[ previous ] [ next ] [ threads ]
 From:  "Klaus Stock" <ks at stock dash consulting dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Traffic shaping for the PPTP/VPN interface
 Date:  Wed, 21 Mar 2007 13:24:36 +0100
I finally conviced myself that it would be a brilliant idea to give all
outgoing PPTP (VPN) traffic from my home network a high priority. That way,
ordinary (non-VPN) traffic like uploads will be less likely to annoy a
remote user who has made his way into my home network via PPTP.

Easy, I thought. Very easy. I just went to the traffic shaper configuration
page to build a new rule, selected PPTP as interface (all other rules I have
so far use WAN) and selected the "high priority upload #2" queue.
"Brilliant", I thought of myself!

However, the idea of "brilliance" was fixed only a few seconds later when I
reached the "direction" setting, which says: "Use this to match only packets
travelling in a given direction on the interface specified above (as seen
from the firewall's perspective)." Yup, I thought, I want to fool around
only with outgoing traffic (since this is the limiting factor in the ADSL
connection) - obviously, since I already had selected an upload queue only
seconds earlier.


"As seen from the firewall's perspective."

Total mental darkness. No more brilliance.

Feck. I'm lost.

Fortunately, after attempting mental stimulation with the aid of the content
of a coffee mug, I got three ideas:

1. Use the direction "out", as I want to apply the rule to packets which
travel to the "outside". For me, PPTP means a "tunnel", which is a different
concept than a simple interface which is really there (in hardware, I mean,
where you have a look at the cable and measure the current to determine in
which direction the packets are travelling).

2. Ask on the mailing list. Doing this right now.

3. Use the direction "in", as PPTP means not the tunnel, but the local PPTP
tunnel entpoint ("virtual interface", one might say).

Man, I'm brilliant again. Found not one, not two, but THREE solutions to my
problem, all by myself!!!1!!2!"1!!!!!

But I seriously hope that some people on the list are only one third as
brilliant as me, and therefore come up with a single solution instead of

Thanks, and best regards, Klaus ;-)
This mail sent using V-webmail - http://www.v-webmail.orgg