Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall + OpenVPN + Traffic Shaping problem

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Aladino_73
      last edited by

      Hi,
      I have a firewalling problem doing traffic shaping on external openvpn clients connecting internal lan
      Connecting clients have no problem with openvpn, but I want to do traffic shaping, eventually limiting their bandwidth.
      To do so i thinked to create on external interface all out queues and on the internal one all in queue.

      outqueue 94.83.xxx.xxx –---> pfSense -----> LAN inqueue

      To put in the outqueue openvpn traffic of the external clients, i thinked to create a stateless rule allowing connection from outside world, and then keeping state on the resulting outbound traffic from lan to openvpn clients, on wan interface

      pass in on $WAN proto tcp from any port > 1024 to $WAN port 1194 no state
          pass out on $WAN proto tcp from $WAN:1194 to any keep state queue outqueue

      i've done this creating a firewall stateless rule in the gui for the first, and an out rule in the "Floating ruleset" for the second, but when i try to connect an external openvpn client i get blocked outbound traffic to the openvpn client from the "default deny ruleset".

      the log says that blocked traffic is TCP:SA why?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.