Re: should I shape tun[N] or eth0 ?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

If I have a few vpn tunnels with different tun interfaces. And all this tunnel traffic is coming in on my eth0 interface, it also leave via eth0 again. I would like to share the available bandwidth evenly with tunnel clients. Would applying the bandwidth rule on eth0 with htb & sfq work for sharing the bandwidth or will bandwidth rules only affect tunnel traffic if I apply it to the actual tun[n] intefaces ?

I'm not sure if it works on tun devices, but on tap's it should work since those actually look like normal ethernet devices. However if you shape on the virtual interfaces you only shape the incoming traffic (ie traffic going out a tun/tap is decrypted VPN traffic that is coming *in*) So if you want to manage outgoing traffic, shape on eth0. Since openVPN per default requires a single port for each VPN, you can easily mark and classify the outgoing traffic with tc.


For example:

VPN1 udp 5000 <----> udp 5000
VPN2 udp 5001 <----> udp 5001
...

tc filter add dev eth0 parent 1:0 prio 10 u32 match udp sport 5000 dport 5000 flowid 1:2
tc filter add dev eth0 parent 1:0 prio 10 u32 match udp sport 5001 dport 5001 flowid 1:2


etc.

to put all VPN traffic into class 1:2

Note that I didn't test this, so there might be an error in the lines above but the outlined way should work.



--

C U

     - -- ---- ----- -----/\/  René Gallati  \/\---- ----- --- -- -
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/


[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux