OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: TheLinuxGuy on February 27, 2021, 08:17:12 pm

Title: DSCP / TOS mangling for outbound wireguard UDP packets
Post by: TheLinuxGuy on February 27, 2021, 08:17:12 pm

I'm looking to ensure that UDP packets sent outbound to a wireguard server from opnsense are tagged with high TOS priority DSCP 46 (voice).

If memory serves me right - I can modify TOS/DSCP when a rule matches on the firewall BUT I believe OUTBOUND rules is something that opnsense wouldn't be able to handle for when the wireguard server is opnsense itself?

Can someone help validate if the above is accurate - any hints on making this possible? short workaround I can think of is to have another device on the network (not opnsense) be the wireguard client and then have opnsense mark the packet from that client outbound - ideally though opnsense should be able to do this packet mangling as soon as it leaves the wireguard binary if it runs on itself.

Title: Re: DSCP / TOS mangling for outbound wireguard UDP packets
Post by: mimugmail on February 27, 2021, 09:06:34 pm

I think it should work, just mark them and check dscp with wireshark