|
||||||||||
Hi, This bloody "need to reply to all to reply to the list" setting in the m0n0wall lists is bloody annoying. Its not the first time I did this, and I know a lot of others have done it too. :( As for stress testing, I wanted to have the config checked before I had him do this, or it would really prove nothing. -- Regards, Hilton Travis Phone: +61 (0)7 3343 3889 (Brisbane, Australia) Phone: +61 (0)419 792 394 Manager, Quark IT http://www.quarkit.com.au Quark AudioVisual http://www.quarkav.net http://www.threatcode.com/ <-- its now time to shame poor coders into writing code that is acceptable for use on today's networks War doesn't determine who is right. War determines who is left. > -----Original Message----- > From: gramels [mailto:gramels at gmail dot com] > Sent: Sunday, 29 August 2004 18:26 > To: Quark IT - Hilton Travis > Subject: Re: [m0n0wall] Monowall, VOIP, VPN > > hint: > > you just replied to me... > > Your config looks ok if the port you mentioned is the ata s > rtp port, do some stress test, especially upstream with an > ongoing upload (should not be hard to saturate 128k) and do a > test phone call. the sip provider usualloffers a echo number > for quality testing. > > have fun > > On Sun, 29 Aug 2004 09:17:25 +1000, Quark IT - Hilton Travis > <hilton at quarkit dot com dot au> wrote: > > Hi All, > > > > > -----Original Message----- > > > From: gramels [mailto:gramels at gmail dot com] > > > Sent: Friday, 27 August 2004 10:17 > > > To: m0n0wall at lists dot m0n0 dot ch > > > Subject: Re: [m0n0wall] Monowall, VOIP, VPN > > > > > > On Fri, 27 Aug 2004 09:16:18 +1000, Quark IT - Hilton Travis > > > <hilton at quarkit dot com dot au> wrote: > > > > > > > > > > > > -- > > > > Hi Mat, > > > > > > > > > -----Original Message----- > > > > > From: Mat Murdock [mailto:mmurdock underscore lists at kimballequipment dot com] > > > > > Sent: Wednesday, 25 August 2004 08:55 > > > > > > > > > > We are looking to implement a Mitel VOIP soloution at my > > > > > company. I have one of these: > > > > > http://www.synertrontech.com/light.htm at each > location running > > > > > ipcop, they all have 128mb flash cards and > > > > > 128 mb ram (yes overkill but wanted to leave options open). > > > > > They are running at 533 mhz, the one at our main office is > > > > > running 1Ghz with twice the ram and cf storage. > > > > > > > > Personally, I wouldn't call 128 MB overkill, I'd most > likely call > > > > it the smallest RAM module that can be easily found > these days. > > > > :) > > > > > > > > > I need to proritize the VOIP traffic, ie traffic > shaping and I > > > > > need ipsec vpn capabilities. I know monowall has the > options to > > > > > do both of these. I haven't tried the traffic shaping, but I > > > > > have tried the vpn with monowall at my house > connecting to ipcop > > > > > at work. My vpn connection seemed to require a ping > once a day > > > > > to keep it up. Is that a ipcop monowall > connectivity problem? > > > > > Has anyone had any experience with implementing a > VOIP solution > > > > > other then a home voip system like vonage that included > > > > > monowall? Any comments would be most helpful. > > > > > > > > > > Mat Murdock > > > > > > > > I have a client who has recently purchased a Cisco > > > > ATA-186 VOIP device and wants to have this running in his DMZ > > > > (along with other servers) and I'd like to be able to configure > > > > Traffic Shaper to give this box priority. > > > > Unfortunately, as working with Traffic Shaping often causes my > > > > head to explode (I've found most of the parts > > > > again) I cannot give you a *working* answer on the VoIP traffic > > > > shaping rules, but I'll at least show you what I've > done, and any > > > > and all comments are welcome - once we have a working, > usable VOIP > > > > Traffic Shaping config, then it is a good place for a lot of > > > > people to start. > > > > > > > > As you can see, I have allocated VOIP traffic to a Priority 100 > > > > queue, other