Messages

1

General Discussion / Re: Poor video conferencing performance

« on: September 22, 2021, 06:56:22 pm »

Hey hushcoden, according to this document, the quantum sets "the maximum amount of bytes to be dequeued from a queue at once." My simplistic interpretation of that boils down to "when the traffic starts to jam, how much traffic you pull off the road to get it flowing again." As for the setting, this page recommends 300 for anything below 100mbps, and then another site (one of the guides in my first post) recommends an additional 300 for every 100mbps increase.

Supermule, thanks for the interesting notes. I'm hoping you might be up for adding some details.

I did some research on jumbo packets. In OpnSense, would we manipulate that by adjusting the MTU size? I have it set at default (1500) on my interfaces now. Are you thinking something other than that would be ideal?

For buffers, is what you're referring to visible by looking at the MBUF usage in the dashboard? I ran a speed test and kept an eye on the MBUF usage, but it never went above 1%, so perhaps my issue isn't here. But if I'm looking at the wrong thing, any info would be appreciated.    (FWIW, my NIC is an i350-based dual port.)

In some of my earlier testing, I tried with Suricata disabled, but that didn't seem to change anything. For thoroughness, though, after seeing your message I looked through Suricata's settings, but didn't find anything that jumped out as being a toggle between Legacy vs Inline, unfortunately. Maybe that's a setting that pfSense offers, but OpnSense doesn't?

Thanks again to everyone for the interesting exchange this is generating!

2

General Discussion / Re: Poor video conferencing performance

« on: September 22, 2021, 01:46:01 am »

Thanks!

That was the first guide I went through. At this point, since I'm still getting a B, I'm wondering if it may be an issue with my ISP (Ziply Fiber). But I'll keep playing with things to see if I can get some further improvements.

3

General Discussion / Re: Poor video conferencing performance

« on: September 21, 2021, 11:26:29 pm »

Thank you both for your replies!

To quickly confirm, I did make sure to apply and re-test at DSLReports after each setting change. Unfortunately, I wasn't getting any change in results.

But I do have an update! I'm on a 30mbps up/30mbps down fiber connection. At the time of my original post, I'd tweaked settings over and over using bandwidth settings of 29-30mbps and FQ-CoDel quantum settings ranging from 100-1000. Eventually I figured why not try something drastic, and I set the pipe to 25mbps. That finally made a difference in my DSLReports results.

From there I recommenced fiddling with things until I ended up with 26mbps for bandwidth and an FQ-CoDel quantum of 200 for up and down (everything else set at default values). That got me to a B in bufferbloat, and an A for quality.

Most importantly, my wife patted me on the head and told me I'm a good boy because she can now use Google Meet with no problems.    My Teams meetings today are also working much better.

Hopefully this info will come in handy for others in the future!

Of course, if anyone has additional advice on things I can try tweaking to get bufferbloat to an A, I'd be very grateful to hear it.

4

General Discussion / Poor video conferencing performance

« on: September 21, 2021, 08:26:05 am »

I've been up and running with OpnSense for a couple weeks now, but since moving to it, my wife and I have been encountering poor performance with our video conferencing. We both work from home--she uses Google Meet and I use MS Teams.

I did some research, and found tips pointing to potential bufferbloat issues. Sure enough, I ran the DSLReports speed test and consistently got "Cs" for the bufferbloat rating. I went down a rabbit hole of tweaking FQ-CoDel according to the following guides: 1 and 2

Unfortunately, turning on the traffic shaping as instructed, and tweaking the quantum and limit values produce zero effect on my test results, so I'm hoping for help with two questions:

1) Am I barking up the wrong tree with the whole traffic shaping/FQ-CoDel approach for our video conferencing issues?
2) If I am on the right track, is there a likely reason that all of my tweaking is resulting in no changes to the test results?

Thanks a million for any help!

5

General Discussion / Re: Baffling DNS issue - can't access any sites until 10-15 mins after reboot

« on: September 13, 2021, 07:31:04 am »

Thanks a lot for the help, cookiemonster! I took your advice, and reconfigured things so that OpnSense could go directly out to the DNS server, bypassing AdGuard Home. Upon reboot, as suspected, it worked immediately.

Out of curiosity, I figured it as good of an excuse as any to just take a shot at activating the AdGuard plug-in and Unbound, to see if I could get it all going. I had a bit of trouble with the firewall rule recommended in this post, but once I disabled that, things are now working immediately after reboots.

I'm still left wondering what the issue could have been between OpnSense and the RPi instance of AGH, but I'm happy with it as is, so will let sleeping dogs lie. Not to mention, now I've got an extra Pi0 to have some new fun with.

Thanks again for your help!

6

General Discussion / [Resolved] Baffling DNS issue - can't access sites until 10-15 mins after reboot

« on: September 09, 2021, 12:31:03 am »

Over the weekend I got OpnSense set up for the first time, and I'm loving it.

That said, I'm hitting an issue that has me completely perplexed. For some reason, I can't access anything that requires DNS translation for roughly the first 10-15 minutes after a reboot. I can ping external IPs and can directly access hosts on my LAN via IP. I'm hoping that someone else may have run into this before, and has some recommendations for things I can try to resolve it.

Here are a few notes that may be worth mentioning:

• I'm running AdGuard Home on an RPi Zero--it's set to 192.168.1.101, and I point to that that in both System -> Settings -> General -> DNS servers and in Services -> DHCPv4 -> DNS servers. 
• Unbound is disabled. (Eventually I'm planning to migrate to the AdGuard Home plug-in and enable Unbound, but I thought it best to make incremental steps getting there.)
  
• A NAT rule is set up to pass all port 53 traffic to 192.168.1.101. I've tried toggling this on and off at various times, but it doesn't seem to cause or fix the issue.
• I have WireGuard set up, and it's running mostly fine for both browsing the Internet and accessing devices on my LAN. The only issue is that there's one host (my NAS) that I can't access when connected through WireGuard. That host is connected to a VPN (PIA), which I think is causing the issue. I plan to raise a separate question about this, but figured it worth mentioning, just in case it's a clue to something.
• I've attached some screenshots of my settings, since it's quite likely that something I haven't mentioned, but is glaringly obvious to others, is the culprit.

Thanks in advance for any help troubleshooting this!