Hello,
I would like to mark SSTP traffic, outgoing on interface ‘isp’ in ip firewall mangle. Do I just setup the rule for tcp dst port 443 on outgoing interface ‘isp’, then mark with ‘my_mark’? The dst is a dynamic IP.
Here is the situation:
I have a site-to-site sstp vpn link which goes out over the ‘isp’ interface. Yesterday, I realised that PCoIP had no QoS rules… the same for VoIP on the VPN. I already have some mangle postrouting rules and a queue tree setup for the ‘isp’ interface and is limited to 6132k (max permitted by isp).
I have setup a prerouting rule to mark all PCoIP packets with dscp 34, if it has no dscp set already. I also added handlers for VoIP traffic, which already has DSCP set. Next, I added a new queue tree for the specific DSCP fields I use (and 0/none). The parent is the SSTP interface.
Problem: I now have two parent trees, one for the ‘isp’ interface and one for the SSTP interface, but the SSTP really should be a child under ‘isp’. I have to now classify SSTP packets going out of ‘isp’ interface, and have child queue under ‘isp’ queue specifically for the SSTP, in order to utilise the 6132k max limit, otherwise the SSTP either has unlimited traffic and saturates the link sometimes, vice-versa or in theory no total control over it all.
I hope that makes sense!
If there is a simpler way to have separate queues for normal traffic on the ‘isp’ interface and the SSTP interface, which runs over the ‘isp’ interface, that would be nice.
TIA Tony