[strongSwan] How to limit IKEv2 traffic per user?
Mirko Parthey
mirko.parthey at web.de
Fri Nov 16 21:56:59 CET 2018
On Sat, Nov 10, 2018 at 11:17:36AM +0000, Houman wrote:
> I have attempted to limit the VPN speed to 10Mbit per user. But when I do a
> DSL speed test with two devices simultaneously, it seems that the total traffic
> is limited to 10Mbit/s instead rather than each device having 10Mbit/s on their
> own.
>
> ETH0ORSIMILAR="eth0"
> SERVER_LIMIT="10mbit"
>
> tc qdisc del dev $ETH0ORSIMILAR root
> tc qdisc add dev $ETH0ORSIMILAR root handle 1: htb
> iptables -I FORWARD -s 10.10.10.0/24 -j MARK --set-mark 51
> iptables -I FORWARD -d 10.10.10.0/24 -j MARK --set-mark 51
> tc class add dev $ETH0ORSIMILAR parent 1:1 classid 1:51 htb rate $SERVER_LIMIT
> ceil $SERVER_LIMIT
> tc qdisc add dev $ETH0ORSIMILAR parent 1:51 sfq perturb 10
> tc filter add dev $ETH0ORSIMILAR protocol ip parent 1: prio 1 handle 51 fw
> flowid 1:51
>
> I had followed this tutorial to achieve this: https://linuxscriptshub.com/
> bandwidth-control-on-ikev2-with-tc-and-iptables/
Please note, in the tutorial you mentioned, there is a for loop in step 5.
At the least, each device needs a bandwith limiting class of its own.
The LARTC mailing list might be a better place for this discussion:
http://vger.kernel.org/vger-lists.html#lartc
Regards,
Mirko
More information about the Users
mailing list