Best way to shape this? Ipsec prio high anything else prio low.

  • Hi all,

    We have a remote site connected over IPsec between two pfsense boxes. Traffic over the IPsec tunnel consists of speak-data (polycom ip phones SIP connected to asterisk PBX) and remote desktop to the Terminal Servers. Other traffic is standard browsing internet traffic, an incidental software download etc.

    What is the easiest way tot shape traffic, on the remote pfsense, so that IPsec traffic always has a guaranteed bandwidth and high prio, all other traffic gets what is left?


  • remote box is 1.2.RELEASE

  • The source and destination ip. Pfsense ip and your other point ip.

  • I noticed IPsec traffic shaping is not yet supported. So what I now do is use a penalty up/down queue where all non IPsec traffic is assigned to. These queues have a max up/download set, so that enough bandwidth remains for IPsec, which by default uses the default queues.

    For know I'm satisfied whith these settings, but i'm looking forward to be able to shape traffic within IPsec. Hope it will be implemented soon.


  • 1.2 cannot really shape ipsec, search for in the bounty section and you will find a solution or wait for 1.3


Log in to reply