Mike wrote:
> I have a box in the lan that sends packets through open vpn.
> openvpn is running on the shorewall boxes on both endpoints.
> The traffic is being classified, but clipping is occuring.
> Does traffic have to be classifed on the openvpn interface as well?
You must define shaping on the openvpn interface if you want to prioritize
the traffic going through that interface. And you probably also want to give
the open VPN traffic itself (usually UDP 1194) a boost on the external
interface.
-Tom
--
Tom
I have tried the following for some test until Glenn and I try passing
Tos bit through openvpn with the passtos directive which seems to be
supported now with openvpn. In my case here there is traffic from
10.19.227.18 which is a pbs phone box with h323 udp traffic for voip
and Remote Desktop 3389 no other traffic but these two above.
When you state "And you probably also want to give the open VPN
traffic itself (usually UDP 1194) a boost on the external interface."
Would the two rules work below
2:11 10.19.227.18 0.0.0.0/0 ALL
3:11 10.19.227.18 0.0.0.0/0 ALL
Then I am thinking the remote desktop protocall
will fall into the default class?
Mike
#INTERFACE IN-BANDWITH OUT-BANDWIDTH
eth0 3000kbit 1152kbit
eth1 768kbit 768kbit
tun1 768kbit 768kbit
#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
eth0 1 full full 1
eth0 2 full/4 full 2
eth0 3 full/4 full 3 default
eth0 4 full/8 full*8/10 4
#
#
eth1 1 full full 1
eth1 2 full/4 full 2
eth1 3 full/4 full 3 default
eth1 4 full/8 full*8/10 4
##
#
tun1 1 full full 1
tun1 2 full/4 full 2
tun1 3 full/8 full*8/10 3 default
# ************ Maximize priority of VoIP traffic
*******************************************
#
#
2:11 10.19.227.18 0.0.0.0/0 ALL
3:11 10.19.227.18 0.0.0.0/0 ALL
2 $FW 10.192.139.240 ALL ---------not sure if
this is needed
#
# ************ Prioritize pings with low payload
*******************************************
2:12 0.0.0.0/0 eth0 icmp echo-request
2:12 0.0.0.0/0 eth0 icmp echo-reply
2:12 0.0.0.0/0 eth1 icmp echo-request
2:12 0.0.0.0/0 eth1 icmp echo-reply
2:12 eth1:10.194.53.0/24 0.0.0.0/0 tcp
telnet
# ************ Prioritize services
*********************************************************
# DNS
1:13 0.0.0.0/0 eth0 tcp 53
1:13 0.0.0.0/0 eth0 tcp - 53
2:13 0.0.0.0/0 eth1 udp 53
2:13 0.0.0.0/0 eth1 udp - 53
# HTTP
1:12 0.0.0.0/0 eth0 tcp 80
1:12 0.0.0.0/0 eth0 tcp - 80
2:12 0.0.0.0/0 eth1 tcp 80
2:12 0.0.0.0/0 eth1 tcp - 80
# SMTP/POP3
1:13 0.0.0.0/0 eth0 tcp 25
1:13 0.0.0.0/0 eth0 tcp - 25
2:13 0.0.0.0/0 eth1 tcp 25
2:13 0.0.0.0/0 eth1 tcp - 25
1:13 0.0.0.0/0 eth0 tcp 110
1:13 0.0.0.0/0 eth0 tcp - 110
2:13 0.0.0.0/0 eth1 tcp 110
2:13 0.0.0.0/0 eth1 tcp - 110
# SSH
1:12 0.0.0.0/0 eth0 tcp 22
1:12 0.0.0.0/0 eth0 tcp - 22
2:12 0.0.0.0/0 eth1 tcp 22
2:12 0.0.0.0/0 eth1 tcp - 22
#
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
