In this recipe, we will use traffic shaping to limit the upload speed of an OpenVPN client. This can be used to throttle the bandwidth of a client to the server, or from client to client. Note that OpenVPN traffic shaping cannot be used to throttle the download speed of OpenVPN clients. Throttling download speeds can best be achieved using external traffic control tools, such as the tc
utility on Linux, which is part of the LARTC package.
We use the following network layout:
Set up the client and server certificates using the Setting up the public and private keys recipe from Chapter 2, Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.11. The client was running Windows 7 64 bit and OpenVPN 2.3.11. Keep the configuration file basic-udp-server.conf
from the Server-side routing recipe from Chapter 2, Client-server IP-only Networks, as well as the client configuration file basic-udp-client.ovpn
from the Using an ifconfig-pool block recipe.
basic-udp-server.conf
file:push "shaper 100000"
This will throttle the upload speed of the VPN clients to 100,000 bytes per second (100 kbps). Save it as example8-7-server.conf
.
[root@server]# openvpn --config example8-7-server.conf
iperf
on the server:[server]$ iperf -s
iperf
on the Windows PC, the performance is close to 100 KB/s:When the OpenVPN client connects to the server, the server pushes out an option to shape outgoing traffic over the VPN tunnel to 100 KB/s. Whenever traffic is sent over the tunnel, the OpenVPN client itself limits the outgoing traffic to a maximum of 100 KB/s. The download speed is not affected by this, and note that the following directive cannot be used on the OpenVPN server itself:
shaper 100000
To throttle traffic leaving the server, more advanced traffic control tools such as tc
for Linux should be used.
3.135.221.112