Traffic shaper lan > wan location suggestions

  • Good morning all,

    We have poor call quality on our avaya ip office phone system when it comes to the VOIP calls, I have identified the problem as an upload issue via bandwidth testing and would like to use PFsense as a solution. We have a main office and two satallite offices. At the main office we have the avaya office device, call server and an IP phone. The satallite offices are connected via simple Lan to Lan tunnelling with 3 ip phones at each location, decent bandwidth at each location but, not guarenteed for VOIP yet.

    I have read most posts on the matter but wanted to get some advice on where to place the PFsense devices and best setup.

    Will they be effective in front of our PIX's or only behind them? I'm not certain PFsense will detect encapsulated VOIP packets…hense best placement

    Office topologies:  ISP --- PIX 501 ---- layer 2 switch ---Intranet

    On the new version 2 the GUI says bridging and shapping are not compatable, so if I want to configure that I would need to go with Mononwall?

    I am a newb at this but have heard alot of success stories and want to have mine be one of those as well.

  • To Clarify, all I really need to know is does PFsense recognize VOIP traffic within a vpn tunnel i.e. can I place the device outside our Pix or does it need to be behind it?


  • There is no practical way to identify traffic within any VPN tunnel that I've seen.  A VPN tunnel is just encrypted packets, so the only thing pfSense could see is that some packets are small and some are large.  If you want to sort traffic you're going to have to place the pfSense system before the traffic is encapsulated and encrypted.

  • Thats what I thought, it was a dumb question.

    I have searched the forum for the keyword transparent and came up with lots of other people asking if it will do (trasparent shaping) and its seems it will with the 1.2 version i.e. ala brided mode. I will install that tomorrow and see how it works.

    Thanks for the reply…

Log in to reply