Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN & VPN Traffic Shaper: VPN speed limited to half of limiter

    Scheduled Pinned Locked Moved Traffic Shaping
    1 Posts 1 Posters 444 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pete1666
      last edited by pete1666

      Hello everyone, any assistance appreciated for the following traffic limiter issue.

      Environment:

      • Pfsense 2.6.0 CE.
      • FTTP connection, 150/30 Mbit/s.
      • WAN_DOWN Limiter - Bandwidth 153 Mbit/s, CoDEL & FQ_CODEL, Length 2000, ECN selected.
      • WAN_DOWN_QUEUE - CoDEL, ECN Selected.
      • WAN_UP Limiter - Bandwidth 29 Mbit/s, CoDEL & FQ_CODEL, Length 1000, ECN selected.
      • WAN_UP_QUEUE - CoDEL, ECN Selected.
      • Outbound floating rule established on the WAN interface, Gateway set to WAN_PPOE, IN Pipe WAN_UP_QUEUE, OUT Pipe WAN_DOWN_QUEUE

      This configuration works perfectly at combating buffer bloat on the WAN interface and has been working flawlessly for months.

      Problem:
      I have recently added an OPENVPN client gateway. Traffic over this gateway can easily saturate the link thus I need to implement traffic shaping to ensure that OPENVPN client traffic is de-prioritised.

      I have added two new queues to the existing limiters (VPN_UP_QUEUE, VPN_DOWN_QUEUE) with a weight set at 10, I have amended the existing WAN queues to a weight of 90. I have created a new outbound floating rule on the VPN interface, Gateway set to VPN_GATEWAY, IN Pipe VPN_UP_QUEUE, OUT Pipe VPN_DOWN_QUEUE.

      Unfortunately this configuration works too well at de-prioritizing VPN traffic as both the up and down bandwidth is limited at approx 50% of the figure specified in each of the limiters (there is no other traffic on the WAN link). Does anyone know what is going on here and how would I get full line speed whilst using the VPN queues?

      Any help most gratefully received.

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.