Messages

Thanks for the input!  I'll check it out.

Do you mean an AP to attach to an interface on an existing Opnsense box?

At face value you are asking to run Opnsense on an ARM A53. How would you propose to do that with proven software?

LOL  Okay, I guess I missed the ARM A53 aspect of that box.

I'm looking for fire up wireless using a box with OpnSense on it.  it'll be separate from my firewall.  I've used OpenWRT in the past, but I've always ended up bricking my unit, probably because I forgot which image I used originally and used a different/wrong image with subsequent updates.  Not sure if you've ever checked their download image lists, but it seems like there are HUNDREDS of different images for a single version of the software.  For this reason alone, I want to try an OpnSense wireless interface, but there's also the interface familiarity.

I've read that MediaTek is most compatible hardware acceleration and wifi 6.

So focusing on MediaTek, I was looking at this interesting little kit.  Any thoughts?

https://www.amazon.com/gp/product/B0G5JW186G

Has anyone heard of or tried this?

https://github.com/JameZUK/os-kea-unbound

It LOOKS like it's a package that allows Kea DHCP to add leases to Unbound.

BufferBloat

Sorry, the pic is too large for upload, so I had to use this file format.  It's A+, but the bottom is the impressive part.  There appears to be minimal difference between the three tests.

Status

After using speedtest.net to test.

Rules 2

Rules

Queues

Pipes

Greetings everyone.

I've been messing with trying to understand and subsequently configure, the OpnSense Shaper for a while now.  I would chalk it up mostly to my unfamiliarity with firewalls in general, but also not really understanding what needs to be prioritized.

I work from home, and one day my throughput went to crap.  Turns out one of the kids was downloading a new game.  All of a sudden I know what to prioritize. :)

I found a thread that got me started here, https://forum.opnsense.org/index.php?topic=48936.0

With all the threads/questions regarding the Shaper, I figure I'd post my config here.  So if it helps someone, cool.  If not, cool too.

Something to note; the upload rule needed Firewall > Settings > Advanced > Shared Forwarding set to enabled (checked).

Something ELSE to note; your Windows config can also lead to a bad bufferbloat score.  For example, I moved my laptop (on wireless) from a C- to an A+ with the following command;

  netsh int tcp set global autotuning=disabled

Of course, ymmv.

Okay!  Got it figured out!  It even honors the speed limits set on the pipe!

The Firewall > Settings > Advanced > Shared Forwarding option, to 'On' (checked).

Hope this helps someone.

-S

Is this still necessary?

https://github.com/opnsense/core/issues/1541

You did not show the download rule. Maybe it is catching your upload traffic. Also, enable advanced mode and check "direction".

Yep!  You hit the nail on the head.  I can see my High Priority Download pipe still kicking when the upload test is happening.

I've added source and destination network and masks, but no difference.  I've included screenshots of the Download rule handling it, and the upload rule I'm expecting to handle it.

You did not show the download rule. Maybe it is catching your upload traffic. Also, enable advanced mode and check "direction".

Sorry, I grabbed the screenshot of the rule without Advanced Mode showing.  Direction is set to "out".

I've added some download rule pics below.