Limit wireguard peer speed

openwrt-wireguard-limit-banchwidth limit.sh

#!/bin/sh

# based on https://www.procustodibus.com/blog/2022/12/limit-wireguard-bandwidth/
# wireguard setup and peers setup done by script: https://openwrt.org/docs/guide-user/services/vpn/wireguard/automated


# Show traffic control classes for the device wg_lan - should be empty
tc class show dev wg_lan

# Add HFSC qdisc to wg_lan (root queueing, handle 1, default class 1)
tc qdisc add dev wg_lan parent root handle 1: hfsc default 1

# Create class 1:1 with HFSC, 500Mbit guaranteed BW 
tc class add dev wg_lan parent 1: classid 1:1 hfsc sc rate 500mbit ul rate 500mbit

# Create class 1:11 under 1:1 with HFSC, 6Mbit guaranteed BW 
tc class add dev wg_lan parent 1: classid 1:11 hfsc ls rate 6mbit ul rate 6mbit

# Create class 1:19 under 1:1 with HFSC, 100Mbit guaranteed BW 
tc class add dev wg_lan parent 1:1 classid 1:19 hfsc ls rate 100mbit

# Change default class of HFSC qdisc to class 1:19
tc qdisc change dev wg_lan parent root handle 1: hfsc default 19

# Filter packets to 10.0.5.10 (prio 1, IP match) into class 1:11
tc filter add dev wg_lan parent 1: protocol ip prio 1 u32 match ip dst 10.0.5.10 classid 1:11

# Verify configuration by showing traffic control classes again
tc class show dev wg_lan

# it should be something like:
# class hfsc 1: root
# class hfsc 1:11 parent 1: ls m1 0bit d 0us m2 6Mbit ul m1 0bit d 0us m2 6Mbit
# class hfsc 1:19 parent 1:1 ls m1 0bit d 0us m2 100Mbit
# class hfsc 1:1 parent 1: sc m1 0bit d 0us m2 500Mbit ul m1 0bit d 0us m2 500Mbit