When you launch the Multiple Lan/Wan configuration wizard, you will first be asked for the number of WAN-type connections and the number of LAN-type connections. The wizard detects the number of interfaces automatically, so, in most cases, you do not have to change the values in these edit boxes (unless you don't want to apply the traffic shaper to all interfaces), and can click on the Next button. The wizard won't let you enter more than the total number of interfaces; if you do, you will get an error message. When you are finished making changes, click on Next.
The next page is Shaper configuration, and, on this page, you can configure each of the individual interfaces. The page will have different sections, each labeled Setup connection and scheduler information for interface X (in this case, X is LAN #1, LAN #2, and so on, or WAN #1, WAN #2, and so on). There are two drop-down boxes for each LAN interface. The first drop-down box is where you select the interface. The second drop-down box is where you select the queuing discipline. PRIQ is the default queuing discipline, but you can also select CBQ or HFSC. In subsequent pages of this wizard, the interfaces will not be specified by name; rather, they will be identified based on the assignments made on this page. For example, if you have an interface called SALES, and you specified it as the LAN #1 connection on this page, then, on subsequent pages, Connection LAN #1 will always refer to the SALES interface.You will probably want to make note of the assignments you make for your own reference (and possibly for the reference of others).
It will save you time and from having to click on the back button to remind yourself what the assignments are.
The different queuing disciplines were discussed in detail in the previous section, so we will only mention them briefly here:
- PRIQ: The simplest (and default) algorithm. Packets are given different priority levels and are placed in different queues based on these levels. This is a good way of ensuring low latency for high-priority traffic, but it is possible that low-priority traffic can be starved of bandwidth.
- CBQ: Traffic is organized into classes. Each class is assigned an upper and lower bandwidth bound. Classes can be hierarchical, and there is a mechanism for redistributing excess bandwidth. This queuing discipline tends to ensure that even low-priority traffic gets bandwidth, but latency for high-priority traffic could suffer.
- HFSC: Each queue in HFSC has a curve with two portions. The first is a fairness curve, and the second is a service curve. The fairness curve is there to provide a minimum level of latency. There is no guarantee that all goals of HFSC will always be met. Nevertheless, it may be the best option for minimizing latency for high-priority bandwidth, while ensuring that all traffic gets some bandwidth.
The next step is setting up the WAN connections. As with the LAN interfaces, you can select the queuing discipline for each WAN interface (the same three options are present). The wizard will also prompt you for the upload and download bandwidth for each of the WAN interfaces. In order to ensure that the traffic shaper works optimally, try to approximate the actual upload and download speeds as closely as possible.
The next page, VoIP, controls the settings for VoIP. By checking the prioritize Voice over IP traffic, you will do just that. To optimize this feature, you need to specify your VoIP provider in the Provider drop-down box. The choices are as follows:
- VoicePulse: This company offers VoIP services to both residential and business customers. Another service they offer is trunking via the Session Initiation Protocol (SIP) for VoIP gateways and PBX systems.
- Asterisk/Vonage: Asterisk offers a means of setting up a PBX with software that has both an open source component (GNU GPL) and a proprietary one. Asterisk provides you with a way of implementing many features that previously were only available in proprietary PBX systems, for example, voicemail and conference calling. Asterisk also provides support for protocols such as SIP, the Media Gateway Control Protocol, and H.323. Vonage is a well-known VoIP company, offering both residential and business plans, not to mention cloud services targeted at enterprise-level customers.
- PanasonicTDA: The Panasonic KX-TDA series of phones work with VoIP and supports both H.323 and SIP trunking.
- Generic (lowdelay): This is the default option. You can select this if your VoIP service doesn't fall into any of the previous categories.
Next is the Upstream SIP Server edit box, which allows you to enter the IP address of a remote PBX or SIP server; the traffic shaper will prioritize this server. If you use this option, then the Provider field will be ignored. The value entered in this edit box can be an alias.
The remaining edit boxes in this section allow you to enter the upload bandwidth for WAN connections, and the download bandwidth for LAN connections. These edit boxes give you the opportunity to specify the minimum bandwidth that will be reserved for VoIP traffic. The amount of bandwidth required for a VoIP connection will vary based on your provider and the number of VoIP phones and/or devices, so you'll want to do some research before entering this information. When you are finished, click on the Next button.
The next page, Penalty Box, allows you to limit the bandwidth of a specific IP address. There are two sections on the page: Penalty Box and Penalty Box specific settings. The first section only has one option: the Penalize IP or Alias checkbox. If this is enabled, the priority of the traffic from the IP or alias specified in the Address field in Penalty Box specific settings will be lowered, or, more specifically, placed into low-priority queues. The wizard also requires that you specify a bandwidth to which the specified host or hosts will be limited. Only values between 2% and 15% are allowed—even though the drop-down box has different options, such as percentage, bits/s, and kilobits/s, if you select anything other than percentage, the entry will not be validated. Instead, when you click on the Next button, you will get an Only percentage bandwidth is allowed error message on the page.
The next section is Enable/Disable specific P2P protocols, where you can specify which P2P protocols pfSense will recognize. For each service that you want to be recognized, check the corresponding checkbox. The current version of pfSense lists 21 protocols, including Aimster, BitTorrent, DCC, Gnutella, and Napster. When you are finished, click on Next.
The next page of the wizard is Network Games. This page allows you to specify settings for network games, and since many games rely on low latency for a good gaming experience, you likely will want to enable Prioritize network gaming traffic if you or other network users play online games. The overall gaming experience can be adversely affected by other users downloading large files, or even by other players downloading game patches while playing. Enabling the prioritization of network games raises their priority, ensuring that game traffic will be transferred first and be given a guaranteed share of network bandwidth.
The page has two additional sections. Enable/Disable specific game consoles and services allows you to enable the game consoles and services you will be using. PlayStation, Wii, and Xbox are all represented here, along with some popular game services such as BattleNET and Games for Windows Live. The last section of the page is called Enable/Disable specific games. A number of popular games are represented on this list, including Call of Duty, Doom 3, Minecraft, Quake, and World of Warcraft. If a game that you play is not on the list, you can choose a game anyway so that you can configure a reference rule later. Click on Next when you are done.
The next page of the wizard is called Raise or lower other Applications. This page provides a list of applications and services—there are 41 in the current version—for which you can raise or lower the priority level. Each of the applications or services listed has its own drop-down box with three options: Default priority, Higher priority, and Lower priority. If you run any of these applications/services, you can tailor these settings to your specific network requirements. The applications and services that require a higher priority seem to be grouped closer to the top of the page, while the ones whose priority can be lowered are grouped closer to the bottom. If you enabled the P2P Catch All option earlier, you will want to specify protocols that you utilize, even if you just select the Default priority option, so that they are not penalized by the P2P Catch All rule. When you are done here, click on Next.
The next page is the final page of the wizard, at which point all rules and queues will have been created, but they will not yet be in use. Clicking on the Finish button will cause the new rules to load and be active. It will also redirect you to the Filter Reload page, where you will see the process of the rules and queues reloading. Traffic shaping will now be active, but the new rules and queues will only be applied to new connections. If you want the shaper to take effect on all connections, you need to clear the state table, which you can do by navigating to Diagnostics | States, clicking on the Reset States tab, and then clicking on the Reset button found at the bottom of this page.