[Openswan dev] openswan and qos question on netkey
Alex
linux at vfemail.net
Fri Mar 14 09:37:38 EDT 2008
hello openswan experts,
my setup is simple:
mynet=192.168.0.0/22 ----> eth1-|MyGw|--eth0
| ---public IPs--- |
|RemoteGW| ----remotenet=172.16.16.0/21
All is working but i have some VOIP problems and i want to do some qos? I am
using centos5.1 (up to date) openswan-2.4.9-1 with native kernel support for
ipsec (netkey), so NO ipsec0 interface like in older versions (klips
implementation).
shortly, i would like to say that on MyGW router:
- incomming UDP traffic from 172.16.22.93/32 to 192.168.1.169/32;
192.168.1.242/32;192.168.1.235/32;192.168.1.238/32; will take precedence
anytime (done on internal interface eth1 of MyGW router using tc)
- outgoing traffic from 192.168.0.5/32 to 172.16.18.123/32 take precedence
anytime and get 512k bandwidth. This can be achievd on eth0 interface on
MyGW, but, because ipsec packets are encapsulated i can't, because there i
will have all the time my PUBLIC IP or REMOTE GW PUBLIC IP. Also, ipsec0 is
missing too on netkey implementation (in my opinion a bad thing), so in this
case, qos for packets leaving my router - on external interface become
impossible!
How can i do this? Kernel recompilation is EXCLUDED! An example or some
tutorials are wellcome.
Also, i want to mention that RemoteGW is not under my authority and it is a
cisco router.
Regards,
Alx
More information about the Dev
mailing list