>From another thread, me talking to myself... :-) I did more testing, and indeed openvpn's "passtos" *does* work, even with privileges of 'nobody' (as AstLinux does).
Using tcpdump, I can see outbound UDP 1194 with tos set when defining "passtos", tos is 0x00 without setting "passtos". Possibly this is worth a rc.conf variable and support in the OpenVPN Server and Client web interface, disabled by default? Lonnie On Aug 11, 2010, at 8:54 PM, Lonnie Abelbeck wrote: > > On Aug 11, 2010, at 8:39 PM, Lonnie Abelbeck wrote: > >> >> On Aug 11, 2010, at 2:28 PM, Philip Prindeville wrote: >> >>> Because IPsec copies the QoS markings of packets from the encapsulated >>> packet into the wrapping packet. >> >> Philip makes an interesting point for IPsec, so I did some checking and it >> appears OpenVPN also supports this feature... >> ==== >> --passtos >> Set the TOS field of the tunnel packet to what the payload's TOS is. >> ==== >> To enable this feature, in the OpenVPN Server Configuration sub-tab, under >> Raw Commands: add the line "passtos". >> >> This may be useful when using the traffic shaper and SIP over OpenVPN. >> >> Lonnie > > Addendum, the OpenVPN "passtos" does not appear to work with openvpn > privileges of 'nobody' (as AstLinux does) but with privileges of 'root' it > works (per googling). > > Lonnie ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
