Shorewall users - Oct 2006 - VoIP traffic shaping

I''m hesitant to ask this because I can see a lot of previous posts on
the subject, but despite lots of reading I still don''t seem to have
this
quite right. Summary: two sites linked by OpenVPN with VoIP running over
the VPN. Problem: VoIP is "choppy", suggesting that traffic shaping
isn''t quite right.

Offer: once I get this resolved, I''m happy to write it up as a document
for the Shorewall site if that is of any interest.

The servers at each location have two NICs, loc (eth2) and ext (eth0) -
there''s no eth1 used in either server. In addition, tun0 is at each end
of the VPN. The LAN at one end is 192.168.0.0/24, the other 192.168.20.0/24.

The VoIP traffic is identified in tccrules (this on the 192.168.0.50
server):

1	$FW		0.0.0.0/0	all
1	eth0		0.0.0.0/0	all
1	eth2		0.0.0.0/0	all
2	eth2		192.168.20.0/24	udp	5004:5069
2	eth2		192.168.20.0/24	udp	5070
2	eth2		192.168.20.0/24	tcp	5570
2	eth2		192.168.20.0/24	tcp	5566
2	eth2		192.168.20.0/24	udp	5567

The other tccrules is identical save for the other 192 subnet being used.

For completeness, tcclasses:
tun0		2	full	full	1
tun0		1	1kbit	full	2		default
eth0		1	1kbit	full	2		default

...and tcdevices:

tun0		10000kbit		370kbps
eth0		10000kbit		370kbps

I''ve attached a ''shorewall dump'' from the
192.168.0.50 system while a
VoIP call is in progress.

Apologies if a) I''ve missed some obvious documentation that would have
helped or b) I''ve done something silly above... Finally, other than
making VoIP calls over the link, is there a good way of /testing/ that
this is working as planned?

Thanks,
Keith



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Keith Edmunds wrote:
> I''m hesitant to ask this because I can see a lot of previous posts
on
> the subject, but despite lots of reading I still don''t seem to
have this
> quite right. Summary: two sites linked by OpenVPN with VoIP running over
> the VPN. Problem: VoIP is "choppy", suggesting that traffic
shaping
> isn''t quite right.
Is the OpenVPN link encrypted? If so, encryption/decryption may be a factor.
> 
> Offer: once I get this resolved, I''m happy to write it up as a
document
> for the Shorewall site if that is of any interest.
> 
> The servers at each location have two NICs, loc (eth2) and ext (eth0) -
> there''s no eth1 used in either server. In addition, tun0 is at
each end
> of the VPN. The LAN at one end is 192.168.0.0/24, the other
192.168.20.0/24.
> 
> The VoIP traffic is identified in tccrules (this on the 192.168.0.50
> server):
> 
> 1	$FW		0.0.0.0/0	all
> 1	eth0		0.0.0.0/0	all
> 1	eth2		0.0.0.0/0	all
> 2	eth2		192.168.20.0/24	udp	5004:5069
> 2	eth2		192.168.20.0/24	udp	5070
> 2	eth2		192.168.20.0/24	tcp	5570
> 2	eth2		192.168.20.0/24	tcp	5566
> 2	eth2		192.168.20.0/24	udp	5567
> 
> The other tccrules is identical save for the other 192 subnet being used.
> 
> For completeness, tcclasses:
> tun0		2	full	full	1
> tun0		1	1kbit	full	2		default
> eth0		1	1kbit	full	2		default
> 
> ...and tcdevices:
> 
> tun0		10000kbit		370kbps
> eth0		10000kbit		370kbps
You apparently are doing no shaping on eth0 -- in particular, you are not giving
OpenVPN traffic preference.

Also, have you tuned the IN-BANDWITCH as described in the documentation?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV