Rules to match VPN traffic not working
I'm trying to lower the VPN traffic priority in my network. I created a firewall rule to match by dest port on the WAN side first. It didn't work. Then I tried all other combinations, LAN side, src port, etc. None worked. Finally I created a rule to match all UDP on both WAN, LAN and all ports. Still ZERO packets end up in the low priority queue. See the linked screenshots below.
Another issue about the WAN and LAN. Does dst port always mean the destination port in the IP packet, i.e. for the inbound traffic on the WAN side it's the pfSense box's public IP port, and on the LAN side the internal machine's private IP port.
OK, I got it working by resetting all the stats (despite being a "Quick" rule). Also the source seems to always mean the LAN side machines seen by the router regardless of inbound or outbound, and destination the remote machines on the WAN side.
I was able to refine the rule to only match destination port 1194 on UDP, and the Openvpn traffic does show up in the low priority queue.