QOS breaks Voip over vpn

Discussion in 'Tomato Firmware' started by subz3ro, Jul 6, 2012.

  1. subz3ro

    subz3ro Networkin' Nut Member

    I am using 1.28.0500.2-Toastman-VLAN-RT-N-VPN-NOCAT. I have openvpn running to register my voice boxes to remote Sip registrar server. But I get timeout error even if the vpn link is up i can ping and do all sorts of thing to remote network. If I turn off QOS then everything works. This is happening because qos classifies my voice box's traffic as voip/game & finds its destination ip is a local ip of the vpn subnet thereby blocking it. Is there any workaround to solve this problem ?

    Also I would like to know how can i prioritize voip traffic using other methods ?
  2. rs232

    rs232 Network Guru Member

    AFAIK QoS doesn't work over VPN. You can match VPN traffic e.g. on a port basis and act against other traffic, but there's no visibility on what goes over the VPN as far as QoS is concern. In Cisco world there's a command called "qos pre-classify " which does nothing but duplicate the QoS tag from the (LAN) IP header to the VPN IP header. I'm pretty sure this function is not available in tomato/openvpn. A possible complex and cumbersome scenario would be to have two tunnels (on different port) prioritising one port tunnel over the other.
    Going back to your problem check how the VPN traffic is currently classified and what limit are applied to the class it lives in.
  3. subz3ro

    subz3ro Networkin' Nut Member

    changing both local & remote port to anything else other than 5060 solves the problem. Also I had to stop the NAT helper get it work. I have prioritized the VPN link port to the highest this is the least i can do since VLAN and tagging wont do any good either.
  4. subz3ro

    subz3ro Networkin' Nut Member

    problem still persists thus making it a bug of tomato QOS. QOS taking vpn local ip as wan traffic and classifying it wrong. Toastman please solve this.
  5. subz3ro

    subz3ro Networkin' Nut Member

    looks like this problem still persists
    requests from the voice box before the WAN is up never gets deleted even if I click the drop idle connections. Only way to manually turn off the voice box and starting it again after the timeout value is reached.

    I have also got this value from the ip_conntrack

    Tomato v1.28.7500 MIPSR2Toastman-VLAN-RT K26 USB VPN-NOCAT
    root@RT-485B39E80CCF:/tmp/home/root# grep /proc/net/ip_conntrack
    udp 17 28 src= dst= sport=45949 dport=5060 packets=6 2 bytes=24024 [UNREPLIED] src= dst= sport=5060 dport=4 5949 packets=0 bytes=0 mark=16777474 use=1 is the remote vpn ip of the asterisk server is my wan ip

    why the destination is from ??
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice