vpn and Qos

[Sim3]

I’have a vpn lan to lan connection between two zeroshell firewall. The vpn is over tcp protocol. In side this tunnel flows datas traffic and voip. I want to implementing a Qos for the voip traffic.
The Eth00 is the inside network, the Eth01 go outside, and Vpn00 is the lan to lan connection.
For the qos what interface I have to manage? the Eth01 or Vpn00?

Many Thanks

[ppalias]

A little bit of both…
On interface Eth01 you need to prioritize the VPN packets.
On interface VPN00 you will prioritize voice packets over the data packets.

[Sim3]

Ok. I do like you write me, but I coudn’t recognized vpn traffic.
Witch kind of rules I have to build in Classifier manager to recognized vpn traffic?

[ppalias]

I would suggest to match it with source or destination IP/port.

[Sim3]

I try by a rules on eth01 for tcp traffic on port 1195, because I use a vpn tcp on port 1195. But non intercept any traffic.

Some Ideas?

[ppalias]

Could you post some sceenshots of what you have configured?

[Sim3]

Eth01 outside lan global bandwith 2Mbit Max / 1Mbit Gar
Vpn00 global bandwith 1532 Kbit Max / 768 Kbit Gar

Class Manager
Voip high max 1024 Kbit / 512 Gar
VPN High max 1532 kbit / 768 Gar

Vpn on interface Eth01
Vopi on interface Vpn00

On this interface I haven’t delete the Default class

Classifier
* * All tcp spt 1195 VPN
* * 10.10.10.230 to 10.10.11.110 Voip

[ppalias]

Paste here the output of command

iptables -t mangle -L -v

. Also let us know if you have netbalancer enabled by any chance, cause it conflicts with QoS.

[Sim3]

Now It seems work fine.
In the qos classifier I made a rule like that
*.* tcp Layer 7 SSLv3
Now I can made a traffic shapping on the eth01 for the vpn.

[ppalias]

That is weird, it should work with the source or destination IP-port.

[Sim3]

You’re right, but only with the port it doesn’t work.

[Author]

Posts