VPN Bandwidth Throttling

[armsja1]

Hello,

I currently have 5 wireless clients connecting to a hotspot I have created in my neighborhood. After authenticating to the wireless AP's they than VPN to my Win2k Server for DNS/DHCP. More people have requested access, but I am reluctant to grant them access till I have a user/group policy or have a grip on the allotted bandwidth that each client can consume. What I want is to limit the bandwidth to say 64/128kbps. Can this be done through a policy on my Routing and Remote Access, or would it be better to use some sort of Squid proxy? If a Squid proxy is favored, what proxy program works best for this? I'd prefer allowing Win2k handle the throttling, as opposed to installing 3rd party software.

Windows2k Server (VPN)
1 WAP54G
1 WRT54G

Any suggestions would help me out, and would be greatly appreciated. Thank you in advance.

 

[armsja1]

Bunk* Where are all the MCSE's?

 

[bcastner]

I read your original post, and had no good ideas as to bandwidth control other than pure WISP.

Please, see the forum:

http://www.broadbandreports.com/forum/wireless

Your VPN approach just seems so at the start such a wrong approach to WISP, that adding bandwidth controls struck me as impossible.

Sveasoft offers for the WRT54G some router level controls, but you really need to rethink your WISP if you want to make a living at this.

See the Broadbandreports.com site I linked above. These guys have solved the issues you discuss, and can give specific advice.

And, it is unfair to expect an MCSE to answer your question. I hope you are nicer at the WISP forum at broadbandreports.com.

Bill Castner

 

[armsja1]

There was nothing not nice about my post, you are taking it to personal. Perhaps bandwidth throttling is not possible for this setup. As far a trying to make a living at this, I am doing fairly well so far, and I see nothing wrong using the tools at my disposal for adding a layer of protection to my network. Perhaps you are content with the default security levels offered by Wireless devices, my approach for securing a wireless point-to-point is solid, and I challenge anyone who says that it is a backwards approach for securing wireless networking. Actually I challenge you to come up with a better security solution than the one I am running. But that is getting of topic, I just want to limit BW, that is why I asked can it be done, with Routing, or a proxy? If limiting the BW with Routing and Remote services is not the best approach, then you should have stepped up and said so. The reason why I posted in here is because I don't know the answer. Don't be all butt hurt because I asked for a MCSE, perhaps you thought I thought less of non certified people, not the case you are grasping at straws, I didn't mean anything by it, I simply wanted informed answers. Four full load semesters worth of college didn't give me the answer I was seeking, so I thought other MCSE might have remembered something that might work for me.
thank you for your time and the links. If you easily get offended by harmless questions perhaps you shouldn't troll forums.

I am not certified, but I am certifiable

 

[bcastner]

http://www.microsoft.com/windows2000/technologies/communications/ias/

 

[armsja1]

There isn't any way you can rate-limit with RRAS. QoS, yeah you can do that... heck ISA has that built in, but rate-limiting is a whole other beast.

A cheap and easy alternative, use iptables.

http://www.tldp.org/HOWTO/Adv-Routi...mit.single.html

Put the Linux box inbetween the Linksys equipment and your RAS server. Tweak it for your rate settings and config that bad boy up for your clients. I'd just make a rate limit for each host in the DHCP range that is handed out.

 

[bcastner]

Actually I challenge you to come up with a better security solution than the one I am running.

I did so.

If you easily get offended by harmless questions perhaps you shouldn't troll forums.

Troll has a specific meaning for internet participations. I am not a troll. For example, on this site:

bcastner's Member Profile

I live in Chevy Chase, MD; about 3 miles from the White House in Washington, DC. Married, 2 kids.
I believe in Users helping Users.

I've been a member since Aug 13, 2002, and have logged in 2718 times. I last logged in on Wed, Jun 9, 2004.

Threads I've Started: 107
Replies In My Own Threads: 212
Replies To Other Members' Threads: 14840
FAQs I've Written: 7
TipMaster Votes I've Received: 1583

While in the forums, I have voted 78 posts helpful, letting my fellow members know their posts have helped me with my work. (If you feel a post has been helpful to you, click on the link at the bottom of their post to cast a vote for "TipMaster Of The Week". You don't need to be the one who asked the question to vote.) I am also a member of the Tek-Tips Round Table, where I advise management on site improvements.

I am decidedly not a troll My peer awards are lengthy, but I will mention that I am, as one award:

Bill Castner, MS-MVP, Windows Networking

And I did not find your original post offensive, including the notion that MCSEs did not immediately leap to approve your RAS/VPN solution.

I would have found it odd that anyone would leap to your defense of this solution. As you have discovered, there are better solutions existing.

I sincerely hope you follow the link I provided earlier to a strong discussion Forum for WISP implementation:

http://www.broadbandreports.com/forum/wireless