Messages

Hello,
I'm trying to share all my bandwidth evenly to my home with the usage of fq_CoDel, because I want a little boost in games and other live softwares.

The line is in PPPoE (G.DMT) and have a max download speed of 4mbit/s and 280kbit/s for the upload.

I've configured the traffic shaper like this:

Pipes

• Bandwidth=3800
• Bandwidth Metric=kbit/s
• Scheduler type=FlowQueue_CoDel
• (FQ-)CoDel ECN is flagged
• FQ-CoDel quantum=300
• FQ-CoDel limit=600
• Description=Download

• Bandwidth=266
• Bandwidth Metric=kbit/s
• Scheduler type=FlowQueue_CoDel
• FQ-CoDel quantum=300
• FQ-CoDel limit=600
• Description=Upload

Queues

• Pipe=Upload
• Weight=90
• (FQ-)CoDel target=15
• Description=ACK

• Pipe=Download
• Weight=70
• (FQ-)CoDel target=15
• (FQ-)CoDel ECN is flagged
  
• Description=DNSDown

• Pipe=Upload
• Weight=70
• (FQ-)CoDel target=15
• Description=DNSUp

• Pipe=Download
• Weight=50
• (FQ-)CoDel target=15
• (FQ-)CoDel ECN is flagged
  
• Description=WANDown

• Pipe=Upload
• Weight=50
• (FQ-)CoDel target=15
• Description=DNSUp

Rules

• Sequence=1
• Interface=WAN
• Proto=tcp (ACK packets only)
• Source=any
• Src-port=any
• Destination=any
• Dst-port=any
• Direction=out
• Target=ACK
• Description=TCP ACK priority

• Sequence=2
• Interface=WAN
• Proto=ip
• Source=any
• Src-port=any
• Destination=1.1.1.1, 1.0.0.1
• Dst-port=853
• Direction=out
• Target=DNSUp
• Description=DNS over TLS priority

• Sequence=3
• Interface=WAN
• Proto=ip
• Source=1.1.1.1, 1.0.0.1
• Src-port=853
• Destination=any
• Dst-port=any
• Direction=in
• Target=DNSDown
• Description=DNS over TLS priority

• Sequence=4
• Interface=WAN
• Proto=ip
• Source=192.168.1.0/24
• Src-port=any
• Destination=any
• Dst-port=any
• Direction=out
• Target=WANUp
• Description=Upload shape

• Sequence=5
• Interface=WAN
• Proto=ip
• Source=any
• Src-port=any
• Destination=192.168.1.0/24
• Dst-port=any
• Direction=in
• Target=WANDown
• Description=Download shape

Testing it in DSLReports show a bandwidth and bufferbload quality changed form F to B and I think this is a good improvement.

I'm asking to the community if someone can help me or have suggestions about fq_CoDel, to fine tune my traffic shape. Any help is appreciate, thanks :)

Hello,
I'm trying to share all my bandwidth evenly to my home with the usage of fq_CoDel, because I want a little boost in games and other live softwares.

The line is in PPPoE (G.DMT) and have a max download speed of 4mbit/s and 280kbit/s for the upload.

I've configured the traffic shaper like this:

Pipes

• Bandwidth=3800
• Bandwidth Metric=kbit/s
• Scheduler type=FlowQueue_CoDel
• (FQ-)CoDel ECN is flagged
• FQ-CoDel quantum=300
• FQ-CoDel limit=600
• Description=Download

• Bandwidth=266
• Bandwidth Metric=kbit/s
• Scheduler type=FlowQueue_CoDel
• FQ-CoDel quantum=300
• FQ-CoDel limit=600
• Description=Upload

Queues

• Pipe=Upload
• Weight=90
• (FQ-)CoDel target=15
• Description=ACK

• Pipe=Download
• Weight=70
• (FQ-)CoDel target=15
• (FQ-)CoDel ECN is flagged
  
• Description=DNSDown

• Pipe=Upload
• Weight=70
• (FQ-)CoDel target=15
• Description=DNSUp

• Pipe=Download
• Weight=50
• (FQ-)CoDel target=15
• (FQ-)CoDel ECN is flagged
  
• Description=WANDown

• Pipe=Upload
• Weight=50
• (FQ-)CoDel target=15
• Description=DNSUp

Rules

• Sequence=1
• Interface=WAN
• Proto=tcp (ACK packets only)
• Source=any
• Src-port=any
• Destination=any
• Dst-port=any
• Direction=out
• Target=ACK
• Description=TCP ACK priority

• Sequence=2
• Interface=WAN
• Proto=ip
• Source=any
• Src-port=any
• Destination=1.1.1.1, 1.0.0.1
• Dst-port=853
• Direction=out
• Target=DNSUp
• Description=DNS over TLS priority

