    i have problems to set up the shaper via the GUI with my VoIP Phones. The situation is like this:

    At the company headquarter is a AVAYA PBX and all phones there are connectet via ip to the pbx. There is a static IP and a pfsense box is doing NAT and IPSec but no shaping.

    On a 2nd loacation are several IP Phones. There is a tunnel via IPSec between the two locations. My goal is now to priorize the VoIP traffice in direction from the location to the headquarter … and thats what i'm doing:

    I had set up the shaper with the wizard. Priorize VoIP (Generic), no Game, no P2P! I only want to priorize also PPTP and IPSec, so i adjust a high priority for those 2 protocols in the wizard.

    The problem then was, that the VoIP traffic was not feeded in the right queue ... only the default queues! I looked here in the forum, and read something about aliases and problems. So i decide to set up a Alias. In the Alias was the IP of the PBX at the headquarter and the IP of the phone on the co-location defined (like i read in other postings) - but, it didn't work.

    The wizard did something like this:

    qWanRoot/qLanRoot          Priority 0
    qWanDef/qLanDef              Priority 1 (all uncategorized traffic)
    qWanUpH/qWanDownH      Priority 4 (IPSEC / PPTP)
    qWanUpL/qWanDownL        Priority 2 (i don't use it)
    qVOIUp/qVOIDown            Priority 7 (VoIP / ACKs)

    I tried then to play around and set the TOS to "don't care" and configured the correct udp ports, but this also doesn't help. Also to put the whole traffic between PBX and phone in a rule an feed it to the Prio7 queue was not the solution.

    The problem is, no matter what i'm doing: The VoIP traffic is not feeded correctly to the "qVOIUp/qVOIDown" queues - at the end its in the "qWanDef/qLanDef" with Prio 1 (and not with Prio 7 like it should do)!

    There is also another question since i had read the ALTQ Man page: Why to shape the download ... i don't understand why the wizard is creating download rules an queues ... i think it's to late to shape the traffic for incoming packets at this moment?!

    Maybe sombebody knows what i'm doing wrong?

  • After a week trying with pfsense i think the shaper implementation (or its me?) is a little buggy at the moment:

    • It seems to be a problem to feed the traffic into the right upload queue

    • After setting up the shaper i become problems with my ipsec connection

    • If i set up the shaper with a 192.168.x.x DNS Server under "General Setup" name resolutions is not working properly anymore (without shaper it does) - pinging over ip does work

    For the moment the solution for me was to switch back to monowall at the co-locations, cause there i don't need some features only pfsense has. I had set up a wrap with m0n0, do the initial config, set up the shaper - and its doing the job as i need it at the first try. So i'm looking forward for the next update(s) to make some tests and switch back to pfsense again …

    ps: before i set up the shaper pfsense is doing a really great job over months and at this point i want to say thanks to the developers!

  • It is not buggy.  You most likely set it up wrong.


  • My phones also set the QOS/TOS Bit 3 (LowDelay) and i can't deactivate it couse the switches should also prefer these packets in front of all other packets. May be for me is the solution to deactivate the default ACK Queue (cause it seems that it catches all Lowdelays before any of my rule are proceded?) and set up a ACK queue manually (without Lowdelay) and create rule to feed all the acks to this queue and also a special queue/rule with lowdelay for VoIP …?!?!

    I think i'll try this at home first - thanks for the hint!

