vpn and Qos

Home Page Forums Network Management VPN vpn and Qos

This topic contains 9 replies, has 0 voices, and was last updated by  Sim3 9 years, 1 month ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #42269

    Sim3
    Member

    I’have a vpn lan to lan connection between two zeroshell firewall. The vpn is over tcp protocol. In side this tunnel flows datas traffic and voip. I want to implementing a Qos for the voip traffic.
    The Eth00 is the inside network, the Eth01 go outside, and Vpn00 is the lan to lan connection.
    For the qos what interface I have to manage? the Eth01 or Vpn00?

    Many Thanks

    #49860

    ppalias
    Member

    A little bit of both…
    On interface Eth01 you need to prioritize the VPN packets.
    On interface VPN00 you will prioritize voice packets over the data packets.

    #49861

    Sim3
    Member

    Ok. I do like you write me, but I coudn’t recognized vpn traffic.
    Witch kind of rules I have to build in Classifier manager to recognized vpn traffic?

    #49862

    ppalias
    Member

    I would suggest to match it with source or destination IP/port.

    #49863

    Sim3
    Member

    I try by a rules on eth01 for tcp traffic on port 1195, because I use a vpn tcp on port 1195. But non intercept any traffic.

    Some Ideas?

    #49864

    ppalias
    Member

    Could you post some sceenshots of what you have configured?

    #49865

    Sim3
    Member

    Eth01 outside lan global bandwith 2Mbit Max / 1Mbit Gar
    Vpn00 global bandwith 1532 Kbit Max / 768 Kbit Gar

    Class Manager
    Voip high max 1024 Kbit / 512 Gar
    VPN High max 1532 kbit / 768 Gar

    Vpn on interface Eth01
    Vopi on interface Vpn00

    On this interface I haven’t delete the Default class

    Classifier
    * * All tcp spt 1195 VPN
    * * 10.10.10.230 to 10.10.11.110 Voip

    #49866

    ppalias
    Member

    Paste here the output of command

    iptables -t mangle -L -v

    . Also let us know if you have netbalancer enabled by any chance, cause it conflicts with QoS.

    #49867

    Sim3
    Member

    Now It seems work fine.
    In the qos classifier I made a rule like that
    *.* tcp Layer 7 SSLv3
    Now I can made a traffic shapping on the eth01 for the vpn.

    #49868

    ppalias
    Member

    That is weird, it should work with the source or destination IP-port.

    #49869

    Sim3
    Member

    You’re right, but only with the port it doesn’t work.

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.