• Sequence=3
• Interface=WAN
• Proto=ip
• Source=1.1.1.1, 1.0.0.1
• Src-port=853
• Destination=any
• Dst-port=any
• Direction=in
• Target=DNSDown
• Description=DNS over TLS priority

• Sequence=4
• Interface=WAN
• Proto=ip
• Source=192.168.1.0/24
• Src-port=any
• Destination=any
• Dst-port=any
• Direction=out
• Target=WANUp
• Description=Upload shape

• Sequence=5
• Interface=WAN
• Proto=ip
• Source=any
• Src-port=any
• Destination=192.168.1.0/24
• Dst-port=any
• Direction=in
• Target=WANDown
• Description=Download shape

Testing it in DSLReports show a bandwidth and bufferbload quality changed form F to B and I think this is a good improvement.

I'm asking to the community if someone can help me or have suggestions about fq_CoDel, to fine tune my traffic shape. Any help is appreciate, thanks :)

Franco, the patch solve the problem. Thanks for the support.

the list you used is not compatible

Yes, I know. It was only for a test ;)

I really appreciate it.

Marco

No user-agents blocked in my proxy configuration.
Recently I have tried another list directly downloaded in .acl and if I try to connect to a domain, covered by that list, the browser respond me with the "proxy block page".
Anyway many thanks for investigating on this issue and if you need to ask some things about my proxy configuration I'm glad to help. :)

Can you try the same with "http"?

Hi franco, it does the same with http links. Sorry I have forgotten to add this info in the previous post.

I found this issues starting at version 17.1.

Hi ctkelvin, personally I remember this inconvenience on the last versions of 16.7, but probably is because "yoyo list" doesn't covered some domains.

Hello,
I have a problem with the Remote Access Control List of Web Proxy with the "yoyo ads" list.
It is configured like the suggestions of the documentation wiki, but I can't see any domains blocked on my browser.
I have tried to change the link in to "https://pgl.yoyo.org/as/serverlist.php?hostformat=squid-dstdom-regex&showintro=0&mimetype=plaintext" but give me the same "error".
Obviously when adding a domain in to "Access Control List\Blacklist" it is filtered.

Anyone have the same problem or I have to change something on my configuration?

Thank for the help.

Hello OPNsense community,
my intention is to remove, from proxy cache, some sites like the modem web page (example: https://192.168.1.1/).
Searching to internet, I know there is possible by adding into "squid.conf" these strings:

acl *the name of your list* dst *your IP range*
cache deny *the name of your list*

Where it is stored that file on OPNsense? Anyway, it is possible to clean completely all the local cache?

Many thanks.

Hello,
the interfaces of my OPNsense are configured with one NIC for internet connectivity thru PPPoE and 3 NIC together in a Bridge, so my configuration is:

• WAN -> PPPoE
• LAN -> Bridge0
• OPT1 -> No IP (member of Bridge0)
• OPT2 -> No IP (member of Bridge0)
• OPT3 -> No IP (member of Bridge0)

I have a problem to configure the Intrusion Detection service to the Bridge. When I insert one member of the Bridge0 to the interface list, it become impossible to connect thru that port to OPNsense. While when I insert LAN on the interfaces, seems don't block nothing.
What I have to do for enable Intrusion Detection on the members of Bridge0?

Thanks

Hello,
it is possible to convert the filter lists "EasyList" (https://easylist.to) to be compatible with the OPNSense services Intrusion Detection or Proxy?

Many thanks.

This links may answer your last question:
https://tools.ietf.org/html/rfc2616#section-14.45
https://en.wikipedia.org/wiki/X-Forwarded-For

I have read after my new post, but thanks fabian for the response! I'm going to read.

Another thing: what are "Via header" and "X-Forwarded for header handling" options?

I have found good response to my questions on Wikipedia.

A question: the proxy cache store permanently file or every time I reboot the system it purge the cache?

Thanks.

Hello community,
I'm not a great expert of networking, but OPNsense is a pleasure to learning and understand!

Anyway I have create a proxy with local cache and adblock (http://pgl.yoyo.org/adservers) for my home, but seems have slowed down my internet connection and response time. I have tried to add "kern.ipc.nmbclusters" with value of "32768" and modified "vfs.read_max" to "128", because some suggest those options to improve "squid" performance, but seems do nothing.

Anyone can help me to understand how to improve the proxy speed?

The system have a Intel Celeron J1900, x4 NIC Intel WG82583, 8Gb DDRL3 1600Mhz and SSD 128Gb without swap.

The "Local Cache Settings" are:

• Memory Cache=4096
• Cache Size=32768
• first-level subdirectories=128
• second-level subdirectories=512
• Maximum object size=10

Another thing: what are "Via header" and "X-Forwarded for header handling" options?

Many thanks!