You just stopped my NAS from killing my internet when it does it's offsite backups! ChrisTitusTech I love you!!
@Barnacules Жыл бұрын
This was a great video Chris. I played along while watching and got all my stuff figured out too so my kiddo while he's doing school and streaming videos and playing games he's not stomping on my RTMP streams. Thanks buddy!
@2012Accounts Жыл бұрын
Very cool, very similar to my use case. How noticeable was it? I'm thinking of implementing it.
@risat33545 жыл бұрын
pfSense is one of a blessing.
@ChrisTitusTech5 жыл бұрын
It really is, such a fantastic option to built a router. I have been extremely impressed how much better mine performs compared to my old manufactured routers.
@peterjansen48265 жыл бұрын
I am interested in it, the thing that pushes me off is having to use a second computer. Yes, you can use an old computer for it (when my i5-750 system retires around July...) but the electrical power which it consumes... Maybe some low-power computer like those ASUS micro-computers? But then you have to spend $400-500? Here in the Netherlands we pretty much use whatever router our ISP provides. Here a ZyXEL P-2812HNU-F1 for a ADSL connection (VDSL, around 60/27 MBps and a ping of 9 ns).
@ChrisTitusTech5 жыл бұрын
@@peterjansen4826 Check out pcengines.ch/apu2d4.htm this is what I bought, extremely low power and see my video about its build process @ kzbin.info/www/bejne/Z33JdoapZb2na5o
@peterjansen48265 жыл бұрын
@@ChrisTitusTech Something like that would be nice. Maybe someday with a low power embedded Ryzen CPU? The one in this device is from the previous architecture (Jaguar). Ryzen is a lot better with power efficiency and the node is much better.
@cr0ft-2k5 жыл бұрын
One problem with shaping Bittorrent is that few users who actually use it actually use the known 6881 etc ports. Bittorrent can be set to any high port you wish, so that will bypass the shaper. Unless of course it gets caught in a catch-all. Also, it's worth pointing out that the only thing you can shape is the outgoing stuff. That's fine, though, for instance getting a higher priority on acks alone will help keep the downloads coming in from choking. But if people think you can shape in and outgoing in your own router, well, you can't. You can shape what leaves, so the ISP would have to have another shaper on their end to deal with your incoming stuff. Otherwise data will just get shoved at you at the maximum speed anyway.
@mikehensley783 жыл бұрын
great video!!! steam downloads were KILLING my connection! i live in a semi-rural area with a 30mbit down 4mbit up connection. we couldn't watch a youtube video while a game updated on another machine. after setting my PFsense box up according to your tutorial everything works great!!! THANK YOU! :)
@AnthonyGorss4 жыл бұрын
Slingbox standalones were a thing of the past, but satellite companies still offer "sling" services albeit built into the receiver box now. Thanks for the video, came across it when searching for RTMP setup needs.
@zoologic054 жыл бұрын
This was a really good video tutorial even though you don't explain every settings in deep detail. But I guess most ppl are able to do some own trial and error and setup what they think will work the best for their needs, so this was definately a good starting point to try this out. I've earlier used bandwith limiters but now I see that this kind of setup will probably be far better and easier to manage. Thanks!
@Spoonuk6664 жыл бұрын
The opening statement of this video should read as: "QoS only applies when there is contention for bandwidth. If there is none, QoS is not used"
@martinck1324 Жыл бұрын
Thanks Chris ! Super easy instructions and made all the difference
@giacomopagina53945 жыл бұрын
Hi Chris, @8:18 you said IPSEC is what OpenVPN uses. I followed your tip setting it with high priority, but from the created floating rules I can see it prioritizes traffic on port 500. My OpenVPN instances don't use that port. Would be enough if I change the port on that rule with the port range I use for my VPNs? Thank you
@To-mos2 жыл бұрын
6:33 Also most game updaters/launchers and video service streamers are just P2P bittorrent clients, this allows their users to act as CDNs to speed up their updates across the entire system.
@angrynerd21034 жыл бұрын
Wow i think this might inspire me to setup a cheap pfsense rig. They outclass my netgear ac2100 by a mile even for home use.
