Greetings, me again. I''m starting to feel miff now. If I have a few vpn tunnels with different tun interfaces. And all this tunnel traffic is coming in on my eth0 interface, it also leave via eth0 again. I would like to share the available bandwidth evenly with tunnel clients. Would applying the bandwidth rule on eth0 with htb & sfq work for sharing the bandwidth or will bandwidth rules only affect tunnel traffic if I apply it to the actual tun[n] intefaces ? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
AFAIK, tc will work on real and not virtual interfaces. Warm regards Mohan> -----Original Message----- > From: lartc-admin@mailman.ds9a.nl > [mailto:lartc-admin@mailman.ds9a.nl] On Behalf Of Etienne Ledoux > Sent: Wednesday, August 04, 2004 9:05 PM > To: lartc@mailman.ds9a.nl > Subject: [LARTC] should I shape tun[N] or eth0 ? > > Greetings, > > me again. I''m starting to feel miff now. > > If I have a few vpn tunnels with different tun interfaces. > And all this tunnel traffic is coming in on my eth0 > interface, it also leave via eth0 again. I would like to > share the available bandwidth evenly with tunnel clients. > Would applying the bandwidth rule on eth0 with htb & sfq work > for sharing the bandwidth or will bandwidth rules only affect > tunnel traffic if I apply it to the actual tun[n] intefaces ? > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello,> If I have a few vpn tunnels with different tun interfaces. And all this tunnel > traffic is coming in on my eth0 interface, it also leave via eth0 again. I > would like to share the available bandwidth evenly with tunnel clients. Would > applying the bandwidth rule on eth0 with htb & sfq work for sharing the > bandwidth or will bandwidth rules only affect tunnel traffic if I apply it to > the actual tun[n] intefaces ?I''m not sure if it works on tun devices, but on tap''s it should work since those actually look like normal ethernet devices. However if you shape on the virtual interfaces you only shape the incoming traffic (ie traffic going out a tun/tap is decrypted VPN traffic that is coming *in*) So if you want to manage outgoing traffic, shape on eth0. Since openVPN per default requires a single port for each VPN, you can easily mark and classify the outgoing traffic with tc. For example: VPN1 udp 5000 <----> udp 5000 VPN2 udp 5001 <----> udp 5001 ... tc filter add dev eth0 parent 1:0 prio 10 u32 match udp sport 5000 dport 5000 flowid 1:2 tc filter add dev eth0 parent 1:0 prio 10 u32 match udp sport 5001 dport 5001 flowid 1:2 etc. to put all VPN traffic into class 1:2 Note that I didn''t test this, so there might be an error in the lines above but the outlined way should work. -- C U - -- ---- ----- -----/\/ René Gallati \/\---- ----- --- -- - _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On 05 August 2004 pm 16:51, Rene Gallati wrote:> Hello, > > If I have a few vpn tunnels with different tun interfaces. And all this > > tunnel traffic is coming in on my eth0 interface, it also leave via eth0 > > again. I would like to share the available bandwidth evenly with tunnel > > clients. Would applying the bandwidth rule on eth0 with htb & sfq work > > for sharing the bandwidth or will bandwidth rules only affect tunnel > > traffic if I apply it to the actual tun[n] intefaces ? > For example: > VPN1 udp 5000 <----> udp 5000 > VPN2 udp 5001 <----> udp 5001 > tc filter add dev eth0 parent 1:0 prio 10 u32 match udp sport 5000 dport > 5000 flowid 1:2 > tc filter add dev eth0 parent 1:0 prio 10 u32 match udp sport 5001 dport > 5001 flowid 1:2 > etc. > to put all VPN traffic into class 1:2 > Note that I didn''t test this, so there might be an error in the lines > above but the outlined way should work.On device tun, tc worked perfectly, just as you do with real interface eth0..n Tested under 256Kbps link using Slackware-9.1 and Slackware-10 as distro. Also tested and worked perfectly with IMQ. So cheer up .. :)) Regards, Rio Martin. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/