important traffic (none yet > > > > defined) to a Priority 50 queue, and all other traffic to a > > > > Priority 10 queue. This should ensure that VOIP > traffic has the > > > > highest priority when it is in use, and that all other > traffic can > > > > use all the bandwidth (as > > > > appropriate) when there is no VOIP traffic. This is > for a 512/128 > > > > PPPoE ADSL connection, hence the upstream and downstream pipe > > > > sizes. > > > > > > > > Pipes > > > > No. Bandwidth Delay Mask Description > > > > 1 450 Kbit/s p_Inbound > > > > 2 105 Kbit/s p_Outbound > > > > > > > > Queues > > > > No. Pipe Weight Mask Description > > > > 1 p_Inbound 100 destination q_High In > > > > 2 p_Inbound 50 destination q_Med In > > > > 3 p_Inbound 10 destination q_Low In > > > > 4 p_Outbound 100 source q_High Out > > > > 5 p_Outbound 50 source q_Med Out > > > > 6 p_Outbound 10 source q_Low Out > > > > > > > > Rules > > > > If Proto Source Destination Target Description > > > > WAN UDP sipproxy ata186 q_High In SIP > from SIPproxy > > > > -> Port: 16384 > > > > > > > > WAN * * LAN net q_Low In Other > inbound LAN > > > > -> > > > > > > > > WAN UDP ata186 sipproxy q_High Out SIP to SIPproxy > > > > <- Port: 16384 > > > > > > > > WAN * LAN net * q_Low Out Other > outound LAN > > > > <- > > > > > > > > So, if there's something blatantly screwy here, please > let me know > > > > as I'm sure we can all benefit from this. > > > > > > > > Regards, > > > > > > > > Hilton Travis Phone: +61 (0)7 3343 3889 > > > > (Brisbane, Australia) Phone: +61 (0)419 792 394 > > > > Manager, Quark IT http://www.quarkit.com.au > > > > Quark AudioVisual http://www.quarkav.net > > > > > > > > http://www.threatcode.com/ <-- its now time to shame > poor coders > > > > into writing code that is acceptable for use on today's networks > > > > > > > > War doesn't determine who is right. War determines who is left. > > > > > > ok, though I consider this offtopic here, some hints anyway: > > > > I cannot see how discussing Traffic Shaping configuration > os off topic > > for m0n0wall. > > > > > you have to priotoris the rtp protocoll on SIP installations, SIP > > > itself is uncritical since the payload goes through rtp > (wondering > > > when your customer will complain, have you tested it under heavy > > > network load?) > > > > No, I haven't tested this under heavy load, hence why I > presented my > > configuration to the list for comment, and also to assist others in > > the same boat. > > > > > RTP ports depend on setting of the SIP devices, if you > use asterisk > > > as an SIP proxy you can set it in rtp.conf. > > > > This is not Asterisk, this is using a Cisco ATA-186 box. > The original > > poster (Mat) didn't mention what they were using for VoIP. If they > > are using Asterisk, then it is immensely configurable. :) > > > > > I guess you just confused SIP and RTP since the 16384 seems to be > > > the standard port on Ciscos SIP devices. > > > > No, I didn't confuse the two - the company who provides the proxy > > "sipproxy" stated clearly that all traffic to and from Port 16384 > > needed to be prioritized. So, in my configuration, you can > see that I > > prioritized all traffic to/from this port. > > > > > http://www.voip-info.org is a good starting point > > > > Sure, but it does nothing at all to fault-find the m0n0wall Traffic > > Shaping configuration I posted. Personally, I have spent a > fair bit > > of time on this site in the relatively recent past. Again, this is > > why I posted the TS config here for community comment. > > > > -- > > > > > > > > Regards, > > > > Hilton Travis Phone: +61 (0)7 3343 3889 > > (Brisbane, Australia) Phone: +61 (0)419 792 394 > > Manager, Quark IT http://www.quarkit.com.au > > Quark AudioVisual http://www.quarkav.net > > > > http://www.threatcode.com/ <-- its now time to shame poor > coders into > > writing code that is acceptable for use on today's networks > > > > War doesn't determine who is right. War determines who is left. > > > |