Shaping and ipsec

  • Hi to all,

    we are evaluating/testing  pfsense as firewall (that's great) .
    We have most of our traffic over ipsec (10 vpn), and now we need to have also voip over ipsec, because our asterisk server is inside vpn.
    I've used the wizard, i've tried also to assign alias or ip of asterisk,  but all the traffic go  to the qlandef an the qwandef. Searching on the forum it seems that there is no way to shape voip traffic over ipsec. Is this right or i'm missing something?

    Tnx for all

  • I have had my share of frustrations with this traffic shaper and VPN is one of them.

    My VPN connection completely ignores any shaper rules for whatever reason.
    In fact it ignores my ISP's speed cap as well. A normal upload for me is about 720kbps, but my VPN connection bounces between 520's and 1100's on a regular basis. This is observed using monomon so that may be an issue, but tis strange anyway.
    I can tell the shaper that I only have 300kbps of upload, but the VPN will act the same as always.

    Maybe someone else can tell you about shaping VPN traffic. 
    All I know is that it won't listen to my rules.
    I only want to make sure I have enough upload for my voip calls, but when the competing traffic is over the VPN I can't win.

    After messing with it for a while, I was able to get my voip to work when there is uploading going on, but when there isn't a voip call in progress the VPN still ignores the limit set on the traffic shaper.

Log in to reply