AW: AW: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
I'll have to check... last time i tested it messed up openvpn-server... so i'd say, it'll be seen in pfSense 1.3... perhaps in 1.2... cannot tell until now... I'm trying with tos also for openvpn for traffic priorisation... We'll see... Martin -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Samstag, 19. Mai 2007 00:42 An: support@pfsense.com Betreff: Re: AW: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Ok. I'll just hold tight for now. Do you know if this functionality will make it into the final 1.2 release or will it be in future point (1.3, etc.) releases? Thanks. Mike Fuchs, Martin wrote: > Shaping only works from client side at the moment... > I'm looking how to shape from server side but at the monemt it's not > possible... > > -Ursprüngliche Nachricht- > Von: Mike Lee [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. Mai 2007 22:48 > An: support@pfsense.com > Betreff: Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > Sorry guys, but when I looked at the OpenVPN server options on one of > our OpenVPN boxes running the 5/14 snapshot, I don't see any options for > shaping the tunnel. Below are the options I have: > > Disable this tunnel > Protocol > Dynamic IP > Local port > Address pool > Use static IPs > Local network > Remote network > Client-to-client VPN > Cryptography > Authentication method > Shared key etc. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- Mike Lee IT Manager - Biosource America Biosource America, Inc. The contents of this e-mail correspondence are considered confidential and privileged and otherwise protected from disclosure by BIOSOURCE AMERICA, INC., a wholly owned subsidiary of Nova Biosource Fuels, Inc. This correspondence and its contents are for distribution to and for use by the named parties only. If you have received this correspondence in error, please contact us without delay. -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.1 (Darwin) mQGiBEZN5H8RBADDzHaIUMPXer3aBqLUGF8h+sRdSTvUAIueqzd9Lbxwn0S09sYf J6X4gnmxjoZDyN+aCAQQxK1biAd95nPn0vbyIoEIaPo0UYgG9KjsKK4DHNv0C/Os ttYVzJX3rsezB87GTFHznYzJxIXFJZoKyXcW2SQp9wUhpaEw7ddA3DJyDwCghoXq IS4wyPK0M9qAXNKGjmWt7bkD/RJAqY7GdMFTTmu1MZ+hbmfHT0pdsS3KoBGTlngP mvbL2cIS0KeB7haYLGcjddrg2E0FiC1I9NBuwVrfvA8mItemHshYo+YkQHblAUhc JQC7dGTQU+YimJyp3HnGRKvONfb6uvSfQDcYARINqcS75+ufJgmdH2ZZXogjDS7N WnKFBAC7/+VM1FkVZRS4TIk2JiIEz1h9zBlRADJzzTTf+WeJvWCrXeEQ5TaPEH7X Xvc8g30uP9xSK/1fQ8G1eb+jvXBHnZOfyjXqHFK/dPzp1z+XHTkGq6ByvcWg5jnf BPL2zOF3c003mVPqUinnLdUbGc5K7SDScN5/+6CQWNFg4NNLZLQ5TWljaGFlbCBM ZWUgKEJpb3NvdXJjZSBBbWVyaWNhKSA8bWxlZUBiaW9zb3VyY2VmdWVscy5jb20+ iGQEExECACQFAkZN5H8CGwMFCQHhM4AGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQ QSbcfXk9NL9z1ACeN6SIM02US339IcsCIOAHZHuJ0/QAn1mgTuKU6yfbtdEvg0by cd+nb4E+uQINBEZN5NAQCADg7GcN/KjGb7pa6qQvOFz4YGDj0vigYGh5s6PKeUoM TW65h5zOcWmJYsYNv7Rg90RFOdRS/sqaOrmBD1bGuC3jN+JXM71vnHK+P/nNlT2y DoP3xJgGDqbqr74cjNSxaaVQnr7k2Ns2hHpG/b5oYB0Dn6UTkOvPIfRYFnENq1X0 /YmAEVSCUF5pjmcykXbuZ8AfX4zoBVH/js6ufY14yqhIiGzxYralrS69ATTL65VH wOWmU54bMX9iOWBySBnj46lEjn4KLsrouL04m6cKKO2w1aeR8vu12UxxLcAdMQ3b vE83p6CW1bC0h/ifyziThNznm3Pk3dBQlVxSVanVjnb3AAMFB/4oV7FIjunmDsvP Fczv/4femQsSMYEt6VdsU16R6u4ZpTNmupSVdJy+Gr+AzDzvvdkk/FFenywaU/WG aWamv456oRKe26jJQxAbKXIdlL3pGsSu+E8eirgZB//rNfUvc5zBAVjE3kfDSr6X MlzBlMiQIRWtakxGB2I/R9YrHQ0AwPzMM4ENE915tc6hRHJhQu/bcHjhhszxmB+I T+rHnsbOj6h0K8m1CW8FNhwTHBmHAJERoD8zwNOHMgXXQ0Ll8eXtrM9FlcGKzglq f+sWoKTBS+esKp/wAXHJgZVlkxL855ln+YdRhUvLZnuNTYf6Xme4Lf3G60pBxUbh h6CSIarAiE8EGBECAA8FAkZN5NACGwwFCQHhM4AACgkQQSbcfXk9NL8nVwCdGYBD K2HaCtPrv5B1JZHNiAQl4H4AnR5QcJV7O3+NoMsC3nzjJ2NB6QGy =hkcV -END PGP PUBLIC KEY BLOCK- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Ok. I'll just hold tight for now. Do you know if this functionality will make it into the final 1.2 release or will it be in future point (1.3, etc.) releases? Thanks. Mike Fuchs, Martin wrote: > Shaping only works from client side at the moment... > I'm looking how to shape from server side but at the monemt it's not > possible... > > -Ursprüngliche Nachricht- > Von: Mike Lee [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. Mai 2007 22:48 > An: support@pfsense.com > Betreff: Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > Sorry guys, but when I looked at the OpenVPN server options on one of > our OpenVPN boxes running the 5/14 snapshot, I don't see any options for > shaping the tunnel. Below are the options I have: > > Disable this tunnel > Protocol > Dynamic IP > Local port > Address pool > Use static IPs > Local network > Remote network > Client-to-client VPN > Cryptography > Authentication method > Shared key etc. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- Mike Lee IT Manager - Biosource America Biosource America, Inc. The contents of this e-mail correspondence are considered confidential and privileged and otherwise protected from disclosure by BIOSOURCE AMERICA, INC., a wholly owned subsidiary of Nova Biosource Fuels, Inc. This correspondence and its contents are for distribution to and for use by the named parties only. If you have received this correspondence in error, please contact us without delay. -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.1 (Darwin) mQGiBEZN5H8RBADDzHaIUMPXer3aBqLUGF8h+sRdSTvUAIueqzd9Lbxwn0S09sYf J6X4gnmxjoZDyN+aCAQQxK1biAd95nPn0vbyIoEIaPo0UYgG9KjsKK4DHNv0C/Os ttYVzJX3rsezB87GTFHznYzJxIXFJZoKyXcW2SQp9wUhpaEw7ddA3DJyDwCghoXq IS4wyPK0M9qAXNKGjmWt7bkD/RJAqY7GdMFTTmu1MZ+hbmfHT0pdsS3KoBGTlngP mvbL2cIS0KeB7haYLGcjddrg2E0FiC1I9NBuwVrfvA8mItemHshYo+YkQHblAUhc JQC7dGTQU+YimJyp3HnGRKvONfb6uvSfQDcYARINqcS75+ufJgmdH2ZZXogjDS7N WnKFBAC7/+VM1FkVZRS4TIk2JiIEz1h9zBlRADJzzTTf+WeJvWCrXeEQ5TaPEH7X Xvc8g30uP9xSK/1fQ8G1eb+jvXBHnZOfyjXqHFK/dPzp1z+XHTkGq6ByvcWg5jnf BPL2zOF3c003mVPqUinnLdUbGc5K7SDScN5/+6CQWNFg4NNLZLQ5TWljaGFlbCBM ZWUgKEJpb3NvdXJjZSBBbWVyaWNhKSA8bWxlZUBiaW9zb3VyY2VmdWVscy5jb20+ iGQEExECACQFAkZN5H8CGwMFCQHhM4AGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQ QSbcfXk9NL9z1ACeN6SIM02US339IcsCIOAHZHuJ0/QAn1mgTuKU6yfbtdEvg0by cd+nb4E+uQINBEZN5NAQCADg7GcN/KjGb7pa6qQvOFz4YGDj0vigYGh5s6PKeUoM TW65h5zOcWmJYsYNv7Rg90RFOdRS/sqaOrmBD1bGuC3jN+JXM71vnHK+P/nNlT2y DoP3xJgGDqbqr74cjNSxaaVQnr7k2Ns2hHpG/b5oYB0Dn6UTkOvPIfRYFnENq1X0 /YmAEVSCUF5pjmcykXbuZ8AfX4zoBVH/js6ufY14yqhIiGzxYralrS69ATTL65VH wOWmU54bMX9iOWBySBnj46lEjn4KLsrouL04m6cKKO2w1aeR8vu12UxxLcAdMQ3b vE83p6CW1bC0h/ifyziThNznm3Pk3dBQlVxSVanVjnb3AAMFB/4oV7FIjunmDsvP Fczv/4femQsSMYEt6VdsU16R6u4ZpTNmupSVdJy+Gr+AzDzvvdkk/FFenywaU/WG aWamv456oRKe26jJQxAbKXIdlL3pGsSu+E8eirgZB//rNfUvc5zBAVjE3kfDSr6X MlzBlMiQIRWtakxGB2I/R9YrHQ0AwPzMM4ENE915tc6hRHJhQu/bcHjhhszxmB+I T+rHnsbOj6h0K8m1CW8FNhwTHBmHAJERoD8zwNOHMgXXQ0Ll8eXtrM9FlcGKzglq f+sWoKTBS+esKp/wAXHJgZVlkxL855ln+YdRhUvLZnuNTYf6Xme4Lf3G60pBxUbh h6CSIarAiE8EGBECAA8FAkZN5NACGwwFCQHhM4AACgkQQSbcfXk9NL8nVwCdGYBD K2HaCtPrv5B1JZHNiAQl4H4AnR5QcJV7O3+NoMsC3nzjJ2NB6QGy =hkcV -END PGP PUBLIC KEY BLOCK- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Shaping only works from client side at the moment... I'm looking how to shape from server side but at the monemt it's not possible... -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 18. Mai 2007 22:48 An: support@pfsense.com Betreff: Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Sorry guys, but when I looked at the OpenVPN server options on one of our OpenVPN boxes running the 5/14 snapshot, I don't see any options for shaping the tunnel. Below are the options I have: Disable this tunnel Protocol Dynamic IP Local port Address pool Use static IPs Local network Remote network Client-to-client VPN Cryptography Authentication method Shared key etc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Sorry guys, but when I looked at the OpenVPN server options on one of our OpenVPN boxes running the 5/14 snapshot, I don't see any options for shaping the