Step 1:Configure openvpn for the bandwidth control.
In this case we will use below number for the private ip.
Ikev2=24 #eth0 tcp1194=23 #tun3 tcp443=22 #tun4 udp1194=21 #tun0 udp4096=25 #tun1 udp80=20 #tun2 pptp=111 l2tp=30 main=eth0
In openvpn case because of openvpn have the tun+ tunnel interface for each port.
we have to do it in other ways, just a slightly different compare with ikev2
in this case we going to demonstrate the udp1194 openvpn default port.
add below command to define the tun0 interface.
tc qdisc add dev tun0 root handle 1: htb
and how do i control that udp1194 is under tun0, we can just configure on /etc/openvpn/server.conf
dev tun
and we specific the tun interface number like this
dev tun0
so that after the openvpn restart we can actually confirm that udp1194 port is listening on tun0 interface, and to make sure we are accurate controlling the right interface.
Step2: Set the marking with iptables based on the unique private ip address
udp1194=21
iptables -I FORWARD -s 10.$udp1194.$udp1194.1 -j MARK --set-mark 11 iptables -I FORWARD -d 10.$udp1194.$udp1194.1 -j MARK --set-mark 11
Step3: Define all the rules and setup the filtering.
Define the classid for interface eth0 and tun0, why we still need to setup the rules for eth0?
because of tun0 only can control the user upload speed, we still need control the download speed for the user, so we have to use eth0.
eth0
tc class add dev eth0 parent 1:1 classid 1:11 htb rate 1mbit ceil 1mbit tc qdisc add dev eth0 parent 1:11 sfq perturb 10 tc filter add dev eth0 protocol ip parent 1: prio 1 handle 11 fw flowid 1:11
tun0
tc class add dev tun0 parent 1:1 classid 1:11 htb rate 1mbit ceil 1mbit tc qdisc add dev tun0 parent 1:11 sfq perturb 10 tc filter add dev tun0 protocol ip parent 1: prio 1 handle 11 fw flowid 1:11
That the only thing we have to do.
if u want to filter all the user on the server based on openvpn.
we have a scripts below to let you actually setup a set of rules to filtering the user speed.
#/bin/bash
udp1194=21 #tun0
echo tc qdisc del dev $main root >>tcrules
echo tc qdisc del dev tun0 root >>tcrules
echo tc qdisc add dev $main root handle 1: htb >>tcrules
echo tc qdisc add dev tun0 root handle 1: htb >>tcrules
for i in {1..254}
do
##udp1194
echo iptables -I FORWARD -s 10.$udp1194.$id.$i -j MARK --set-mark 1$i >> mark
echo iptables -I FORWARD -d 10.$udp1194.$id.$i -j MARK --set-mark 1$i >> mark
echo tc class add dev eth0 parent 1:1 classid 1:1$i htb rate 1mbit ceil 1mbit >> tcrules
echo tc qdisc add dev eth0 parent 1:1$i sfq perturb 10 >> tcrules
echo tc filter add dev eth0 protocol ip parent 1: prio 1 handle 1$i fw flowid 1:1$i >> tcrules
echo tc class add dev tun0 parent 1:1 classid 1:1$i htb rate 1mbit ceil 1mbit >> tcrules
echo tc qdisc add dev tun0 parent 1:1$i sfq perturb 10 >> tcrules
echo tc filter add dev tun0 protocol ip parent 1: prio 1 handle 1$i fw flowid 1:1$i >> tcrules
done
put all this in the scripts, and chmod 755 to make the scripts executable , and bash scriptsname.
and u will see it will generate 2 scripts in the current location which is mark and tcrules. Just run it and can verify the result for marking by
iptables-save |grep mark
it will show the below result as per your configuration.
-A FORWARD -s 10.21.21.49/32 -j MARK –set-xmark 0x2ed/0xffffffff
-A FORWARD -d 10.21.21.49/32 -j MARK –set-xmark 0x1c1/0xffffffff
and use below command to actually show the class and qdisc that you set earlier for tc.
tc -s -d class show dev eth0 tc -s -d qdisc show dev eth0 tc -s -d class show dev tun0 tc -s -d qdisc show dev tun0
If this article help, just share it to your friends.
Leave a Reply
Want to join the discussion?Feel free to contribute!
Hello, is this working for many users connected to the same OpenVPN server? (different .ovpn certs)
regards
Hello, thanks you for comment , for your question is it possible working for multiple user on different certificate.
yes, the limiting bandwidth are working with the tun interface and also using internal ip address of openvpn to limit the bandwidth.
for the bandwidth limit path we use iptables and tc.
iptables to set each ip that you wants to limit a mark, and use the mark on tc rules.
if you still unable to undetstand how, please feel free to contact us, we will have a help on thats..
Do you have a spam issue on this site; I also am a blogger, and I was curious about your situation; we have created some nice procedures and we are looking to exchange solutions with others, be sure to shoot me an e-mail if interested.
What’s up to every body, it’s my first go to see of this web site; this blog includes remarkable and actually good data in support of readers.
No matter if some one searches for his vital thing, so he/she needs to be available that in detail, therefore that thing is maintained over here.
I was suggested this blog by my cousin. I’m not sure whether this post is written by him as no one else know such detailed about my problem. You’re wonderful! Thanks!
When some one searches for his necessary thing, so he/she desires to be available that in detail, therefore that thing is maintained over here.
Thanks for your marvelous posting! I genuinely enjoyed reading it, you could be a great author.I will be sure to bookmark your blog and will often come back later on. I want to encourage one to continue your great work, have a nice holiday weekend!
Because the admin of this web site is working, no doubt very rapidly it will be renowned, due to its quality contents.
Hiya very cool website!! Guy .. Beautiful .. Superb .. I will bookmark your site and take the feeds also? I’m glad to search out a lot of useful info here in the put up, we want work out more techniques on this regard, thanks for sharing. . . . . .
My partner and I stumbled over here by a different web address and thought I may as well check things out. I like what I see so i am just following you. Look forward to going over your web page for a second time.|
I know this website provides quality depending articles and additional information, is there any other web page which presents these kinds of data in quality?