Re: [Shorewall-users] VoIP traffic shaping

Thu, 05 Oct 2006 09:37:51 -0700 

Keith Edmunds wrote:
> I'm hesitant to ask this because I can see a lot of previous posts on
> the subject, but despite lots of reading I still don't seem to have this
> quite right. Summary: two sites linked by OpenVPN with VoIP running over
> the VPN. Problem: VoIP is "choppy", suggesting that traffic shaping
> isn't quite right.

Is the OpenVPN link encrypted? If so, encryption/decryption may be a factor.

> 
> Offer: once I get this resolved, I'm happy to write it up as a document
> for the Shorewall site if that is of any interest.
> 
> The servers at each location have two NICs, loc (eth2) and ext (eth0) -
> there's no eth1 used in either server. In addition, tun0 is at each end
> of the VPN. The LAN at one end is 192.168.0.0/24, the other 192.168.20.0/24.
> 
> The VoIP traffic is identified in tccrules (this on the 192.168.0.50
> server):
> 
> 1     $FW             0.0.0.0/0       all
> 1     eth0            0.0.0.0/0       all
> 1     eth2            0.0.0.0/0       all
> 2     eth2            192.168.20.0/24 udp     5004:5069
> 2     eth2            192.168.20.0/24 udp     5070
> 2     eth2            192.168.20.0/24 tcp     5570
> 2     eth2            192.168.20.0/24 tcp     5566
> 2     eth2            192.168.20.0/24 udp     5567
> 
> The other tccrules is identical save for the other 192 subnet being used.
> 
> For completeness, tcclasses:
> tun0          2       full    full    1
> tun0          1       1kbit   full    2               default
> eth0          1       1kbit   full    2               default
> 
> ...and tcdevices:
> 
> tun0          10000kbit               370kbps
> eth0          10000kbit               370kbps

You apparently are doing no shaping on eth0 -- in particular, you are not giving
OpenVPN traffic preference.

Also, have you tuned the IN-BANDWITCH as described in the documentation?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to