[Asterisk-Users] VPN/Asterisk combo

Chris Mason (Lists) lists at masonc.com
Tue Apr 19 12:59:56 MST 2005 

Great advice, will try that.

Chris Mason
www.anguillaguide.com
 

> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com 
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of 
> Colin Anderson
> Sent: Tuesday, April 19, 2005 2:30 PM
> To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
> Subject: RE: [Asterisk-Users] VPN/Asterisk combo
> 
> It doesn't seem to honor the QoS bit, but you can simulate it 
> with the traffic shaper. I set it up to give SIP / IAX the 
> highest priority and things like SMTP the lowest. So far, so 
> good - nobody's complained about drop outs or anything like 
> that. ALAW sounds so good it's spooky. 
> 
> Unless you have an insanely busy lan QoS isn't a *ton* of 
> help. We run Mitel VoIP as well and we have a very busy LAN 
> with 250 hosts all doing stuff. We went through a period 
> where we obsessed over QoS being supported yadayada and in 
> the end it was difficult to support because of mongrel 
> switches that didn't honor the bits, bitchy servers that 
> hated the QoS layer, etc so we turned it off. No effect. We 
> are processing about 2-3K calls a day + we do lots of CAD / 
> rendering / high bandwidth stuff, on a single subnet, no 
> VLAN'ing. Runs fine, Asterisk and MiNet, about 100 extensions 
> behind the firewall and 25 outside.
> 
> QoS is always a moving target on the Internet because if any 
> of your upstream provider's routers don't honor the bit, then 
> the whole thing grinds to a halt and traffic is treated 
> equally. I gave up on QoS and focussed on traffic shaping at 
> the bottleneck i.e. our Internet connection.
> 
> Monowall's GUI is slick and easy to use but it's sometimes 
> easy to shoot yourself in the foot. I let Monowall create the 
> rules to let traffic through automagically when you create 
> the NAT forwarding rule. For some reason, you can create the 
> same rule manually but it won't work. It's also blindingly 
> easy to set up a stupid rule that will let all sorts of bad 
> traffic through, so you have to be careful. 
> 
> One last catch: For whatever reason, hardware, software, nic, 
> dunno, but we always got better performance on our broadband 
> (like, an order of magnitude
> better) by forcing the NIC to 10baseT full duplex, instead of 
> autodetect.
> This was with Intel 82559 chipset NIC's, YMMV. Even still, i 
> wouldn't dare use anything other than Intel or 3Com NIC's in 
> a BSD box, though. 
> 
> hth
> 
> -----Original Message-----
> From: Chris Mason (Lists) [mailto:lists at masonc.com]
> Sent: Tuesday, April 19, 2005 11:27 AM
> To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
> Subject: RE: [Asterisk-Users] VPN/Asterisk combo
> 
> 
> Can it enforce QOS on the traffic?
> 
> Chris Mason
> www.anguillaguide.com
>  
> 
> > -----Original Message-----
> > From: asterisk-users-bounces at lists.digium.com
> > [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Colin 
> > Anderson
> > Sent: Tuesday, April 19, 2005 10:58 AM
> > To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
> > Subject: RE: [Asterisk-Users] VPN/Asterisk combo
> > 
> > >Can anyone suggest a better way or give me some advice?
> > 
> > Monowall:
> > 
> > http://www.m0n0.ch/wall/features.php
> > 
> > Totally rocks. 2-and-3 card DMZ's with routing between 
> them, traffic 
> > shaper, IPSec and PPTP VPN's that actually work, easy to 
> set up, good 
> > hardware support, boot from CD, configuration in an XML file from 
> > floppy. Add 3 NIC's, 1 for your broadband, 1 for your 
> internal LAN, & 
> > 1 for a DMZ lan and all you do is set up rules to pass IAX 
> or SIP and 
> > a couple of routes. I am using Monowall on a 10 mbit internet 
> > connection with an * server inside, and
> > 25 SNOM's outside, sometimes my PRI is almost maxed with 
> outbound and 
> > inbound PSTN and Monowall just keeps on chugging. On a Compaq PII. 
> > With ALAW. (Yes, ALAW. If you have the bandwidth, why not?)
> > 
> > Best part: Free.
> > _______________________________________________
> > Asterisk-Users mailing list
> > Asterisk-Users at lists.digium.com
> > http://lists.digium.com/mailman/listinfo/asterisk-users
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-users
> > 
> > 
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> 
>

More information about the asterisk-users mailing list