Am about to turn on QOS to give a select subgroup of users (3?) top bandwidth priority for their fat client application that connects to a remote server.
While I would only pick one of these to set, I could configure the QOS either by user IP, destination IP or service in case one of those is superior for the VPN aspect I'm about to bring up.
The users have to launch an application-provided VPN client before starting the application.
From the second to last line in https://support.astaro.com/support/index.php/Using_QoS :
"QoS only works on physical interfaces. This means that VPN tunnels are troublesome or impossible to QoS."
Does this line mean QOS absolutely won't work for us in this instance?
(Just giving the prioritized users priority for all of their traffic wouldn't do the trick?)
My other concern is that while we control things at our end (IP etc), the other side could change IPs or ports at any time. So I want whatever rule is setup to minimize future changes. Just by user ip is nice but doesn't limit those users from their wasteful traffic. Configuring by destination IP or port/service might be a problem given the VPN piece, don't know.
Should destination IP turn out to be the best way to do this, assume the host side has a range of IPs (not just 1), for security won't reveal what they all are, and we are willing to make a overly broad rule as the lesser of two evils. Then would Network be the best definition type to use? I'm assuming the overly broad subnet mask we'd make up need not match what the host is actually using as long as what we set it ended up broader than theirs (covered all of their IPs)? I ask in case I'm unable to obtain a specific DNS group setting (that would seem to be the most preferable) when I ask our sometimes uncooperative host.
Please confirm which interface gets the rule as well.
Hope that makes sense. Glad to clarify if not.
Happy New Year.
While I would only pick one of these to set, I could configure the QOS either by user IP, destination IP or service in case one of those is superior for the VPN aspect I'm about to bring up.
The users have to launch an application-provided VPN client before starting the application.
From the second to last line in https://support.astaro.com/support/index.php/Using_QoS :
"QoS only works on physical interfaces. This means that VPN tunnels are troublesome or impossible to QoS."
Does this line mean QOS absolutely won't work for us in this instance?
(Just giving the prioritized users priority for all of their traffic wouldn't do the trick?)
My other concern is that while we control things at our end (IP etc), the other side could change IPs or ports at any time. So I want whatever rule is setup to minimize future changes. Just by user ip is nice but doesn't limit those users from their wasteful traffic. Configuring by destination IP or port/service might be a problem given the VPN piece, don't know.
Should destination IP turn out to be the best way to do this, assume the host side has a range of IPs (not just 1), for security won't reveal what they all are, and we are willing to make a overly broad rule as the lesser of two evils. Then would Network be the best definition type to use? I'm assuming the overly broad subnet mask we'd make up need not match what the host is actually using as long as what we set it ended up broader than theirs (covered all of their IPs)? I ask in case I'm unable to obtain a specific DNS group setting (that would seem to be the most preferable) when I ask our sometimes uncooperative host.
Please confirm which interface gets the rule as well.
Hope that makes sense. Glad to clarify if not.
Happy New Year.