Настроено согласно мануала, клиент по впн работает интернет есть, только download шейпер не работает.
Правела стандартные изменений нету система freebsd 11
00050 allow tcp from any to me 22
00051 allow tcp from me 22 to any
00052 allow tcp from any to me 1723 in
00053 allow tcp from me 1723 to any out
00054 allow gre from any to any
00110 allow ip from any to any via lo0
00120 skipto 1000 ip from me to any
00130 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17
00160 skipto 2000 ip from any to me
00200 skipto 500 ip from any to any via vtnet0
00300 skipto 4500 ip from any to any in
00400 skipto 450 ip from any to any recv vtnet0
00490 allow ip from any to any
00500 skipto 32500 ip from any to any in
00540 allow ip from any to any
01000 allow udp from any 53,7723 to any
01010 allow tcp from any to any setup keep-state :default
01020 allow udp from any to any keep-state :default
01100 allow ip from any to any
02000 check-state :default
02010 allow icmp from any to any
02020 allow tcp from any to any 22,80,443,5006
02030 allow tcp from table(101) to any 3306
02050 deny ip from any to any via vtnet0
02060 allow udp from any to any 53,7723
02100 deny ip from any to any
04500 allow ip from any to table(100)
05000 skipto 18503 ip from table(24) to table(14)
05001 allow ip from table(44) to table(14)
05002 skipto 18504 ip from table(21) to table(11)
05003 allow ip from table(41) to table(11)
18500 fwd 127.0.0.1,8080 tcp from any to any 80
18501 fwd 127.0.0.1,8081 tcp from any to any 443
18502 deny ip from any to any
18503 pipe tablearg ip from table(24) to any
18504 pipe tablearg ip from table(21) to any
32000 deny ip from any to any
32490 deny ip from any to any
32500 allow ip from table(100) to any
33000 skipto 46501 ip from table(14) to table(34)
33001 allow ip from table(14) to table(44)
33002 skipto 46502 ip from table(11) to table(31)
33003 allow ip from table(11) to table(41)
46500 deny ip from any to any
46501 pipe tablearg ip from any to table(34)
46502 pipe tablearg ip from any to table(31)
60000 deny ip from any to any
65535 deny ip from any to any
не понятная ситуация куда смотреть вроде все работает, но приэтом шейпера нету на download.
Заметил одну особенность с таблицы 21 pipe попадает в трубу трафик, а с таблицы 31 не вижу в Pipe трафика хотя правила все созданны. и номера есть. по ipfw show видно что попадает в таблицу 31 тарффик.