Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best way to shape this? Ipsec prio high anything else prio low.

    Scheduled Pinned Locked Moved Traffic Shaping
    5 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bertw
      last edited by

      Hi all,

      We have a remote site connected over IPsec between two pfsense boxes. Traffic over the IPsec tunnel consists of speak-data (polycom ip phones SIP connected to asterisk PBX) and remote desktop to the Terminal Servers. Other traffic is standard browsing internet traffic, an incidental software download etc.

      What is the easiest way tot shape traffic, on the remote pfsense, so that IPsec traffic always has a guaranteed bandwidth and high prio, all other traffic gets what is left?

      Regards,
      Bert

      1 Reply Last reply Reply Quote 0
      • B
        bertw
        last edited by

        remote box is 1.2.RELEASE

        1 Reply Last reply Reply Quote 0
        • E
          eri--
          last edited by

          The source and destination ip. Pfsense ip and your other point ip.

          1 Reply Last reply Reply Quote 0
          • B
            bertw
            last edited by

            I noticed IPsec traffic shaping is not yet supported. So what I now do is use a penalty up/down queue where all non IPsec traffic is assigned to. These queues have a max up/download set, so that enough bandwidth remains for IPsec, which by default uses the default queues.

            For know I'm satisfied whith these settings, but i'm looking forward to be able to shape traffic within IPsec. Hope it will be implemented soon.

            Regards,
            Bert

            1 Reply Last reply Reply Quote 0
            • H
              heiko
              last edited by

              1.2 cannot really shape ipsec, search for in the bounty section and you will find a solution or wait for 1.3

              Regards
              heiko

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.