I have 2 pfSense firewalls with a WG tunnel between them. I am trying to throttle the bandwidth between two clients, one behind each firewall. The traffic is TrueNas snapshot replications taking place over a ssh connection. So far I have been unable to get the bandwidth to throttle down. Is it possible the ssh connection is causing this not to work properly?
What have you tried so far? Sounds like it should be achievable using pfSense’s limiter functionality.
https://docs.netgate.com/pfsense/en/latest/trafficshaper/limiters.html
The primary server is at IP address 10.2.100.60, and the backup server at 10.5.1.42. Both servers can ping each other. The backup server is on the only Lan network on that firewall. On the firewall hosting the backup server I set up 2 speed limiters. One is upload and the other for download. Both are set to 10 mbits for testing. On the firewall LAN 10.5.1.0/24 network i have a rule to Pass, Interface LAN, IPV4, Protocol Any, Source Single IP 10.2.100.60, Destination single IP 10.5.1.42, and In/OUT pipe set to the Upload/Download bandwidth limits i created on the Firewall/Traffic Shaper/Limiters page.
This is same setup we have restricting Truenas replication between two locations.
The only different we have schedule configured that during the day, it is restricted but over night it can use the full speed of the vpn tunnel
I have tried the TrueNas built in and it doesn’t work for me. I have tried numerous speed settings ranging from 80 MiB to 10 MiB and typically the speeds still go full gig. Occasionally they drop to 40 MB/s for a bit, but return to full gig after a short period. The other unknown for me with TrueNas was with 15-20 replication tasks, do they all have to be set so low that if they all ran their totals combined don’t exceed a gig for example. Or does TrueNas account for outgoing bandwidth and if it’s already using 1 gig and another replication starts does it just slow down the others to make room, or does the transfer now go above a gig total.
Paul, do you use the TrueNas speed limiter or the pfsense limiter?
PFSense speed limiter, as per previous post we change the speed limit depending on time of day - you can not do this with Truenas limiter
It is per replication task. If you set 10MiB/s and you have 10 replication tasks then it will will run at 100MiB/s
1 Like
I have to have some fundamental part of this configured wrong or a piece missing. I have added a schedule as well for 0700-2359 for every day of August. I also added a rule to the WAN to limit this traffic’s speed and it still persists at full gig vs the 10 mbits I have configured. Should i be using the wizard to configure this vs just manually adding the Limiters and Rules part? I am even trying a simple file transfer to the backup server without going through the ssh connection and its going full speed. Would it be better configuring this out the outbound firewall where the primary truenas server resides vs the destination firewall?
I finally got a chance to create a new subnet for the destination server and moved it to that so I could try and just blanket the whole subnet/interace with the rule to see how that went. It still does not work.
I have now tested my personal pc on network A and the speed rule works when I do a Speedtest from the internet, yet if I do a file transfer to or from my computer and the destination file server, the transfer travels at full gig speeds. So the speed limiter seems to only work for traffic outside of the network, which seems broken to me. All rules/limits are applied at the interface where the clients reside. Is this truly expected behavior, or should I be submitting a bug report.
you can test with iperf3
Iperf test between client A and server B shows 1.14 Gbits/sec. Speed tests from client A to www.speedtest.net show 4.83 mbps down and 4.88 mbps up (test speed limits are currently set to 5 mbps). So the speed limits are being applied to internet traffic, but not intranet traffic.
I am also downloading a couple of ISO’s from the internet and the combined total download speed is hovering between 4-5 mbps.
When doing speed tests on client A, I see the buckets pop up in the Limiter Info page under diagnostics. This shows the active traffic connections and the limit being applied. Nothing pops up in that window when transferring files to and from client A to server B. It’s as if this type of traffic is invisible to the limiter.
Would you mind sharing your config? I am at my wits end at this point.