[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Kev Latimer <kev at ne23 dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Traffic shaping in IPSec - alternatives?
 Date:  Tue, 21 Dec 2004 19:15:15 -0500 
On Tue, 21 Dec 2004 17:01:59 +0000, Kev Latimer <kev at ne23 dot net> wrote:
> 
> My m0n0wall is all in and working but I've just had a flash of the
> blindingly obvious on something I'm trying to do.  I've been trying to
> traffic shape the data going up my VPN tunnel, specifically trying to
> prioritise the Terminal Services traffic.  A quick browse of the lists
> seems to confirm what I thought, that the traffic becomes ESP before the
> shaping "thing" (ipfw?) can see it.
> 

ipfw, yes.  The ordering of the stuff in the kernel inbound and
outbound gets pretty hairy.  m0n0wall has a kernel patch to fix some
ordering issues with ipfilter and ipfw.


> Do you think shaping the traffic before it becomes ESP is something that
> will ever be feasible, or if not,does anyone have any suggestions on
> alternatives to prioritise the TS traffic?  

No idea if it'll ever be feasible, but you could put in a traffic
shaping bridge between the LAN and the VPN m0n0wall on each side.

-Chris