[Openswan Users] OpenSwan traffic shaping with HTB & sfq
Tomasz Grzelak
tgrzelak at wktpolska.com.pl
Wed May 4 11:03:53 CEST 2005
Lewis Shobbrook wrote:
> Hi All,
>
> I've got an interoffice IPSEC VPN in place that I'm trying to give
> priority to terminal service (tcp 3389) traffic.
> I've created rules at each end, but have hit a bit of a dillemma. As
> the data is encrypted I must also give highest priority to protocol 50
> otherwise the priority is lost as the packet gets encrypted.
> When I do this however, I can't slow people dragging large files across
> the VPN and disrupting the Terminal users.
maybe try to use the MARK target in the iptables script, for example:
mark the ftp traffic as 21, and rdp traffic as 1;
next you can use 'handle X fw' in the QoS script to put packets to
queues based on their mark value
it should work because the mark value 'lives' in an IP packet all the
time, no matter you have a plain IP packet or an ESP packet
Tomasz Grzelak
More information about the Users
mailing list