[Openswan Users] QoS
Lionel Cottin
cottin at free.fr
Thu Nov 24 13:53:34 CET 2005
Dear All,
I'm currently running OpenSwan to connect about 30 locations worldwide
in a hubs and spokes topology (3 hubs).
Next, I would like to make use of the same infrastructure for a global
VoIP project.
This immediately leads to QoS considerations and I'm wondering if
OpenSwan is "translating" QoS information from the inner header (non
encrypted packet) to the outer header (encrypted packet). This would
allow me to classify IPSEC traffic based on CoS/DSCP or whatever on
access routers....
But this also leads to another (probably stupid) question: if there's
only one IPSEC tunnel for both data and voice traffic, is it possible to
decrypt and forward "voice" packets arriving before "data" packets even
if the "data" packet had been encrypted before the "voice" one ? Should
decryption occur in the same order than encryption ? Should I create 2
different tunnels to handle voice and data traffic and to implement QoS
on IPSec traffic ?
I'd be happy to gather your comments or suggestions on this matter
before I start building my test lab environment ;-)
Regards,
Lionel
More information about the Users
mailing list