Traffic Shaping and IPSEC



  • Hi,

    Is traffic shaping on IPSEC supported on the last pfsense version 1.2.3-RC3 ?

    I'm using IPSEC to connect a remote site to a main location and would like to shape the traffic in this pipe.
    Both sites are connected with a pfsense router on the OPT1 Interface.

    Thanks,
    cocacolle



  • Hi Guys..

    Is this working? on any version of Pf sense?
    I really need this? any suggestion with this software or another?



  • Currently in 1.2.3 this does not work.
    You can shape things so that IPSEC has higher/lower priority, but to shape the actual contents of the IPSEC tunnel, you'd really need a setup like this:

    PFSENSE<–>PFSENSE<--IPSEC-TUNNEL-->PFSENSE<-->PFSENSE

    Where the outer two pfsense boxes would shape the traffic, and the inner two contain the tunnel.  Kinda a pain.



  • Actually on 1.2.3 you can shape inside the tunnel but i am not sure if the rules allow this to be setuped.
    On 2.0 it is surely possible.



  • Hi ermal,

    do you mean I have to manually write the rules to shape the traffic ?



  • @ermal:

    Actually on 1.2.3 you can shape inside the tunnel but i am not sure if the rules allow this to be setuped.
    On 2.0 it is surely possible.

    In 1.2.3 how do you shape inside the tunnel?  Would it be with firewall rules?  Or a traffic shaper rule?

    I'm curious because we have remote SIP extensions I would LOVE to run over our IPSEC instead of the internet.  But they also run a lot of SMB traffic over IPSEC, so I absolutely HAVE to shape the data within the tunnel for it to sound good.  Thanks.


Log in to reply