Limit single hosts bandwidth through IPSEC tunnel 2.1.4
-
Hello - I am currently running Dell AppAssure 5.4 for backup - replicating from my backup server to an offisite backup server through a VPN tunnel. This replication is constant - and it's soaking up all my bandwidth (currently running a 20 down 30 up fiber connection).
I've tried creating a limiter and bringing it into a rule with my server as the source and applying it to the LAN interface setting it above the default allow lan to any rule, and creating a floating rule - but nothing is working. I only want to limit this hosts traffic over the VPN as we access several applications on servers on the far side through this tunnel as well.
Any guidance is appreciated.
-
Found this thread which is the same issue also, but never got a response: https://forum.pfsense.org/index.php?topic=63789.msg345075#msg345075 Anyone able to provide direction on this one?
-
The limiter is a good idea. Did you flush the firewall states before testing?
Post your limiter and rules and we'll see…
Regards!
-
If the replication is constant and soaking up all your available bandwidth won't limiting it just cause it to fall behind with no hope of ever recovering?
I just applied a 100kbit limiter to a specific host on the far end of a site-to-site OpenVPN. Seemed to do what was intended.
Created limiter OpenVPN_In 100Kbit, OpenVPN_Out 100Kbit. Created floating rule on OpenVPN direction out destination specific remote host IP and applied limiters to In and Out.
Interestingly, it made me select a gateway. Worked with WANGW.
-
Usually you open it up to allow initial synchronization, and then throttle it back for incrementals. He needs to determine the size of the dataset he's sending per day and then break it down to see how much bandwidth he has to play with, how much he can dedicate to the backup job, and how long it will take at that rate. Then he can craft a limiter that gives it just enough bandwidth to complete the daily job in the allotted time.
