I switched one of my main vpn links from ipsec to openvpn. This has fixed the problem with counting traffic twice in incoming traffic shaping. My main goal is to make sure the voip traffic has preference. Most voip is going via vpn . While voip is working well packets are not going to the classes I had expected. At least I''m pretty sure it''s not correct. I tested by making another class for ifb0 in tcclasses and experimented with different rules and saw if it got any traffic. Currently this is what I have. tos #SOURCE DEST PROTOCOL SOURCE DEST TOS MARK # PORTS PORTS all all udp 4569 - 16 #ssh all all tcp 22 - 8 all all tcp - 22 8 #rdesktop all all tcp 3389 - 8 all all tcp - 3389 8 # tcfilters # 3389 is rdesktop 1:110 0.0.0.0/0 0.0.0.0/0 udp iax 1:110 0.0.0.0/0 0.0.0.0/0 udp - iax 1:120 0.0.0.0/0 0.0.0.0/0 tcp ssh 1:120 0.0.0.0/0 0.0.0.0/0 tcp - ssh 1:120 0.0.0.0/0 0.0.0.0/0 tcp https 1:120 0.0.0.0/0 0.0.0.0/0 tcp - https 1:120 0.0.0.0/0 0.0.0.0/0 tcp 3389 1:120 0.0.0.0/0 0.0.0.0/0 tcp - 3389 1:130 0.0.0.0/0 0.0.0.0/0 tcp smtp 1:130 0.0.0.0/0 0.0.0.0/0 tcp - smtp # # INCOMING TRAFFIC # 2:110 0.0.0.0/0 0.0.0.0/0 udp iax 2:110 0.0.0.0/0 0.0.0.0/0 udp - iax 2:120 0.0.0.0/0 0.0.0.0/0 tcp ssh 2:120 0.0.0.0/0 0.0.0.0/0 tcp - ssh 2:120 0.0.0.0/0 0.0.0.0/0 tcp https 2:120 0.0.0.0/0 0.0.0.0/0 tcp - https 2:120 0.0.0.0/0 0.0.0.0/0 tcp 3389 2:120 0.0.0.0/0 0.0.0.0/0 tcp - 3389 2:130 0.0.0.0/0 0.0.0.0/0 tcp smtp 2:130 0.0.0.0/0 0.0.0.0/0 tcp - smtp tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH 1:eth1 - 1180kbit classify 2:ifb0 - 1180kbit - eth1 tcclasses #INTERFACE MARK RATE CEIL PRIORITY OPTIONS 1:110 - 3*full/10 6*full/10 1 tos=0x68/0xfc,tos=0xb8/0xfc,tos-minimize-delay 1:120 - 4*full/10 full 2 tcp-ack,tos-maximize-throughput 1:130 - 3*full/10 9*full/10 3 default # ifb0 2:110 - 3*full/10 6*full/10 1 tos=0x68/0xfc,tos=0xb8/0xfc,tos-minimize-delay 2:120 - 4*full/10 full 2 tcp-ack,tos-maximize-throughput 2:130 - 3*full/10 9*full/10 3 default As the voip is coming in ipsec or openvpn can only filter on tos. First problem in tcclasses It looks like tos=0x68/0xfc does not work. The standard tos values do work. It would be nice if one could select on dscp values as at least for the case of sip it is usually already set. Is it possible to select on dscp values? If not I suppose I''ll need to change sip traffic to tos-minimize-delay. Next problem is ssh sets tos-minimize-delay for interactive traffic. There can be a lot of ssh traffic. I can change the tos of ssh from all sites I control but can not see any way to keep ssh that that comes from else ware from going into my voip class 2:110. Apparently tos overrides what is in tcfilters and changes settings in tos file do not seem to have an effect on incoming traffic. In time I expect there will be a lot of voip traffic so want to get it set as good as possible. What affect does priority in tcclasses have? Any suggestions? John ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/