RE: [pfSense Support] Traffic Shaper / IPSec

[John Cianfarani]

Trying to see if there would be some solution to this problem without putting a second pfsense box behind to do the shaping.   I took a read of the m0n0wall list where this seemed to be discused and one idea seemed fairly plausible. Create 2 IPSec tunnels 1 voice 1 data and shape those independantly?   Here are my thoughts: My central site has multiple static wan IP’s so I could build the tunnels to different IP’s.  On the remote pfsense I could create 2 rules/queues in the traffic shaper and shape based on the destination IP. (one tunnel having higher priority) Routing traffic properly over these two tunnels could get a bit tricky. The central side has a 192.168.1.0/24 block, I could pretend it was split it into 2x /25’s and put 192.168.1.0/25 and 192.168.1.128/25 as the destinations lan for the remote tunnel. I could do something similar or some other ip trickery to make the wan side go back to the correct tunnels.   My only concern here is if ipsec traffic as a whole could be shaped like this?     Sorry for keeping on this topic, John From: John Cianfarani Sent: Wednesday, December 07, 2005 10:52 PM To: support@pfsense.com Subject: [pfSense Support] Traffic Shaper / IPSec   If you build the traffic shaping rules for lan->wan will it treat traffic destined to an IPsec tunnel as a part of that? Essentially I’m just looking to give priority to VoIP traffic anything else would be below that.  Even if it could be done on the LAN interface regardless of destination.   Thanks John