SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002671: Qos Devices and Classes VPN IPSec - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002671Endian FirewallQoSpublic2010-02-11 13:002011-02-02 10:47
Reporteraender 
Assigned Topeter-endian 
PrioritynormalSeveritymajorReproducibilityalways
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Version2.3 
Target VersionfutureFixed in Version 
Summary0002671: Qos Devices and Classes VPN IPSec
DescriptionWhe can setup Devices and Classes for VPN IPSec.

But if i want see them at the console tc shows nothing.
I do this.

tc qdisc show dev ipsec0
shows
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1

tc classes show dev ipsec0
shows nothing

if i setup a device and classes for OpenVPN Gw2Gw it shows like this

root@frue-fw:~ # tc qdisc show dev tap2
qdisc ingress ffff: ----------------
qdisc hfsc 180: default 6
qdisc sfq 8002: parent 180:2 limit 126p quantum 1514b perturb 10sec
qdisc sfq 8003: parent 180:3 limit 126p quantum 1514b perturb 10sec
qdisc sfq 8004: parent 180:4 limit 126p quantum 1514b perturb 10sec
qdisc sfq 8005: parent 180:5 limit 126p quantum 1514b perturb 10sec
qdisc sfq 8006: parent 180:6 limit 126p quantum 1514b perturb 10sec
root@frue-fw:~ # tc class show dev tap2
class hfsc 180: root
class hfsc 180:1 parent 180: sc m1 0bit d 0us m2 1966Kbit ul m1 0bit d 0us m2 1966Kbit
class hfsc 180:2 parent 180:1 leaf 8002: sc m1 0bit d 13.9ms m2 1081Kbit ul m1 0bit d 0us m2 1966Kbit
class hfsc 180:3 parent 180:1 leaf 8003: sc m1 0bit d 79.6ms m2 589000bit ul m1 0bit d 0us m2 1966Kbit
class hfsc 180:4 parent 180:1 leaf 8004: sc m1 0bit d 113.8ms m2 196000bit ul m1 0bit d 0us m2 1572Kbit
class hfsc 180:5 parent 180:1 leaf 8005: sc m1 0bit d 102.6ms m2 98000bit ul m1 0bit d 0us m2 1966Kbit
class hfsc 180:6 parent 180:1 leaf 8006: sc m1 68576bit d 175.0ms m2 0bit ul m1 0bit d 0us m2 786000bit
root@frue-fw:~ #


So in my opinion QoS for VPN IPSec could not work.
TagsNo tags attached.
Attached Files

- Relationships
related to 0000928assignedpeter-endian firewalls: add possibility to select the different ipsec interfaces, not only ipsec in general 
parent of 0002734confirmedpeter-endian SNAT: rules with IPSEC as source or destination device will be ignored 
child of 0003045confirmedpeter-endian TODO: QoS rework - QoS collecting ticket 
Not all the children of this issue are yet resolved or closed.

-  Notes
(0003911)
peter-endian (administrator)
2010-03-04 12:16

i see, thank you for the report

this happens because tc can't handle ipsec+ as an interface (as iptables does)

solution:
For now we need to explode IPSEC to all known ipsec interfaces and/or add selection for each ipsec interface
This does however not distinguish multiple ipsec tunnels, which need more work on ipsec itself.

- Issue History
Date Modified Username Field Change
2010-02-11 13:00 aender New Issue
2010-03-04 12:16 peter-endian Note Added: 0003911
2010-03-04 12:16 peter-endian Status new => confirmed
2010-03-04 12:16 peter-endian Relationship added related to 0000928
2010-03-04 12:16 peter-endian Relationship added parent of 0002734
2010-06-07 14:05 peter-endian Target Version => future
2010-07-05 16:40 peter-endian Relationship added child of 0003045
2010-09-20 17:24 peter-endian Category Firewall (iptables) => QoS
2011-02-02 10:47 lorenzo-endian Customer Occurencies => 0
2011-02-02 10:47 lorenzo-endian Assigned To => peter-endian

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker