VPN with Tomato and Software ip phone

Discussion in 'Tomato Firmware' started by jojooper, May 1, 2009.

  1. jojooper

    jojooper Addicted to LI Member

    I've searched around and can't find help with my situation. I flashed a Linksys router with the latest Tomato firmware. Here is my situation. We use a software based ip phone over a Cisco VPN client connecting through a firewall to the phone system at our office. I set up Tomato to give the highest priority to ports 19100-19131 using UDP which is what the soft phone uses for voice traffic. When I fire up the soft phone and make or receive a call, I don't see it showing up anywhere in the graphs or in the unclassified area under QOS. Everything I am seeing is using the ip assigned by the router. When I run Wireshark on the users computer, I see all the voice packets being marked with the ip addresses given to the workstation by the Cisco Client/office firewall and I can see traffic flowing from the office. It seems like it can't see anything going through the VPN. Everything else seems to work great, but the whole reason for setting this up was for the soft phone. Is there a way to enable the router to view this traffic so that I can use QOS? Also, what is the difference between the low-highest vs the a-d priorities?
  2. humba

    humba Network Guru Member

    The whole point of a VPN connection is that you cannot see what's inside (that's what the P stands for... private) - so you only see a data stream between the PC with the VPN client and the VPN gateway. You can propritize that though if you send a mail from the same machine, it would get the same priority as the voip traffic, which may not necessarily be what you want.

    The only way you can prioritize voice traffic is if the tunnel is terminated on your router.. (and there's currently no Tomato version that supports IPSec VPN which is what Cisco uses) - then traffic is unencrypted on your LAN and the router sees the different streams and can prioritize them accordingly.
  3. jojooper

    jojooper Addicted to LI Member

    thanks for the reply. Other than voice, Outlook and faxing software is passing through the VPN. Can Tomato prioritize just the VPN traffic, that would be better then nothing since there is a lot of other traffic not using the VPN on these computers. Or do you know if DD-WRT is capable of doing what I need it to do?
  4. humba

    humba Network Guru Member

    I already answered that in my original reply ;) Yes, you can. E.g. by creating a rule with destination IP = IP of your VPN gateway.
    If you'd find a router that can prioritize certain streams inside a VPN connection, then your VPN connection would be unsafe.. your router would be the man in the middle and if it can be your router, it could be any router on the Internet and that would be bad.
  5. jojooper

    jojooper Addicted to LI Member

    Thank you very much for all your help. I'll set it up using the addresses.
    Cheers!! :thumbup:
  6. PGalati

    PGalati Network Guru Member

    I know this thread is really old, but I thought I would ask anyway. Does any variant of the Tomato firmware now support Cisco IPSec in it's VPN implementation? I have a similar but different scenario as jooper, I have a Cisco 7941 IP Phone at home that I would like to connect to our office so I can work from home but be in touch via phone. Currently I use the CUPC software but actually having a handset at home would be cool. Can Tomato connect to a Cisco ASA 5505 as a client and route phone traffic through.

    Thanks for your time.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice