Step 1: Configure PPTP and L2TP for the bandwidth control.

In this case we will use below number for the private ip.

pptp=111
l2tp=30
main=eth0

PPTP and L2TP normally will generate a ppp+ interface when user connect.

Example user A connect and server will create ppp0 and user B connect server will create ppp1.

We can just create a basic scripts to limiting the download speed.

You can limit the speed using the speed var by adjusting the number of mbit.

Step 2: Create a Scripts

Create a Scripts and name it ulimit.

#!/bin/bash
tc qdisc del dev $1 root
speed=1mbit



tc qdisc del dev $1 root
tc qdisc add dev $1 root handle 2: htb default 10
tc class add dev $1 parent 2: classid 2:1 htb rate 100mbps ceil 100mbps
tc class add dev $1 parent 2:1 classid 2:10 htb rate $speed ceil $speed prio 1

This scripts will actually aim for the user tunnel interface to limiting the speed, is all based on the tunnel, not private ip address of the vpn server.

This scripts have to store in /etc/ppp/ip-up.d/

and make it executable by chmod 755 ulimit

and you can now restart l2tp and pptp and test the connection.

Step 3: Restart the service

service pptpd restart
service xl2tpd restart

Step 4: Limiting the upload speed for individual user.

The upper scripts will only limiting the user download speed, but not upload.

If you need to limit the upload speed for the user, have to use iptables marking with tc.

Step 1: mark the internal ip address of pptp and l2tp with below command

iptables -I FORWARD -s 10.$pptp.$pptp.2 -j MARK --set-mark 72
iptables -I FORWARD -d 10.$pptp.$pptp.2 -j MARK --set-mark 72

the iptables rules on top are marking the forwarding source and destination of the ip 10.111.111.2 to marking id 72.

Add Tc class for interface eth0 with classid 1:72 and limiting the speed of upload by 1mbit.

tc class add dev eth0 parent 1:1 classid 1:72 htb rate 1mbit ceil 1mbit

perturb 10 means that based on the marking id 72 on iptables, when this ip is not using the bandwidth, it will release the bandwidth after 10 second to avoid your server connection been holding by the unused vpn private ip address.

tc qdisc add dev eth0 parent 1:72 sfq perturb 10

we have to set up the filter rules based on the same classid the run up all the rules that we set earlier for bandwidth filtering with below tc filter command.

tc filter add dev eth0 protocol ip parent 1: prio 1 handle 72 fw flowid 1:72

Now you can try out for your pptp connection will rate limiting, example above are only limiting when you get the internal vpn ip 10.111.111.2.

If you want to limit every individual user that using pptp we can use the scripts below.

#!/bin/bash
pptp=111
l2tp=30
main=eth0
rm -rf mark
rm -rf tcrules
for i in {1..254}
do
#pptp
echo iptables -I FORWARD -s 10.$pptp.$id.$i -j MARK --set-mark 7$i >> mark
echo iptables -I FORWARD -d 10.$pptp.$id.$i -j MARK --set-mark 7$i >> mark
echo tc class add dev eth0 parent 1:1 classid 1:7$i htb rate 1mbit ceil 1mbit >> tcrules
echo tc qdisc add dev eth0 parent 1:7$i sfq perturb 10 >> tcrules
echo tc filter add dev eth0 protocol ip parent 1: prio 1 handle 7$i fw flowid 1:7$i >> tcrules
#l2tp
echo iptables -I FORWARD -s 10.$l2tp.$id.$i -j MARK --set-mark 8$i >> mark
echo iptables -I FORWARD -d 10.$l2tp.$id.$i -j MARK --set-mark 8$i >> mark
echo tc class add dev eth0 parent 1:1 classid 1:8$i htb rate 1mbit ceil 1mbit >> tcrules
echo tc qdisc add dev eth0 parent 1:8$i sfq perturb 10 >> tcrules
echo tc filter add dev eth0 protocol ip parent 1: prio 1 handle 8$i fw flowid 1:8$i >> tcrules
done

with scripts above will limiting the protocal l2tp and pptp upload speed.

save the scripts as setmark and make it executable with chmod 755 setmark.

after that you can see that this scripts will generate another 2 scripts name mark and tcrules.

simply just run them with

sudo bash mark
sudo bash tcrules

and now L2tp and PPTP protocol are limiting upload and download speed by using tunnel interface and private ip of the vpn.

Happy Limiting.

If this article help, just share it to your friends.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *