Thank you for the feedback. My problem is that I’m not able to classify the vpn traffic on eth01. I can classify any other internet traffic successfully. When I apply the rule udp/[vpn port number] as you suggested to capture the encrypted vpn traffic, it does not classify it. Strangely a blank rule that should classify all traffic classifies all traffic but vpn traffic. The vpn traffic still ends up in the default class. I haven’t tried to sub-classify the vpn traffic yet, but I suspect that it will work normally. I first need to be able to classify the vpn traffic successfully on eth01 where it is competing with all other internet traffic.
I will set up a new test platform and I will post screenshots of the inability to classify vpn traffic on eth0 — or I will post screen shots of me looking stupid and wasting your time 😉