Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec kills VOIP even with traffic shaping

    Scheduled Pinned Locked Moved Traffic Shaping
    10 Posts 9 Posters 6.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jonnytabpni
      last edited by

      Hey folks.

      I have a VOIP server behind my pfsense box with traffic shaping enabled to prioitise it.

      When, for example, someone downloads something from my webserver (which is also behind my pfsense box), the traffic shaper works pretty well and keeps the VOIP traffic up to a high standard.

      The problem arrises when someone does a transfer over the IPSEC VPN (e.g. rsyncing from my site to a remote site), the VOIP gets killed.

      Both sites are using 1.2RELEASE.

      Maybe IPSEC is ignored in this version of pfsense and is treated like local traffic?

      For what it's worth, I do have a dual WAN setup and I know that the traffic shaper doesn't support dual WAN however all the above is in respect to the WAN interface..

      Cheers

      Jonny

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by

        I am some what in this same boat. We live-n-die by our VoIP quality & so getting the shaping "just right" is our foremost concern.

        I wonder if you got to the bottom of your issue. If you did, can you post here. If you did not, can you post where you are today. If any one else has any tips for us, could you kindly post here. I wonder if there is a way to replicate the shaping done for unencrypted traffic inside the tunnel. I know that this might be quite a project since we would need to replicate that inside openVPN tunnels, again inside PPTP tunnels, again inside ipSec tunnels. Then we would theoretically have it in all four places, of channels, or whateveryouwanttocallit. We are very interested & motivated in figuring this out, so any & all extra information is most appreciated.

        Cheers.

        Jason Sjobeck
        www.sjobeck.com

        1 Reply Last reply Reply Quote 0
        • E
          eri--
          last edited by

          The bounty on the traffic shaper may enlight you.

          1 Reply Last reply Reply Quote 0
          • C
            c0mputernick
            last edited by

            I know this is an old post, but did you ever get the issue resolved with the vpn killing the voip calls?

            1 Reply Last reply Reply Quote 0
            • M
              Meulator
              last edited by

              Hello there,

              same trouble here : when i enable traffic shaper and run an IPSEC vpn session, all the traffic is slowed down : i barely can surf on websites or download files… as soon as i disable traffic shaping, it's fast again...

              1 Reply Last reply Reply Quote 0
              • S
                spikeinin
                last edited by

                The problem arises when someone does a transfer over the IPSEC VPN the VOIP gets killed. so what would be the best thing to do now with that?


                Call center software

                1 Reply Last reply Reply Quote 0
                • B
                  bbertrand
                  last edited by

                  It does not appear that there has been much than an accumulation of those "sharing in the pain," but we too have this problem. Traffic over the IPSEC Tunnel is killing the VOIP traffic as well as brining the network speed to it's knees overall. I am sure it is something I am doing wrong since I am new to pfSense and traffic shapping, but I didn't expect it to be this cryptic. Hope someone has a solution to point us all to.

                  Thanks,
                  Blaine

                  1 Reply Last reply Reply Quote 0
                  • chpalmerC
                    chpalmer
                    last edited by

                    You guys should really be separating your voip from your data if its that important…

                    maybe separate wans...

                    Triggering snowflakes one by one..
                    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                    1 Reply Last reply Reply Quote 0
                    • S
                      Supermule Banned
                      last edited by

                      Whats the hardware config of those machines running the IPsec tunnels??

                      1 Reply Last reply Reply Quote 0
                      • J
                        jonnytabpni
                        last edited by

                        Both are VIA C3's (I think) running at 1Ghz. Both have 512Mb RAM

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.