wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
* traffic shaping on vlan make wireguard stop working
@ 2019-06-10 19:58 sch tel
  0 siblings, 0 replies; only message in thread
From: sch tel @ 2019-06-10 19:58 UTC (permalink / raw)
  To: wireguard

Hello list!

i tried to applied tc traffic shaping rules to limit outgoing traffic (independent of wireguard or not) on external vlan interface but after short time i applied that rules i can't even ping the other host through wg0 interface.

I have following setup:

eth0: external link
    eth0.1: vlan1 fast uplink (primary)
    eth0.2: vlan2 slow uplink (backup)

wg0: wireguard interface

eth1: internal link

My goals was to shape all traffic goes to one of the 2 vlan interfaces witch has different speeds. So i applied the rules on eth0.1 (and eth0.2):
    tc qdisc del dev eth0.1 root 2>/dev/null
    tc qdisc add dev eth0.1 root handle 1: htb default 17
    tc class add dev eth0.1 parent 1: classid 1:1 htb rate 10mbit
    tc class add dev eth0.1 parent 1:1 classid 1:16 htb rate 2mbit ceil 10mbit burst 4m
    tc class add dev eth0.1 parent 1:1 classid 1:17 htb rate 8mbit ceil 10mbit burst 4m
    tc qdisc add dev eth0.1 parent 1:16 handle 16: sfq perturb 10
    tc qdisc add dev eth0.1 parent 1:17 handle 17: sfq perturb 10
    tc filter add dev eth0.1 parent 1: protocol ip handle 0x64 fw flowid 1:16
    iptables -t mangle -A OUTPUT -o 'wg+' -j MARK --set-mark 0x64

In iptables i see that packets are marked and packet counters count up, also in in tc:
    tc -s class ls dev eth0.1

On server side udp packetes are still received.

Any hints whats i'm doing wrong with this kind of setup?
Thanks for help!
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2019-06-18 15:20 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-10 19:58 traffic shaping on vlan make wireguard stop working sch tel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).