Welcome, Guest. Please login or register.
Did you miss your activation email?
+  pfSense Forum
|-+  pfSense English Support» Traffic Shaping» OpenVPN traffic shaping
Username:
Password:
 
Home Help Search Login Register
 

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: OpenVPN traffic shaping  (Read 6310 times)
0 Members and 1 Guest are viewing this topic.
elvis.nuno
Newbie
*
Offline Offline

Posts: 10


View Profile
« on: January 06, 2008, 05:42:22 pm »
I'm currently having some problems with latency with my openvpn traffic due to it getting caught by my catch-all p2p queue. I can see the connection state as: 10.0.1.254:1194 <- [routerIP]:1194 <- [remoteVPNclient]:19192

So my traffic shaper rule looks like this:
Target: Outbound Queue 13 (qOthersUpH) / Inbound Queue 14 (qOthersDownH)
In Interface: LAN
Out Interface: WAN
Protocol: TCP
Source: Lan subnet
Source Port Range: OpenVPN
Destination: any
Destination Port range: any
Direction: any


Are those settings correct? Have I missed something?
Logged
elvis.nuno
Newbie
*
Offline Offline

Posts: 10


View Profile
« Reply #1 on: January 08, 2008, 06:34:02 pm »
Anybody?
Logged
Helix26404
Jr. Member
**
Offline Offline

Posts: 55


View Profile
« Reply #2 on: January 10, 2008, 09:22:55 pm »
It's my understanding (having tried to do the same thing, search around here for my posts) that you cannot shape either the traffic inside of the tunnel, nor the tunnel itself (as part of the other traffic going out of the same interface).

Someone please correct me if I'm wrong, but I believe this is the way it is currently.
Logged
Valhalla1
Jr. Member
**
Offline Offline

Posts: 80


View Profile
« Reply #3 on: March 31, 2008, 12:14:04 pm »
can pfsense shape OpenVPN traffic, if the traffic isn't originating or destined for the built in openvpn server on the pfsense install?  I understand its not able to shape the built in vpn tun0 interface and built in openvpn server

for example, I have some remote openvpn servers not running on pfsense or related to my pfsense install in any way, and on my lan behind my pfsense box, I have client machines which connect to the remote vpn servers.    I'm not using the openbsd implementation on pfsense for any of this, pfsense just routes the vpn traffic from lan to wan and vice versa, like a pass through.  since this Lan <--> Wan traffic is what the traffic shaper is made for, if I made the rules to shape all port 1194 traffic as high priority on pfsense, will this work ?
Logged
hoba
Administrator
Hero Member
*****
Offline Offline

Posts: 5844


What was the problem to this solution again?


View Profile WWW
« Reply #4 on: March 31, 2008, 12:46:36 pm »
No, as pfSense only sees encrypted traffic passing through it. It can't determine what's inside this encrypted packages and therefore it can't shape. You only could give higher or lower priority for all that vpn traffic with the shaper but not on different traffic inside the tunnel.
Logged
Valhalla1
Jr. Member
**
Offline Offline

Posts: 80


View Profile
« Reply #5 on: March 31, 2008, 02:27:32 pm »
Quote from: hoba on March 31, 2008, 12:46:36 pm
No, as pfSense only sees encrypted traffic passing through it. It can't determine what's inside this encrypted packages and therefore it can't shape. You only could give higher or lower priority for all that vpn traffic with the shaper but not on different traffic inside the tunnel.

thanks for the reply.. I think I dont really need to shape -within- the tunnel traffic, I just want to ensure outbound/inbound TCP traffic on port 1194 (what I use for openvpn stuff) to have a higher priority than bulk traffic.   whatever happens inside the tunnels pfsense doesnt need to know about in my case, i think.. so the traffic shaper should be able to help me somewhat
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

 

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Page created in 0.026 seconds with 19 queries.