tunnel. Below are the options I have: Disable this tunnel Protocol Dynamic IP Local port Address pool Use static IPs Local network Remote network Client-to-client VPN Cryptography Authentication method Shared key etc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Oh. I though you meant the client side. I'll upgrade our main pfSense box (server-side) and try again. Thanks and have a great weekend. Mike Scott Ullrich wrote: > The option resides in the OpenVPN server configuration screen. > > Scott > > > On 5/18/07, Mike Lee <[EMAIL PROTECTED]> wrote: >> > I've upgraded my embedded client to > 1.2-BETA-1-TESTING-SNAPSHOT-05-14-2007 and I still don't >>> see the > option to shape the entire tunnel under the OpenVPN-Client screen. Am > I looking in the wrong area. I also tried to create a new tunnel and > no shaping option either. Also re-ran the shaping wizard and no > OpenVPN option. Thanks again for your help, it's much appreciated. > > Mike > ** > Fuchs, Martin wrote: >> > >> In the latest snap 14-5 it's present& > > > >> *Von:* Mike Lee [mailto:[EMAIL PROTECTED] >> *Gesendet:* Freitag, 18. Mai 2007 18:30 >> *An:* support@pfsense.com >> *Betreff:* Re: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels >> (Take two) > > > >> Are you talking about the most recent 1.2 beta snapshot? I am >> running 1.2beta1 from 5/9/07 and it does not have this feature on >> the OpenVPN client setup. Thanks again. > >> Mike > >> Fuchs, Martin wrote: > >> Have a look at the openvpn client in the actual snapshot, there's the >>> option to shape an entire tunnel from clientside... perhaps it helps... > >> -Ursprüngliche Nachricht- >> Von: Mike Lee [mailto:[EMAIL PROTECTED] >> Gesendet: Freitag, 18. Mai 2007 15:46 >> An: support@pfsense.com <mailto:support@pfsense.com> >> Betreff: Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > >> Martin, > >> Actually this is exactly what I want. I want to shape the entire >> OpenVPN tunnel entirely. This is because I will only be passing VoIP >> traffic within this tunnel. Therefore, if I want to run my VoIP >>> OpenVPN >> tunnel over the standard port 1194 then I would like to shape all >> traffic on port 1194. I have tried this by using the wizard, >>> specifying >> I want to shape VoIP, and then going and modifying the VoIP shaping >> rules to shape only port 1194. Unfortunately, I never see the traffic >> in the VoIP queue when I place calls to our remote offices over the >> OpenVPN tunnel. >> Thanks. > >> Mike > >> Fuchs, Martin wrote: > > >> The general problem is not solved until now - encrypted tunnels >>> cannot be shaped... > >> There's the possibility to shape a whole OpenVPN tunnel >>> (clientside) >>> for outgoing traffic, but I believe this is not what wou really want... > > > >> What you are planning is some sort of traffic shaping on port >>> based >>> rules. > > > >> It might be possible to do so, but perhaps you better ask scott >>> for >>> this when he's back from bsdcan... > > > >> Regards, > > > >> Martin > > > >> -Ursprüngliche Nachricht- > >> Von: Mike Lee [mailto:[EMAIL PROTECTED] > >> Gesendet: Donnerstag, 17. Mai 2007 16:40 > >> An: support@pfsense.com <mailto:support@pfsense.com> > >> Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > > >> Hello Everyone, > > > >> I did some searching and found this previous discussion on >>> shaping > >> OpenVPN tunnels: > > > > >>> http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7ae&topic=3013.0 > > > > >> Basically the discussion ended with, that you cannot shape the > >> OpenVPN tunnels because openvpn uses the TUN interface and the >>> shaper > >> looks for traffic on the LAN interface heading towards the WAN to > >> shape. My question is, since this discussion is somewhat old, has >>> there > >> been any more progress/talk on getting the OpenVPN tunnels to >>> shape > >> properly? > >> I would like to be able to shape them because I have some >>> remote > >> offices and plan on using OpenVPN tunnels for VoIP. I know you >>> cannot > >> shape traffic within VPN tunnels because they are encrypted, >>> but I am > >> planning on using specific ports for certain tunnels to pass only >>> VoIP > >> traffic throu
Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
The option resides in the OpenVPN server configuration screen. Scott On 5/18/07, Mike Lee <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've upgraded my embedded client to 1.2-BETA-1-TESTING-SNAPSHOT-05-14-2007 and I still don't see the option to shape the entire tunnel under the OpenVPN-Client screen. Am I looking in the wrong area. I also tried to create a new tunnel and no shaping option either. Also re-ran the shaping wizard and no OpenVPN option. Thanks again for your help, it's much appreciated. Mike ** Fuchs, Martin wrote: > > > In the latest snap 14-5 it's present… > > > > *Von:* Mike Lee [mailto:[EMAIL PROTECTED] > *Gesendet:* Freitag, 18. Mai 2007 18:30 > *An:* support@pfsense.com > *Betreff:* Re: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels > (Take two) > > > > Are you talking about the most recent 1.2 beta snapshot? I am > running 1.2beta1 from 5/9/07 and it does not have this feature on > the OpenVPN client setup. Thanks again. > > Mike > > Fuchs, Martin wrote: > > Have a look at the openvpn client in the actual snapshot, there's the option to shape an entire tunnel from clientside... perhaps it helps... > > -Ursprüngliche Nachricht- > Von: Mike Lee [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. Mai 2007 15:46 > An: support@pfsense.com <mailto:support@pfsense.com> > Betreff: Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > Martin, > > Actually this is exactly what I want. I want to shape the entire > OpenVPN tunnel entirely. This is because I will only be passing VoIP > traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN > tunnel over the standard port 1194 then I would like to shape all > traffic on port 1194. I have tried this by using the wizard, specifying > I want to shape VoIP, and then going and modifying the VoIP shaping > rules to shape only port 1194. Unfortunately, I never see the traffic > in the VoIP queue when I place calls to our remote offices over the > OpenVPN tunnel. > Thanks. > > Mike > > Fuchs, Martin wrote: > > > The general problem is not solved until now - encrypted tunnels cannot be shaped... > > There's the possibility to shape a whole OpenVPN tunnel (clientside) for outgoing traffic, but I believe this is not what wou really want... > > > > What you are planning is some sort of traffic shaping on port based rules. > > > > It might be possible to do so, but perhaps you better ask scott for this when he's back from bsdcan... > > > > Regards, > > > > Martin > > > > -Ursprüngliche Nachricht- > > Von: Mike Lee [mailto:[EMAIL PROTECTED] > > Gesendet: Donnerstag, 17. Mai 2007 16:40 > > An: support@pfsense.com <mailto:support@pfsense.com> > > Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > > > Hello Everyone, > > > > I did some searching and found this previous discussion on shaping > > OpenVPN tunnels: > > > > http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7ae&topic=3013.0 > > > > Basically the discussion ended with, that you cannot shape the > > OpenVPN tunnels because openvpn uses the TUN interface and the shaper > > looks for traffic on the LAN interface heading towards the WAN to > > shape. My question is, since this discussion is somewhat old, has there > > been any more progress/talk on getting the OpenVPN tunnels to shape > > properly? > > I would like to be able to shape them because I have some remote > > offices and plan on using OpenVPN tunnels for VoIP. I know you cannot > > shape traffic within VPN tunnels because they are encrypted, but I am > > planning on using specific ports for certain tunnels to pass only VoIP > > traffic through and shaping those OpenVPN ports. > > Thanks in advance. > > > > Mike Lee > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > For additional comma
Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've upgraded my embedded client to 1.2-BETA-1-TESTING-SNAPSHOT-05-14-2007 and I still don't see the option to shape the entire tunnel under the OpenVPN-Client screen. Am I looking in the wrong area. I also tried to create a new tunnel and no shaping option either. Also re-ran the shaping wizard and no OpenVPN option. Thanks again for your help, it's much appreciated. Mike ** Fuchs, Martin wrote: > > > In the latest snap 14-5 it’s present… > > > > *Von:* Mike Lee [mailto:[EMAIL PROTECTED] > *Gesendet:* Freitag, 18. Mai 2007 18:30 > *An:* support@pfsense.com > *Betreff:* Re: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels > (Take two) > > > > Are you talking about the most recent 1.2 beta snapshot? I am > running 1.2beta1 from 5/9/07 and it does not have this feature on > the OpenVPN client setup. Thanks again. > > Mike > > Fuchs, Martin wrote: > > Have a look at the openvpn client in the actual snapshot, there's the option to shape an entire tunnel from clientside... perhaps it helps... > > -Ursprüngliche Nachricht- > Von: Mike Lee [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. Mai 2007 15:46 > An: support@pfsense.com <mailto:support@pfsense.com> > Betreff: Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > Martin, > > Actually this is exactly what I want. I want to shape the entire > OpenVPN tunnel entirely. This is because I will only be passing VoIP > traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN > tunnel over the standard port 1194 then I would like to shape all > traffic on port 1194. I have tried this by using the wizard, specifying > I want to shape VoIP, and then going and modifying the VoIP shaping > rules to shape only port 1194. Unfortunately, I never see the traffic > in the VoIP queue when I place calls to our remote offices over the > OpenVPN tunnel. > Thanks. > > Mike > > Fuchs, Martin wrote: > > > The general problem is not solved until now - encrypted tunnels cannot be shaped... > > There's the possibility to shape a whole OpenVPN tunnel (clientside) for outgoing traffic, but I believe this is not what wou really want... > > > > What you are planning is some sort of traffic shaping on port based rules. > > > > It might be possible to do so, but perhaps you better ask scott for this when he's back from bsdcan... > > > > Regards, > > > > Martin > > > > -Ursprüngliche Nachricht- > > Von: Mike Lee [mailto:[EMAIL PROTECTED] > > Gesendet: Donnerstag, 17. Mai 2007 16:40 > > An: support@pfsense.com <mailto:support@pfsense.com> > > Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > > > Hello Everyone, > > > > I did some searching and found this previous discussion on shaping > > OpenVPN tunnels: > > > > http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7ae&topic=3013.0 > > > > Basically the discussion ended with, that you cannot shape the > > OpenVPN tunnels because openvpn uses the TUN interface and the shaper > > looks for traffic on the LAN interface heading towards the WAN to > > shape. My question is, since this discussion is somewhat old, has there > > been any more progress/talk on getting the OpenVPN tunnels to shape > > properly? > > I would like to be able to shape them because I have some remote > > offices and plan on using OpenVPN tunnels for VoIP. I know you cannot > > shape traffic within VPN tunnels because they are encrypted, but I am > > planning on using specific ports for certain tunnels to pass only VoIP > > traffic through and shaping those OpenVPN ports. > > Thanks in advance. > > > > Mike Lee > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > > > > > > --
AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
