Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Rules to match VPN traffic not working

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 1 Posters 174 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      westforest
      last edited by westforest

      I'm trying to lower the VPN traffic priority in my network. I created a firewall rule to match by dest port on the WAN side first. It didn't work. Then I tried all other combinations, LAN side, src port, etc. None worked. Finally I created a rule to match all UDP on both WAN, LAN and all ports. Still ZERO packets end up in the low priority queue. See the linked screenshots below.

      Another issue about the WAN and LAN. Does dst port always mean the destination port in the IP packet, i.e. for the inbound traffic on the WAN side it's the pfSense box's public IP port, and on the LAN side the internal machine's private IP port.

      alt text

      alt text

      thanks!

      1 Reply Last reply Reply Quote 0
      • W Offline
        westforest
        last edited by westforest

        OK, I got it working by resetting all the stats (despite being a "Quick" rule). Also the source seems to always mean the LAN side machines seen by the router regardless of inbound or outbound, and destination the remote machines on the WAN side.

        I was able to refine the rule to only match destination port 1194 on UDP, and the Openvpn traffic does show up in the low priority queue.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.