PfSense 2.4 Shaping for Cisco VPN workstation, & general Roku/Fire/Apl streaming
-
With your setup, PRIQ is likely never going to be optimal. Use CBQ, HFSC, or FAIRQ so that you can allocate bandwidth amounts.
Though, you did not give us enough details to even begin helping you. What exactly have you tried? What were the expected results and the actual results?
First you need to get your firewall rules to grab the proper traffic, which should be easy. Read the pfSense wiki.
Once that is worked out you can move on to setting up your traffic-shaping queues and testing them. -
I've tried the built in wizard, using a single LAN/WAN for PRIQ, and HFSC, and then tried assigning floating rules to the resulting queues, but not much luck. I also have a set of fairly broad floating rules to match traffic using a quick rule and assign it to a queue, but when looking at the actuals STATUS–> QUEUES, I see no traffic in those.
I don't see a way to export these rules so that you can examine them offline.
The irritating part is this seems relatively simple. Capture traffic to/from various IP's locally or from the WAN interface, and assign it to a queue, and my rules keep coming up empty.
-
I've tried the built in wizard, using a single LAN/WAN for PRIQ, and HFSC, and then tried assigning floating rules to the resulting queues, but not much luck. I also have a set of fairly broad floating rules to match traffic using a quick rule and assign it to a queue, but when looking at the actuals STATUS–> QUEUES, I see no traffic in those.
I don't see a way to export these rules so that you can examine them offline.
The irritating part is this seems relatively simple. Capture traffic to/from various IP's locally or from the WAN interface, and assign it to a queue, and my rules keep coming up empty.
Scroll down to the bottom of this page on the pfSense wiki.
-
Ok, I've turned off quick match on all of the floating rules that I'm using to assign a queue.
Let me start with a basic one. Netflix.
23.246.0.0-23.246.63.255 or 23.246.0.0/18
I want to capture traffic from that source range to my WAN or LAN interface, and assign it to my streaming queue.
I've setup two rules, with both interfaces selected. One rule with the Source set to that network/mask, and the other rules with the destination set to that network/mask.
I could also go in and assign my aliased network streaming devices with a source to/from that mask as well, and I should see it capturing some traffic, yes?
-
Did you go into the Advanced options and direct the traffic into a predefined queue in the Queues section?
-
Yes I also reset the states, but no luck so far
-
I do see an error reloading the filters.
Checking for filter PF hooks in package /usr/local/pkg/miniupnpd.inc
There were error(s) loading the rules: pfctl: linkshare sc exceeds parent's sc - The line in question reads [0]:I'm not sure where to start on this one.
-
Ok. That problem is tesolved. I trashed the shaper and started over. Removed any quick rules, and still no luck seeing any captured data from the rules.
-
Ok. That problem is tesolved. I trashed the shaper and started over. Removed any quick rules, and still no luck seeing any captured data from the rules.
Post a screenshot of your rules.
-
Screenshot of the floating rules.
