hi

can any body help me about that, i want to have L7 filter on vpn packets, L2TP and PPTP.

if any body can help, please give its file.

thanks

Not on encrypted packets, no. If the router is terminating the connection, however, you can inspect the packets before encryption or after decryption. That happens when the traffic comes out of a tunnel interface or goes into a tunnel interface. Refer to the packet flow diagram to see what facilities are available.

http://wiki.mikrotik.com/wiki/Manual:Packet_Flow

hi

i mean that my router is pppoe server and i want to control my users bandwidth that take from vpn servers on internet, does it encrypted or not.

and if it is encrypted you said that it is impossible, so how can i control that

thanks

If encrypted packets are passing through your router you cannot look inside them. That's the whole point of VPNs and encryption.

hi

so you said that i cant find packets for although it uses standard vpns that uses statndard protocol, such as ipsec and,...

how can i solve my problem, is there another way?

thanks

The whole purpose of an encrypted VPN is to hide the data inside the packet from anyone that is looking. If there was a way to look inside the packets, do you think anyone would use that VPN method?

hi

i dont want to look to content of encrypted data in packet, i need that router from kind of encryptuion or other way know that it is vpn packet to manage bandwidth for that.

thanks

Oh. Then you don't need L7 at all. VPN packets use commonly known ports and protocols. Just Google them. The IPSec suite, for example, includes IP protocols 50 (ESP) and 51 (AH) as well as UDP/500 (ISAKMP) and UDP/4500 (NAT-T).

hi

thanks alot for your attention

now i use quee tree for my QOS.

i wanted to have axact information about that.

can you say me how can i limit bandwidth on port and also i dont want to do this limit for all of my users

i want to do that for some of my ip address classes.

please say me about all of vpn ports and openvpn and in where i can limit that for some of my ip addresses

thanks

Just use Google to find out the ports. That information is easily available for you there.

Here is a link showing QoS per customer and per port: http://mum.mikrotik.com/presentations/C ... _Megis.pdf. Just adjust it for your protocols.