All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] vpn control
@ 2004-01-05  4:03 Rick Marshall
  2004-01-05  5:24 ` Damion de Soto
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Rick Marshall @ 2004-01-05  4:03 UTC (permalink / raw)
  To: lartc

we have an external 2Mbit dsl connection and running on it are several
gre vpn tunnels

so far i've given priority to the vpn traffic (using htb)

can i now put rules in for the tunnels to control traffic within each
tunnel (that's where our video conferencing etc runs)? or can i only
control the real interface (eth1 in our setup)? if not can i somehow see
the packets inside the vpn packets and then control them?

thanks

rick

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] vpn control
  2004-01-05  4:03 [LARTC] vpn control Rick Marshall
@ 2004-01-05  5:24 ` Damion de Soto
  2004-01-05  6:15 ` Rick Marshall
  2004-01-05  6:46 ` Damion de Soto
  2 siblings, 0 replies; 4+ messages in thread
From: Damion de Soto @ 2004-01-05  5:24 UTC (permalink / raw)
  To: lartc

Hi Rick,
> can i now put rules in for the tunnels to control traffic within each
> tunnel (that's where our video conferencing etc runs)?
What type of VPNs are you using? IPSec ?
You can put htb rules on ipsecX interfaces and they will work.
the pppX interfaces for pptp and l2tp VPNs should work just as well.

> control the real interface (eth1 in our setup)? if not can i somehow see
> the packets inside the vpn packets and then control them?
With some clever kernel hackery, you probably could do this, I don't think it would 
be any fun at all though.

regards,

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] vpn control
  2004-01-05  4:03 [LARTC] vpn control Rick Marshall
  2004-01-05  5:24 ` Damion de Soto
@ 2004-01-05  6:15 ` Rick Marshall
  2004-01-05  6:46 ` Damion de Soto
  2 siblings, 0 replies; 4+ messages in thread
From: Rick Marshall @ 2004-01-05  6:15 UTC (permalink / raw)
  To: lartc

linux-linux using ip tunnels - modprobe ip_gre

eg

ip tunnel add china mode gre remote xxx.xxx.xxx.xxx local \
xxx.xxx.xxx.xxx ttl 255
ip link set china up
ip addr add 192.168.1.11 dev china
ip route add 192.168.5.0/24 dev china
 
ps - any hackers - don't bother - the firewalls will only accept
connections from specific ip addresses


On Mon, 2004-01-05 at 16:24, Damion de Soto wrote:
> Hi Rick,
> > can i now put rules in for the tunnels to control traffic within each
> > tunnel (that's where our video conferencing etc runs)?
> What type of VPNs are you using? IPSec ?
> You can put htb rules on ipsecX interfaces and they will work.
> the pppX interfaces for pptp and l2tp VPNs should work just as well.
> 
> > control the real interface (eth1 in our setup)? if not can i somehow see
> > the packets inside the vpn packets and then control them?
> With some clever kernel hackery, you probably could do this, I don't think it would 
> be any fun at all though.
> 
> regards,

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] vpn control
  2004-01-05  4:03 [LARTC] vpn control Rick Marshall
  2004-01-05  5:24 ` Damion de Soto
  2004-01-05  6:15 ` Rick Marshall
@ 2004-01-05  6:46 ` Damion de Soto
  2 siblings, 0 replies; 4+ messages in thread
From: Damion de Soto @ 2004-01-05  6:46 UTC (permalink / raw)
  To: lartc

Rick Marshall wrote:
> linux-linux using ip tunnels - modprobe ip_gre
>
> ip tunnel add china mode gre remote xxx.xxx.xxx.xxx local \
> xxx.xxx.xxx.xxx ttl 255
> ip link set china up
> ip addr add 192.168.1.11 dev china
> ip route add 192.168.5.0/24 dev china
Hrrm, not 100% sure on GRE tunnels, but I can't see why they wouldn't.
You should be able to just create all your tc rules on the 'china' device.


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-01-05  6:46 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-01-05  4:03 [LARTC] vpn control Rick Marshall
2004-01-05  5:24 ` Damion de Soto
2004-01-05  6:15 ` Rick Marshall
2004-01-05  6:46 ` Damion de Soto

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.