[Openswan Users] Netkey and traffic shaping

Danilo Godec danilo.godec at agenda.si
Thu Mar 26 04:36:34 EDT 2009


we have several hundred machines acting as xDSL routers (among other
things). These machines are running 2.4.27+ kernels, OpenSwan with KLIPS
and TC to reserve some bandwidth for mission critical traffic. All
traffic is encrypted and we also use iptables for more selective access
control (not everything from and to remote network is allowed).

For reasons that are out of our hands we will need to move to a more
recent kernel - 2.6.xx and NETKEY. However the need for bandwidth
reservation and refined access control is still there.

Is it possible to use TC to shape traffic before it is encrypted?

 Thanks, Danilo

More information about the Users mailing list