Float rules for traffic shaping and openvpn shaping inside VPN
I have tested shaping on normal traffic generated from LAN side. I created in a similar way of wizard the queues on LAN and WAN and generated these rules:
- Match rule in out direction for WAN interface that catches traffic with a specific destination port (for example HTTPS) and puts that traffic in the prioritized upload queue created on the WAN interface. This is for upload shaping.
- Match rule in out direction for WAN interface that catches traffic with a specific destination port (for example HTTPS) and puts that traffic in the prioritized download queue created on the LAN interface. This is for download shaping.
It seems to work but i'm not sure if it's the right way of doing this. If it is so, I have some questions that maybe stupid but together may clarify me the way pfsense works:
- Why always destination port for both directions? Is it related to state that connection creates? Why also always out direction in the rule?
- Why download is outgoing traffic for LAN?
- It seems possible in floating rules to tag traffic for shapers in whathever interface and if that traffic passes the interface where there is the queue assigned, that queue is used, am I right?
Now I want to ask a more specific question for VPN traffic, I tried the same rules to match VPN traffic using openvpn port as destination but it seems not to work. Is it the fact that the connection generates externally with port forwarding the problem? How can I match that kind of traffic?
After this I would like also to prioritize traffic inside VPN connection, is it possible? For that case can I create shaper in openvpn interface? And for that interface what VPN traffic will I shape, download or upload? The rules will be similar of those above? As I have only one inteface how can i prioritize the other direction of traffic? Will I need to create a subqueue inside LAN or WAN?