Voip priortize IPsec vpn



  • Hello All,

    (2) pfSense-2.0.1 at two sites
    IPsec site to site VPN
    each site has:
    (1) 6mb upload/download (static)
    (1) 3mb upload/download (static)

    Upgraded from pfSense-1.2.3-RELEASE to pfSense-2.0.1. Clean install.
    Multi-WAN multi-LAN setup with load balancing and failover.
    After running the pfSense boxes for the last two years,and never having gone through the traffic shaping facility I am hesitant of trying the traffic shaper..
    At right around noon time each day our IP phones between buildings will be very bad quailty and quite often will drop.
    I am wanting a simple QoS setup to allow 5 simultaneous calls to be able to happen ( about 64k each). via out IPsec vpn. Nothing more.
    If I go through the traffic shaper what are the chances of this remedying our poor phone quailty at noonish time?
    I have never went through this in a sandbox enviornment so i m not at all familiar other than reading through the tutorials that have been posted on the wiki here.

    thank You,
    Barry



  • Well, you could start by checking your bandwidth stats to see if it is indeed getting saturated at noon (perhaps some scheduled download, like antivirus updates by many PCs ?).

    Probably the easiest way to do traffic shaping would be to assign specific IPs to your IP phones, and then use the traffic shaper to prioritize all traffic from those IPs (instead of trying to identify VoIP traffic with ports and/or L7). Since your setup would be rather simple, you can probably do it by hand instead of using the wizards (which had some bugs last time I tried them).



  • Hello,

    Thank You for the reply.
    I did go through the traffic shaping wizard and done an simple allow 350 kilobits for ( I think) to allow 5 simultaneous calls.
    I am trying to get familiar with the queues page to figure if the calls are in fact taking priority?

    We have 115 phones between two buildings so assigning static IP's to each phone would really be a challenge. In a school setting what is in one room one year you can almost guarantee the whole shabang will be moved to another room for the next school year:(.

    These phones are in fact Panasonic TDA 'hybrid' phones and the voip traffic shaper page does have an entry for these specific phones,so this does look promising. In a weeks time,we will know if the traffic shaper is doing what is hoped to do for the voip calls.

    Take care,
    Barry



  • @brcisna:

    We have 115 phones between two buildings so assigning static IP's to each phone would really be a challenge. In a school setting what is in one room one year you can almost guarantee the whole shabang will be moved to another room for the next school year:(.

    I didn't suggest assigning static IPs to your VoIP phones, but "specific" IPs i.e. either put them in a certain VLAN, or match partial MAC addresses in dhcpd (afaik currently not configurable from pfsense's webGUI).

    Check my posts in a related discussion at http://forum.pfsense.org/index.php/topic,45596.0/all.html



  • dhatz,

    Thank You much for the link you provided.
    I am in a  big learning curve on the traffic shaping gig. I am trying to get my head around looking at the queues in the rrd graphs,trying to decypher what the meaning of this translates to.
    OK, You made a good point. The ip phones are in fact on a seperate vlan aside from actual PC's so what you are suggesting sounds like a plan.
    I am going to give my generic traffic shaper setup,,,for ONLY voip,and as I mentioned earlier the voip tab does in fact have an entry for the Panasonic TDA phones,which are what we have at both building,so fingers crossed this may work out.
    In a weeks time if nothing has improved I will go to plan b with your 'by ip range' setup

    Take Care,
    Barry


Log in to reply