In the latest snap 14-5 it's present... Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 18. Mai 2007 18:30 An: support@pfsense.com Betreff: Re: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Are you talking about the most recent 1.2 beta snapshot? I am running 1.2beta1 from 5/9/07 and it does not have this feature on the OpenVPN client setup. Thanks again. Mike Fuchs, Martin wrote: Have a look at the openvpn client in the actual snapshot, there's the option to shape an entire tunnel from clientside... perhaps it helps... -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 18. Mai 2007 15:46 An: support@pfsense.com Betreff: Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Martin, Actually this is exactly what I want. I want to shape the entire OpenVPN tunnel entirely. This is because I will only be passing VoIP traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN tunnel over the standard port 1194 then I would like to shape all traffic on port 1194. I have tried this by using the wizard, specifying I want to shape VoIP, and then going and modifying the VoIP shaping rules to shape only port 1194. Unfortunately, I never see the traffic in the VoIP queue when I place calls to our remote offices over the OpenVPN tunnel. Thanks. Mike Fuchs, Martin wrote: The general problem is not solved until now - encrypted tunnels cannot be shaped... There's the possibility to shape a whole OpenVPN tunnel (clientside) for outgoing traffic, but I believe this is not what wou really want... What you are planning is some sort of traffic shaping on port based rules. It might be possible to do so, but perhaps you better ask scott for this when he's back from bsdcan... Regards, Martin -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 17. Mai 2007 16:40 An: support@pfsense.com Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Hello Everyone, I did some searching and found this previous discussion on shaping OpenVPN tunnels: http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7ae&topic=3013.0 Basically the discussion ended with, that you cannot shape the OpenVPN tunnels because openvpn uses the TUN interface and the shaper looks for traffic on the LAN interface heading towards the WAN to shape. My question is, since this discussion is somewhat old, has there been any more progress/talk on getting the OpenVPN tunnels to shape properly? I would like to be able to shape them because I have some remote offices and plan on using OpenVPN tunnels for VoIP. I know you cannot shape traffic within VPN tunnels because they are encrypted, but I am planning on using specific ports for certain tunnels to pass only VoIP traffic through and shaping those OpenVPN ports. Thanks in advance. Mike Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Are you talking about the most recent 1.2 beta snapshot? I am running 1.2beta1 from 5/9/07 and it does not have this feature on the OpenVPN client setup. Thanks again. Mike Fuchs, Martin wrote: > Have a look at the openvpn client in the actual snapshot, there's the option > to shape an entire tunnel from clientside... perhaps it helps... > > -Ursprüngliche Nachricht- > Von: Mike Lee [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. Mai 2007 15:46 > An: support@pfsense.com > Betreff: Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > Martin, > > Actually this is exactly what I want. I want to shape the entire > OpenVPN tunnel entirely. This is because I will only be passing VoIP > traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN > tunnel over the standard port 1194 then I would like to shape all > traffic on port 1194. I have tried this by using the wizard, specifying > I want to shape VoIP, and then going and modifying the VoIP shaping > rules to shape only port 1194. Unfortunately, I never see the traffic > in the VoIP queue when I place calls to our remote offices over the > OpenVPN tunnel. > Thanks. > > Mike > > Fuchs, Martin wrote: > >> The general problem is not