[ previous ] [ next ] [ threads ]
 
 From:  Lonnie Abelbeck <lists at lonnie dot abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Cc:  Klaus Stock <ks at stock dash consulting dot com>
 Subject:  Re: [m0n0wall] Traffic shaping for the PPTP/VPN interface
 Date:  Wed, 21 Mar 2007 08:13:57 -0500
Klaus,

If you used the "Magic shaper wizard" to setup your default set of  
rules/pipes/queues, the PPTP already has a pretty decent priority of  
"m_High Priority #1 Upload" which puts the GRE (PPTP) traffic above  
the common file transfers.

All your traffic shaping rules should be relative to WAN, either  
leaving or entering.

The data portion of PPTP is raw "GRE" IP packets.

Lonnie


On Mar 21, 2007, at 7:24 AM, Klaus Stock wrote:

> I finally conviced myself that it would be a brilliant idea to give  
> all
> outgoing PPTP (VPN) traffic from my home network a high priority.  
> That way,
> ordinary (non-VPN) traffic like uploads will be less likely to annoy a
> remote user who has made his way into my home network via PPTP.
>
> Easy, I thought. Very easy. I just went to the traffic shaper  
> configuration
> page to build a new rule, selected PPTP as interface (all other  
> rules I have
> so far use WAN) and selected the "high priority upload #2" queue.
> "Brilliant", I thought of myself!
>
> However, the idea of "brilliance" was fixed only a few seconds  
> later when I
> reached the "direction" setting, which says: "Use this to match  
> only packets
> travelling in a given direction on the interface specified above  
> (as seen
> from the firewall's perspective)." Yup, I thought, I want to fool  
> around
> only with outgoing traffic (since this is the limiting factor in  
> the ADSL
> connection) - obviously, since I already had selected an upload  
> queue only
> seconds earlier.
>
> Direction.
>
> "As seen from the firewall's perspective."
>
> Total mental darkness. No more brilliance.
>
> Feck. I'm lost.
>
>
> Fortunately, after attempting mental stimulation with the aid of  
> the content
> of a coffee mug, I got three ideas:
>
> 1. Use the direction "out", as I want to apply the rule to packets  
> which
> travel to the "outside". For me, PPTP means a "tunnel", which is a  
> different
> concept than a simple interface which is really there (in hardware,  
> I mean,
> where you have a look at the cable and measure the current to  
> determine in
> which direction the packets are travelling).
>
> 2. Ask on the mailing list. Doing this right now.
>
> 3. Use the direction "in", as PPTP means not the tunnel, but the  
> local PPTP
> tunnel entpoint ("virtual interface", one might say).
>
>
> Man, I'm brilliant again. Found not one, not two, but THREE  
> solutions to my
> problem, all by myself!!!1!!2!"1!!!!!
>
>
> But I seriously hope that some people on the list are only one  
> third as
> brilliant as me, and therefore come up with a single solution  
> instead of
> three.
>
> Thanks, and best regards, Klaus ;-)
> _________________________________________________________
> This mail sent using V-webmail - http://www.v-webmail.orgg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>