bob at computerisms.ca
Thu Mar 5 06:48:34 EET 2015
I have been investigating the last few days about getting qos to work on
a libreswan firewall. it has a limited upload speed, and two subnets
behind it in addition to the vpn subnet, and all 3 groups are getting
shutdown from time to time due to activity of the others.
I read in several places that one can mark packets in iptables and tc
will recognize them after encapsulation. However, after quite a bit of
experimentation, such as placing the mark at various locations in the
tables/chains of iptables, matching esp/udp protocol, or the ip of the
internal server or the vpn users, or matching the encrypted packets with
dst port 4500, etc., I am finding that the mark either doesn't stay put,
or tc matches very little of the marked traffic.
So since iptables isn't really working out for me, I am wondering if
there are other options or methods. I note xl2tpd has an rx/tx bps, but
it sets a maximum and not a minimum, so not quite what I am looking for.
I also note mention of qos in klips patches in the source code for
libreswan, but seems for older kernels and I am not sure I want to
convert to klips. Is there some cool tool built into libreswan that I
am not finding, or a recommended method documented somewhere to use tc
in conjunction with libreswan?
867-334-7117 / 867-633-3760
More information about the Swan