@scottluebke50122 жыл бұрын
This was such a great video. Totally makes sense!
@ddacombe4752 Жыл бұрын
great explanation and video, thanks
@attilavidacs242 жыл бұрын
Is there a way I can prioritize a specific TCP port to get the bandwidth needed for when it's in use?
@7MBoosted3 жыл бұрын
I know this video is a few years old, and it is nice to see that pfsense allows for service shaping. But what if I wanted to prioritize specific devices or VLANS as opposed to specific services. Am I able set a priority for specific machines. And set a low priority for, let's say iot devices that are segregated on their own van. Or would that stuff be better done through bandwidth management?
@KannonRomano2 жыл бұрын
Thanks for the video very helpfull. I just set up dropbox sync and it ate up all my bandwidth and killed my vnc remote connection
@kennethnicklowicz10305 жыл бұрын
DNS should be at a higher prority being those packets are small and will make it slow if they are low. very cool as I havent used my PFsense box in a while but have basic dsl so i need this again
@angrynerd21034 жыл бұрын
This can also be a really good idea if you use a home dns server like pihole or adguard home.
@LangerFeen Жыл бұрын
What's ED Eagle or ET Eagle music ?? (couldn't quite make out what's being said here and I feel I should know about it to stop it if Chris isn't recommending it) p.s., thanks for the tutorial @Chris, this is the first vid I opened on how to config shaping in pfsense..... and was all I needed.
@SALSASOULRECORDS10 ай бұрын
Thank you so much this help me a lot, have a great day!!!🤩
@maisumgajo3 жыл бұрын
Nice Video , It would be cool to see some link on the description with additional information on this topic.
@hongbohe44542 жыл бұрын
Correction: OpenVPN uses TLS encrypted UDP/TCP (by default is UDP 1194 and can be switched to other UDP/TCP ports) to transfer data and IPSec (UDP 500 and UDP 4500) has nothing to do with it. However, L2TP might does.
@JeremyLynnes5 жыл бұрын
Thanks for the video Chris, very helpful!
@patriciaramirez31053 жыл бұрын
The wizard shows how to create Traffic Shaper for establish interfaces, but can we apply QoS for virtual interfaces (VLANs)?
@kevinbradt835Күн бұрын
how do you setup a ste to site remote access vpn that allows sip traffic in using pfsense as the server and a edgerouter x sfp as the remote device with open vpn client on it i have tryed to send voip traffic over it but when i try to call a phone over the vpn the remote phone keeps ringing after the remote phone has been taken off hook and theres no audio eather
@DrazenMarjanovic3 жыл бұрын
I’ve been following you for a long time and I need to say that you cover great topics, and explain them in a good way (Linux 😍). I have a few questions. What do you think about a firewall on a virtual machine in production. And whether you used OPNsenese and can you compare it to pfSense
@blackburd4 күн бұрын
Fantaastic. Thank you.
@jorry19925 жыл бұрын
Pfsense is way overkill for most users, and the defaults don't really cover all that much. As you said, you often have to tweak the rules it sets, and this can be daunting for PC enthusiast, nevermind average joe. Instead you could take a look at openwrt or an derivative (e.g. gargoyle, as it has the simplest and best catch-all shitty isp compensating qos) as these are often an better option for SOHO use. Those also have the benefit of being sometimes able to be flashed to your current ARM router box.
@kennethnicklowicz10305 жыл бұрын
PFsense It actually quite easy even for non technical. I do corporate level I.T and my mom doesnt even know how to keep her icons organized on her desktop and she learned this!!! XD
@InThisVideoITV4 жыл бұрын
Thnx Chris, will try these shapers.. having bad time with my network
@pcgeniuseddy48473 жыл бұрын
Many apps Hide/are encrypted using SSL port 443. Question is how to shape those? Also, is there a way to differentiate/shape Facetime, Whatsappvoice calls, Ms teams, Zoom calls, etc. thank you
@MattTheriot6 ай бұрын
Excellent video.
@forid2005 жыл бұрын
The problem with pfSense is, when it comes to shaping its still way behind. Nowadays everything uses port 443, you can no longer assume 443 is just Web browsing traffic.
