Copy Tos bit (dscp) from cleaer packet to encrypted one with IPSEC RFC2401

  • In other line of things, Anyone knows if Pfsense 1.2.3 and 2.0 support Copy diifserv bit (TOS DSCP) from clear packet to encrypted packet on IPSEC vpn tunnels? I think that this is specified on RFC 2401 but not sure If Stable or beta versions of pfsense support this feature.

    Many thanks


  • It can be done by enabling a sysctl.
    Search aound google and you will find it.

  • I was looking for it too much time without sucess, many other Firewall systems have this feature avaible by default at devices from Juniper,Cisco or Firtinet hardware vendors and Vyatta or Astaro as software vendors dont know why authors and developers dont put it avaible as a feature without necesitie of make any hack into the SO.

    Please ermal can you tell me how to do it?
    I need to copy Diffserv bit from clear packet to encrypted one (IPSEC tunnels)and reverse.

    If I cant do it, I will have to change firewall distro to vyatta to support VoIP of my Alcatel PBX.
    Many thanks

Log in to reply