WireGuard Archive on lore.kernel.org
 help / color / Atom feed
* traffic shaping on vlan make wireguard stop working
@ 2019-06-10 19:58 sch tel
  0 siblings, 0 replies; only message in thread
From: sch tel @ 2019-06-10 19:58 UTC (permalink / raw)
  To: wireguard

Hello list!

i tried to applied tc traffic shaping rules to limit outgoing traffic (independent of wireguard or not) on external vlan interface but after short time i applied that rules i can't even ping the other host through wg0 interface.

I have following setup:

eth0: external link
    eth0.1: vlan1 fast uplink (primary)
    eth0.2: vlan2 slow uplink (backup)

wg0: wireguard interface

eth1: internal link

My goals was to shape all traffic goes to one of the 2 vlan interfaces witch has different speeds. So i applied the rules on eth0.1 (and eth0.2):
    tc qdisc del dev eth0.1 root 2>/dev/null
    tc qdisc add dev eth0.1 root handle 1: htb default 17
    tc class add dev eth0.1 parent 1: classid 1:1 htb rate 10mbit
    tc class add dev eth0.1 parent 1:1 classid 1:16 htb rate 2mbit ceil 10mbit burst 4m
    tc class add dev eth0.1 parent 1:1 classid 1:17 htb rate 8mbit ceil 10mbit burst 4m
    tc qdisc add dev eth0.1 parent 1:16 handle 16: sfq perturb 10
    tc qdisc add dev eth0.1 parent 1:17 handle 17: sfq perturb 10
    tc filter add dev eth0.1 parent 1: protocol ip handle 0x64 fw flowid 1:16
    iptables -t mangle -A OUTPUT -o 'wg+' -j MARK --set-mark 0x64

In iptables i see that packets are marked and packet counters count up, also in in tc:
    tc -s class ls dev eth0.1

On server side udp packetes are still received.

Any hints whats i'm doing wrong with this kind of setup?
Thanks for help!
WireGuard mailing list

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-10 19:58 traffic shaping on vlan make wireguard stop working sch tel

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard

Newsgroup available over NNTP:

AGPL code for this site: git clone https://public-inbox.org/ public-inbox