I will apply it to a firewall rule...

Just as noted by @mark, downlink limiter will go with DESTINATION MASK while uplink limiter will go with SOURCE MASK.

Then on schedule, apply the schedule on the firewall rule you will create to push traffic to the limiters. I'v done this and is working perfectly.

I haven't made any progress on this one.

I can say that Spotify traffic does NOT drop into the standard/bulk p2p queue.

Sigh.

1.  No, unless your default rule is to pass traffic.  Match rules have no effect on whether traffic is passed or blocked.

2.  Yes.  Remember, a match rule is not a filter rule.

3.  Since the pass rule does not specify a queue, it does not get overridden.  The packet and future stateful traffic for this packet will be placed in Q1.

Another function of the traffic shaper is the delaying of ACK packets when traffic reaches 100%.  This moderates the flow of traffic through your firewall and attempts to keep it from backlogging.

Under normal conditions, backlogging should occur during severe spikes in network traffic, in which case your queuing will kick in.  This can literally happen in millisecond time frames and be difficult to observe.

Your traffic shaper is most likely performing as it should.

Fix is now committed and will be available on next snapshots. You will need to run wizard again to fix the rule.