I do exactly what you are talking about using ZeroShell routers.
We have a 5Mbps symmetrical Internet connection that is shared with our LAN/WAN, VPN and VoIP systems.
I have setup a ZeroShell router between our ISP’s access device and our firewall. I have setup QoS rules on the ZS router to prioritize VoIP traffic AND to reserve a minimum amount of bandwidth for VoIP use.
I also setup rules to catch VPN traffic which in our case mostly carries remote terminal sessions between remote terminal clients and our application server. I gave these a responsive profile and priority second only to the VoIP traffic.
I have several other rules to handle things like web and e-mail traffic, bulk traffic etc. as well as a rule to give IM/CHAT traffic a very low maximum bandwidth rate.
This whole setup works quite well with up to 6 VoIP/SIP channels active (VoIP is guaranteed 512K of bandwidth) and there are no issues in our VoIP calls related to the router not doing it’s job. For example, I can be pulling down updates at a pretty high transfer rate, and if there’s no calls, the D/L rate will near max out our bandwidth. If I then make a call, I can watch the transfer drop speed as the VoIP call gets priority. The call will proceed clean and clear with no stuttering or dropping while the transfer continues at a reduced rate.
Setting up your QoS rules is where the problem lies. Just picking the built in L7 SIP rule won’t cut it. You have to go through your setup and make custom rules for your configuration. This involves understanding the SIP protocol and how it works, what ports it uses etc. You’ll need to prioritize not just the voice packets but also the handshake and call setup traffic. Plus you may still need rules using the IP or address of your SIP provider and your internal SIP box. However, once you do this, it works like a charm. We’ve been running this way for over a year with no problems.
That said, when we initially set this up, we were using DSL. While the setup did work, it was not as good as with our current setup. The reason is that the DSL system in use by our ISP introduces latency of it’s own.
Add that to the fact that no QoS is done by ISP’s and the fact that you are sharing the capacity of the DSL backplane with other DSL users and you end up with periods of poor VoIP performance.
The unfortunate fact is that MOST consumer grade DSL products sold by most ISP’s are not a good candidate for VoIP traffic. Sure, it works great some times, but it is not consistent.
If your ISP has a business class DSL service and IF they prioritize that traffic over the consumer/residential DSL traffic, then DSL can work well for several channels of VoIP, especially if you can use a good CODEC like G.729.
Anyway, it can be done, ZeroShell and DSL can do it, but many of the factors in a successful implementation are out of your control.