VoIP and Traffic Shaping - Echos, Static on the phones



  • Hello,

    We're having problems with one of our customers.  We have a VPN between their office and ours with OpenVPN.  The link is fine and data passes without a problem.  We have a NEC UX5000 at our office that handles the lines for our customer.  Everything seems to work fine but the customer complains when some people call in or when they make calls, that they sometimes hear an echo (hear themselves in the receiver) or they hear static on the call.

    We have the phone network on an OPT interface and the computers on the LAN interface.  They have a 50mb down/6mb up connection that comes to our 3MB up/down connection at our office.  I've tried setting up the limiter to only allow 2mb up/down for all computer traffic while letting the phone traffic be unrestricted.  I've also tried using the 2LAN/1WAN traffic shaper wizard to prioritize VoIP traffic over everything else yet they still complain about the occasional problem.  They seem to have the most problems in the morning because whenever I go on site and try to make calls, I don't hear anything wrong.

    The NEC people talk about setting the TOS field for packets on the NEC but I've never seen where to set this up in pfSense.  Also, it sounds like from reading on the 'net that this approach would be for the local network, since once it leaves the network, it would rely on the ISP to know what the TOS field (correct me if I'm wrong).

    I'm running out of ideas on what else to try.  I'm beginning to think that this isn't something we have any control over.  Is there a package that I could install that would handle this issue better or is using the traffic shaper to shape the VoIP traffic the way to go?

    Ping times are fine, there's low latency and low jitter from all the tests I've done with speedtest.net and pingtest.net.  Pings from our office to the customer and vice versa drop like 1 packet out of 850+.



  • If I understand you correctly, you have VoIP running across an OpenVPN link? Is this a dedicated link or is it just routed over the Internet? QoS won't work once it leaves  your network generally unless you can manage the link all the way to the client. pfSense is probably prioritizing the packets as they leave the interface but all the routers that the packets go across to get to the customer are not using QoS so it won't help that much.



  • @focalguy:

    If I understand you correctly, you have VoIP running across an OpenVPN link? Is this a dedicated link or is it just routed over the Internet? QoS won't work once it leaves  your network generally unless you can manage the link all the way to the client. pfSense is probably prioritizing the packets as they leave the interface but all the routers that the packets go across to get to the customer are not using QoS so it won't help that much.

    Yes, I am running VoIP over a OpenVPN link.  I control both pfSense boxes on each end (the one at the office and the one at the customer's site).  I have the Traffic Shaper running to give VoIP the highest priority, using the wizard for 2LAN1WAN.  I setup the links in the Traffic Shaper with less bandwidth than the total link connection (4up/15down, instead of 6up/50 down).  There's packets that drop in the default queue but from what I've read, you want that to happen when there's higher priority traffic that needs to go out.

    Really, since I've set up the 2LAN1WAN Traffic Shaper, I haven't heard many complaints.  I went over there one day last week and they complained about 1 or 2 calls but nothing like it was before where it would happen all morning and then just clear up later in the day.

    Do I need to setup the same kind of Traffic Shaping on the pfSense box here at the office?  At the moment, it has nothing setup but going by the RRD graphics, it doesn't ever go past 500kb/s on up or down and we have 3mb up/down here at the office.



  • Okay, I know you manage the router at each end but what about all the routers in between? I'm assuming this VPN is over the public Internet. Do a trace route between the public IPs of both routers that you control and you'll see how many other routers the VPN traffic is flowing across. These routers will not shape traffic according to your QoS tags even if they could see them. They can't even see them because your traffic is encrypted by OpenVPN.

    All you are controlling with traffic shaping on your pfSense boxes is which packets have priority leaving your pfSense box. Once they leave it you have no control over what packets get dropped first. If you have an MPLS circuit or a dedicated T1 between your office and the customer site then you could get the ISP to use the QoS you put on the packets but I don't think that's they type of link you have.

    Here is a link that may explain it a little better (even though they are trying to sell their product at the end) http://netequalizernews.com/2010/08/29/qos-over-the-internet-is-it-possible-five-must-know-facts/


Log in to reply