Hello, 2015-08-06 6:40 GMT+03:00 Noel Kuntze <n...@familie-kuntze.de>:
> Why do you want to assign a unique mark to each IP? > You can simply create a filter for each type of traffic and then > apply QoS to that. There's no obvious need to track > each IP's connections seperately. TCP ACKs should be prioritized anyway, > together with ICMP, independent of the connection. > TCP packets always have the destination and source ports in the headers, > so you can tell them apart, too, if needed. May be I misunderstand something important. Let me try to clarify my needs again. I have N clients connected to VPN server. Every client is assigned a different (dynamic) IP. They can connect and disconnect at any time. I want to guarantee every client certain bandwidth. (Not shared by all the clients but to EVERY cleint, individually). E.g., I want to give bandwidth 64 kbps to client 1. Bandwidth 256 kbps to client 2. Etc. Inside these bandwidthes, I want to prioritize traffic: e.g., ping ans ssh go first, everything else second. If I understand right how linux traffic shaping works, in order to achieve these results I need to create 2*N classes and create filters which direct traffic to specific classes. Or do I miss something? > connmark is used if there are IPsec peers behind the same IP and they need to > be distinguished. Yes. It was my understanding also. Not my case. -- WBR & WBW, Vitaly _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users