Re: Limit bandwidth for ipsec vpns

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Aug 19, 2002 at 07:01:32PM +0200, Stef Coene wrote:
> > Is there anyone having an idea on how to limit bandwidth on a linux gw
> > doing vpns with freeswan, I.E. for a 1Mbit line with 1 ipsec tunnel on
> > interface ppp0, limiting vpn traffic (esp) to 512kbit and internet
> > traffic (non vpn) to 512kbit.
> More info about shaping can be found on www.lartc.org.  And I have some extra 
> information on www.docum.org.
> 
> You have to add a cbq or htb qdisc to your interfaces and create 2 classes.  
> One for vpn traffic and one for non vpn traffic.  I hope that you use fixed 
> ports for the vpn traffic so you can use the dst/src port as a filter key.  
> You can share the same 1mbit or you can limit each class to 512kbit.

If FreeS/WAN is used, adding a pair of classes to the external interface
for 'normal' and 'VPN' traffic should suffice.  VPN traffic is identifiable
as traffic over UDP port 500 and protocols 50 or 51, although you may wish
to give them their own class with high priority as they do key exchanges.

If you gave each 512kbps, then add a root class to ipsec0 of 512kbps and
work from there on it.
-- 
Michael T. Babcock
CTO, FibreSpeed Ltd.     (Hosting, Security, Consultation, Database, etc)
http://www.fibrespeed.net/~mbabcock/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux