How to setup traficshaping IPsec trafic?
-
How to setup limit IPsec trafic?
Hi,
I have 2 PFsense boxes (1.2.3-RC1) that are connected throug IPsec that is terminated on the PFsense boxes.I want to limit to amount of trafic the IPsec tunnel can use (except RDP trafic - that must use all the capacity)
I have run the traffic shaper guide in order to get the basic settings in place with a penalty queue.But i cant seem to figure how the traffic shaper rule should look like.
As i see it there are 2 senarioes:
1: limit everything but RDP
2: Limit IPsec VPN (and let RDP traffic have full power)But what should the rule look like if i want to limit the IP sec trafic?
IN : WAN
OUT: LAN
PROTOCOL: ESPBut - the procotol is'nt ESP on the inside. Here it is plain traffic?
The RDP server is on PFsense1 and the RDP clients are on PFsense2.For testing purpose they are currently not connected through the IPsec tunnel but directly throug the WAN IP
-
Your RPD are inside the IPSec VPN? If yes, you can't shape what's inside … You could, but you'd need 2 pfSense boxes at both end.
Like that :
Network #1 <--> pfSense (Shaper) <--> pfSense (IPSec) <--> Internet <--> pfSense (IPSec) <--> pfSense (Shaper) <--> Network #2
The pfSense (Shaper) would have normal LAN/WAN scenario that the spaher is happy with and the pfSense (IPSec) would take care of the Internet connection and IPSec.
In this scenario you'll have to use 4 different Class C private IP range.
MageMinds