IPSec kills VOIP even with traffic shaping

  • Hey folks.

    I have a VOIP server behind my pfsense box with traffic shaping enabled to prioitise it.

    When, for example, someone downloads something from my webserver (which is also behind my pfsense box), the traffic shaper works pretty well and keeps the VOIP traffic up to a high standard.

    The problem arrises when someone does a transfer over the IPSEC VPN (e.g. rsyncing from my site to a remote site), the VOIP gets killed.

    Both sites are using 1.2RELEASE.

    Maybe IPSEC is ignored in this version of pfsense and is treated like local traffic?

    For what it's worth, I do have a dual WAN setup and I know that the traffic shaper doesn't support dual WAN however all the above is in respect to the WAN interface..



  • I am some what in this same boat. We live-n-die by our VoIP quality & so getting the shaping "just right" is our foremost concern.

    I wonder if you got to the bottom of your issue. If you did, can you post here. If you did not, can you post where you are today. If any one else has any tips for us, could you kindly post here. I wonder if there is a way to replicate the shaping done for unencrypted traffic inside the tunnel. I know that this might be quite a project since we would need to replicate that inside openVPN tunnels, again inside PPTP tunnels, again inside ipSec tunnels. Then we would theoretically have it in all four places, of channels, or whateveryouwanttocallit. We are very interested & motivated in figuring this out, so any & all extra information is most appreciated.


    Jason Sjobeck

  • The bounty on the traffic shaper may enlight you.

  • I know this is an old post, but did you ever get the issue resolved with the vpn killing the voip calls?

  • Hello there,

    same trouble here : when i enable traffic shaper and run an IPSEC vpn session, all the traffic is slowed down : i barely can surf on websites or download files… as soon as i disable traffic shaping, it's fast again...

  • The problem arises when someone does a transfer over the IPSEC VPN the VOIP gets killed. so what would be the best thing to do now with that?

    Call center software

  • It does not appear that there has been much than an accumulation of those "sharing in the pain," but we too have this problem. Traffic over the IPSEC Tunnel is killing the VOIP traffic as well as brining the network speed to it's knees overall. I am sure it is something I am doing wrong since I am new to pfSense and traffic shapping, but I didn't expect it to be this cryptic. Hope someone has a solution to point us all to.


  • You guys should really be separating your voip from your data if its that important…

    maybe separate wans...

  • Banned

    Whats the hardware config of those machines running the IPsec tunnels??

  • Both are VIA C3's (I think) running at 1Ghz. Both have 512Mb RAM

Log in to reply