I am in the need to use traffic control tc to regulate the bandwidth.
From what I known is that I can manage the bandwidth using the following
DEV=eth0
RATE="100kbps"
tc qdisc del dev $DEV root
tc qdisc add dev $DEV root handle 1: htb default 10
tc class add dev $DEV parent 1: classid 1:1 htb rate $RATE
This already caused an overall rate limitation on interface eth0.
But I wanted to have the ipsec connection of a specific network (E.g. 10.0.3.0/24) to filter. So this network is limited by the given rate.
I tried to add the following filters
IP="10.0.3.0/24"
tc filter add dev $DEV parent 1: protocol all prio 7 u32 match u32 0 0 flowid 1:1
tc filter add dev $DEV parent 1:1 u32 match ip src $IP flowid 1:10
But unfortunately again all traffic on the interface is limited to the rate.
I also tried marking this IP through iptables as described here:
https://lists.strongswan.org/pipermail/users/2015-July/008546.html
Is there any chance to control bandwidth on a ipsec virtual ip address.
Or how to get the virtual ip addresses in legacy ipsec configs as a route based interface (E.g. vti or ipsec0) to apply tc to its interface
