Hi All,
I've got an interoffice IPSEC VPN in place that I'm trying to give
priority to terminal service (tcp 3389) traffic.
I've created rules at each end, but have hit a bit of a dillemma. As
the data is encrypted I must also give highest priority to protocol 50
otherwise the priority is lost as the packet gets encrypted. When I do this however, I can't slow people dragging large files across
the VPN and disrupting the Terminal users. This is an example of some of the rules in place. I can protect the VPN
traffic from other internet traffic such as email etc, but not from
themselves if you know what I mean.
I /think/ that there are some patches for OpenS/WAN that change where the traffic passing through the VPN gets encrypted such that you could QoS / TC the traffic for just RDP. I think this patch works by having the traffic that will pass through the VPN pass through the kernel a couple of times. One pass is for the (unencrypted) traffic to go through the kernel and out through all normal filters / qdisc / classes etc and then get encrypted and loop back through the kernel as encrypted traffic so that it can go through the kernel and out through all normal filters / qdisc / classes etc. This is exactly what these patches are for. I personally have not applied these patches, but have read about them in some stopper at some whee hour of the morning.
Grant. . . . _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
