Traffic Shaping with OpenVPN
Hi, Anyone experienced with traffic shaping general, and with OpenVPN specifically? I want to limit the upstream traffic sent from our VPN server to our VPN clients. I can't use 'shaper' (the OpenVPN command line parameter). So any suggestion would be welcome. -- Noam Rathaus CTO [EMAIL PROTECTED] http://www.beyondsecurity.com "Know that you are safe." Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
NIC woes with Debian & MSI MS-7507
Hi, Debian etch (latest stable) distro installed on the above PC results in an unusable onboard NIC. /var/log/messages tell me that the NIC is Jul 15 19:15:54 hostname kernel: eth0: RTL8168b/8111b at 0xf8822000, 00:1d:92:a1:96:19, IRQ 177 The module for it is found and loaded: Jul 15 19:15:54 hostname kernel: r8169 Gigabit Ethernet driver 2.2LK-NAPI loaded However, the NIC never gets an IP address from DHCP. Even worse, ethtool shows that it's totally confused as to its identity: # ethtool eth0 Settings for eth0: Supported ports: [ FIBRE ] Supported link modes: 1000baseT/Full Supports auto-negotiation: Yes Advertised link modes: Not reported Advertised auto-negotiation: Yes Speed: 1000Mb/s Duplex: Full Port: FIBRE PHYAD: 0 Transceiver: internal Auto-negotiation: on Supports Wake-on: pumbg Wake-on: pumbg Current message level: 0x0033 (51) Link detected: yes (FIBRE port when it really should be TP - Twisted Pair) Google didn't find anything useful. My current workaround is adding another NIC, which works fine, but is unacceptable in the long term. This occurs on two different PCs that have the same motherboard, so it's not a fluke hardware issue. Also, if I play around with ifup/ifdown AFTER booting it, I can sometimes get it to work, but only at 10MB/sec (connected to a 100 MB/s switch). Any ideas? Rony To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Traffic Shaping with OpenVPN
why not using normal ip shaping ? as far as it goes for normal shaping, I'm sure you could find a lot of information - google is your friend. about restricting the openvpn traffic, I think that you tag with iptables all of the vpn traffic and limit the bandwidth with tc. Ohad On Tue, Jul 15, 2008 at 3:15 PM, Noam Rathaus <[EMAIL PROTECTED]> wrote: > Hi, > > Anyone experienced with traffic shaping general, and with OpenVPN > specifically? > > I want to limit the upstream traffic sent from our VPN server to our VPN > clients. > > I can't use 'shaper' (the OpenVPN command line parameter). > > So any suggestion would be welcome. > > -- > Noam Rathaus > CTO > [EMAIL PROTECTED] > http://www.beyondsecurity.com > > "Know that you are safe." > > Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007 > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > >
Re: NIC woes with Debian & MSI MS-7507
Hi Rony, Can you please provide the output of: lspci & uname -a? - Noam On Tue, Jul 15, 2008 at 5:14 PM, ronys <[EMAIL PROTECTED]> wrote: > Hi, > > Debian etch (latest stable) distro installed on the above PC results in an > unusable onboard NIC. > > /var/log/messages tell me that the NIC is > Jul 15 19:15:54 hostname kernel: eth0: RTL8168b/8111b at 0xf8822000, > 00:1d:92:a1:96:19, IRQ 177 > > The module for it is found and loaded: > Jul 15 19:15:54 hostname kernel: r8169 Gigabit Ethernet driver 2.2LK-NAPI > loaded > > However, the NIC never gets an IP address from DHCP. Even worse, ethtool > shows that it's totally confused as to its identity: > # ethtool eth0 > Settings for eth0: >Supported ports: [ FIBRE ] >Supported link modes: 1000baseT/Full >Supports auto-negotiation: Yes >Advertised link modes: Not reported >Advertised auto-negotiation: Yes >Speed: 1000Mb/s >Duplex: Full >Port: FIBRE >PHYAD: 0 >Transceiver: internal >Auto-negotiation: on >Supports Wake-on: pumbg >Wake-on: pumbg >Current message level: 0x0033 (51) >Link detected: yes > > (FIBRE port when it really should be TP - Twisted Pair) > > Google didn't find anything useful. My current workaround is adding another > NIC, which works fine, but is unacceptable in the long term. > > This occurs on two different PCs that have the same motherboard, so it's > not a fluke hardware issue. > > Also, if I play around with ifup/ifdown AFTER booting it, I can sometimes > get it to work, but only at 10MB/sec (connected to a 100 MB/s switch). > > Any ideas? > > Rony > > > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > >
Re: NIC woes with Debian & MSI MS-7507
Hi, It is probably a BUG in the driver. > Google didn't find anything useful Build your own search engine ; don't use google :) Accoding to this link, the same issue also occurred (ethtool returns FIBRE for r8168). http://www.spinics.net/lists/netdev/msg43754.html Since that this message is from 2007, I would consider getting the linux driver from the vendor site: http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PNid=13&PFid=5&Level=5&Conn=4&DownTypeID=3&GetDown=false version 8.006.00is quite recent ( 22/4/2008). The second , less probable option, is that the motherboard does not support this chipset; There were (very rare ) cases in which such was the case; but these things happen. This can easily be checked with their support. Regards, Rami Rosen On Tue, Jul 15, 2008 at 5:14 PM, ronys <[EMAIL PROTECTED]> wrote: > Hi, > > Debian etch (latest stable) distro installed on the above PC results in an > unusable onboard NIC. > > /var/log/messages tell me that the NIC is > Jul 15 19:15:54 hostname kernel: eth0: RTL8168b/8111b at 0xf8822000, > 00:1d:92:a1:96:19, IRQ 177 > > The module for it is found and loaded: > Jul 15 19:15:54 hostname kernel: r8169 Gigabit Ethernet driver 2.2LK-NAPI > loaded > > However, the NIC never gets an IP address from DHCP. Even worse, ethtool > shows that it's totally confused as to its identity: > # ethtool eth0 > Settings for eth0: >Supported ports: [ FIBRE ] >Supported link modes: 1000baseT/Full >Supports auto-negotiation: Yes >Advertised link modes: Not reported >Advertised auto-negotiation: Yes >Speed: 1000Mb/s >Duplex: Full >Port: FIBRE >PHYAD: 0 >Transceiver: internal >Auto-negotiation: on >Supports Wake-on: pumbg >Wake-on: pumbg >Current message level: 0x0033 (51) >Link detected: yes > > (FIBRE port when it really should be TP - Twisted Pair) > > Google didn't find anything useful. My current workaround is adding another > NIC, which works fine, but is unacceptable in the long term. > > This occurs on two different PCs that have the same motherboard, so it's not > a fluke hardware issue. > > Also, if I play around with ifup/ifdown AFTER booting it, I can sometimes get > it to work, but only at 10MB/sec (connected to a 100 MB/s switch). > > Any ideas? > > Rony > > > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]