Shaping IPSec tunnel terminated on pfSense box
-
Hello all,
I am trying to figure out the proper configuration for shaping an IPSec tunnel that is terminated on a pfsense box. To clarify, I AM NOT looking to shape traffic inside the tunnel, but rather the overall bandwidth of the tunnel itself.I used the shaper wizard and set the IPSec priority to Below Normal, but traffic sent through the IPSec tunnel still appears to be ending up in the "qwandef" queue (for upload, I am not really interested in download). I am thinking this may be because the rule for outbound ipsec shaping says "From LAN Net to WAN". Does the pfSense box include itself in "lan net"? Is there some other obvious thing I am missing?
Pfsense 1.2.3 running on x86 hardware
Here are the rules in my shaper config (they're the default ones from the wizard)
LAN->WAN AH LAN net * qOthersUpL/qOthersDownL m_Other IPSEC outbound LAN->WAN ESP LAN net * qOthersUpL/qOthersDownL m_Other IPSEC outbound WAN->LAN ESP * LAN net qOthersDownL/qOthersUpL m_Other IPSEC inbound WAN->LAN UDP * LAN net Port: 500 (ISAKMP) qOthersDownL/qOthersUpL m_Other IPSEC inbound WAN->LAN AH * LAN net qOthersDownL/qOthersUpL m_Other IPSEC inbound LAN->WAN UDP LAN net * Port: 500 (ISAKMP) qOthersUpL/qOthersDownL m_Other IPSEC outbound