Shaper 1.2.x and OpenVPN client to client



  • Hi all,

    I am using pfSense 1.2.3 with two interfaces (LAN/WAN). I am using the shaper for VoIP, the configuration is done with the wizard. The pfSense box is running an OpenVPN server, and each OpenVPN client can see other OpenVPN client (client-to-client openvpn directive).

    The shaper is working fine for all traffic, except one case: when a huge transfert of data is done between two openvpn clients. I cannot find a way to handle this situation with shaper rules, since the traffic does not traverse the two interfaces of the firewall (LAN->WAN or WAN->LAN): all traffic is handled by WAN.

    My problem is that VoIP becomes really bad when such transfers occurs, and when displaying the queues, only qwandef is filled up with the outbound traffic. The inbound traffic of theses transferts is never shown in any queue, and the sum of rates displayed in the queue screens does not match the total rate displayed in the "traffic graph". It seems that "inbound" traffic in this case is not assigned to any queue, since LAN is not traversed.

    Does anybody have the same situation ? I think I will stop using the OpenVPN server on the pfsense box, and I will use an internal box for this: by this way, the same traffic will always go from LAN to WAN and WAN to LAN.

    Regards,
    Pierre



  • Since all traffic is on WAN interface there is no chance for the shaper to do its work. I suggest you set up a file server to which both clients can connect and then share stuff on this way.



  • @jlepthien:

    Since all traffic is on WAN interface there is no chance for the shaper to do its work. I suggest you set up a file server to which both clients can connect and then share stuff on this way.

    Ok, thanks for the reply. Unfortunatly, such transferts are mainly done with scp, because VPN are used to connect several LAN's, so a file server is not an option.

    I will put the openvpn server behind the firewall, by this way all traffic will go from WAN to LAN and from LAN to WAN.

    Regards,
    Pierre


Locked