[ previous ] [ next ] [ threads ]
 From:  "Quark IT - Hilton Travis" <hilton at quarkit dot com dot au>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Monowall, VOIP, VPN
 Date:  Fri, 27 Aug 2004 09:16:18 +1000
Hi Mat,

> -----Original Message-----
> From: Mat Murdock [mailto:mmurdock underscore lists at kimballequipment dot com] 
> Sent: Wednesday, 25 August 2004 08:55
> We are looking to implement a Mitel VOIP soloution at my 
> company.  I have one of these: 
> http://www.synertrontech.com/light.htm at each location 
> running ipcop, they all have 128mb flash cards and 128 mb ram 
> (yes overkill but wanted to leave options open).  They are running at
> 533 mhz, the one at our main office is running 1Ghz with 
> twice the ram and cf storage.

Personally, I wouldn't call 128 MB overkill, I'd most likely call it the
smallest RAM module that can be easily found these days.  :)

> I need to proritize the VOIP traffic, ie traffic shaping and 
> I need ipsec vpn capabilities.  I know monowall has the 
> options to do both of these.  I haven't tried the traffic 
> shaping, but I have tried the vpn with monowall at my house 
> connecting to ipcop at work.  My vpn connection seemed to 
> require a ping once a day to keep it up.  Is that a ipcop 
> monowall connectivity problem?  Has anyone had any experience 
> with implementing a VOIP solution other then a home voip 
> system like vonage that included monowall?  Any comments 
> would be most helpful.
> Mat Murdock

I have a client who has recently purchased a Cisco ATA-186 VOIP device
and wants to have this running in his DMZ (along with other servers) and
I'd like to be able to configure Traffic Shaper to give this box
priority.  Unfortunately, as working with Traffic Shaping often causes
my head to explode (I've found most of the parts again) I cannot give
you a *working* answer on the VoIP traffic shaping rules, but I'll at
least show you what I've done, and any and all comments are welcome -
once we have a working, usable VOIP Traffic Shaping config, then it is a
good place for a lot of people to start.

As you can see, I have allocated VOIP traffic to a Priority 100 queue,
other important traffic (none yet defined) to a Priority 50 queue, and
all other traffic to a Priority 10 queue.  This should ensure that VOIP
traffic has the highest priority when it is in use, and that all other
traffic can use all the bandwidth (as appropriate) when there is no VOIP
traffic.  This is for a 512/128 PPPoE ADSL connection, hence the
upstream and downstream pipe sizes.

No.  Bandwidth  Delay  Mask  Description
1    450 Kbit/s              p_Inbound
2    105 Kbit/s              p_Outbound

No.  Pipe        Weight  Mask         Description
1    p_Inbound   100     destination  q_High In
2    p_Inbound    50     destination  q_Med In
3    p_Inbound    10     destination  q_Low In
4    p_Outbound  100     source       q_High Out
5    p_Outbound   50     source       q_Med Out
6    p_Outbound   10     source       q_Low Out

If  Proto Source        Destination  Target      Description  
WAN UDP   sipproxy      ata186       q_High In   SIP from SIPproxy
->                      Port: 16384

WAN *     *             LAN net      q_Low In    Other inbound LAN

WAN UDP   ata186        sipproxy     q_High Out  SIP to SIPproxy
<-        Port: 16384

WAN *     LAN net       *            q_Low Out   Other outound LAN    

So, if there's something blatantly screwy here, please let me know as
I'm sure we can all benefit from this.


Hilton Travis                          Phone: +61 (0)7 3343 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark AudioVisual             http://www.quarkav.net

http://www.threatcode.com/ <-- its now time to shame poor coders 
into writing code that is acceptable for use on today's networks

War doesn't determine who is right.  War determines who is left.