First off, the main issue of traffic shaping is you must set the interface to rate limit to just below the minimum amount of bandwidth you expect to have. I have a dedicated 100Mb connection, so I can safely set my bandwidth to 98Mb/s.
If you have a 100Mb connection of lesser quality during peak hours, you need to rate limit to your lowest, so if you dip to 80Mb, you need to limit to 78Mb/s, or some value below 80Mb.
Next problem. You cannot see into a VPN tunnel, PFSense will see a single encrypted flow. If you want to rate limit inside the tunnel, you need to set your tunnel interface to rate limit to the minimum rate you want to give the tunnel as a whole.
This does mean in order to properly rate limit, you need to give it a maximum rate if you want to shape the bandwidth with something like HFSC inside the tunnel.
If you don't want to artificially set a maximum, but instead want the tunnel to be able to use an "free" bandwidth, then you could probably use PRIQ or FAIRQ. I would recommend trying FAIRQ first. CoDel may also work. If we had fq_Codel or Cake, I would recommend those because they do well with fluctuating bandwidth where your interface is doing the buffering.