VPN's as WAN?

killerb81

Hey there, quick question about setting up QOS.

A little bit of info:

• I have 2 OpenVPN client connections always connected (one to a server in Canada, the other to a server in the States)
• I send traffic through each one using firewall aliases and LAN rules. This is working fine.
• Also have HAVP as a parent proxy to a transparent Squid / SquidGuard proxy / filter.

As you know these VPN connections appear as interfaces / gateways.
My question is, when I setup QoS do these VPN connections qualify as multiple WANs? Or do I just set it up as a single LAN / single WAN?

I understand that QoS works on traffic LEAVING any given interface. So shaping downloads would be on the LAN interface, and uploads on the WAN interface.
I'm just not sure how QoS can shape uploads if they're already encrypted on the VPN… or does QoS happen before they get placed on the VPN?

Another question about HOW QoS works:
If the shaper works on traffic leaving an interface, how can it shape download traffic that I've already received?
Seeing as the LAN traffic is where downloads are shaped... it seems this is traffic already passed through pfSense and is placed on the local network. Isn't this already too late to "shape" traffic as it's already arrived... ?  Or am I not understanding correctly?  (probably the latter)  :)

Thanks in advance! Any nudge in the right direction would be great.

edit: I want the QoS to use CBQ scheduler. I also don't care about specific protocols because I have dedicated VMs on my network to download torrents and from usenet. I just want to prioritize entire hosts to a certain queue.