Hello,
If I have a few vpn tunnels with different tun interfaces. And all this tunnel traffic is coming in on my eth0 interface, it also leave via eth0 again. I would like to share the available bandwidth evenly with tunnel clients. Would applying the bandwidth rule on eth0 with htb & sfq work for sharing the bandwidth or will bandwidth rules only affect tunnel traffic if I apply it to the actual tun[n] intefaces ?
I'm not sure if it works on tun devices, but on tap's it should work since those actually look like normal ethernet devices. However if you shape on the virtual interfaces you only shape the incoming traffic (ie traffic going out a tun/tap is decrypted VPN traffic that is coming *in*) So if you want to manage outgoing traffic, shape on eth0. Since openVPN per default requires a single port for each VPN, you can easily mark and classify the outgoing traffic with tc.
For example:
VPN1 udp 5000 <----> udp 5000 VPN2 udp 5001 <----> udp 5001 ...
tc filter add dev eth0 parent 1:0 prio 10 u32 match udp sport 5000 dport 5000 flowid 1:2
tc filter add dev eth0 parent 1:0 prio 10 u32 match udp sport 5001 dport 5001 flowid 1:2
etc.
to put all VPN traffic into class 1:2
Note that I didn't test this, so there might be an error in the lines above but the outlined way should work.
--
C U
- -- ---- ----- -----/\/ René Gallati \/\---- ----- --- -- - _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/