OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: Ulrar on January 20, 2017, 07:33:13 pm

Title: [SOLVED] Setup traffic priorization
Post by: Ulrar on January 20, 2017, 07:33:13 pm

I've just installed Opnsense on a pcengine APU 2, and I configured my modem in bridge.
I live in the middle of nowhere and I get about 500 Ko/s.

I'm a sysadmin so I basically use ssh for a living, and when anything else is in use in the house (any download, updates ..) ssh becomes unusable. I'd like to setup Opnsense to give ssh priority over everything else.
I tried following the priorization part of this : https://docs.opnsense.org/manual/how-tos/shaper.html

I managed to get something that made ssh a bit better to use, but still not great. Here are the configs I'm at now :


The only thing you can't see in there is the rule for SSH has 22 in dst-port.
What am I doing wrong ? I feel like it's a bit better with this config, but it might be all in my head, it's still pretty horrible to use.
Now I know that using the full 500 Ko/s of my broadband makes the ping skyrocket, so I did try limiting to a lot less (3000 Kbp/s in the pipe screen), but it wasn't any better for my ssh connections.

Thanks !
Title: Re: Setup traffic priorization
Post by: Ulrar on January 21, 2017, 05:33:16 pm
Thanks to people on IRC I did get that working pretty well.
Now I'm trying to add another rule to get Kodi (which is on a dedicated box) to get a priority between ssh (at 1oo) and everything else (at 1).

Somehow whatever I try I can't get everything to match the rule. I can see using the status menu in traffic shaper that my ACK rule and my Down rule do get matched, but most of the traffic still ends up in my everything catch all rule. I tried matching using the local IP of the kodi box, I tried matching using the remote IP of the server it's connecting to, no luck.
I even tried, to check, just running a wget from that server on my laptop and doing a tcpdump : it is responding with the correct IP, the one I've configured in the rule. I really don't understand how some of the traffic can match but not the rest.

So that brings me to my current question : is there a way to see what's in each queue ?
I'd like to see exactly what are the packets getting sent to my everything queue, figure out why they don't match.
I've tried I think every menu from the web interface but I assume there must be a command in ssh to display that ?
I'd basically just need to know the source / destination of the packets, that'd be enough.

Thanks !
Title: Re: Setup traffic priorization
Post by: franco on January 21, 2017, 09:47:22 pm
Hey Ulrar,

Thanks for tracking this down. I added this as a quick test:


Can install using:

# opnsense-patch 98333c13

Since the Tinc Plugin seems to rely on the old behaviour there is also a follow-up...


I think this will make it into 17.1 thanks to your help. Let me know if this works (it did from this end).

Title: Re: Setup traffic priorization
Post by: Ulrar on January 21, 2017, 11:40:48 pm
Ah, I didn't realise you answered it there, I actually made the change by hand.
In any case as I said on IRC it does seem to fix the problem, so thanks a lot !

Quite impressed that it was fixed in such a short time I must say :)
Traffic shaping now works exactly like I wanted.
Title: Re: [SOLVED] Setup traffic priorization
Post by: Ulrar on January 21, 2017, 11:47:50 pm
For future reference, in case any one else is trying to do something similar, here is my current config.

Queues :

Rules :

And I haven't touched the pipes (just tweaked the speeds) since the screen in the first post.
With that I have SSH as highest priority, then my Kodi box, then everything else. Works well, a lot better than last time I tried it with pfSense !