solved until now - encrypted tunnels cannot be >> shaped... >> There's the possibility to shape a whole OpenVPN tunnel (clientside) for >> outgoing traffic, but I believe this is not what wou really want... >> >> What you are planning is some sort of traffic shaping on port based rules. >> >> It might be possible to do so, but perhaps you better ask scott for this >> when he's back from bsdcan... >> >> Regards, >> >> Martin >> >> -Ursprüngliche Nachricht- >> Von: Mike Lee [mailto:[EMAIL PROTECTED] >> Gesendet: Donnerstag, 17. Mai 2007 16:40 >> An: support@pfsense.com >> Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) >> >> Hello Everyone, >> >> I did some searching and found this previous discussion on shaping >> OpenVPN tunnels: >> >> http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7ae&topic=3013.0 >> >> Basically the discussion ended with, that you cannot shape the >> OpenVPN tunnels because openvpn uses the TUN interface and the shaper >> looks for traffic on the LAN interface heading towards the WAN to >> shape. My question is, since this discussion is somewhat old, has there >> been any more progress/talk on getting the OpenVPN tunnels to shape >> properly? >> I would like to be able to shape them because I have some remote >> offices and plan on using OpenVPN tunnels for VoIP. I know you cannot >> shape traffic within VPN tunnels because they are encrypted, but I am >> planning on using specific ports for certain tunnels to pass only VoIP >> traffic through and shaping those OpenVPN ports. >> Thanks in advance. >> >> Mike Lee >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Have a look at the openvpn client in the actual snapshot, there's the option to shape an entire tunnel from clientside... perhaps it helps... -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 18. Mai 2007 15:46 An: support@pfsense.com Betreff: Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Martin, Actually this is exactly what I want. I want to shape the entire OpenVPN tunnel entirely. This is because I will only be passing VoIP traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN tunnel over the standard port 1194 then I would like to shape all traffic on port 1194. I have tried this by using the wizard, specifying I want to shape VoIP, and then going and modifying the VoIP shaping rules to shape only port 1194. Unfortunately, I never see the traffic in the VoIP queue when I place calls to our remote offices over the OpenVPN tunnel. Thanks. Mike Fuchs, Martin wrote: > The general problem is not solved until now - encrypted tunnels cannot be > shaped... > There's the possibility to shape a whole OpenVPN tunnel (clientside) for > outgoing traffic, but I believe this is not what wou really want... > > What you are planning is some sort of traffic shaping on port based rules. > > It might be possible to do so, but perhaps you better ask scott for this when > he's back from bsdcan... > > Regards, > > Martin > > -Ursprüngliche Nachricht- > Von: Mike Lee [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 17. Mai 2007 16:40 > An: support@pfsense.com > Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > Hello Everyone, > > I did some searching and found this previous discussion on shaping > OpenVPN tunnels: > > http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7ae&topic=3013.0 > > Basically the discussion ended with, that you cannot shape the > OpenVPN tunnels because openvpn uses the TUN interface and the shaper > looks for traffic on the LAN interface heading towards the WAN to > shape. My question is, since this discussion is somewhat old, has there > been any more progress/talk on getting the OpenVPN tunnels to shape > properly? > I would like to be able to shape them because I have some remote > offices and plan on using OpenVPN tunnels for VoIP. I know you cannot > shape traffic within VPN tunnels because they are encrypted, but I