Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN traffic shaping

    Traffic Shaping
    4
    6
    11.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elvis.nuno
      last edited by

      I'm currently having some problems with latency with my openvpn traffic due to it getting caught by my catch-all p2p queue. I can see the connection state as: 10.0.1.254:1194 <- [routerIP]:1194 <- [remoteVPNclient]:19192

      So my traffic shaper rule looks like this:
      Target: Outbound Queue 13 (qOthersUpH) / Inbound Queue 14 (qOthersDownH)
      In Interface: LAN
      Out Interface: WAN
      Protocol: TCP
      Source: Lan subnet
      Source Port Range: OpenVPN
      Destination: any
      Destination Port range: any
      Direction: any

      Are those settings correct? Have I missed something?

      1 Reply Last reply Reply Quote 0
      • E
        elvis.nuno
        last edited by

        Anybody?

        1 Reply Last reply Reply Quote 0
        • H
          Helix26404
          last edited by

          It's my understanding (having tried to do the same thing, search around here for my posts) that you cannot shape either the traffic inside of the tunnel, nor the tunnel itself (as part of the other traffic going out of the same interface).

          Someone please correct me if I'm wrong, but I believe this is the way it is currently.

          1 Reply Last reply Reply Quote 0
          • V
            Valhalla1
            last edited by

            can pfsense shape OpenVPN traffic, if the traffic isn't originating or destined for the built in openvpn server on the pfsense install?  I understand its not able to shape the built in vpn tun0 interface and built in openvpn server

            for example, I have some remote openvpn servers not running on pfsense or related to my pfsense install in any way, and on my lan behind my pfsense box, I have client machines which connect to the remote vpn servers.    I'm not using the openbsd implementation on pfsense for any of this, pfsense just routes the vpn traffic from lan to wan and vice versa, like a pass through.  since this Lan <–> Wan traffic is what the traffic shaper is made for, if I made the rules to shape all port 1194 traffic as high priority on pfsense, will this work ?

            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by

              No, as pfSense only sees encrypted traffic passing through it. It can't determine what's inside this encrypted packages and therefore it can't shape. You only could give higher or lower priority for all that vpn traffic with the shaper but not on different traffic inside the tunnel.

              1 Reply Last reply Reply Quote 0
              • V
                Valhalla1
                last edited by

                @hoba:

                No, as pfSense only sees encrypted traffic passing through it. It can't determine what's inside this encrypted packages and therefore it can't shape. You only could give higher or lower priority for all that vpn traffic with the shaper but not on different traffic inside the tunnel.

                thanks for the reply.. I think I dont really need to shape -within- the tunnel traffic, I just want to ensure outbound/inbound TCP traffic on port 1194 (what I use for openvpn stuff) to have a higher priority than bulk traffic.  whatever happens inside the tunnels pfsense doesnt need to know about in my case, i think.. so the traffic shaper should be able to help me somewhat

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.