Prioritize VoIP traffic for a somewhat complex setup…
I will soon port my phone number to VoIP and I need to make sure VoIP gets all the bandwith it needs when a call is established.
My pfSense box has 6 interfaces (but one of them is not used at this time).
and the unused interface is NET2.
WAN, LAN, DMZ and WIFI_AP_N are provided by a Intel I340-T4 card, WIFI by an Atheros AR5BXB112 AR9380 and NET2 is the onboard ethernet port of the motherboard (I think it's made by RealTek).
I have two WIFIs as I am still debugging the one provided by the Atheros mini PCI-e card (the other is provided by an old access point I had before setting up my pfSense box). Eventually the access point will be removed (to be used elsewhere).
I set up a FreePBX box which I put in the DMZ. I put it in the DMZ because one of the VoIP providers I use requires me to open ports without being able to put an ACL on them. I know not all providers requires this but this was the only one I could find which met my requirements and supported T.38 faxing.
I have a /29 subnet routed to my WAN IP and I have assigned an IP from that subnet to my FreePBX box using 1:1 NAT.
What I want to know is how do I prioritize traffic from the WAN to/from the DMZ and from the DMZ to/from the LAN (since my phones/ATAs are on the LAN.
I currently have about 5 Mbps (but will be getting 10 Mbps soon) so I already put this in place https://forum.pfsense.org/index.php?topic=63531.0 to share the traffic between PCs on the LAN.
(For now I can't get faster than 10 Mbps without switching providers which I do not want to do…)
How do I go about priorizing the VoIP traffic in the way I described while still keep the limiters I put in place (or something comparable) for the LAN?
I saw the wizards but I am not sure what to choose to describe what I want to do... I have used something similar to pfSense in the past so I am quite familiar with opening ports, putting ACLs and the like but I know nada about priorizing traffic and the like...
Thank you very much for your help!
Okay, so first thing to point out is that a traffic shaper will only work when you have the bandwidth settings set to achievable levels. i.e. if you only have 5mbit/s now, do not set it to the 10mbit/s you'll have in the future as that's the first thing that'll stop shaping from working properly.
The general advice with shapers is to measure the link with no other traffic going through it, and set the shaper to roughly 85% of the link's capability. This gives the link enough control over the packets going through it that the physical bandwidth limits don't come into play. Yes, you'll be losing that top 15% from the ultimate bandwidth of the link, but when QoS works properly the end user will be surprised as to their requirements not being endlessly more megabits per second but actually a snappy delivery of the relevant traffic.
With your specific issue of multiple links, use the wizard with multiple LAN/WAN (the latest release of PFsense has removed many of the other choices anyway), and then go through and set up the relevant links with their inbound/outbound throughput (the 85% value) and choose to prioritise VoIP (you don't specifically need to select an internet trunk/PBX in the wizard). I'd choose PRIQ to start with as it's the easiest to configure.
Once you have the Wizard finished, you will need to go into the firewall rules you have set up for VoIP and set the relevant queue in the rule (you can also set up other types of traffic with their relevant queues too - check the priorities in the "by interface" section to see what priority specific rules have, as you obviously don't want them all having the same queue type). Also, check that the bandwidth limits are set properly in the "by interface" section, as it doesn't always add the bandwidth in there.
Do remember to create a specific rule for VoIP traffic on the LAN interface too, as the WAN rule deals with inbound call quality and the LAN rule deals with outbound call quality (as it's prioritised based on the interface the data hits first). Also move the VoIP rules to the top of the firewall rule list so that they are processed first.
That should sort VoIP QoS for you.
Sorrrrrrrrrrrrry, I just noticed that I had gotten a reply… I thought I would get notified but it was not the case...
I ran the wizard and assigned the VoIP queue to my rules which deal with the VoIP traffic (port 5060, 5061 both TCP and UDP and the RPT (UDP) ports 10000 to 20000).
I see that the maximum bandwidth got set for the WAN but I am not fully sure where else I should have set limits as I do not want the traffic between my interfaces to be affected by this, only the traffic from and toward the WAN....
I had assumed that for now only priorizing VoIP traffic would do the trick but voice quality seems to be affected by web traffic and traffic from programs such as Teamviewer (it let's you remote a PC remotely, it's like VNC, glance, pcAnywhere, etc...).
Do I absolutely need to put HTTP/HTTPS and Teamviewer traffic in their own queue to make sure that VoIP gets more priority over them or should prioritizing VoIP traffic have done the trick? I will add more rules in the future but I just to want to make sure I am doing things right..
Thank you very much for your help!
I had assumed that for now only priorizing VoIP traffic would do the trick but voice quality seems to be affected by web traffic and traffic from programs such as Teamviewer
It shouldn't be if you have it configured properly. Check Status - Queues and see if your VoIP queue has any drops as compared to your other active queues.
Do I absolutely need to put HTTP/HTTPS and Teamviewer traffic in their own queue to make sure that VoIP gets more priority over them or should prioritizing VoIP traffic have done the trick?
Basically you want your VoIP queue to have highest priority. Your simplest course of action is to run the shaper wizard to create a PRIQ shaper and only worry about the VoIP page. It will create a basic shaping config that you can then play with.
Multi-WAN/LAN is difficult to traffic shape since you need a queue for every combination of interfaces you plan to shape.
If you have 1 WAN and 1 LAN, to shape VOIP, you need one rule/queue
If you have 2 WAN and 1 LAN, you need 2 rule/queue
If you have 2 WAN and 2 LAN, you need 4 rule/queue
If you're just concerned about VoIP getting through correctly, you could try just enabling FairQ on every interface, set your interface bandwidth, and let us know if it helped.