OPNsense Forum

English Forums => General Discussion => Topic started by: itneo on January 24, 2018, 05:14:22 pm

Title: Getting Traffic Shaping working with Multi WAN Failover
Post by: itneo on January 24, 2018, 05:14:22 pm

Hi all,

I am new to opn, but have quite a bit of experience with the BSDs.  I am trying to use opn to both provide me with multi WAN failover and Traffic Shaping for a Guest network.  They each work fine on their own, but when I attempt to configure them together the Traffic Shaping stops working.

I followed this documentation https://docs.opnsense.org/manual/how-tos/guestnet.html with the exception of captive portal and then configured the Failover using this documentation https://wiki.opnsense.org/manual/how-tos/multiwan.html

The problem is as soon as I change the allow all Firewall rule on the Guest network to use the redundant Gateway Group, the Traffic Shaping stops working and allows full use of the upload pipe.  I ran ipfw show in console and see where the pipe no longer receives any traffic either, which explains why it is not working.

I assume that the gateway group is now using a different interface and is not getting a match from the firewall Traffic Shaper rules that I had set up previously.  If I set the allow all Firewall rule on the Guest network back to use the "default" Gateway, traffic shaping works, but then of course I lose redundancy.

Any ideas on how to get them both to work together?

Thank you!

Title: Re: Getting Traffic Shaping working with Multi WAN Failover
Post by: SomeGuy on February 24, 2018, 11:22:02 am

Did you ever get this working?
I have the same problem when following the guides for multi wan fail over and traffic shaper.

I presume its due to this bug
https://github.com/opnsense/core/issues/1230 (https://github.com/opnsense/core/issues/1230)

Does anyone know a work around?

Title: Re: Getting Traffic Shaping working with Multi WAN Failover
Post by: SomeGuy on February 24, 2018, 01:00:23 pm

another forum search turned up this:
https://forum.opnsense.org/index.php?topic=5804.0 (https://forum.opnsense.org/index.php?topic=5804.0)

Apparently the solution is to enable shared forwarding under Firewall> Settings> Advanced
Haven't tested it myself yet. it also comes with this rather foreboding note in the interface.

Use shared forwarding between packet filter, traffic shaper and captive portal
Using policy routing in the packet filter rules causes packets to skip processing for the traffic shaper and captive portal tasks. Using this option enables the sharing of such forwarding decisions between all components to accomodate complex setups. Use with care.

Title: Re: Getting Traffic Shaping working with Multi WAN Failover
Post by: mimugmail on February 24, 2018, 07:29:53 pm

This is a known bug https://github.com/opnsense/core/issues/1900