am > planning on using specific ports for certain tunnels to pass only VoIP > traffic through and shaping those OpenVPN ports. > Thanks in advance. > > Mike Lee > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Martin, Actually this is exactly what I want. I want to shape the entire OpenVPN tunnel entirely. This is because I will only be passing VoIP traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN tunnel over the standard port 1194 then I would like to shape all traffic on port 1194. I have tried this by using the wizard, specifying I want to shape VoIP, and then going and modifying the VoIP shaping rules to shape only port 1194. Unfortunately, I never see the traffic in the VoIP queue when I place calls to our remote offices over the OpenVPN tunnel. Thanks. Mike Fuchs, Martin wrote: > The general problem is not solved until now - encrypted tunnels cannot be > shaped... > There's the possibility to shape a whole OpenVPN tunnel (clientside) for > outgoing traffic, but I believe this is not what wou really want... > > What you are planning is some sort of traffic shaping on port based rules. > > It might be possible to do so, but perhaps you better ask scott for this when > he's back from bsdcan... > > Regards, > > Martin > > -Ursprüngliche Nachricht- > Von: Mike Lee [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 17. Mai 2007 16:40 > An: support@pfsense.com > Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > Hello Everyone, > > I did some searching and found this previous discussion on shaping > OpenVPN tunnels: > > http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7ae&topic=3013.0 > > Basically the discussion ended with, that you cannot shape the > OpenVPN tunnels because openvpn uses the TUN interface and the shaper > looks for traffic on the LAN interface heading towards the WAN to > shape. My question is, since this discussion is somewhat old, has there > been any more progress/talk on getting the OpenVPN tunnels to shape > properly? > I would like to be able to shape them because I have some remote > offices and plan on using OpenVPN tunnels for VoIP. I know you cannot > shape traffic within VPN tunnels because they are encrypted, but I am > planning on using specific ports for certain tunnels to pass only VoIP > traffic through and shaping those OpenVPN ports. > Thanks in advance. > > Mike Lee > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
The general problem is not solved until now - encrypted tunnels cannot be shaped... There's the possibility to shape a whole OpenVPN tunnel (clientside) for outgoing traffic, but I believe this is not what wou really want... What you are planning is some sort of traffic shaping on port based rules. It might be possible to do so, but perhaps you better ask scott for this when he's back from bsdcan... Regards, Martin -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 17. Mai 2007 16:40 An: support@pfsense.com Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Hello Everyone, I did some searching and found this previous discussion on shaping OpenVPN tunnels: http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7ae&topic=3013.0 Basically the discussion ended with, that you cannot shape the OpenVPN tunnels because openvpn uses the TUN interface and the shaper looks for traffic on the LAN interface heading towards the WAN to shape. My question is, since this discussion is somewhat old, has there been any more progress/talk on getting the OpenVPN tunnels to shape properly? I would like to be able to shape them because I have some remote offices and plan on using OpenVPN tunnels for VoIP. I know you cannot shape traffic within VPN tunnels because they are encrypted, but I am planning on using specific ports for certain tunnels to pass only VoIP traffic through and shaping those OpenVPN ports. Thanks in advance. Mike Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]