IPSec and fq_codel

Curdie · January 16, 2019, 07:08:59 PM

I've a small community of friends in a rural community sharing the same 10 megabit copper-over-Ethernet link. fq_codel was working fine to keep latency low and allow maximum available bandwidth for every user- really brilliant- but we also have a site-to-site IPSec bridge using this bridge to download/upload files seems to saturate the link creating really high latency and such for everyone. It doesn't appear to be hitting the queue at all. How can I manage this?

Curdie · January 16, 2019, 07:50:29 PM

I tried adding WAN rules:

from other ipsec host, dest port 500 to my download pipe
to other ipsec host, dest port 500 to my upload pipe

does not seem to work and I'm not sure why

mimugmail · January 16, 2019, 07:52:50 PM

Traffic goes over protocol 50 or udp 4500

Curdie · January 16, 2019, 08:31:41 PM

Thanks so much, mimugmail! Setting protocol to esp did the trick.

IPSec and fq_codel

Curdie

January 16, 2019, 07:08:59 PM

Curdie

January 16, 2019, 07:50:29 PM #1

mimugmail

January 16, 2019, 07:52:50 PM #2

Curdie

January 16, 2019, 08:31:41 PM #3