[pfSense Support] Traffic Shaping for Nortel Contivity VPN Client

Fri, 29 Dec 2006 19:28:13 -0800 

Hello everyone,

I'm having a little trouble with traffic shaping.
I'm trying to increase the priority of the traffic generated by the Nortel Contivity VPN client installed on my corporate laptop. I'm not very familiar with how traffic shaping works but i successfully used the wizard for shaping other stuff (bittorrent). 

Please let me know if i'm going about this the wrong way.


Before setting any traffic shaping rules, i looked at the states  
associated with the IP of the laptop with the VPN client and here  
they are. I see that the client connects to ports 500/udp and 10000/ 
udp on the nortel vpn server.



udp     192.168.1.240:1091 -> 69.xxx.xxx.xxx:53831 -> 70.yyy.yyy.yyy: 
10000         MULTIPLE:MULTIPLE
udp     192.168.1.240:1090 -> 69.xxx.xxx.xxx:63068 -> 70.yyy.yyy.yyy: 
500   MULTIPLE:MULTIPLE

udp     70.yyy.yyy.yyy:500 <- 192.168.1.240:1090  MULTIPLE:MULTIPLE

udp     70.yyy.yyy.yyy:10000 <- 192.168.1.240:1091         
MULTIPLE:MULTIPLE


VPN client: 192.168.1.240
pfsense router: 69.xxx.xxx.xxx
VPN server: 70.yyy.yyy.yyy


Here's the problem...


When I generate traffic (a large download) through the VPN client and  
look at the pfsense "Queues", the traffic gets assigned to the  
qlanacks queue and not the qOthersDownH queue.


Why isn't the qOthersDownH queue being used?

Any help would be appreciated.



I've got the following shaping rules and queues:

RULES:
                <rule>
                        <inqueue>qOthersDownH</inqueue>
                        <outqueue>qOthersUpH</outqueue>
                        <in-interface>lan</in-interface>
                        <out-interface>wan</out-interface>
                        <source>
                                <network>lan</network>
                        </source>
                        <destination>
                                <any/>
                                <port>500-500</port>
                        </destination>
                        <descr>m_Other IPSEC outbound</descr>
                        <protocol>udp</protocol>
                </rule>
                <rule>
                        <in-interface>lan</in-interface>
                        <out-interface>wan</out-interface>
                        <protocol>udp</protocol>
                        <source>
                                <network>lan</network>
                        </source>
                        <destination>
                                <any/>
                                <port>10000</port>
                        </destination>
                        <direction/>
                        <iptos/>
                        <tcpflags/>
                        <descr>m_Other IPSEC outbound</descr>
                        <inqueue>qOthersDownH</inqueue>
                        <outqueue>qOthersUpH</outqueue>
                </rule>
                <rule>
                        <inqueue>qOthersUpH</inqueue>
                        <outqueue>qOthersDownH</outqueue>
                        <in-interface>wan</in-interface>
                        <out-interface>lan</out-interface>
                        <source>
                                <any/>
                        </source>
                        <destination>
                                <network>lan</network>
                                <port>500-500</port>
                        </destination>
                        <descr>m_Other IPSEC inbound</descr>
                        <protocol>udp</protocol>
                </rule>
                <rule>
                        <inqueue>qOthersUpH</inqueue>
                        <outqueue>qOthersDownH</outqueue>
                        <in-interface>wan</in-interface>
                        <out-interface>lan</out-interface>
                        <source>
                                <any/>
                        </source>
                        <destination>
                                <network>lan</network>
                        </destination>
                        <descr>m_Other IPSEC inbound</descr>
                        <protocol>esp</protocol>
                </rule>
                <rule>
                        <inqueue>qOthersDownH</inqueue>
                        <outqueue>qOthersUpH</outqueue>
                        <in-interface>lan</in-interface>
                        <out-interface>wan</out-interface>
                        <source>
                                <network>lan</network>
                        </source>
                        <destination>
                                <any/>
                        </destination>
                        <descr>m_Other IPSEC outbound</descr>
                        <protocol>esp</protocol>
                </rule>
                <rule>
                        <inqueue>qOthersUpH</inqueue>
                        <outqueue>qOthersDownH</outqueue>
                        <in-interface>wan</in-interface>
                        <out-interface>lan</out-interface>
                        <source>
                                <any/>
                        </source>
                        <destination>
                                <network>lan</network>
                        </destination>
                        <descr>m_Other IPSEC inbound</descr>
                        <protocol>ah</protocol>
                </rule>
                <rule>
                        <inqueue>qOthersDownH</inqueue>
                        <outqueue>qOthersUpH</outqueue>
                        <in-interface>lan</in-interface>
                        <out-interface>wan</out-interface>
                        <source>
                                <network>lan</network>
                        </source>
                        <destination>
                                <any/>
                        </destination>
                        <descr>m_Other IPSEC outbound</descr>
                        <protocol>ah</protocol>
                </rule>


QUEUES:
                <queue>
                        <name>qlanacks</name>
                        <ack/>
                        <attachtoqueue>qlanRoot</attachtoqueue>
                        <associatedrule>0</associatedrule>
                        <priority>7</priority>
                        <realtime>on</realtime>
                        <realtime3>10%</realtime3>
                        <bandwidth>25</bandwidth>
                        <bandwidthtype>%</bandwidthtype>
                </queue>
                <queue>
                        <name>qOthersUpH</name>
                        <attachtoqueue>qwanRoot</attachtoqueue>
                        <associatedrule>0</associatedrule>
                        <priority>4</priority>
                        <red>on</red>
                        <ecn>on</ecn>
                        <realtime>on</realtime>
                        <realtime3>1Kb</realtime3>
                        <bandwidth>25</bandwidth>
                        <bandwidthtype>%</bandwidthtype>
                </queue>
                <queue>
                        <name>qOthersDownH</name>
                        <attachtoqueue>qlanRoot</attachtoqueue>
                        <associatedrule>0</associatedrule>
                        <priority>4</priority>
                        <red>on</red>
                        <ecn>on</ecn>
                        <realtime>on</realtime>
                        <realtime3>1Kb</realtime3>
                        <bandwidth>25</bandwidth>
                        <bandwidthtype>%</bandwidthtype>
                </queue>


Daniel Milani
daniel dot milani dot 71 at gmail dot com














    











					Reply via email to