@brandonbrand23384 жыл бұрын
PfSense remains a powerful package though...
@ahtoh15 жыл бұрын
I'm new to this. Need to setup router/firewall/dhcp applience. What is good option for 50 devices, 2 offices communicating, providing good security, minimal administration?
@hnguk3 жыл бұрын
In relation to the P2P section, I feel like that section is less so relatable now considering _most_ people who use P2P know to use a VPN. So unless you limit VPN traffic then they could still max out your connection.
@TheBeardedLibertarian2 жыл бұрын
Great video
@MichaelVash78865 жыл бұрын
Got my PC engines hardware in but forgot to order a power adapter. So been trying to see if I could find an option in the US
@ChrisTitusTech5 жыл бұрын
Great to hear, you shouldn't have an issue as its a universal adapter. Just match the Voltage and Amps and on the adapter and you will be golden. You can pick one up on amazon.
@MichaelVash78865 жыл бұрын
@@ChrisTitusTech any particular recommendation? Only thing I could tell is that their pin is 2.5mm while many adapters are 2.1 mm I had asked their support about it once I realized as I would prefer to avoid high shipping or long waits just for the adapter. I've found tons of 12v 2 amp adapters
@ChrisTitusTech5 жыл бұрын
No, I had mine shipped with my unit, so I don't have a recommendation for this. The great thing about amazon is you can order it and if it doesn't work just send it back.
@changedahanddlessss4 жыл бұрын
dude chris, jesus christ man.. your the man.. dude... :_)
@m.r.yildirim5 жыл бұрын
Really helpful.Thanks 👍
@lyianx7 ай бұрын
Thaaank you for this!
@peterjansen48265 жыл бұрын
A lower priority for downloading games makes a lot of sense but you also can simply set this in Steam, I don't know about Battlenet. Though the settings in Steam are limited (only a few preset options, you can't simply enter a number for some silly reason). It also is nice if you are the only one who uses the internet that some bandwidth is left for regular internet usage, it is better if downloading the games takes 70 minutes instead of 60 minutes but in the meantime you can watch KZbin, stream music...than that the game downloads in 60 minutes and the internet gets slow.
@ChrisTitusTech5 жыл бұрын
Setting it in the application isn't the same, this determines the current workload of the router and adjusts accordingly. Say you have 100/mbps you limit it in the application to 60, but no one is using your internet and you are wasting your time. Traffic shaping says, "Hey no one is using the internet, take all of it until someone does". Big difference and vice versa if your internet is getting pounded by a ton of streaming, it may say, "Hey Steam, sorry bro but the interwebs are being used a lot and all I can spare is about 10 mbps".
@peterjansen48265 жыл бұрын
@@ChrisTitusTech Yes, setting a limit in the applications doesn't work as well as prioritizing it compared to other tasks. It would be nice if they could build that in for gaming clients and the download managers in browsers. But it does give a good solution for when there is a single user for a router. At least you can manually throttle the download speed of that game so that you can still use your internet for other tasks, of course the game won't get downloaded as fast as what would be possible with prioritizing. Unfortunately the default download manager of Firefox does not have the feature to set a limit for the download speed as far as I know (maybe somewhere in the configuration settings where you can set values for variables?).
@ChrisTitusTech5 жыл бұрын
@@peterjansen4826 No application can properly prioritize traffic on a global level.
@GooseTech5 жыл бұрын
Hey Chris, great video. What kind of device do you have pfSense on? Is it your main router? Your local computer? How best to implement this solution on a home network?
@Stevesmate45036 ай бұрын
great video!
@Martin-ot7xj5 жыл бұрын
Hi there, i have a question, i have normal router with wifi antenna that my mobile and another devices connect to my router wirelessly, and i have pfsese firewall but it doesn't support wifi my question is how can i connect my pfsese firewall to my router then my wifi devices can connect to my pfsense wirelessly?? Thnx
@MingYuanYu3 жыл бұрын
You can switch your existing wireless router into "AP mode" and use pfSense as your main router.
