Inaccessible pfsese web admin page when traffic shaping is enabled



  • As title says, for some reason pfsense's web admin interface become in-accessible after I fully utilized the bandwidth I set in traffic shaping.

    bandwidth set: 15mbps download / 1mbps upload (adsl)
    qos type: priq
    build setup: Single NIC (router-on-a-stick setup with 8 port VLAN aware switch), thinkcentre m92p mini pc, i5-3470T 8gb ram, 120gb SSD
    vlan setup: em0 = lan, em0.10 = wan, em0.20 = home_vlan, em0.30 = IoT, em0.40 = surveillance stuff
    pfsense version = 2.4.5p1 (tried downgrading to 2.4.4-p2, no dice).

    Out of the box without traffic shaping, all is working well. no issue whatsoever.

    with traffic shaping, the internet is somewhat useable now with acceptable latency, but web admin becomes un-usable, I mean I cant view the pfsense dashboard at all. If I left it on pfsense dashboard running and when I saturate the 15mbps bandwidth, basically dashboard stops responding seeing the live graph usage on wan freezes. Pinging pfsense Ip address im getting <1ms and momentarily upto 1000+ms latency which is weird, im pinging pfsense locally not someone on the internet, funny enough I can ping something on the internet just fine playing around 20-30ms and spikes of 100ms.

    anybody have a solution for this?



  • @remlei said in Inaccessible pfsese web admin page when traffic shaping is enabled:

    Out of the box without traffic shaping, all is working well. no issue whatsoever.
    with traffic shaping, the internet is somewhat useable now with acceptable latenc

    Well, the solution is very easy : remove what you did, and problem will be gone.
    Or do it the correct way ...
    Or do it as you did, but exclude the GUI access first.



  • ill appreciate if you can explain what is the correct way.... because I only used the Wizard option to apply the traffic shaping. nothing special. no rules where modified whatsoever, all stock configuration as soon as I clicked the Finish button.

    i also added a floating rule with all traffic going to firewall without any Queue set to it and the problem still persists, I even go as far as resetting the states, as well as rebooting the firewall.



  • From what I recall, that Wizard proposes several pages with many options.
    There is no such thing as : "it will make a known rule" : it al depends on what you choose. I guess it possible that could create something that would actually block traffic.
    So, without knowing your needs, I can't point you to something that works for you.

    Btw : I'm using some traffic shaping rules only to deal with buffer bloating, which is a typical WAN interface thing.



  • nevermind. after some digging. there's literally no way to fix it other than setting the download speed (or at least the LAN side of things) to higher speed than the internet speed to compensate the congestion with the bandwidth.

    its basically a highway with a checkpoint, the amount of vehicles that can pass is already pre-set in the que. with PRIQ this is hardset, so if I set 15mbit on the LAN side, that's it, I basically can only get 15mbit worth of traffic there, regardless what passes there, no matter im just communicating inter-vlan or internet or accessing the firewall's web admin page, im restricted with that 15mbit hard limit that I set. (yeah I just noticed that even inter-vlan traffic is also restricted in that 15mbit bandwidth on the download side its really weird).

    I was able to somehow fix it with HSFC but it was pain in the but to configure. the wizard is basically useless as it doesnt create a rule at least to levitate the lack of bandwidth for accessing the firewall admin page if the WAN traffic is pegged/fully loaded or doing a inter-vlan communication.



  • @remlei said in Inaccessible pfsese web admin page when traffic shaping is enabled:

    internet speed to compensate the congestion with the bandwidth.

    You looking to mitigate the bufferbloat on WAN ?
    http://www.dslreports.com/speedtest


Log in to reply