In short - two windows-based PCs, connected by VPN tunnel passing through 2 MTs.
I want to block all users except 10.20.2.80 user from using VPN and at the same time to limit that user to max.30kB/s in VPN.
Is this a right configuration?
Some users from 10.20.2.0/24 network say that they are having VPN with NET-link network limited to 30kB/s.
So, what am I doing wrong, since all users can use VPN limited at 30K?
MANGLE:
19 ;;; joza vpn
chain=prerouting src-address=10.20.2.80 protocol=gre
dst-address-list=NET action=mark-connection
new-connection-mark=joza vpn passthrough=yes
20 chain=prerouting connection-mark=joza vpn action=mark-packet
new-packet-mark=joza vpn passthrough=no
21 chain=prerouting dst-address=10.20.2.80 protocol=gre
src-address-list=NET action=mark-connection
new-connection-mark=jozavpn2 passthrough=yes
22 chain=prerouting connection-mark=jozavpn2 action=mark-packet new-packet-mark=jozavpn2 passthrough=no
FIREWALL FILTER:
2
;;; VPN DROP
chain=forward src-address=!10.20.2.80 protocol=gre
dst-address-list=NET action=drop
3 chain=forward dst-address=!10.20.2.80 protocol=gre src-address-list=NET
action=drop
QUEUE TREE:
10 name="joza vpn" parent=NET-Link packet-mark=joza vpn limit-at=0
queue=default priority=8 max-limit=245760 burst-limit=0
burst-threshold=0 burst-time=0s
11 name="joza vpn2" parent=NET-Link packet-mark=jozavpn2 limit-at=0
queue=default priority=8 max-limit=245760 burst-limit=0
burst-threshold=0 burst-time=0s