I have a VPN (tun0) that operates over my Internet connection (fxp0).
I'm using PF and HFSC to manage traffic (5.3 Beta 3), and it works well,
until I try to introduce the VPN in to the rules.
The problem is, I need to be able to prioritize traffic accross both
interfaces, not just fxp0. It isn't sufficient to just treat all VPN
traffic as a single stream, I need to be able to manage individual
protocols within the VPN and data sent directly to the Internet.
It would seem the simplest solution is to create a virtual interface
where both data to and from fxp0 and tun0 can be treated as a single
interface. The VPN carries handles a different subnet from the LAN, so
distinguishing between them in the rulesets should be quite simple.
Any suggestions welcome.
The Other Guy