* traffic shaping on vlan make wireguard stop working
@ 2019-06-10 19:58 sch tel
0 siblings, 0 replies; only message in thread
From: sch tel @ 2019-06-10 19:58 UTC (permalink / raw)
To: wireguard
Hello list!
i tried to applied tc traffic shaping rules to limit outgoing traffic (independent of wireguard or not) on external vlan interface but after short time i applied that rules i can't even ping the other host through wg0 interface.
I have following setup:
eth0: external link
eth0.1: vlan1 fast uplink (primary)
eth0.2: vlan2 slow uplink (backup)
wg0: wireguard interface
eth1: internal link
My goals was to shape all traffic goes to one of the 2 vlan interfaces witch has different speeds. So i applied the rules on eth0.1 (and eth0.2):
tc qdisc del dev eth0.1 root 2>/dev/null
tc qdisc add dev eth0.1 root handle 1: htb default 17
tc class add dev eth0.1 parent 1: classid 1:1 htb rate 10mbit
tc class add dev eth0.1 parent 1:1 classid 1:16 htb rate 2mbit ceil 10mbit burst 4m
tc class add dev eth0.1 parent 1:1 classid 1:17 htb rate 8mbit ceil 10mbit burst 4m
tc qdisc add dev eth0.1 parent 1:16 handle 16: sfq perturb 10
tc qdisc add dev eth0.1 parent 1:17 handle 17: sfq perturb 10
tc filter add dev eth0.1 parent 1: protocol ip handle 0x64 fw flowid 1:16
iptables -t mangle -A OUTPUT -o 'wg+' -j MARK --set-mark 0x64
In iptables i see that packets are marked and packet counters count up, also in in tc:
tc -s class ls dev eth0.1
On server side udp packetes are still received.
Any hints whats i'm doing wrong with this kind of setup?
Thanks for help!
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-06-18 15:20 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-10 19:58 traffic shaping on vlan make wireguard stop working sch tel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).