Adam Clark wrote: > Hi, > I am using IPSEC tunnels to connect my home office to our work site. > I am using a cisco voip phone which uses the vpn to talk to the call > manager. > > I have worked for a bit to try to give the voip traffic highest priority > with ALTQ. > I have gotten some headway to what I want, but limitations brought on > from the > IPSEC link limits the effectivness of doing this. My VPN link is a gif > tunnel > To a PIX. > > Basically, I cannot distinguish general vpn traffic from voip traffic > because pf > Cannot do filtering or classification on gif interfaces.
pf can filter fine on gif interfaces, including matching ToS. You have to apply your rules on the gifN interface, e.g. pass in on gif0 from any to any tos 0x08 > pass in on $inf_if proto tcp from $internal_net to any port www dscp > 0x2e set_dscp 0x00 IMO It would be very nice if pf supported dscp matching and mangling. -d
