IKE2 RW VPN queue

TikYAN · Tue May 21, 2024 2:56 pm

Hi Mikrotik-Forum,

is it possible to limit RoadWarrior bandwith?

My Setup is like: https://help.mikrotik.com/docs/display/ ... entication

i tried:

/ip firewall mangle add action=mark-packet chain=forward ipsec-policy=in,ipsec new-packet-mark=mark-ike2rw passthrough=yes src-address-list=RW-VPN-NET
/queue tree add max-limit=1M name=queue-ike2rw packet-mark=mark-ike2rw parent=global queue=default

the queue "see" traffic, but it's not separated by user or didn't work as expected.

Best Regards,
iYAN

TikYAN · Tue May 21, 2024 5:12 pm

Solved!

/ip firewall mangle
add action=mark-packet chain=forward ipsec-policy=in,ipsec new-packet-mark=mark-ike2rw passthrough=yes src-address-list=RW-VPN-NET

and

/queue simple
add max-limit=0/10M name=queue1 packet-marks=mark-ike2rw queue=default/default target="" total-queue=default

But i have to test, if the Queue is "per User", "per Session" or "all RW VPN Users together"...

Last question, how can i adjust the Queue "per Source/RW-IP"?

TikYAN · Wed May 22, 2024 9:04 am

tested with different vpn connections

limit 10mbit/s per "client"

/ip firewall mangle add action=mark-packet chain=prerouting comment="Bandwith Limits for RW VPNs" src-address-list=RW-VPN-NET new-packet-mark=mark-ike2rw-upload passthrough=yes 
/ip firewall mangle add action=mark-packet chain=prerouting comment="Bandwith Limits for RW VPNs" dst-address-list=RW-VPN-NET new-packet-mark=mark-ike2rw-download passthrough=yes

/queue type add kind=pcq name=PCQ_download pcq-classifier=dst-address pcq-rate=10M
/queue type add kind=pcq name=PCQ_upload pcq-classifier=src-address pcq-rate=10M
/queue tree add name=queue-ike2rw-download packet-mark=mark-ike2rw-download parent=global queue=PCQ_download
/queue tree add name=queue-ike2rw-upload packet-mark=mark-ike2rw-upload parent=global queue=PCQ_upload

IKE2 RW VPN queue [SOLVED]

IKE2 RW VPN queue

Re: IKE2 RW VPN queue

Re: IKE2 RW VPN queue [SOLVED]

Who is online