hfsc no usa prioridades, https://forum.pfsense.org/index.php?topic=46233.msg242274#msg242274
Si todo va a pasar por el túnel pienso que…
Si se toma el asistente con CBQ y se le pide sólo que priorice IPSec las colas quedan como:
$ pfctl -s queue
queue root_em1 on em1 bandwidth 1Mb priority 0 cbq( wrr root ) {qACK, qDefault, qOthersHigh, qOthersLow}
queue qACK on em1 bandwidth 200Kb priority 6 cbq( red ecn borrow )
queue qDefault on em1 bandwidth 100Kb priority 3 cbq( red ecn borrow default )
queue qOthersHigh on em1 bandwidth 100Kb priority 4 cbq( red ecn borrow )
queue qOthersLow on em1 bandwidth 50Kb priority 2 cbq( red ecn borrow )
queue root_em0 on em0 bandwidth 1Gb priority 0 cbq( wrr root ) {qLink, qInternet}
queue qLink on em0 bandwidth 200Mb priority 2 qlimit 500 cbq( red ecn borrow default )
queue qInternet on em0 bandwidth 10.49Mb cbq( red ecn ) {qACK, qOthersHigh, qOthersLow}
queue qACK on em0 bandwidth 2.10Mb priority 6 cbq( red ecn borrow )
queue qOthersHigh on em0 bandwidth 1.05Mb priority 4 cbq( red ecn borrow )
queue qOthersLow on em0 bandwidth 524.28Kb priority 3 cbq( red ecn borrow )
Y las Floating que usan las colas son:
$ pfctl -s rules | grep queue
match on em1 proto udp from any to any port = isakmp label "USER_RULE: m_Other IPSEC outbound" queue qOthersHigh
match on em1 proto ah all label "USER_RULE: m_Other IPSEC outbound" queue qOthersHigh
match on em1 proto esp all label "USER_RULE: m_Other IPSEC outbound" queue qOthersHigh
em0 es LAN a 1 Gbit/s
em1 es WAN a 1 Mbit/s de subida a internet