Voip QoS issues
-
Hi,
There are a few similar threads to this one (regarding HFSC) but in my situation I basically am only looking for VOIP priority, make the reest wait. I have ran the wizard and my voip is the only thing I can get to leave the default queue.
So I set the voip part to my dedicated voip server's IP and still I can't get it to leave the default queue. If I understand PRIQ and rules right, everything that leaves that IP should have priority 7 and should show in voip queue. If I am wroung please correct me as I am still figuring all this QoS stuff out.
Any suggestion are welcome and thanks in advance.
-
There doesn't appear to be much active support for QoS in pfsense 2.0.1. Have been looking for information on how to traffic shape with Skype also. No such luck. Yet.
-
The ALTQ subsytem (http://en.wikipedia.org/wiki/ALTQ the underlying subsytem used by the *BSD OSes for traffic shaping) is generally considered to be quite good, based on what I've read.
However, it seems that many people have trouble properly configuring QoS on pfsense v2.x (on 1.2.3 it was rather simple), so most requests for support in this subforum go unanswered / unresolved …
-
A big problem with the traffic shaper in pfSense 2.0.1 is that it is implemented as part of the firewall. This presents complex issues due to existing statefull connections by passing the traffic shaper queuing rules and consequently being sent directly to the default que.
Traffic shaping should be handled independently of and after the firewall, such that all packets hit the traffic shaper regardless of firewall connection state.
-
A big problem with the traffic shaper in pfSense 2.0.1 is that it is implemented as part of the firewall. This presents complex issues due to existing statefull connections by passing the traffic shaper queuing rules and consequently being sent directly to the default que.
Traffic shaping should be handled independently of and after the firewall, such that all packets hit the traffic shaper regardless of firewall connection state.
Not true. The traffic shaper in 2.x was meant to allow multi interface shaping (as opposed to only 2 interfaces in 1.2.x). However, this means that you must manually add rules (structured like firewall rules) to explicitly catch this traffic for shaping.
This further allows for asymmetric shaping unlike with 1.2.x (where shaping is actually stateful).
e.g.
If I ran squid on my pfsense 2.x box and want to limit HTTP download speeds on my internet connection to 1Mbps, then I have to add a rule for HTTP source port from Any IP (any internet IP) coming IN on my WAN and bound for the pfSense WAN IP and send it to the queue where it the limit of 1Mbps is applied. This restricts the actual download on my WAN connection to 1MBps.However, when squid serves out cached data to the client, this is traffic originating from the LAN IP of the pfSense box itself.
Hence, I need another floating rule that matches the Squid source port with source IP as the pfSense LAN IP, direction OUT of the LAN interface and bound for the LAN subnet. This goes to an unrestricted queue (typically qLink) that is not limited to 1Mbps so that the high speeds offered by the proxy cache IS not throttled. -
A lack of QOS support is why I quit using pfsense. I could never get it to work right either. Everything went in the default queue.
-
QoS works perfectly fine in pfsense. I have it configured on mine. The trick is getting your rules configured correctly.
-
Despite the lack of support, I too have managed to get QoS working in pfsense 2.0.1 with the exception of utorrent P2P traffic at lowest priority. While I'm not certain I have the upper limit, link share and real time settings correct by queue, I can observe queue status routing my traffic appropriately. As a result, I can also tell that my priority traffic is more responsible (i.e. HTTP, HTTPS, DNS) than it was prior to all traffic going into one equal queue.
-
QoS works perfectly fine in pfsense. I have it configured on mine. The trick is getting your rules configured correctly.
Would you please share your setup?
NAT, traffic shaping, firewall rules (floating, lan, wan), nat outbound auto or manual and which/when static port, siproxd or no? does one assign queues to created firewall rules lan/wan or rely on floating rules? traffic shaping to retain use of 100% download/upload bandwidth (I don't p2p, but I do usenet ssl), highest prio for voip (sip/rtp), default everything, higher(imap,jabber), lowest (usenet ssl, or p2p for those who do)
that would be very helpful, thanks :)