TikYAN
1
Hi Mikrotik-Forum,
is it possible to limit RoadWarrior bandwith?
My Setup is like: https://help.mikrotik.com/docs/display/ROS/IPsec#IPsec-RoadWarriorsetupusingIKEv2withRSAauthentication
i tried:
/ip firewall mangle add action=mark-packet chain=forward ipsec-policy=in,ipsec new-packet-mark=mark-ike2rw passthrough=yes src-address-list=RW-VPN-NET
/queue tree add max-limit=1M name=queue-ike2rw packet-mark=mark-ike2rw parent=global queue=default
the queue “see” traffic, but it’s not separated by user or didn’t work as expected.
Best Regards,
iYAN
Solved!
/ip firewall mangle
add action=mark-packet chain=forward ipsec-policy=in,ipsec new-packet-mark=mark-ike2rw passthrough=yes src-address-list=RW-VPN-NET
and
/queue simple
add max-limit=0/10M name=queue1 packet-marks=mark-ike2rw queue=default/default target="" total-queue=default
But i have to test, if the Queue is “per User”, “per Session” or “all RW VPN Users together”…
Last question, how can i adjust the Queue “per Source/RW-IP”?
tested with different vpn connections 
limit 10mbit/s per “client”
/ip firewall mangle add action=mark-packet chain=prerouting comment="Bandwith Limits for RW VPNs" src-address-list=RW-VPN-NET new-packet-mark=mark-ike2rw-upload passthrough=yes
/ip firewall mangle add action=mark-packet chain=prerouting comment="Bandwith Limits for RW VPNs" dst-address-list=RW-VPN-NET new-packet-mark=mark-ike2rw-download passthrough=yes
/queue type add kind=pcq name=PCQ_download pcq-classifier=dst-address pcq-rate=10M
/queue type add kind=pcq name=PCQ_upload pcq-classifier=src-address pcq-rate=10M
/queue tree add name=queue-ike2rw-download packet-mark=mark-ike2rw-download parent=global queue=PCQ_download
/queue tree add name=queue-ike2rw-upload packet-mark=mark-ike2rw-upload parent=global queue=PCQ_upload