|
||||||||
Actually, I think it's already there? Just pick ESP as protocol. Your rule will look something like this: WAN ESP * * Queue 1 Or you could get a hot cup of coffee, a blanket and a printout of http://www.ietf.org/internet-drafts/draft-ietf-ipsec-esp-v3-08.txt. :) // Thomas Hertz > -----Original Message----- > From: Falcor [mailto:falcor at netassassin dot com] > Sent: den 11 juni 2004 01:04 > To: Thomas Hertz > Subject: Re: [m0n0wall] Question on Traffic Shaper and IPSEC tunnels > > So are you saying to key the tunnel off of the ESP protocol, or we need > to add ESP as a choice for interface? > > Thomas Hertz wrote: > > >Yep, that'll work. What you're looking for is the protocol "ESP" from the > >drop down list. > > > >// Thomas Hertz > > > > > > > >>-----Original Message----- > >>From: Falcor [mailto:falcor at netassassin dot com] > >>Sent: den 10 juni 2004 22:01 > >>To: m0n0wall at lists dot m0n0 dot ch > >>Subject: [m0n0wall] Question on Traffic Shaper and IPSEC tunnels > >> > >>I realize the IPSEC VPN tunnels can not be seen by the firewall engine, > >>e.g. you can't write ACL rules. But can the tunnel itself (the > >>connection to the remote VPN concentrator) be seen by the traffic > >>shaper? I would like to queue and dedicate a good portion of my uplink > >>to a a vpn tunnel for testing of some IP telephony, if I can guarantee > >>the tunnel is stable (not encroached upon by other traffic on the > >>firewall) it would be great. > >> > >>-F > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > >>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > >> > >> > > > > > > |