Copy the script from /etc/qos to /tmp/qos-tunXX and edit it so that the WAN_DEV is replaced by tunXX instead of vlan2 and IMQ_DEV is replaced by imq1 instead of imq0. Remember to verify which interface you are using for your VPN setup. tun11 and tun12 are used for client 1 and 2. tun21 and 22 are used for server 1 and 2. We would be able to autogenerate this by using sed which is included in the default build. On my setup this is what I have in my firewall script: Code: cp /etc/qos /tmp/qos-tun11 sed -i 's/vlan2/tun11/g' /tmp/qos-tun11 sed -i 's/imq0/imq1/g' /tmp/qos-tun11 chmod +x /tmp/qos-tun11 /tmp/qos-tun11 iptables -t mangle -A FORWARD -o tun11 -j QOSO iptables -t mangle -A OUTPUT -o tun11 -j QOSO iptables -t mangle -A PREROUTING -i tun11 -j CONNMARK --restore-mark --mask 0xff iptables -t mangle -A PREROUTING -i tun11 -j IMQ --todev 1 ifconfig imq1 up  Oops. Forgot to bring the interface up ) [/edit] --OP Hi all, Would it be possible to hack in support for QoS over OpenVPN connections? Atm only traffic going out of the WAN interface is passing through the QoS que. It would be nice if also OpenVPN traffic could be processed by the QoS system. Do you think this is a hardcoded thing (ie need to recompile) of could this be solved by configuration? All the VPN traffic is shown seperately under the QoS but is never processed by the rules. Therefore all VPN traffic is labelled as Unclassified.