Community discussions

MikroTik App
 
jrosetto
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Fri Feb 19, 2016 9:15 pm

Mikrotik Queue using OpenVPN

Fri Jan 19, 2018 9:25 pm

I have enabled OpenVPN on the router and have it functioning on a few computers and remote SIP phones. Any suggestions on setting up mangle rules for the VPN connections so I can place them in my traffic queue I have already created. I have mangle rules setup and functional for servers in my network but I can't seem to get the OpenVPN running directly on the Mikrotik to drop into a queue correctly.

RB1100Hx4 v6.41
OpenVPN setup in ethernet/tap mode

Any suggestions appreciated,

Thanks.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Mikrotik Queue using OpenVPN

Sun Jan 21, 2018 3:01 am

OpenVPN on the router is a virtual interface: it's traffic will still leave over your regular WAN interface but encapsulated in an encrypted TCP connection.
So the only choise you have with this implementation, is to prioritise all of VPN or not.

You can mangle on the output chain, in mangle table => mark connection.

Then on the postrouting chain for packets going to WAN interface => mark packet corresponding to set connection mark

Finally, in the interface queue, assign packets to selected queue based on that packet mark.
 
jrosetto
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Fri Feb 19, 2016 9:15 pm

Re: Mikrotik Queue using OpenVPN

Mon Jan 22, 2018 4:59 pm

That makes sense. I need to split upload and download of the VPN connections to shape them properly. Is this possible with the encrypted connection or am I stuck throwing it all into one queue?
OpenVPN on the router is a virtual interface: it's traffic will still leave over your regular WAN interface but encapsulated in an encrypted TCP connection.
So the only choise you have with this implementation, is to prioritise all of VPN or not.

You can mangle on the output chain, in mangle table => mark connection.

Then on the postrouting chain for packets going to WAN interface => mark packet corresponding to set connection mark

Finally, in the interface queue, assign packets to selected queue based on that packet mark.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Mikrotik Queue using OpenVPN  [SOLVED]

Mon Jan 22, 2018 5:43 pm

You have the option to shape using Simple queues or queue tree attached to interface.

Using simple queues would be easier here, as you could shape the "clear" traffic.
Using tree, would be a bit more challenging, as only egress (exiting) traffic can be shaped, and that means that in some situations the traffic will be encrypted tunnel.

Ps: with simple queues FastTrack may not be used.
 
jrosetto
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 68
Joined: Fri Feb 19, 2016 9:15 pm

Re: Mikrotik Queue using OpenVPN

Mon Jan 22, 2018 7:57 pm

Thanks for all the help. I already have a queue tree configured shaping other traffic so I will stick with that. To be honest I am really only worried about the outbound traffic... good ol' cable internet.
You have the option to shape using Simple queues or queue tree attached to interface.

Using simple queues would be easier here, as you could shape the "clear" traffic.
Using tree, would be a bit more challenging, as only egress (exiting) traffic can be shaped, and that means that in some situations the traffic will be encrypted tunnel.

Ps: with simple queues FastTrack may not be used.

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], Google [Bot], ivicask, johnson73, mada3k, pajapatak, rhn007 and 90 guests