@oabdulsslam4 жыл бұрын
Thanks
@falazarte5 жыл бұрын
Thank you! very comprehensive
@Zyphire4 жыл бұрын
Thank you!
@peterjansen48265 жыл бұрын
Legal disclaimer. "I have no experience with that". LMAO
@peterjansen48265 жыл бұрын
@Donald Mickunas It think that you have misunderstood the context. :) If you watch the beginning of the video again you will probably know what it is about.
@HaakonReppen5 жыл бұрын
What if my connection to WAN is half duplex? Is it possible to define that? Thanks for a good video! :)
@matthewmiller6068 Жыл бұрын
Good video but I wish you talked more about customizing it. I have a couple devices (Femtocell and VoIP adapter in particular) I want to make sure get top priority at all times but ONLY those 2 devices on my LAN at top priority. They don't quite fit into the categories like the Femtocell is a mystery box owned by the cell provider I just know its IP needs to have low-latency high-priority whatever it wants throughput at all times or call quality suffers.
@luciandh5 жыл бұрын
Awesome. Thanks for the guide!
@rawswedegaming5 жыл бұрын
I use IPCOP, think the gui is simpler and more up an running in default mode than pfsense
@JonnyJnr5 жыл бұрын
Great video, thanks for the info.
@BandanazX5 жыл бұрын
Dropbox and the like are the bane of my existence. One user starts uploading and everything goes to crap.
@ChrisTitusTech5 жыл бұрын
I went to a conference about security and the featured speaker said it best, "Dropbox is the most elaborate and successful virus ever made for security". There is so much truth in that.
@katakouzina3 жыл бұрын
my isp uses traffic shaping (at least this is what i am told) and now i cannot stream twitch, it buffers every 5 seconds. it buffers even at 160p quality
@Felix-ve9hs5 жыл бұрын
I only used fq_CoDel (OPNsense) or Smart Queue (Ubiquiti EdgeRouterX) so far, guess i'll might give this (pfSense) a try as well :)
@brandonbrand23384 жыл бұрын
So man, did you give PfSense a go yet and dropped the rest? :)
@Felix-ve9hs4 жыл бұрын
@@brandonbrand2338 Right now I am using pfSense and OPNsense but can't really decide which to use, both are great for me. OPNsense has some features (like Wireguard and config backups to Nextcloud) that pfSense doesnt have, but pfSense has a bigger community and better Documentation. So far I only dropped Ubuquiti for Routers, they are very limited (both on Software and Hardware) compared to the other two. :)
@brandonbrand23384 жыл бұрын
@@Felix-ve9hs Thats cool, you have PfSense on your lists. Awesome.
@DDBAA245 жыл бұрын
I like Untangle NG . PFsense is highly customizable and a great tool but I am fine managing my routers with DD-WRT the QoS management is pretty simple. AND I really do not like BSD for anything, just not a fan. For more complex network configs and remote settings I really like Untangle. My home network is a series of nodes and the main one is untangle, that said I still make the web GUI accessible on each router to tweak individual configs. I chose Untangle because , 95% of what I do is in a terminal and it runs Debian. If I have to use a GUI Untangle's GUI is really nice and friendly + extremely resourceful. I like how they have a mini desktop in the Web Management interface , I can just pop open a terminal and make moves in Debian. One of the benefits of running a Untangle is installing to and actual PC and not a SoC. I can get anything done that I could from my daily driver from the Debian terminal. You can do the same with PFsense but this is only my opinion. Some years back I was testing it out, and also tried FreeNAS but the BSD factor was killing me and at that point I didn't know a lot about BSD. For instance I didn't know I could change the shell to bash , maybe I would have formed a different opinion if I had knew that then ( years ago). Can you do an OpenVPN Server/Client install/tutorial and config , show how to get to your network remotely with shared .ovpn key with client app for Windows and Linux. Every time I set this up I always mess something up, I'm just trying to figure out where I go wrong.
