I have one WAN interface and a total of five vtunX interfaces which speak to their respective OpenVPN servers over the WAN link.
Furthermore, I have segmented my private network into several 802.1q VLANs, one for each subnet. The hosts in each of the subnets go out to the internet through a dedicated vtunX interface respectively.
What I would like to accomplish now is to set up a QoS shaper that prioritizes incoming traffic from the internet by the destination’s VLAN ID.
My question is: Which interface(s) do I apply the shaping policy to? All the OpenVPN instances connect through the WAN interface, but logically, the internal subnets do not. And they all use a different vtunX interface to go out to the internet. I hope this is not to badly explained and I am making myself clear here.
The way I see it, the issue boils down to the question of how to apply a QoS ruleset that spans several virtual interfaces on the LAN side which each use a virtual interface as their WAN gateway, while each of those virtual WAN gateways use the single “real” WAN interface on my router to reach their respective OpenVPN server.
Hello, @matzus!
What is your purpose? You want to make work with internet for one of local VLAN more comfortable over other VLAN?
In general, prioritizing traffic when bottleneck is WAN channel is not very helpful. You can shape (limit) some types of them, but this will work really effective only for TCP traffic.
Describe your WAN and LAN connections and we will try to find proper solution for your situation.
Thank you for your answer and I am sorry for the late reply. In the meantime, I have managed to create a priority-queue rule set which I have bound to the outbound traffic of my internal networks which I have redirected to an input interface “ifb0”.
However, in the Vyatta 6.5 documentation it says that input interfaces can be used to apply “out” QoS policies to inbound traffic. This is precisely what I’d like to achieve: Apply a priority-queue rule set to ingress traffic from my different vtun interfaces.
I hate to pry, but are there any suggestions on how to apply an “out” QoS policy to inbound traffic as the Vyatta 6.5 docs say can be done via an input interface?
Hi, @matzus!
As I see, it seems that VyOS don’t support adding “out” policies to “input” interface.
I think, you need try to configure corresponding “out” policies to VLAN interfaces instead.
