VoIP VPN Jitter Problems

**tealnet** · 07-26-2011, 04:19 PM

We're running the latest version of Untangle 9.0.1. We have an Asterisk based phone system setup within our Untangle network. We have three remote sites using Untangle routers with OpenVPN connecting them to the main site where the phone system is located. The remote phones are connecting to the phone system over the OpenVPN.

The problem is that we are experiencing audio problems due to excessive jitter. The phones at the main location are fine, it's only the remote phones that are a problem. We have tried bypassing and QoSing the SIP ports but I've found conflicting information as to whether or not the QoS actually applies to data traveling over the OpenVPN connection. The router seems to indicate that it does not. However, the statistics recognize the SIP traffic and I can see that it has assigned it a Very High Priority. Once that didn't seem to be solving the problem, we install the Bandwidth Monitor and setup rules for the SIP traffic there to give it Very High Priority. In addition we added rules for other traffic that tends to use a lot of bandwidth and forced it to Medium. We did this on each router. We still continue to experience too much jitter which results in poor audio quality.

Has any one else had any experience running VoIP in an environment like this with Untangle or do you have any suggestions on reducing jitter? I was curious if switching to the new IPSec VPN would make any difference.

Thanks for any help!

**dmorris** · 07-26-2011, 04:58 PM

You can create a rule for OpenVPN as a whole. (there is one built into the QoS page)
It won't differentiate between the stuff inside the tunnel.
Same for IPsec.

Make sure you've also added bypass rules and verified they are working using the session monitor.

**tealnet** · 07-26-2011, 05:07 PM

Originally Posted by dmorris

You can create a rule for OpenVPN as a whole. (there is one built into the QoS page)
It won't differentiate between the stuff inside the tunnel.
Same for IPsec.

Make sure you've also added bypass rules and verified they are working using the session monitor.

I have added the bypass rules and matching QoS entries for the SIP ports to give them Very High priority. But it wasn't clear to me how all of the QoS settings relate to one another with respect to the OpenVPN link or if any of the QoS rules I've setup even apply to OpenVPN. For example, if I bypass the SIP packets and give them highest priority and I leave the OpenVPN QoS settings at Default (Medium), does that still give SIP traffic priority over the VPN? Should I be "bypassing" the other types of traffic that will be traveling over the VPN and specifically give them lower priority or will that happen automatically?

**dmorris** · 07-26-2011, 05:16 PM

It won't matter what priority the sessions get going into the VPN because the QoS as done at the interface and by that time the traffic is encrypted.

You need to set the "OpenVPN priority" in config->networking->advanced->QoS

Furthermore make sure you have your WAN link speed set correctly. If its too high QoS isn't going to do anything anyway.

**tealnet** · 07-26-2011, 05:39 PM

Originally Posted by dmorris

It won't matter what priority the sessions get going into the VPN because the QoS as done at the interface and by that time the traffic is encrypted.

You need to set the "OpenVPN priority" in config->networking->advanced->QoS

Furthermore make sure you have your WAN link speed set correctly. If its too high QoS isn't going to do anything anyway.

I have the OpenVPN priority set to Medium in QoS, which I'm not sure is correct. I'm not clear if that's giving all VPN traffic Medium priority regardless of the other QoS rules or if that will give everything except the other QoS rules Medium priority.

I have the WAN link speeds set to 90% of the total bandwidth available at each location. Incidentally, each location has an AT&T T1 with the exception of the main location which has two bonded T1's from AT&T. There's only around 6 hops between the main site and each remote location and the latency is generally under 20ms.

However, we continue to experience audio problems to the remote offices.

**dmorris** · 07-26-2011, 05:43 PM

You want to set OpenVPN priority to Very High (or High).

Yes, it applies to all VPN traffic.

**tealnet** · 07-26-2011, 05:47 PM

Originally Posted by dmorris

You want to set OpenVPN priority to Very High (or High).

Yes, it applies to all VPN traffic.

If that's the case, that would also give Very High Priority to all the other stuff that maxes out the VPN link... like file sharing, Exchange and intranet traffic. So I take it there is no way to prioritize only VoIP traffic over a VPN link using QoS?

Could this be accomplished using the Bandwidth Monitor instead?

**dmorris** · 07-26-2011, 07:58 PM

No all bandwidth management & QoS takes place at the NIC after encryption has taken place.

**tealnet** · 07-27-2011, 12:49 PM

Originally Posted by dmorris

No all bandwidth management & QoS takes place at the NIC after encryption has taken place.

Okay, just so I'm crystal clear on this... there is no way to prioritize VoIP traffic only over a VPN connection? At least not currently with Untangle 9.x.

Protect

Filter

Perform

Connect

Manage

Add-Ons

Thread: VoIP VPN Jitter Problems

LinkBack

Thread Tools

VoIP VPN Jitter Problems

Posting Permissions