My configuration is DSL Internet, with an IPIP tunnel to another mikrotik, this tunnel is using transport mode IPSec for encryption. Works wonderfully.
Voip is on the LAN passes over this tunnel to a PBX located at the other end of the tunnel.
I cant QoS the VoIP properly!
I cant use global-out parent!
Marking the VoIP traffic is easy. I cant use Queue trees with parent global-out.
For some reason the amount of traffic leaving the router with parent global-out is multiplied by 4 times, so I cant use limit-at or max-limit. If I use the IPIP tunnel interface directly it works.
i had the same problem and this is what worked for me
1 -you need to mark your voip packets leaving the tunnel interface (with out interface set to tunnel interface)
2 -then mark your other packets leaving the tunnel interface
3 -then mark your packets leaving your internet interface with source address being your pubilc ip address
4 -then mark your packets leaving your internet interface with no source specifed
when you setup your queue
set the parent to global-out
then set the max bandwith to a little less then your upload speed
then add 3 sub queue’s
for step 1,2,4
with step 1 markings being priority 2
and step 2 markings priority 5
and step 4 markings priorty 7
never list markings for step 3 and you wont have double bandwith show up in your queue’s