|
||||||||||
We will be running our Voip traffic over our ipsec VPN. Does the traffic shapper prioritize traffic running over VPN's? Mat Quark IT - Hilton Travis wrote: >-- >Hi Mat, > > > >>-----Original Message----- >>From: Mat Murdock [mailto:mmurdock underscore lists at kimballequipment dot com] >>Sent: Wednesday, 25 August 2004 08:55 >> >>We are looking to implement a Mitel VOIP soloution at my >>company. I have one of these: >>http://www.synertrontech.com/light.htm at each location >>running ipcop, they all have 128mb flash cards and 128 mb ram >>(yes overkill but wanted to leave options open). They are running at >>533 mhz, the one at our main office is running 1Ghz with >>twice the ram and cf storage. >> >> > >Personally, I wouldn't call 128 MB overkill, I'd most likely call it the >smallest RAM module that can be easily found these days. :) > > > >>I need to proritize the VOIP traffic, ie traffic shaping and >>I need ipsec vpn capabilities. I know monowall has the >>options to do both of these. I haven't tried the traffic >>shaping, but I have tried the vpn with monowall at my house >>connecting to ipcop at work. My vpn connection seemed to >>require a ping once a day to keep it up. Is that a ipcop >>monowall connectivity problem? Has anyone had any experience >>with implementing a VOIP solution other then a home voip >>system like vonage that included monowall? Any comments >>would be most helpful. >> >>Mat Murdock >> >> > >I have a client who has recently purchased a Cisco ATA-186 VOIP device >and wants to have this running in his DMZ (along with other servers) and >I'd like to be able to configure Traffic Shaper to give this box >priority. Unfortunately, as working with Traffic Shaping often causes >my head to explode (I've found most of the parts again) I cannot give >you a *working* answer on the VoIP traffic shaping rules, but I'll at >least show you what I've done, and any and all comments are welcome - >once we have a working, usable VOIP Traffic Shaping config, then it is a >good place for a lot of people to start. > >As you can see, I have allocated VOIP traffic to a Priority 100 queue, >other important traffic (none yet defined) to a Priority 50 queue, and >all other traffic to a Priority 10 queue. This should ensure that VOIP >traffic has the highest priority when it is in use, and that all other >traffic can use all the bandwidth (as appropriate) when there is no VOIP >traffic. This is for a 512/128 PPPoE ADSL connection, hence the >upstream and downstream pipe sizes. > >Pipes >No. Bandwidth Delay Mask Description >1 450 Kbit/s p_Inbound >2 105 Kbit/s p_Outbound > >Queues >No. Pipe Weight Mask Description >1 p_Inbound 100 destination q_High In >2 p_Inbound 50 destination q_Med In >3 p_Inbound 10 destination q_Low In >4 p_Outbound 100 source q_High Out >5 p_Outbound 50 source q_Med Out >6 p_Outbound 10 source q_Low Out > >Rules >If Proto Source Destination Target Description >WAN UDP sipproxy ata186 q_High In SIP from SIPproxy >-> Port: 16384 > >WAN * * LAN net q_Low In Other inbound LAN >-> > >WAN UDP ata186 sipproxy q_High Out SIP to SIPproxy ><- Port: 16384 > >WAN * LAN net * q_Low Out Other outound LAN ><- > > >So, if there's something blatantly screwy here, please let me know as >I'm sure we can all benefit from this. > >Regards, > >Hilton Travis Phone: +61 (0)7 3343 3889 >(Brisbane, Australia) Phone: +61 (0)419 792 394 >Manager, Quark IT http://www.quarkit.com.au > Quark AudioVisual http://www.quarkav.net > >http://www.threatcode.com/ <-- its now time to shame poor coders >into writing code that is acceptable for use on today's networks > >War doesn't determine who is right. War determines who is left. > >--------------------------------------------------------------------- >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > |