Brian J. Murrell wrote: > > Depending >> on the details of your setup, perhaps also put the remote VPN host(s)' >> external IP tcp/1194 into a high-priority class for the external >> interface with a guaranteed minimum RATE sufficient to handle such >> high-prio traffic. > >No. That's unacceptable. That would mean that all traffic in the >OpenVPN tunnel (including bulkish transfers, like say site->site backup, >etc.) would get the priority of VOIP (or whatever else you decided your >priority band was for) and starve out other equally low priority traffic >outside the tunnel.
Would the answer there be to route both the normal and tunneled traffic through an IFB (or 2 ?) so that you can shape the aggregate traffic ? Ie, the tunnel and ethernet interfaces would be unshaped, only a virtual 'choke point' where all the traffic has to go through would be shaped. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
