Traffic shapping in an ipsec-tunnel?

changhe

Hi!

I looked through the the webgui, but can't find an option howto enable traffic shapping in an ipsec-tunnel.

The pf-packetfilter should be able to do so.

How do I do this?

Primary I need it for VoIP-traffic in this IPSec-tunnel.

Any hint is welcome!

changhe

I searched the forum again. Most older articles said "not implemented yet".

But then I found this reply http://forum.pfsense.org/index.php/topic,19985.msg106174.html#msg106174 from the admin ermal, written November 19, 2009, 11:04:36.

Actually on 1.2.3 you can shape inside the tunnel but i am not sure if the rules allow this to be setuped.
On 2.0 it is surely possible.

So I guess it can be done with 1.2.3. Ermal didn't knew how to do it, but maybe someone other does.

The shapping sould happen in a tunnel and two pfsense 1.2.3 are the endpoints. The office-end has a two WANs. One (a 25MBit VDSL (25088 kBit/s down / 5056 kBit/s up)) is exclusive used for IpSec. This IpSec-tunnel is only used for VoIP. It is used for both: Congestion and the VoIP-traffic itself.

There is a second tunnel between the office and our serverhousing. Its established with an AVM 7390 in our office and a linuxbox with openswan at our serverhousing. This tunnel is used only for data-traffic and it's not used by any pfsense. Or topic of this thread.

As it seems the congestion makes a voip-session stutter. As codec is G711 used. There is not more than 10 calls at a time.

Data-Traffic
            AVM7390–ADLS----#############----Gigabit-openswan--------------------+
                |            IPSec-Tunnel                                        |
                |                                                                |
                |            VoIP-Traffic                                        |
LAN---pfsense-office-VDLS----#############----Gigabit-pfsense-serverhousing---LAN(serverhousing)
                |            IPSec-Tunnel
                |
                +----ADSL-----Internet

changhe

I got an answer from the moderator heiko in the german speaking part of this forum:

@heiko:

Hallo,

nicht möglich auf 1.23, nur mit einer Spzialversion der 1.2 von Ermal. Drer Traffic Shaper is in der 2.0 komplett überarbeitet und bietet dort auch IPSec TS etc.

Regards
Heiko

Translation:

It is not possible with 1.23. There is a special version of 1.2 from Ermal, which can do it. The traffic shaper is completely reviseded in 2.0 and has traffic shaping inside it's IPSec tunnels etc.

tohil

@changhe:

I got an answer from the moderator heiko in the german speaking part of this forum:

@heiko:

Hallo,

nicht möglich auf 1.23, nur mit einer Spzialversion der 1.2 von Ermal. Drer Traffic Shaper is in der 2.0 komplett überarbeitet und bietet dort auch IPSec TS etc.

Regards
Heiko

Translation:

It is not possible with 1.23. There is a special version of 1.2 from Ermal, which can do it. The traffic shaper is completely reviseded in 2.0 and has traffic shaping inside it's IPSec tunnels etc.

mh, okay. i'm now strugled over this post. i need also this shaping inside the vpn tunnel, because the tunnel use the full bandwith.

regards