Hi All, I've got an interoffice IPSEC VPN in place that I'm trying to give priority to terminal service (tcp 3389) traffic. I've created rules at each end, but have hit a bit of a dillemma. As the data is encrypted I must also give highest priority to protocol 50 otherwise the priority is lost as the packet gets encrypted. When I do this however, I can't slow people dragging large files across the VPN and disrupting the Terminal users. This is an example of some of the rules in place. I can protect the VPN traffic from other internet traffic such as email etc, but not from themselves if you know what I mean. tc qdisc del dev $NET_IF root tc qdisc add dev $NET_IF root handle 1: htb default 30 tc class add dev $NET_IF parent 1: classid 1:1 htb rate 512Kbit burst 15Kb tc class add dev $NET_IF parent 1:1 classid 1:20 htb rate 128Kbit ceil 512Kbit burst 15Kb prio 1 tc class add dev $NET_IF parent 1:1 classid 1:30 htb rate 10Kbit ceil 512Kbit burst 15Kb prio 2 tc qdisc add dev $NET_IF parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev $NET_IF parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev $NET_IF parent 1:30 handle 30: sfq perturb 10 tc class add dev $NET_IF parent 1:1 classid 1:10 htb rate 512Kbit burst 15Kb prio 0 tc filter add dev $NET_IF protocol ip parent 1:0 prio 1 match ip sport 3389 0xffff flowid 1:10 tc filter add dev $NET_IF protocol ip parent 1:0 prio 1 match ip src $termserver_ip match ip sport 3389 0xffff flowid 1:10 Etc etc... Has anyone come across this before and found a solution? Any suggestions appreciated. Cheers, Lewis _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
