Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 1360 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic shaping for single vpn connections instead of whole vpn traffic

ChrisSoukup

I've been experimenting with traffic shaping in order to handle ~30 external vpn clients accessing their office PCs.

I created a shaping rule for the WAN interface cliking on the In/Out displays on the dashboard and then in Flow Monitor on OpenVPN entry -> "Shape" Button.
The shaping rule helper asks for Guaranteed and Maximum Bandwidth values.

However it seems that the bandwidth is being shaped for all OpenVPN connections in total. I would need shaping vor every single vpn connection to avoid one user eating up the whole vpn bandwidth.

Is there a way to shape every single connection and set values to guarantee=1MBit and max=5Mbit ?

Or is it only possible to shape OpenVPN traffic as a whole?



This thread was automatically locked due to age.
  • 0

    Hallo Chris,

    Instead of shaping OpenVPN traffic on the External interface, shape the RDC or other traffic on the Internal interface.  In addition to Bandwidth Pools, you will want a download throttling rule for traffic from internal devices that has the following characteristics 

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi,

    generally I would rather like to keep shaping vpn connections on the external interface when that's possible. The reson is that there are some users who do not use RDP/RDC at all but have corporate notebooks at home so they don't use remote desktop but further more file sharing and other services and I want to keep their traffic in shape, too.

    Do I actually have to activate the bandwidth limitation on the "Status" tab of QoS for a network in order to make the entries at "Bandwidth Pools" and "Download Throttling" effective?

    I made a "Download Throttling" entry on our WAN interface for OpenVPN traffic like that:

    Since I was not sure what exactly to choose for outbound traffic throttling I used "Each source/destination".
    What would be the correct setting for limiting corporate outbound traffic on a WAN interface?
    This should limit the bandwidth of each "Sophos VPN Client" connection to 10MBit, correct?
    Do I need a entry at the "Bandwidth Pools" section if I don't care of the total VPN traffic usage?

  • 0 in reply to ChrisSoukup

    Hallo Chris,

    The only way to shape the traffic that moves through the SSL VPN in to use Bandwidth Pools and Download Throttling rules on the Internal interface.  With IPsec VPNs, it is possible to shape on the External by Service, but not by internal source/destination.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    ok, I will try your recommended setting.

    Regarding the first tab "status" - are those general setting relevant for download throttling? Or can I actually switch them all off if limiting the "total available bandwidth" is not essential for me?

  • 0 in reply to ChrisSoukup

    On the 'Status' tab, you only need to enable the Interface(s) for which you want to do QoS, Chris.  Here's my recommended setting for a 100/10 ISP connection:

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML