Microsoft Teams bad Network quality / drops out of meeting
-
Hi
I’m running pfsense instead of my USG.
I’m a beginner but i’m interested in creating a secure network.I’ve converted my vlans to my pfsense and on all of them i have applied block rules between the vlans.
Those are the only rules.Since the switch to pfsense, my girlfriend noticed she get’s kicked from teamsmeetings with video and screensharing. Before the kick she receives a pop up of “Bad network quality”.
Her laptop is placed in the Guest-network.Pfsense is running on a Minisforum GK41 and i’m having a speed of 300 down/ 20 up.
I also tried to apply FQ_CODEL on the Guest-network vlan, but no success.
Anyone have experience with this issue?
I hope the community can help me out of this :-). -
Unless the Internet is busy there shouldn't be anything limiting the connection. Did you set up any limiters or traffic shaping? You might disable those. Some types of traffic shaping also limit bandwidth.
If you did need shaping the correct place would be on the WAN network since shaping works as traffic exits an interface.
-
Anything logged in pfSense when that happens?
WAN monitoring graphs look OK? Are you monitoring the gateway IP directly? Consider setting that to some external IP for better data.
https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.htmlSteve
-
@steveits I've applied the limiters with FQ_CODEL to try if it worked better. On recommondation of a simular issue with Teams on Reddit.
I've applied the shaping on a WAN floating rule, is that ok?
-
There was a meeting at 11:30 and the connection did drop.
Packets
Quality
Looks normal to me?
-
Yeah, no problem shown there.
Are you monitoring the gateway IP directly or something upstream?Do you see issues with any other traffic/application?
Steve
-
Hi Steve
I've gathered the screenshots of the monitorringtool. Or are you mentioning something different?
No i don't see any issues on different tools, only when my girlfriend performing videocalls with Teams during homework.
-
That is what I mean but if it's an issue upstream of the gateway IP you would not see it there.
That's why it's often better to monitor some external public IP like 8.8.8.8 or 1.1.1.1 to real idea of connectivity.
Steve
-
Hi Steve
So what should i do next?
I have followed this youtube video: video
And my firewall rules are just the same.Today, the meetings kicked out again my girlfriend due to bad network quality?
I don't know what to check even more.
-
@koenh I have been having issues with Teams as well.
did you run the network assessment tool?
https://www.microsoft.com/en-us/download/details.aspx?id=103017
did you open up the required UDP ports as well?
-
@gnordli thank you for the tip!
im running the tool and get:
Connectivity check source port range: 50000 - 50019
Relay : 52.114.93.15 is the relay load balancer (VIP)
Relay : 52.114.93.15 is reachable using Protocol UDP and Port 3478
Relay : 52.114.93.15 is QOS (Media Priority) enabledStarting Service Connectivity Check:
Relay : 52.114.93.15 is the relay load balancer (VIP)
Relay : 52.114.93.15 is reachable using Protocol PseudoTLS and Port 443
Relay : 52.114.93.15 is the relay load balancer (VIP)
Relay : 52.114.93.15 is reachable using Protocol FullTLS and Port 443
Relay : 52.114.93.15 is the relay load balancer (VIP)
Relay : 52.114.93.15 is reachable using Protocol HTTPS and Port 443
Relay : 52.112.212.14 is the actual relay instance (DIP)
Relay : 52.112.212.14 is reachable using Protocol UDP and Port 3478
Relay : 52.112.212.14 is the actual relay instance (DIP)
Relay : 52.112.212.14 is reachable using Protocol UDP and Port 3479
Relay : 52.112.212.14 is the actual relay instance (DIP)
Relay : 52.112.212.14 is reachable using Protocol UDP and Port 3480
Relay : 52.112.212.14 is the actual relay instance (DIP)
Relay : 52.112.212.14 is reachable using Protocol UDP and Port 3481Relay connectivity and Qos (Media Priority) check is successful for all relays.
