[Openswan dev] openswan and qos question on netkey

Alex linux at vfemail.net
Fri Mar 14 09:37:38 EDT 2008

hello openswan experts,

my setup is simple:

mynet= ----> eth1-|MyGw|--eth0
| ---public IPs--- |
|RemoteGW| ----remotenet=   

All is working but i have some VOIP problems and i want to do some qos? I am 
using centos5.1 (up to date) openswan-2.4.9-1 with native kernel support for 
ipsec (netkey), so NO ipsec0 interface like in older versions (klips 

shortly, i would like to say that on MyGW router:
- incomming UDP traffic from to;;;; will take precedence 
anytime (done on internal interface eth1 of MyGW router using tc)
- outgoing traffic from to take precedence 
anytime and get 512k bandwidth. This can be achievd on eth0 interface on 
MyGW, but, because ipsec packets are encapsulated i can't, because there i 
will have all the time my PUBLIC IP or REMOTE GW PUBLIC IP. Also, ipsec0 is 
missing too on netkey implementation (in my opinion a bad thing), so in this 
case, qos for packets leaving my router - on external interface become 

How can i do this? Kernel recompilation is EXCLUDED! An example or some 
tutorials are wellcome.

Also, i want to mention that RemoteGW is not under my authority and it is a 
cisco router.


More information about the Dev mailing list