Traffic Shaping over the Tun0 Open VPN Interface?
-
I did a search and found this bit on how you can't shape over the vpn interface. It's old and perhaps not the best informed answers.
http://forum.pfsense.org/index.php/topic,3013.msg18132.html#msg18132
Please review my thoughts and let me know if and where I go wrong.
I get it that you can't shape the vpn traffic on the wan interface because it's already encrypted and it all looks like the same ssl traffic. But can't you shape traffic going out the tun0 interface? wouldn't you see that before it's encrypted and sent out the wan interface?
Also What are the thoughts of assigning tun0 to an OPT interface in the gui so you can use it as an interface for traffic shaping?
Thanks.
-
You can assign a tun0 as an opt if you want (check the doc wiki in my sig, it's under openvpn filtering)
I haven't tried shaping, it might work.
-
Thanks for the info, only question I have about your wiki, what is the syntax to specify the tun device name in the custom options? Do you just add 'dev "tunX"' in the semi-colon separated custom options field?
-
Yes, just in the semicolon separated list of custom options put
dev tun99;