Hello list! i tried to applied tc traffic shaping rules to limit outgoing traffic (independent of wireguard or not) on external vlan interface but after short time i applied that rules i can't even ping the other host through wg0 interface.
I have following setup: eth0: external link eth0.1: vlan1 fast uplink (primary) eth0.2: vlan2 slow uplink (backup) wg0: wireguard interface eth1: internal link My goals was to shape all traffic goes to one of the 2 vlan interfaces witch has different speeds. So i applied the rules on eth0.1 (and eth0.2): tc qdisc del dev eth0.1 root 2>/dev/null tc qdisc add dev eth0.1 root handle 1: htb default 17 tc class add dev eth0.1 parent 1: classid 1:1 htb rate 10mbit tc class add dev eth0.1 parent 1:1 classid 1:16 htb rate 2mbit ceil 10mbit burst 4m tc class add dev eth0.1 parent 1:1 classid 1:17 htb rate 8mbit ceil 10mbit burst 4m tc qdisc add dev eth0.1 parent 1:16 handle 16: sfq perturb 10 tc qdisc add dev eth0.1 parent 1:17 handle 17: sfq perturb 10 tc filter add dev eth0.1 parent 1: protocol ip handle 0x64 fw flowid 1:16 iptables -t mangle -A OUTPUT -o 'wg+' -j MARK --set-mark 0x64 In iptables i see that packets are marked and packet counters count up, also in in tc: tc -s class ls dev eth0.1 On server side udp packetes are still received. Any hints whats i'm doing wrong with this kind of setup? Thanks for help! _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
