The pfSense Store

Author Topic: outbound openvpn to Expressvpn and route voIP traffic through it only - Bid $  (Read 7098 times)

0 Members and 1 Guest are viewing this topic.

Offline xbipin

  • Hero Member
  • *****
  • Posts: 1220
    • View Profile
well the 2 rules for mysip were made so traffic goes to qvoip, if i remove that then wont both up and down goto qp2p, we r trying here to send traffic tot he qvoip

Offline stephenw10

  • Hero Member
  • *****
  • Posts: 8120
    • View Profile
It may well but at least that would tell us which rule is sending traffic to qvoip, mysip to * or VPN to *.

I still don't understand why any of that traffic would go to qp2p, is there a rule I'm missing?

Busily reading the chapter 16 of the definitive guide.....

Steve

Offline xbipin

  • Hero Member
  • *****
  • Posts: 1220
    • View Profile
attached r screenshots of the traffic shaper and i added the same queues under expressvpn interface which initially were not there, after doing so i see the voiptraffic going out of vpn under queue qvoip in lan and qvoip in expressvpn but all list in qp2p on wan under queues, i dont know if this is correct or no coz i think i have rules missing which would make the total traffic go out of qvoip on wan mayb because thats encrypted openvpn traffic, so could u tell me what rule to create for openvpnt raffic, i mean does it come under gre, udp or tcp or any specific ports?

Offline stephenw10

  • Hero Member
  • *****
  • Posts: 8120
    • View Profile
Hmm, I think at this point I'm just guessing. My experience with traffic shaping is limited (pun intended!).

Now that you have setup an ExpressVPN connection and have routing correctly configured perhaps you should start a new thread in the traffic shaping sub-forum.

Informed guess work follows...
There is relatively little documentation about this and what there is mostly relates to 1.2.X (the definitive guide). It's worth thinking about what point in the chain the vpn encryption happens in combination with how the traffic shaper works with queues.
The inbound queue is working because that actually limits traffic as it leaves the LAN interface. At that point it is unencrypted VOIP traffic (UDP on whatever port you are using). However the outbound queue is liming traffic leaving the box which is encrypted TCP probably on port 1194. Further confusing matters is that this traffic leaves as an encrypted stream on WAN but it also leaves on ExpressVPN, is it encrypted at this point?  :-\
Since you have added rules on ExpressVPN which are catching traffic leaving that must provide a clue.
You must have some catch-all rule sending stuff to qp2p or is that the default queue?
Like I said guesswork!  ::)

Steve

Offline xbipin

  • Hero Member
  • *****
  • Posts: 1220
    • View Profile
the more confusing part is expressvpn interface is just openvpn which eventually comes under wan after all as the vpn is a virtual interface so i have no clue if we even need to enable queues under it.

after a lot of changing, testing, i figured out an easier way, this is what i did

- deleted the queues under expressvpn interface
- in floating tab created just 4 rules, 2 for in and 2 for out as follows as shown in screenshot coz what i figured is my openvpn is using udp to connect to expressvpn servers and i have set it to connect to just one of their closest servers and also im just sending VoIP traffic over vpn so y not simply put the encrypted vpn traffic in the qvoip as no other type of traffic will travel over the vpn

(ExpressVPN2 is just alias for the vpn server ip)

---EDIT---

the reason y i use floating tab is if u want to put upload traffic to proper queues based on destination ip then rules need to goto floating tab with "Apply the action immediately on match" ticked

the other thing is vpn client interface under wan, if we create queues under that then wouldn't that mean queuing the same stuff twice?
« Last Edit: May 04, 2012, 09:51:20 am by xbipin »

Offline stephenw10

  • Hero Member
  • *****
  • Posts: 8120
    • View Profile
I wish I could say I fully understand what's happening here, I don't!
I look forward to reading the traffic shaping chapter in the next definitive guide.  ;)

Steve
« Last Edit: May 04, 2012, 10:09:33 am by stephenw10 »