I just wanted to drop a success notice to the list. We always hear the failures, and rarely the successes! ;-) After switching from FC1 and freeS/WAN ipsec to the new native linux 2.6 ipsec (ie: setkey-based) my QoS code suddenly started working properly! Previously, with FC1 and freeS/WAN, I found it impossible and rather buggy (kernel panics!) to get QoS to make any difference at all. My main goal was to give high priority to VoIP-over-ipsec-over-PPPoE traffic. HTB with freeS/WAN and linux 2.4 caused kernel panics. CFQ and other schemes showed no difference. I believe the freeS/WAN virtual interface (ipsec0) over PPPoE (ppp0) was just impossible to qdisc properly as there were too many layers with too much complication. And I tried *everything* I (and others) could think of. Now for the success part: I switched to FC3 and native 2.6 linux ipsec (setkey) and after a number of issues setting that up ;-) my original QoS ideas and code worked perfectly on the first try after a little rewrite. I think this is because native ipsec is much simpler and more transparent and doesn't have a separate virtual interface. If you're wanting QoS over ipsec, I'd go this route over free or openSWAN. For notes on my ipsec setup issues, see my posts on _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
