Priority in IPSec Tunnels

  • Hello,

    I know this has been discussed a few times already, but i'm stuck in an unholy situation, and i thought maybe release 2.1 has more features that haven't been discussed about earlier.

    A company which i'm working for has that setup involving IP Phones that must are connected through a VPN in a small office.
    Until now, people in the small office used to fetch files through SMB over the VPN (slowly).

    Now that they want to use IP phones also, everytime someone will fetch a file, the voice over IP will stop working correctly (cuts).
    Is there any solution (not involving a second VPN and more WANs) which i could use ?

    I mean i'm searching a way to add priority to the VoIP traffic over IPSec. I've already enabled high priority using HFSC for the IPSec protocol itself.

    The setup:

    [Big Office + VoIP Server]–-[pfSense]–-[WAN1]–--------(has IPSec Tunnel)----------------[WAN2]–-[pfSense]–-[Small Office + IP Phones]

    In advance, thanks for any advices i could get :)

  • I'd also be glad if there was a solution not involving the GUI… Anything would help me out :)

  • I have the same exact setup. You can shape within the tunnel, just apply the appropriate queuing rules as if IPsec was another physical interface.

    Bear in mind that the queues will be the ones on your WAN anyway (because the packets themselves actually end up being sent out or received in from you WAN)

  • Thank you for your answer.
    But actually, as i have set high priority for IPSec protocol itself, everything i pass through the tunnel is automagically high priority.

    Did you enable priority on both IPSec protocol itself and the ports / protocols that goes through the tunnel ? Or did you only apply queues on the inside of the tunnel ?


Log in to reply