Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Limit single hosts bandwidth through IPSEC tunnel 2.1.4

    Scheduled Pinned Locked Moved Traffic Shaping
    5 Posts 4 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shuggans
      last edited by

      Hello - I am currently running Dell AppAssure 5.4 for backup - replicating from my backup server to an offisite backup server through a VPN tunnel.  This replication is constant - and it's soaking up all my bandwidth (currently running a 20 down 30 up fiber connection).

      I've tried creating a limiter and bringing it into a rule with my server as the source and applying it to the LAN interface setting it above the default allow lan to any rule, and creating a floating rule - but nothing is working.  I only want to limit this hosts traffic over the VPN as we access several applications on servers on the far side through this tunnel as well.

      Any guidance is appreciated.

      1 Reply Last reply Reply Quote 0
      • S
        shuggans
        last edited by

        Found this thread which is the same issue also, but never got a response:  https://forum.pfsense.org/index.php?topic=63789.msg345075#msg345075  Anyone able to provide direction on this one?

        1 Reply Last reply Reply Quote 0
        • G
          georgeman
          last edited by

          The limiter is a good idea. Did you flush the firewall states before testing?

          Post your limiter and rules and we'll see…

          Regards!

          If it ain't broke, you haven't tampered enough with it

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            If the replication is constant and soaking up all your available bandwidth won't limiting it just cause it to fall behind with no hope of ever recovering?

            I just applied a 100kbit limiter to a specific host on the far end of a site-to-site OpenVPN.  Seemed to do what was intended.

            Created limiter OpenVPN_In 100Kbit, OpenVPN_Out 100Kbit.  Created floating rule on OpenVPN direction out destination specific remote host IP and applied limiters to In and Out.

            Interestingly, it made me select a gateway.  Worked with WANGW.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              Usually you open it up to allow initial synchronization, and then throttle it back for incrementals.  He needs to determine the size of the dataset he's sending per day and then break it down to see how much bandwidth he has to play with, how much he can dedicate to the backup job, and how long it will take at that rate.  Then he can craft a limiter that gives it just enough bandwidth to complete the daily job in the allotted time.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.