[ previous ] [ next ] [ threads ]
 
 From:  Robert Rich <rrich at gstisecurity dot com>
 To:  Kev Latimer <kev at ne23 dot net>
 Cc:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Traffic shaping in IPSec - alternatives?
 Date:  Tue, 21 Dec 2004 13:22:05 -0500
Wow..the devil's in the details.  I just bought four wrap boxes and am
configuring m0n0wall this week with the hopes of using trafficshaping for VOIP
traffic.

Guess i'll get a head start in working on one problem. :)

First question, is it possible to sidestep the problem by using OpenVPN?  I've
read that performance takes a hit with OpenVPN, but i'm not sure by how much.

Second question, probably more lame, is would it be possible to setup two tunnel
endpoints and have a 'high priority' tunnel and a 'low priority' tunnel? 
Routing is a problem here, of course...and it doesn't help if you're
downloading a file from the same box you're RDPing to, but it might at least
give you an option. (This would potentially work in our VoIP situation)

Third question...do you have enough control over the remote end to implement
some form of qos/traffic shaping after the fact?  Presumably anything that does
a reasonable job at the remote end would benefit you at your end...






Quoting Kev Latimer <kev at ne23 dot net>:

> Hallo all,
>
> My m0n0wall is all in and working but I've just had a flash of the
> blindingly obvious on something I'm trying to do.  I've been trying to
> traffic shape the data going up my VPN tunnel, specifically trying to
> prioritise the Terminal Services traffic.  A quick browse of the lists
> seems to confirm what I thought, that the traffic becomes ESP before the
> shaping "thing" (ipfw?) can see it.
>
> Do you think shaping the traffic before it becomes ESP is something that
> will ever be feasible, or if not,does anyone have any suggestions on
> alternatives to prioritise the TS traffic?  So far, my only guess would
> be to have two tunnels and prioitise the traffic of one over the other
> but I'm just thinking out loud at the mo.
>
> Cheers,
>
> Kev
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


--
Robert Rich
Global Security Technologies, Inc.
Mobile: 614.975.7549
Office: 614.890.6400

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.