Reply To: QoS when zeroshell using lan-2-lan vpn

Forums Network Management ZeroShell QoS when zeroshell using lan-2-lan vpn Reply To: QoS when zeroshell using lan-2-lan vpn


Sorry, for the trouble, but there are a lot of screenshots that would be needed to prove that I’m not able to classify the vpn traffic. For the test I just did, I’m just using eth0. Eth0 is assigned a local ip and is plugged into a switch. an internet router forwards the vpn ports to the zeroshell local ip and that is how I have the vpn up and running. I enabled qos on eth0, I added a class called “VPN_OUT” which I gave 20kbps max and guaranteed bandwidth; I added the class to the eth0 interface, I activated the changes, I added the following classifier to mark all traffic as vpn_out:

MARK all opt — in * out * -> MARK set 0xb

I saved the classifier

Then I used ssh to connect through the vpn to a host on the other side of the vpn. Then I used sftp to connect back to a host on my side of the vpn to download a file (which would be uploading a file as far as my local vpn is concerned).

The rate of file upload was around 60KB/sec (480kbps). I would expect the transfer speed to be less than 20kbps given the overhead of the vpn would be taking up some of the 20kbps that is available.

I checked the statistics for the QoS. A minute amount of packets was adding up on vpn_out (which should be classifying everything). I refershed a couple of zeroshell web interface pages to see if they were contributing — they were not (strangely).

So I checked the download speed through the vpn (which should also be classified by the above rule). The download speed was “policed” down to less than the 20kbps mark. This is what I mean when I say “policed”: The way I understand it, it is more normal to impliment qos on the outbound because that is what you control, but you can also police inbound traffic. Basically, you just drop the packets that go above and beyond your limit. The sending host does not receive ACKs to some of the packets that were dropped so it knows to resend and also to slow down. Messy but effective.

Any suggestions based on this additional information? has anyone been able to effectively classify lan-2-lan vpn traffic with zeroshell?