[ previous ] [ next ] [ threads ]
 
 From:  "Thomas Hertz" <term at cynisk dot net>
 To:  "'Falcor'" <falcor at netassassin dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Question on Traffic Shaper and IPSEC tunnels
 Date:  Fri, 11 Jun 2004 09:08:18 +0200
Actually, I think it's already there? Just pick ESP as protocol.

Your rule will look something like this:

WAN	ESP 	* 	* 	Queue 1

Or you could get a hot cup of coffee, a blanket and a printout of
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-esp-v3-08.txt. :)

// Thomas Hertz

> -----Original Message-----
> From: Falcor [mailto:falcor at netassassin dot com]
> Sent: den 11 juni 2004 01:04
> To: Thomas Hertz
> Subject: Re: [m0n0wall] Question on Traffic Shaper and IPSEC tunnels
> 
> So are you saying to key the tunnel off of the ESP protocol, or we need
> to add ESP as a choice for interface?
> 
> Thomas Hertz wrote:
> 
> >Yep, that'll work. What you're looking for is the protocol "ESP" from the
> >drop down list.
> >
> >// Thomas Hertz
> >
> >
> >
> >>-----Original Message-----
> >>From: Falcor [mailto:falcor at netassassin dot com]
> >>Sent: den 10 juni 2004 22:01
> >>To: m0n0wall at lists dot m0n0 dot ch
> >>Subject: [m0n0wall] Question on Traffic Shaper and IPSEC tunnels
> >>
> >>I realize the IPSEC VPN tunnels can not be seen by the firewall engine,
> >>e.g. you can't write ACL rules.  But can the tunnel itself (the
> >>connection to the remote VPN concentrator) be seen by the traffic
> >>shaper?  I would like to queue and dedicate a good portion of my uplink
> >>to a a vpn tunnel for testing of some IP telephony, if I can guarantee
> >>the tunnel is stable (not encroached upon by other traffic on the
> >>firewall) it would be great.
> >>
> >>-F
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>
> >>
> >
> >
> >