OPNsense Forum

English Forums => General Discussion => Topic started by: Curdie on January 16, 2019, 07:08:59 pm

Title: IPSec and fq_codel
Post by: Curdie on January 16, 2019, 07:08:59 pm

I've a small community of friends in a rural community sharing the same 10 megabit copper-over-Ethernet link. fq_codel was working fine to keep latency low and allow maximum available bandwidth for every user- really brilliant- but we also have a site-to-site IPSec bridge using this bridge to download/upload files seems to saturate the link creating really high latency and such for everyone. It doesn't appear to be hitting the queue at all. How can I manage this?

Title: Re: IPSec and fq_codel
Post by: Curdie on January 16, 2019, 07:50:29 pm

I tried adding WAN rules:

from other ipsec host, dest port 500 to my download pipe
to other ipsec host, dest port 500 to my upload pipe

does not seem to work and I'm not sure why

Title: Re: IPSec and fq_codel
Post by: mimugmail on January 16, 2019, 07:52:50 pm

Traffic goes over protocol 50 or udp 4500

Title: Re: IPSec and fq_codel
Post by: Curdie on January 16, 2019, 08:31:41 pm

Thanks so much, mimugmail! Setting protocol to esp did the trick.