Louis-David Mitterrand wrote:
Snip
The main problem with ipsec packets is the lack of TOS support: data and
voice traffic are agregated in one stream which is opaque to external
routers.
This is not the case with FreeS/WAN, below is an excerpt from the website:
Can I use Quality of Service routing with FreeS/WAN?
From project technical lead Henry Spencer:
> Do QoS add to FreeS/WAN? > For example integrating DiffServ and FreeS/WAN?
With a current version of FreeS/WAN, you will have to add hidetos=no to the config-setup section of your configuration file. By default, the TOS field of tunnel packets is zeroed; with hidetos=no, it is copied from the packet inside. (This is a modest security hole, which is why it is no longer the default.)
DiffServ does not interact well with tunneling in general. Ways of improving this are being studied.
Copying the TOS (type of service) information from the encapsulated packet to the outer header reveals the TOS information to an eavesdropper. This does not tell him much, but it might be of use in traffic analysis. Since we do not have to give it to him, our default is not to.
Even with the TOS hidden, you can still:
* apply QOS rules to the tunneled (ESP) packets; for example, by giving ESP packets a certain priority.
* apply QOS rules to the packets as they enter or exit the tunnel via an IPsec virtual interface (eg. ipsec0).
See ipsec.conf(5) for more on the hidetos= parameter.
Regards,
Richard
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
