Firewall + OpenVPN + Traffic Shaping problem
I have a firewalling problem doing traffic shaping on external openvpn clients connecting internal lan
Connecting clients have no problem with openvpn, but I want to do traffic shaping, eventually limiting their bandwidth.
To do so i thinked to create on external interface all out queues and on the internal one all in queue.
outqueue 94.83.xxx.xxx –---> pfSense -----> LAN inqueue
To put in the outqueue openvpn traffic of the external clients, i thinked to create a stateless rule allowing connection from outside world, and then keeping state on the resulting outbound traffic from lan to openvpn clients, on wan interface
pass in on $WAN proto tcp from any port > 1024 to $WAN port 1194 no state
pass out on $WAN proto tcp from $WAN:1194 to any keep state queue outqueue
i've done this creating a firewall stateless rule in the gui for the first, and an out rule in the "Floating ruleset" for the second, but when i try to connect an external openvpn client i get blocked outbound traffic to the openvpn client from the "default deny ruleset".
the log says that blocked traffic is TCP:SA why?