Lonnie, I can't see a reason to not honor TOS tags if available. To be save, having it disabled by default is the better option. "Make it so" ;)
Darrick On 08/12/2010 05:50 PM, Lonnie Abelbeck wrote: >> From another thread, me talking to myself... :-) > > I did more testing, and indeed openvpn's "passtos" *does* work, even with > privileges of 'nobody' (as AstLinux does). > > Using tcpdump, I can see outbound UDP 1194 with tos set when defining > "passtos", tos is 0x00 without setting "passtos". > > Possibly this is worth a rc.conf variable and support in the OpenVPN Server > and Client web interface, disabled by default? > > Lonnie > > > On Aug 11, 2010, at 8:54 PM, Lonnie Abelbeck wrote: > >> >> On Aug 11, 2010, at 8:39 PM, Lonnie Abelbeck wrote: >> >>> >>> On Aug 11, 2010, at 2:28 PM, Philip Prindeville wrote: >>> >>>> Because IPsec copies the QoS markings of packets from the encapsulated >>>> packet into the wrapping packet. >>> >>> Philip makes an interesting point for IPsec, so I did some checking and it >>> appears OpenVPN also supports this feature... >>> ==== >>> --passtos >>> Set the TOS field of the tunnel packet to what the payload's TOS is. >>> ==== >>> To enable this feature, in the OpenVPN Server Configuration sub-tab, under >>> Raw Commands: add the line "passtos". >>> >>> This may be useful when using the traffic shaper and SIP over OpenVPN. >>> >>> Lonnie >> >> Addendum, the OpenVPN "passtos" does not appear to work with openvpn >> privileges of 'nobody' (as AstLinux does) but with privileges of 'root' it >> works (per googling). >> >> Lonnie -- Darrick Hartman DJH Solutions, LLC http://www.djhsolutions.com ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
