[strongSwan] How to limit IKEv2 traffic per user?

Mirko Parthey mirko.parthey at web.de
Fri Nov 16 21:56:59 CET 2018

On Sat, Nov 10, 2018 at 11:17:36AM +0000, Houman wrote:
> I have attempted to limit the VPN speed to 10Mbit per user.  But when I do a
> DSL speed test with two devices simultaneously, it seems that the total traffic
> is limited to 10Mbit/s instead rather than each device having 10Mbit/s on their
> own.
> SERVER_LIMIT="10mbit"
> tc qdisc del dev $ETH0ORSIMILAR root
> tc qdisc add dev $ETH0ORSIMILAR root handle 1: htb
> iptables -I FORWARD -s -j MARK --set-mark 51
> iptables -I FORWARD -d -j MARK --set-mark 51
> tc class add dev $ETH0ORSIMILAR parent 1:1 classid 1:51 htb rate $SERVER_LIMIT
> tc qdisc add dev $ETH0ORSIMILAR parent 1:51 sfq perturb 10
> tc filter add dev $ETH0ORSIMILAR protocol ip parent 1: prio 1 handle 51 fw
> flowid 1:51
> I had followed this tutorial to achieve this: https://linuxscriptshub.com/
> bandwidth-control-on-ikev2-with-tc-and-iptables/

Please note, in the tutorial you mentioned, there is a for loop in step 5.
At the least, each device needs a bandwith limiting class of its own.

The LARTC mailing list might be a better place for this discussion:


More information about the Users mailing list