@ChrisTitusTech5 жыл бұрын
I personally love FreeBSD (FreeNAS/pfSense) as I have had wonderful experiences with these projects based on FreeBSD. I plan on doing OpenVPN next week, as I absolutely love it for both personal and business. 😀
@MostlyRCSlovakia5 жыл бұрын
I liked untangle before they completely cut the free web filter and others. Currently I am just fine with Sophos UTM free license. But I will need to upgrade the box soon and I am thinking of some Celeron J1900 4-Gigabit Intel NIC pfSense box already...
@DDBAA245 жыл бұрын
@@ChrisTitusTech Great, I am looking forward to it. Everyone seems to cover the install and configs, but they never remember to focus on using it afterward. Seems common sense but its not apparently. I know how to get my .ovpn keys to other devices. Just go to the directory with your .ovpn key and enter ' sudo python -m SimpleHTTPServer 8080'. Then you can pop open your browser on any device and python will serve up a LDAP on ip:8080. A cool way to easily get the keys on to any device mobile or otherwise. That is a cool shortcut in general to create an instant directory server on the network for anything. After that is where I run into issues, and where people end their tutorials. I want to use the thing you just taught me to install lol. Check out PiVPN its a one command curl | bash install. Configures itself drops your .ovpn in your home directory. It was built for the Raspberry Pi but it works on all Linux distros and architectures. So, things people leave out, connecting with mobile devices, 'the app' to do so, ios and android. Connecting with a laptop or another computer remotely. Also just forwarding internet traffic through the VPN for better privacy on the net even if your on the LAN. I just thought I would say that , maybe some things to keep in mind,,, where other youtubers fell short. Thanks Chris
@DDBAA245 жыл бұрын
@@MostlyRCSlovakia Yeah those little boxes are nice, if I were in the market, thats what I would be aiming for. How much is that one I cant find it on amazon ?
@MostlyRCSlovakia5 жыл бұрын
@@DDBAA24 I found such on aliexpress startin at 100 USD with free shipping...
@dencold83549 ай бұрын
Thanks.
@davidg45125 жыл бұрын
Every single tutorial out there does the wizard, screw the wizard, some of us need custom and want to know how and the theory behind it.
@ChrisTitusTech5 жыл бұрын
Honestly, to do a video on how to set it up without the wizard would be one long video. There are a couple out there that go in depth and explain things, but we are talking between 1-2 hours.
@OldieBugger5 жыл бұрын
Honestly, I have this problem: I simply don't know what 'pfSense' is and what it does. Maybe it just don't apply to my net service here in cold northern Europe?
@jorry19925 жыл бұрын
open source router OS. Instead of your crappy ISP box you only use their modem part, the router side you can do much better with pfsense/opnsense/openwrt/gargoyle etc. Some of those you can flash to an existing router but iirc this is not possible with pfsense.
@ChrisTitusTech5 жыл бұрын
Could have said better than Dux. I highly recommend open source routers if you understand networking. However, if you don't, your probably stuck on your crappy ISP gateway (all-in-one) box with shitty DNS servers and crap performance. I'd recommend starting with DD-WRT if you have a compatible router and then moving to completely open source hardware and software solution like pfSense.
@pfSenseArgentina4 жыл бұрын
All ones, make videos for how use the wizard, why not some one make a video to show how do that from scrantch with not use the wizard ? :(
@kennethnicklowicz10305 жыл бұрын
Sonic Wall Drove me INSANE setting up a VPN between 2 buildings OMG I feel your pain there
@recurssion4 жыл бұрын
Just easy with pfsense and openvpn. Im the IT admin in a hospital, i use pfsense there since five years. That one runs five openvpn servers, one is for the branch office (there is another pfsense and this one is the last implementation in the whole infraestructure), three are for some other close ambulatory centers, all of these are site2site. The last one is for roadwarrior. On the main i have dual wan with failover and traffic shapping based on protocols, it is really the most important piece that i manage.
@kc0eks3 жыл бұрын
Especially (with no x)
@apricotcomputers79152 жыл бұрын
cool
@kras_mazov2 жыл бұрын
You should prioritize DNS.
@THISLOVETHISHATE9911 ай бұрын
now only if u could make a guide for opnsense
@Haranoi17channel3 жыл бұрын
Game: Takes 0.1 mb/s Knowledgable administrator: Give IT back I need sharp Netflix!