On 12-03-26 07:06 PM, Mchael Barabanov wrote: > On 12-03-23 11:55 AM, Brian J. Murrell wrote: >> On 12-03-23 02:11 PM, Ryan on the Beach wrote: >>> >>> >>> Hello, >>> I've been using Shorewall for a long time and really like it. I recently >>> set up TOS using some of the online documentation and some guides online. >>> It works great. However I've run into a new configuration which I'm not >>> sure how to handle and was hoping some other users could give me some >>> recommendations. >>> In my other configs I have on an outside and inside interface. So defining >>> the rules were fairly straight forward. However in my latest setup I am >>> trying to wrap my brain around using traffic shaping when there are two >>> external interfaces. One is obviously the external interface and the other >>> is a tun0 which is the routed OpenVPN interface. I just don't know how I >>> should define the interfaces in tcinterfaces, especially since one is >>> really just a virtual interface. My main reason for wanting traffic >>> shaping is because I have VOIP traffic traversing my OpenVPN tunnel along >>> with other traffic and I wanted to make sure there is always enough >>> bandwidth for the voice traffic. >>> I am hoping some other users have traffic shaping set up in the same way >>> and can shed some light on how they handle having a two external >>> interfaces, one real and one tunnel. >> >> It's actually more complicated than just two external interfaces. The >> problem is that you want to be able to convey the "importance" (i.e. >> priority) of the voip packets that have been taken off of the VPN and >> wrapped into openvpn's udp packets at the next layer. >> >> That's not currently possible, AFAIK. Such a thing is possible with >> IPsec AFAIU. >> >> Of course you could just tell the "real network" layer that all openvpn >> traffic has a high (i.e. voip) priority but if somebody starts doing >> some kind of bulk transfer through the VPN you've basically given that >> bulk the same high priority as voip and voided the priority of the voip >> traffic. Furthermore you end up putting the lower priority traffic on >> the real network behind all openvpn traffic, even if it's bulk. >> >> b. > > I guess one workaround could be to establish 2 OpenVPN connections with > different QoS properties and redirect bulk and voice traffic to one or > another accordingly.
Looks like there's no need to -- OpenVPN "passtos" option should take care of QoS. Michael. ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