Service verifications completed successfully
When running the tool with /qualitycheck:
Reflexive IP is my WAN
Result:
2022-02-08 21:41:58 Loss Rate: 0 Latency: 26,06 Jitter: 15,59 Protocol: UDP
Local IP: IP-LAPTOP:50016 Remote IP: 52.113.203.106:3478
Is Proxied Path: False Last Known Reflexive IP: ...:36796
The firewall rules on my VLAN are:
Or do i have to port forward the UDP ports ?
-
@koenh You don't need to forward any inbound ports to the PC running Teams.
Does the Traffic Graph show high traffic while this is happening?
300/20 should be way more than enough unless something is maxing out the connection. Have you run the speed test from her computer?
-
Are you still monitoring the gateway IP or have you set something external yet?
-
This is during the /qualitycheck.
Yes i have run multiple speedtests and all are looking stable and providing enough speed.
Most tests returned +- 150/15 (wifi), should be enough for Teams. -
Could you explain me how i monitor the gateway IP?
Especially how to monitor an external one? -
In System > Routing > Gateways edit the gateway and set an alternative monitoring IP.
https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html
Steve
-
@koenh said in Microsoft Teams bad Network quality / drops out of meeting:
Since the switch to pfsense, my girlfriend noticed she get’s kicked from teamsmeetings with video and screensharing. Before the kick she receives a pop up of “Bad network quality”.
Her laptop is placed in the Guest-network.Teams rarely needs more that 2-3 mbits of traffic both ways.
Is the laptop connected wifi? Have you tried ethernet cable?
How is the wifi neighborhood?
5g? 2.4g?And as a last resort, have you tried swapping girlfriends?
-
Indeed, doesn't require a lot of speed.
The laptop is connected to wifi and she uses 2.4GHz, because the room she is working don't have a network cable / distance is too long (don't have that cable length).
I have switched my USG for a pfSense and before the switch everything was running fine. So my only guess is that something is not functioning right with in my setup.And i woodn't dare (last question) ;-).
-
I'm a bit confused now.
The gateways are showing my WAN gateway, do i need to configure every gateway for every VLAN here?(WAN IP hidden, just left the .1)
I've added the gateway of the Guest network and will look at the monitoring tonight.
-
@koenh said in Microsoft Teams bad Network quality / drops out of meeting:
uses 2.4GHz
Some observations :
That's the 'legacy' band, the historical one with close to 11 canals (really usable 1,5 and 11).
The legacy band is often a mess ..... but, as you can't see or smell it, people tend to say 'Internet is bad".
Not all APs are equal, neither.
Even in 2022, when you suspect a network issue, the very first thing you should do : remove Wifi from the equitation. We can't see or measure easily the quality of a radio connection.
Cable-up and retest.Next step : monitor bandwidth closely.
Try to download and upload "huge" files to a known server with way more bandwidth as at your place. The bottleneck will be : your ISP, and the route to this server.
Be aware that every uplink technology (cable, fibre, adsl, satellite etc) has its advantages and disadvantages.Do some speed tests. This one is shows more then just the speed. And do them regularly.
And remember : ISPs will give you the bandwidth available. What's available at instance X doesn't even depend on them (exception : you hired a uplink with a guaranteed bandwidth - this is very $$$ or €€€ ).
ISP's 'peering' (POPs) to the 'backbone' of the Internet, or directly the the big players, like FB, Twitter, Google, Netflix, etc. These peerings (the actual interconnections) are expensive. ISP's main goal will always be : sell as much subscriptions as possible, buy as less peering possible.
If all the above factors are (somewhat) excluded, then you can focus on pfSense.
Using the defaults settings, a pfSense box with a sub 25 $ ( ? ) processor can do several hundreds of Megabit / sec. There is always the chance you've a bad cable/switch or NIC somewhere. These local issue can be determined easily and rapidly : just swap stuff.
A worst case scenario is : make your own pfSense from scratch. You'll be needing a (very) old ancient desktop PC - a Ethernet adapter with two ports ans an USB drive. You system, based upon some Intel or AMD, will do close to (or even more) a Gigabit / sec. It will be big, ugly and a power drain, but it will work. It will take you 15 minutes, inserting the NIC included. If the issue persists, you will know the issue is not your original pfSense box - or pfSense for that matter.
