Ysurac
commented
1 month ago The only way to know is to test. Shorewall is used on VPS side to manage iptables (nftables is now used on router side), maybe possible to add DSCP rules directly in shorewall.
Desired Behavior
Utilize DSCP EF (Expedited Forwarding) tagging to prioritize inbound VOIP RTP UDP packets using OMR.
Our test configuration utilizes FreePBX where we've successfully configured it to apply DSCP EF tags on all outbound packets, which survives as it egresses through pfSense (no NAT), OMR and the VPS. Packets arriving from external sources are set with the "Default" DSCP.
Would changing the DSCP tags from Default to EF as those VOIP RTP UDP packets ingress the VPS from external sources achieve the goals of such tagging as the packets traverse OMR's (VPN, Shadowsocks, V2Ray or Xray proxies), pfSense and ultimately FreePBX? It seems the DSCP tag would indeed function accordingly as it egresses OMR and ingresses pfSense continuing on to FreePBX, but I don't have any sense if the same would be true as packets traverse OMR's (VPN, Shadowsocks, V2Ray or Xray proxies).
If so, would modifying the VPS iptables with something like "iptables -t mangle -D OUTPUT -p udp --dport 10001:10030 -j DSCP --set-dscp-class ef" be the right approach or would a different tool be needed? Any detail and recommended reading to achieve this objective will be greatly appreciated as my current research and testing has not succeeded in changing the DSCP tag when reviewed with Wireshark.
Specifications