[ previous ] [ next ] [ threads ]
 From:  "Marc Fargas" <telenieko at gmail dot com>
 To:  "Josh Simoneau" <jsimoneau at lmtcs dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Traffic shaping over VPN for VoIP?
 Date:  Thu, 18 May 2006 23:52:54 +0200
Hi Josh,
You have some options here, If the VPN is handled between m0n0 and the
Internet OR it is an IPSec one, you can define your traffic shaping on the
WAN interface taking care of traffic on ports 5060 & 5004 to be highest
priority, and traffic going from or to the SIP proxy (It will depend if your
devices can re-invite or use random SDP/RTP ports)

In case the VPN is done on the m0n0 box but is not IPSec you'll have to get
the shaping done on LAN because traffic on WAN will be inside the VPN and
therefore you won't be able to distinguish VoIP traffic from other VPN
traffic, take care that placing the shaping on the LAN interface means that
download/upload means the opposite of what it means on WAN (seen from m0n0).

In case the VPN is done on the LAN by another device... you can only "match"
the VPN traffic as is on the traffic shaping without knowing if it's VoIP or
anything else.

I'm not sure if m0n0 can match QoS fields (have no box at hand now to look
at), if it can you can 'tag' the packets on the device (if it supports so)
or on the VPN software (I think openvpn had the ability to 'respect' the QoS
on tunneled packets) that could help on case 3 above.

Hope it helps a bit, on my case I'm in the first case of the list, IPSec
tunnels between some offices (fully-meshed) and SIP traffic between them,
traffic shaping is done on WAN on ports 5060 and 5004 as my devices allow me
to specify ports. And it works fine (I can start massive downloads without
downgrading the voice quallity).

See you,

On 5/18/06, Josh Simoneau <jsimoneau at lmtcs dot com> wrote:
> Greetings,
> I wasn't able to get a definite answer searching through the archives,
> maybe someone here can tell me if they have had success with this. We
> want to put an VoIP server at one location, and then have two remote
> locations connect to this over a VPN. Each location will have its own
> private subnet. I want to ensure that m0n0wall is capable of doing
> traffic shaping (is this considered QoS or is there something special
> about traffic shaping that keeps it from using the QoS label?) over the
> VPN connection so that voice calls remain the highest priority. We will
> be using standard SIP stuff.
> I have done many m0n0wall VPNs and many traffic shaping configurations,
> but never traffic shaping over the VPN. I just want to be 100% sure this
> will work before I move forward with the project.
> Many Thanks,
> Josh Simoneau
> Inventor of Electricity
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch