Re: [pfSense Support] QOS over IPsec tunnels

Wed, 14 Nov 2007 08:42:01 -0800 

Thanks Bill,
     Follow on question, what is the best way to configure QOS where
my qVOIPUp que will not get hit due to the WAN interface never being
seen as the egress?

     Wade B

On Nov 14, 2007 6:30 AM, Bill Marquette <[EMAIL PROTECTED]> wrote:
> Unfortunately we have no way (today) of performing QOS inside the
> tunnel.   This is due to how IPSec in the FreeBSD kernel works and how
> altq works.  Also, the enc(4) interface can only block traffic inbound
> to the firewall over the tunnel.
>
> --Bill
>
>
> On Nov 13, 2007 4:25 PM, Wade Blackwell <[EMAIL PROTECTED]> wrote:
> > Good afternoon folks,
> >       So I have A Cisco 7960 (VOIP phone) network booting, pulling a
> > TFTP config over an IPsec tunnel. The phone can make and recieve calls
> > fine. At times when I pick up an inbound call the caller can't hear me
> > right away, this did not happen when using the Cisco ASA so I believe
> > it is QOS related.. I am noticing that my qVOIPUp que never gets
> > traffic. Is this because this que is tied to the WAN as the outbound
> > interface and the WAN never sees the private address because
> > encryption happens before QOS? If this is the case would it be
> > possible to use ENC0 or ENCX as the in/out interface instead of the
> > WAN interface? If my logic isn't totally flawed that would act like
> > Cisco's QOS pre-classification when using IPSec tunnels with time
> > sensitive data. By the way thanks to the entire team, I have been
> > using this product a long time and it is a scalable fantastic product.
> >
> > --
> > Wade Blackwell
> >
> > "Integrity is often more painful and always more profitable than
> > perception management"
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
Wade Blackwell

"Integrity is often more painful and always more profitable than
perception management"

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to