On Mon, Aug 19, 2002 at 07:01:32PM +0200, Stef Coene wrote: > > Is there anyone having an idea on how to limit bandwidth on a linux gw > > doing vpns with freeswan, I.E. for a 1Mbit line with 1 ipsec tunnel on > > interface ppp0, limiting vpn traffic (esp) to 512kbit and internet > > traffic (non vpn) to 512kbit. > More info about shaping can be found on www.lartc.org. And I have some extra > information on www.docum.org. > > You have to add a cbq or htb qdisc to your interfaces and create 2 classes. > One for vpn traffic and one for non vpn traffic. I hope that you use fixed > ports for the vpn traffic so you can use the dst/src port as a filter key. > You can share the same 1mbit or you can limit each class to 512kbit. If FreeS/WAN is used, adding a pair of classes to the external interface for 'normal' and 'VPN' traffic should suffice. VPN traffic is identifiable as traffic over UDP port 500 and protocols 50 or 51, although you may wish to give them their own class with high priority as they do key exchanges. If you gave each 512kbps, then add a root class to ipsec0 of 512kbps and work from there on it. -- Michael T. Babcock CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc) http://www.fibrespeed.net/~mbabcock/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
