How to Prioritize Critical Traffic Over Downloads with OPNsense 25.1

Cloud
Share on Pinterest Share on LinkedIn

Video calls that become choppy when someone starts downloading a huge file? Online gaming with lag because another user is streaming Netflix in 4K? These issues are common in home and business networks. The solution isn’t always about getting more speed, but rather better traffic management with OPNsense 25.1.

The key lies in traffic shaping, a mechanism that allows prioritizing latency-sensitive services (VoIP, conferencing, gaming) over traffic that can wait, like HTTP/HTTPS downloads or streaming.

🌐 What is traffic shaping?

Traffic shaping is the art of smartly controlling bandwidth usage. Its goal isn’t just limiting, but organizing and prioritizing. Its benefits include:

  • 🎯 Prioritizing latency-sensitive traffic, such as VoIP, gaming, or video calls.
  • 📦 Reducing priority for traffic that can wait, like downloads or cloud copies.
  • 🧠 Fairly distributing bandwidth when multiple connections compete at once.

In OPNsense, this is achieved by combining pipes (bandwidth channels), queues (priority queues), and rules (traffic classification rules). Additionally, modern algorithms like FQ-CoDel help combat latency under load.

🔍 Static vs. Dynamic Shaping

There are two main approaches:

🪵 Static Shaping

  • 📐 Fixed limits are set for each traffic type.
  • 🚫 If unused, these reserved Mbps are wasted.
  • ✅ Guarantees minimum bandwidth for critical traffic.
  • ❌ Less efficient: doesn’t utilize idle capacity.

Example: limiting downloads to 20 Mbps even if no one else is using the network.

⚙️ Dynamic Shaping (FQ-CoDel)

  • 📊 Adapts in real-time to traffic load.
  • 🚀 Allows downloads to use all available bandwidth if the network is free.
  • ⏱ Automatically lowers priority when video calls or gaming begin.
  • ✅ Fairer, more efficient, and reduces latency.

Example: download at maximum speed, but when a Zoom call starts, it automatically yields bandwidth to the videoconference.

🛠️ Configuration in OPNsense 25.1

Network example: 100 Mbps download and 20 Mbps upload.

opnsense pipe
How to Prioritize Critical Traffic Over Downloads with OPNsense 25.1 4

🧱 Step 1: Create pipes

In Firewall > Shaper > Pipes ➕ Add (advanced mode):

Download Pipe

  • Bandwidth: 85 Mbps (85% of 100)
  • Scheduler: FlowQueue-CoDel
  • Mask: destination
  • Description: DownloadPipe

Upload Pipe

  • Bandwidth: 17 Mbps (85% of 20)
  • Scheduler: FlowQueue-CoDel
  • Mask: source
  • Description: UploadPipe

👉 Save each pipe after creating.

🧮 Step 2: Create queues (optional for fine prioritization)

In Firewall > Shaper > Queues ➕ Add:

🚀 High Priority Queue

  • Pipe: DownloadPipe
  • Weight: 80
  • Description: DownloadHighPriorityQueue

🐢 Low Priority Queue

  • Pipe: DownloadPipe
  • Weight: 20
  • Description: DownloadLowPriorityQueue

(Repeat for upload if prioritized in uplink).

🔁 Step 3: Create rules

In Firewall > Shaper > Rules ➕ Add:

🐢 Rule for HTTP/HTTPS traffic (low priority)

  • Interface: WAN
  • Protocol: TCP
  • Src-port: http/https
  • Target: DownloadLowPriorityQueue
  • Description: DownloadLowPriorityRule

🎯 Rule for critical traffic (high priority)

  • Interface: WAN
  • Protocol: TCP/UDP
  • Target: DownloadHighPriorityQueue
  • Description: DownloadHighPriorityRule

👉 Sort rules from top to bottom. Traffic matches the first applicable rule.

📈 How to verify results

  • In Firewall > Shaper > Status, view bandwidth usage by pipe and queue.
  • Test with real scenarios: start a Zoom call and initiate a download. The video call should remain smooth.
  • Recommended tools:
    • Bufferbloat Test (measure latency under load).
    • iperf3 for controlled testing.
    • fast.com or Speedtest while running critical apps.

💡 Best practices

  • Configure shaping around 85–90% of actual bandwidth to prevent bufferbloat.
  • Create IP/port aliases to accurately identify critical traffic.
  • Always save a copy of your setup before making major changes.
  • Remember rule order: priority depends on their position in the list.

🧠 Conclusion

Dynamic traffic shaping in OPNsense 25.1 ensures your network runs smoothly even under heavy load. It’s not about limiting just for the sake of it, but ensuring urgent traffic always takes precedence over less critical data.

With FlowQueue-CoDel, downloads and streaming get bandwidth when the network permits, but yield space as soon as video calls, online gaming, or latency-sensitive services appear.

In summary, it’s a fairer, more efficient approach than traditional static shaping: fewer interruptions, less lag, and better productivity for all users.

Frequently Asked Questions (FAQs)

1. Why isn’t it enough to just buy more bandwidth?
Because even with very fast connections, without smart control, download flows can saturate buffers and cause latency in calls or gaming.

2. What’s the difference between limiting bandwidth and using FQ-CoDel?
Static limits reserve capacity even when unused. FQ-CoDel dynamically allocates: giving full bandwidth to downloads if the network is free but lowering priority when sensitive traffic appears.

3. Do I need to create queues for shaping to work in OPNsense?
Not always. The FQ-CoDel algorithm can manage fairness automatically, but queues allow for more explicit priority control.

4. Does it apply to upload as well, or just download?
It’s recommended to configure both directions, especially upload — a saturated upload channel can degrade voice and video quality even on fast connections.

via: laggner.info

Share on Pinterest Share on LinkedIn
Scroll to Top