Applying QOS When VPN Tunnels Are Involved

Home Page Forums Network Management ZeroShell Applying QOS When VPN Tunnels Are Involved

This topic contains 7 replies, has 0 voices, and was last updated by  jacobsa 9 years, 9 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • May 12, 2009 at 4:50 am #41675

    jacobsa
    Member

    Hi guys,

    My question relates to applying QOS Classes & Classifiers when VPN tunnels are involved.

    For example:

    I have two sites, 2 x 1MB/1MB PPPOE connections at each site, using Zeroshell as the router.
    I have an OpenVPN site to site VPN from link 1 to link 1 at each site, and another from link 2 to link 2 at each site.
    I have bonded these, and the fail over system works perfectly.

    My question is regarding QOS when this is involved.

    The priority traffic running via this VPN is Windows Terminal Servers (RDP). I would like to reserve 512KB/s for RDP traffic, but am unsure if I should apply this policy to the PPPOE connections, or the VPN tunnel.

    Any information would be great.

    Thanks guys,

    Aaron

    May 12, 2009 at 9:02 am #48097

    ppalias
    Member

    The answer is on both. You should reserve 512k+ on the PPPoE for the Openvpn itself and on the vpn interface reserve 512k for the RDP.

    May 12, 2009 at 12:41 pm #48098

    jacobsa
    Member

    Thanks.

    And the best way to classify the traffic for OpenVPN? source / destination port?

    I was wondering if the VPN interface could actually identify traffic, as it is encrypted…

    May 13, 2009 at 8:12 am #48099

    ppalias
    Member

    Yeah source ip-port and destination ip-port would be fine.

    May 15, 2009 at 12:36 am #48100

    jacobsa
    Member

    Great thanks,

    I am applying the rules now.

    Cheers

    May 15, 2009 at 1:08 am #48101

    jacobsa
    Member

    Traffic does not seem to be identified via the classifiers I have done. Have used QOS plenty of times before in Zeroshell, so I am familiar with the configuration.

    Is there anything relating to using the Netbalancer module that may cause the QOS not to work? It is NetBalancer, with the two VPN Tunnels running as a Bond for failover and load balancing. I have applied QOS on the PPPOE interfaces, and put in the classifiers for the traffic for OpenVPN, but in the statistics it is giving me nothing.

    I rebooted the box as well, just to confirm.

    Stats are:

    ppp0 — 0.8Mbit/s 0.7Mbit/s 110521 13408bit
    DEFAULT Medium — — 110521 13408bit
    OPENVPN Medium — 640Kbit/s 0 0bit

    ppp1 — 0.8Mbit/s 0.7Mbit/s 112533 21712bit
    DEFAULT Medium — — 112533 21712bit
    OPENVPN Medium — 640Kbit/s 0 0bit

    Classifiers are:

    QoS Rules
    Seq Input Output Description QoS Class Log Active
    1 * * MARK tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp spt:1195 MARK set 0xb OPENVPN no
    2 * * MARK tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:1195 MARK set 0xb OPENVPN no
    3 * * MARK tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp spt:1196 MARK set 0xb OPENVPN no
    4 * * MARK tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:1196 MARK set 0xb OPENVPN no

    Any help would be appreciated..

    Thanks,

    Aaron

    May 15, 2009 at 6:50 am #48102

    ppalias
    Member

    I recall other users having problems with QoS on Netbalancing interfaces. Do a search in the forum, I think you will find something.

    May 15, 2009 at 6:54 am #48103

    jacobsa
    Member

    I have found some other comments about netbalancer and QOS using the same mangle table.

    Any comment on this fulvio?

    Thanks,

    Aaron

    May 15, 2009 at 5:54 pm #48104

    imported_fulvio
    Participant

    At the moment I do not see an easy solution.

    Regards
    Fulvio

  • Author
    Posts
Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.