Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Shaping IPSec tunnel terminated on pfSense box

    Scheduled Pinned Locked Moved Traffic Shaping
    1 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Apple_Eater
      last edited by

      Hello all,
      I am trying to figure out the proper configuration for shaping an IPSec tunnel that is terminated on a pfsense box. To clarify, I AM NOT looking to shape traffic inside the tunnel, but rather the overall bandwidth of the tunnel itself.

      I used the shaper wizard and set the IPSec priority to Below Normal, but traffic sent through the IPSec tunnel still appears to be ending up in the "qwandef" queue (for upload, I am not really interested in download). I am thinking this may be because the rule for outbound ipsec shaping says "From LAN Net to WAN". Does the pfSense box include itself in "lan net"? Is there some other obvious thing I am missing?

      Pfsense 1.2.3 running on x86 hardware

      Here are the rules in my shaper config (they're the default ones from the wizard)

      LAN->WAN AH 	LAN net 	* 	qOthersUpL/qOthersDownL 	m_Other IPSEC outbound
LAN->WAN ESP 	LAN net 	* 	qOthersUpL/qOthersDownL 	m_Other IPSEC outbound
WAN->LAN ESP 	* 	LAN net 	qOthersDownL/qOthersUpL 	m_Other IPSEC inbound 
WAN->LAN UDP 	* 	LAN net      Port: 500 (ISAKMP) 	qOthersDownL/qOthersUpL 	m_Other IPSEC inbound
WAN->LAN AH 	* 	LAN net 	qOthersDownL/qOthersUpL 	m_Other IPSEC inbound
LAN->WAN UDP 	LAN net 	* Port: 500 (ISAKMP) 	qOthersUpL/qOthersDownL 	m_Other IPSEC outbound
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.