similar to: OpenSwan traffic shaping with HTB & sfq

Hello all, I have set my QoS solution and now I am facing a little problem... When I ping to my server it has some lost packages: Estatísticas do Ping para 172.30.0.1: Pacotes: SENDED = 1029, RETURNED = 880, LOST = 149 (14% de perda), Aproximar um número redondo de vezes em milissegundos: Mínimo = 0ms, Máximo = 686ms, Média = 105ms If I disable my QoS ping stats to be ok. I even have

Hello guys, I past the last days trying to configure my shorewall 4.06 firewall to allow openvpn bridging connection. My scenario is the following: roadwarrior (openvpn client) -------------> Internet ------------> (X.Y.W.Z - eth0) Firewall/Gateway (10.x.x.254 - eth1) --------> Local Lan -------> OpenVPN Server (10.x.x.249 - br0) where 10.x.x.0-254 is my private lan X.Y.Z.W is

Hi I have tested with FC3 but iam not able get any good results on that. in the list some one recomend me that > 3.17 HTB should work I saw latest FC4 test2 has the HTB 3.17 with iptables 1.3.0 i have install in my P4 box, and trying to test when iam uploading its working perfect, but when iam downloading its going to default class can some one experinced the same problem below is the my

Hey, I have such a script: tc qdisc add dev $DEV root handle 1:0 htb default 21 r2q 2 tc class add dev $DEV parent 1:0 classid 1:11 htb rate 100mbit tc class add dev $DEV parent 1:11 classid 1:21 htb rate 512kbit ceil 512kbit tc class add dev $DEV parent 1:11 classid 1:23 htb rate 1024kbit ceil 1024kbit tc class add dev $DEV parent 1:11 classid 1:25 htb rate 3072kbit

Dear list: I have a problem I cannot handle yet, and need to solve it as soon as possible. Would be very greatful with anybody who can help me. I have a 512/512 link to internet, that I want to share between several computers. I have eth0, with a public IP address, conected to Internet, and also, eth1, with a private IP address, for network with the surfing computers. I have a main class with

Hello i''m having some issues trying to match packets using iptables mark, iproute filter and tc filter.- i mean, when i do iptables -t mangle -A INPUT -p tcp --dport 80 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 10 iptables -t mangle -A FORWARD -p tcp -i eth0 -o eth1 --dport 25 -j MARK --set-mark 10 $TC qdisc del dev $INET_IFACE root $TC

Hello all, I am trying to make a filter into my QoS rules and I founded that when I try to use filters u32 and with fwmark they do not work together. This is the filter I use, just and example, for u32: $TC filter add dev $DL parent 1:0 protocol ip prio 1 u32 match ip sport 22 0xffff flowid 1:10 This is working fine. Now if I try to mark a package that I want it to go to the same

Hi ! I have a single host which is connected via an 512kbit ADSL link to the n= et. I quite often use some realaudio application that uses some bandwidth = and I want to avoid other traffic to scale that bandwidth down. So I used = some classes (with htb) on imq0 device and applied some filters and it see= ms to work in most cases. However, there are some sites with which downloa= d is

Hi all! I''m new to this list, and hope for some clarity in this matter: I have a home-gateway with linux-2.6.9 and iproute2 (ver:2.6.9). My following tc syntaxes. # eth0 internet scheduleing are: tc qdisc add dev eth0 root handle 1: htb default 20 tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit burst 6k tc class add dev eth0 parent 1:1 classid 1:10 htb rate 512kbit burst

Anyone notices that using sfq qdisc adds latency compared to pfifo? With "sfq perturb 10" ping latency is around 100-120ms, while with "pfifo limit 3" drops to ~10-30ms (qdiscs belong to htb class). I''m missing something or is this expected? { $TC_CLASS parent 1:1 classid 1:20 htb prio 0 rate 900kbit ceil 1000kbit burst 7k $TC_QDISC parent 1:20 handle 200: {pfifo

Hi Guys, I have a little problem i dont understand why its happening, Initially i thought it was a network problem, but then i made a crossover between me and the server and shaped on that interface with as minimal as possible config this my test: $TC qdisc add dev $INTERFACE root handle 1: htb default 30 $TC class add dev $INTERFACE parent 1: classid 1:1 htb rate 10Mbit # POOL1 $TC class add

I looked in the yum repositories for CentOS 7 and I noticed that there are no packages for any of the major open source IPSec VPN apps - Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan packages. What is the current consensus w.r.t. building an IPSec VPN "server" (concentrator, whatever) on CentOS 7, that will do site-to-site connections with Cisco hardware at

Hello, I'm having a bit of trouble connecting our current CentOS Openswan server with a Vyos server via IPSec. I've posted this on the VyOS forums, but haven't had many helpful responses, so I thought I would ask here. http://forum.vyos.net/showthread.php?tid=26504&pid=29703#pid29703 Basically our Openswan configuration is as follows: conn VYOS keyingtries=0

Hi, is there anybody running centos3 (el3) with a standard kernel 2.4.32 or newer, because it seems openswan versions > 2.21 don''t run with centos3(el3) anymore. But we need the newer openswan versions. Problem arise when I try to build the ipsec.o module: /usr/src/openswan-2.4.4/linux/net/ipsec/ipsec_init.c /usr/src/openswan-2.4.4/linux/net/ipsec/ipsec_init.c: In function

Does anyone else noticed problems after updating openswan to openswan-2.6.32-27.2.el6_5.i686 ? In our case a connection to Cisco VPN 3000 Series would no longer work. I can see in the log an ASSERTION FAILED error and the connection would remain in Pending phase 2. Mar 7 16:24:40 firewall pluto[7647]: "ciscovpntest" #2: discarding duplicate packet; already STATE_MAIN_I1 Mar 7

I''m grappling with a problem that looks like sfq is not working (packets don''t get fairly queued, they appear to be always sent FIFO). My configuration appears to be correct. The machine is running quite an old kernel and if I could convince myself that the sfq code it has is just broken, I''d spend the time to upgrade it. Is there any way to inspect or dump the sfq hash

Hello, I'm trying to get Openswan running in a CentOS 4.3 environment. I want to modify as little as possible so that the machine can be kept up to date easily. I'd rather not compile a special kernel, but if that's the only solution, no problem (I don't need NAT traversal). It's running kernel 2.6.9-34.0.2.EL. Installed the kerneldevel RPM (and kernel src rpm as well). I

Hello, I have installed a server with three physical ethernet links and some virtual interfaces: eth0 - 213.215.42.70 eth0:1 - 213.215.42.71 eth0:2 - 213.215.42.72 eth0:3 - 213.215.42.73 eth0:4 - 213.215.42.74 eth0:5 - 213.215.42.75 eth0:6 - 213.215.42.76 eth0:7 - 213.215.42.77 eth0:8 - 213.215.42.78 eth2 - 192.168.1.128 eth3 - 213.215.42.69 All traffic are routed by iproute2 and iptables

Hi, I''m looking for a script in order to do traffic control on a ciber cafe LAN, with linux router. Ciber has about 40 hosts, and I haven''t much bandwidth (512kbit). Also, I''ve a squid cache and it works very good! I''ve found Jim QoS script, and FairNat. Which is more suitable for me ? Jim QoS ? FairNat ? other ? If I put FairNat, I would need ZPH patch

Hello, Why linux users use SFQ as leaf queueing discipline instead of RED and other? -- Best Regards, S.Mehdi Sheikhalishahi, Bye.