I have enabled OpenVPN on the router and have it functioning on a few computers and remote SIP phones. Any suggestions on setting up mangle rules for the VPN connections so I can place them in my traffic queue I have already created. I have mangle rules setup and functional for servers in my network but I can’t seem to get the OpenVPN running directly on the Mikrotik to drop into a queue correctly.
RB1100Hx4 v6.41
OpenVPN setup in ethernet/tap mode
Any suggestions appreciated,
Thanks.
OpenVPN on the router is a virtual interface: it’s traffic will still leave over your regular WAN interface but encapsulated in an encrypted TCP connection.
So the only choise you have with this implementation, is to prioritise all of VPN or not.
You can mangle on the output chain, in mangle table => mark connection.
Then on the postrouting chain for packets going to WAN interface => mark packet corresponding to set connection mark
Finally, in the interface queue, assign packets to selected queue based on that packet mark.
That makes sense. I need to split upload and download of the VPN connections to shape them properly. Is this possible with the encrypted connection or am I stuck throwing it all into one queue?
You have the option to shape using Simple queues or queue tree attached to interface.
Using simple queues would be easier here, as you could shape the “clear” traffic.
Using tree, would be a bit more challenging, as only egress (exiting) traffic can be shaped, and that means that in some situations the traffic will be encrypted tunnel.
Ps: with simple queues FastTrack may not be used.
Thanks for all the help. I already have a queue tree configured shaping other traffic so I will stick with that. To be honest I am really only worried about the outbound traffic… good ol’ cable internet.