Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 1124 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic shaping for single vpn connections instead of whole vpn traffic

ChrisSoukup

I've been experimenting with traffic shaping in order to handle ~30 external vpn clients accessing their office PCs.

I created a shaping rule for the WAN interface cliking on the In/Out displays on the dashboard and then in Flow Monitor on OpenVPN entry -> "Shape" Button.
The shaping rule helper asks for Guaranteed and Maximum Bandwidth values.

However it seems that the bandwidth is being shaped for all OpenVPN connections in total. I would need shaping vor every single vpn connection to avoid one user eating up the whole vpn bandwidth.

Is there a way to shape every single connection and set values to guarantee=1MBit and max=5Mbit ?

Or is it only possible to shape OpenVPN traffic as a whole?



This thread was automatically locked due to age.
Parents
  • 0

    Hallo Chris,

    Instead of shaping OpenVPN traffic on the External interface, shape the RDC or other traffic on the Internal interface.  In addition to Bandwidth Pools, you will want a download throttling rule for traffic from internal devices that has the following characteristics 

    Cheers - Bob

  • 0 in reply to BAlfson

    Hi,

    generally I would rather like to keep shaping vpn connections on the external interface when that's possible. The reson is that there are some users who do not use RDP/RDC at all but have corporate notebooks at home so they don't use remote desktop but further more file sharing and other services and I want to keep their traffic in shape, too.

    Do I actually have to activate the bandwidth limitation on the "Status" tab of QoS for a network in order to make the entries at "Bandwidth Pools" and "Download Throttling" effective?

    I made a "Download Throttling" entry on our WAN interface for OpenVPN traffic like that:

    Since I was not sure what exactly to choose for outbound traffic throttling I used "Each source/destination".
    What would be the correct setting for limiting corporate outbound traffic on a WAN interface?
    This should limit the bandwidth of each "Sophos VPN Client" connection to 10MBit, correct?
    Do I need a entry at the "Bandwidth Pools" section if I don't care of the total VPN traffic usage?

Reply
  • 0 in reply to BAlfson

    Hi,

    generally I would rather like to keep shaping vpn connections on the external interface when that's possible. The reson is that there are some users who do not use RDP/RDC at all but have corporate notebooks at home so they don't use remote desktop but further more file sharing and other services and I want to keep their traffic in shape, too.

    Do I actually have to activate the bandwidth limitation on the "Status" tab of QoS for a network in order to make the entries at "Bandwidth Pools" and "Download Throttling" effective?

    I made a "Download Throttling" entry on our WAN interface for OpenVPN traffic like that:

    Since I was not sure what exactly to choose for outbound traffic throttling I used "Each source/destination".
    What would be the correct setting for limiting corporate outbound traffic on a WAN interface?
    This should limit the bandwidth of each "Sophos VPN Client" connection to 10MBit, correct?
    Do I need a entry at the "Bandwidth Pools" section if I don't care of the total VPN traffic usage?

Children