Thread: OpenVPN and Traffic Shaping per client
View Single Post

  #2 (permalink)  
Old 05-09-2008
Chris Davies
 
Posts: n/a
Default Re: OpenVPN and Traffic Shaping per client
Diaphragm <diaphragm53@googlemail.com> wrote:
> I've been told by a friend that perhaps i could set it up with the
> help of linux's TC but i've never worked with TC and i doubt i can
> learn it quick enough to apply such QoS methods on office server with
> fine tune quality for voip.

I've been playing with the example script here,
http://www.tldp.org/HOWTO/ADSL-Bandw...mentation.html.
I tweaked it a little (mainly available bandwidth), and stripped out
the inbound shaping as I don't have the inbound shaper module to hand.
I'm comfortable with iptables, so I used that to mark all the relevant
packets/conversations.

The relevant tweaks are as follows:

# Add leaf classes...
#
tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[$RATEUP/2]kbit ceil ${RATEUP}kbit prio 0
tc class add dev $DEV parent 1:1 classid 1:21 htb rate $[$RATEUP/2/6]kbit ceil $ {RATEUP}kbit prio 1
tc class add dev $DEV parent 1:1 classid 1:22 htb rate $[$RATEUP/2/6]kbit ceil $ {RATEUP}kbit prio 2
tc class add dev $DEV parent 1:1 classid 1:23 htb rate $[$RATEUP/2/6]kbit ceil $ {RATEUP}kbit prio 3
tc class add dev $DEV parent 1:1 classid 1:24 htb rate $[$RATEUP/2/6]kbit ceil $ {RATEUP}kbit prio 4
tc class add dev $DEV parent 1:1 classid 1:25 htb rate $[$RATEUP/2/6]kbit ceil $ {RATEUP}kbit prio 5
tc class add dev $DEV parent 1:1 classid 1:26 htb rate $[$RATEUP/20]kbit ceil ${ RATEUP}kbit prio 6


# Add fwmark entries to prioritise traffic (20 is highest, 26 is lowest)...
#
priority() {
_CHAIN="MYSHAPER-$1"; shift
_MARK="$1"; shift
iptables -t mangle -A "$_CHAIN" "$@" -j MARK --set-mark "$_MARK"
}

priority OUT 20 -p udp -m udp --dport 5060:5062 # VoIP
priority OUT 20 -p udp -m udp --dport 8000:8005 #
priority OUT 20 --src mynah.roaima.co.uk # Linksys SPA3102

priority OUT 21 -p icmp # ICMP (ping)
priority OUT 21 -p udp --dport 53 # DNS (small packets)
priority OUT 21 -p tcp -m length --length :64 # Small packets (probably ACKs)

priority OUT 22 -p tcp --dport ssh # SSH
priority OUT 22 -p tcp --dport telnet # Telnet (ugh)
priority OUT 22 -p tcp --dport http # HTTP
priority OUT 22 -p tcp --dport login # Rlogin (ugh)
priority OUT 22 -p tcp --dport https # HTTP/SSL

priority OUT 23 -p tcp --sport 0:1024 # Default for low port traffic
priority OUT 23 -p tcp --dport 0:1024 # Ditto

priority OUT 23 -p tcp --dport 1194 # OpenVPN (unknown payload)
priority OUT 23 -p udp --dport 1194 # Ditto
priority OUT 23 -p tcp --dport 5000:5007 # Ditto
priority OUT 23 -p udp --dport 5000:5007 # Ditto

priority OUT 25 -p tcp --dport ftp-data # FTP
priority OUT 25 -p tcp --dport smtp # SMTP
priority OUT 25 -p tcp --dport smtps # SMTP
priority OUT 25 -p tcp --dport pop3 # POP3
priority OUT 25 -p tcp --dport pop3s # POP3

priority OUT 26 -p tcp -m multiport --ports 49257:49258 # BitTorrent
priority OUT 26 -p udp -m multiport --ports 49257:49258 # BitTorrent
priority OUT 26 -m ipp2p --ipp2p # BitTorrent and other P2P


The whole file is available at
http://www.roaima.co.uk/stuff/20080509/lartc-qos.sh should you want it.
But you WILL need to adjust it for your own requirements. I've not
configured anything past line 244 relating to the inbound shaping.

Chris
Reply With Quote