CakeQOS CakeQoS-Merlin v2.1.1

[johndoe85]

I wonder if this QOS can handle data parcels in such a way that it can send gaming packages to WAN Interface and the rest to VPN?
It might not be able to do it out of the box, but can such a feature be implemented?

ping @ttgapers

 

[DJones]

I wonder if this QOS can handle data parcels in such a way that it can send gaming packages to WAN Interface and the rest to VPN?
It might not be able to do it out of the box, but can such a feature be implemented?

ping @ttgapers

I’m not aware of that being possible. Brainstorming a way to do something similar I’d probably segment my network something like this. Maybe a better way would be to use VLAN's but I'm not sure how. But at least by doing this you could run Cake on router #2 and bandwidth limit on Router #1

 

[johndoe85]

I’m not aware of that being possible. Brainstorming a way to do something similar I’d probably segment my network something like this. Maybe a better way would be to use VLAN's but I'm not sure how. But at least by doing this you could run Cake on router #2 and bandwidth limit on Router #1View attachment 48184

Well this chatGPT thingy that they implemented in bing searches said this.

"
Hello, this is Bing. I can help you with your query.

A VPN (Virtual Private Network) is a service that encrypts your internet traffic and protects your online identity. Some people use VPNs for gaming to access geo-restricted content, bypass censorship, or improve security.

However, using a VPN for gaming can also affect your connection speed and latency, which can impact your gaming performance. Therefore, you may want to exclude gaming from VPN while having VPN applied to the whole network.

One way to do this is to use a feature called **split tunneling**³, which allows you to choose which apps or websites go through the VPN and which ones don't. This way, you can exclude your games from the VPN and enjoy faster speeds and lower ping times.

Not all VPNs offer split tunneling though, so you need to check if your VPN provider supports this feature before using it. For example, NordVPN³ has a split tunneling option on its Windows app that lets you exclude specific apps from the VPN.

To use split tunneling on NordVPN³, you need to follow these steps:

- Open the NordVPN app on your Windows device.
- Click on the Settings icon at the top right corner of the app.
- Scroll down to Split tunneling and toggle it on.
- Click on Add apps and select the games you want to exclude from the VPN.
- Click Add and close the settings window.

Now you can enjoy gaming without VPN while having VPN applied to the whole network.

I hope this helps. Do you have any other questions?

Source: Conversation with Bing, 2023-02-25(1) excluding games from vpn : r/nordvpn - reddit.

https://www.reddit.com/r/nordvpn/comments/82ybpj

Använd 2023-02-25.
(2) Should I use a VPN for gaming? | PC Gamer. https://www.pcgamer.com/should-i-use-a-vpn-for-gaming/ Använd 2023-02-25.
(3) Should You Use a VPN for Gaming? - How-To Geek. https://www.howtogeek.com/711245/should-you-use-a-vpn-for-gaming/ Använd 2023-02-25."

 

[Yakumo]

I wonder if this QOS can handle data parcels in such a way that it can send gaming packages to WAN Interface and the rest to VPN?
It might not be able to do it out of the box, but can such a feature be implemented?

ping @ttgapers

You need a VPN with Split Tunnelling, I wouldn't expect QoS management to be mangled into doing that for you.

 

[Lynx]

@johndoe85 here is a proposal for you.

Does Asus Merlin support WireGuard right now?

If so, a 'qos-start' script could be created that applies cake on wan for upload (CAKE can work with WireGuard encrypted upload packets using skb->hash preservation and so can distinguish all egress flows on wan notwithstanding mixture of unencrypted and encrypted flows - see this link for more information) and on the lan interface for download (all egress flows on lan are unencrypted anyway).

I believe @RMerlin's 'qos-script' here:

https://www.snbforums.com/threads/cake-test-cake-experiments-for-386-2-beta.71271/

would provide an excellent starting point for this purpose because it already applies CAKE on the right interfaces.

Unless I am missing anything, then I think for my proposal to work you would only need to:

- switch to WireGuard (which NordVPN servers support, albeit not officially - you just need to extract the credentials for use with WireGuard by first using their proprietary NordLynx utility on a Linux desktop or Windows machine running WSL - see e.g. here);

- switch to using @RMerlin's 'qos-start' script from the link above; and

- ensure that $ULOPTIONS in the 'qos-start' script include 'flows nonat', either by setting these in the Asus Merlin GUI for the upload CAKE options or by amending the 'qos-start' script. These options are necessary for CAKE to leverage the skb->hash preservation.

This would provide a generic way to get CAKE to properly work in Asus Merlin notwithstanding the use of one or more VPNs.

 

[SenseOfScience]

The Merlin firmware includes CAKE QOS. There is an addon that allows for more configuration and IMHO will make it work better yet it may meet your needs with out the addon.

Which add-on are you referring to? Thanks!

 

[Kingp1n]

Is the stable version addon still CAKEQoS-Merlin v2.1.2 or did Dev 2.2.1 became final? Thanks!

 

[SomeWhereOverTheRainBow]

Is the stable version addon still CAKEQoS-Merlin v2.1.2 or did Dev 2.2.1 became final? Thanks!

If you have anything greater than 250mbps connection, I'd advise against using this.

 

[Kingp1n]

Thanks for the response, however my question was more in line with the Dev 2.2.1 option and if it ever came out Development, but I think v2.1.2 is the latest stable version. Thanks!

 

[privacyguy123]

Stumbled across this when noticing video streams lagging when load is applied elsewhere in the network ("bufferbloat") although if I understand what I'm reading right it will not work with my setup which is all traffic routed through a WireGuard VPN Client within the firmware. Is there a script or fix somewhere I need to download or some setting I need to adjust?

 

[Morris]

Stumbled across this when noticing video streams lagging when load is applied elsewhere in the network ("bufferbloat") although if I understand what I'm reading right it will not work with my setup which is all traffic routed through a WireGuard VPN Client within the firmware. Is there a script or fix somewhere I need to download or some setting I need to adjust?

Even with WireGuard which is not particularly CPU intensive, a VPN introduces multiple places for congestion and this makes them less than ideal for real time applications such as video. You might have better luck with Tailscale as the VPN provider's network is not part of the flow.

 

[privacyguy123]

Even with WireGuard which is not particularly CPU intensive, a VPN introduces multiple places for congestion and this makes them less than ideal for real time applications such as video. You might have better luck with Tailscale as the VPN provider's network is not part of the flow.

No offence, but that doesn't address the question. I use a WireGuard client to connect to my VPN provider, changing provider/program is not within my scope ... I'm asking if Cake QoS needs altered in some way to play nicely with a WG adapter. I read on the forum that it isn't supported out of the box because it classes all traffic as Upload.

 

[Morris]

No offence, but that doesn't address the question. I use a WireGuard client to connect to my VPN provider, changing provider/program is not within my scope ... I'm asking if Cake QoS needs altered in some way to play nicely with a WG adapter. I read on the forum that it isn't supported out of the box because it classes all traffic as Upload.

CAKE QOS is designed to address backpressure on the WAN interface. Even if your WAN link is loaded, that's just one of your issues and CAKE QOS is not the fix. A VPN is not designed for real time traffic, it's a security mechanism and bending it to route video traffic will frequently result in what you are experiencing. You need to address your design.

 

[privacyguy123]

CAKE QOS is designed to address backpressure on the WAN interface. Even if your WAN link is loaded, that's just one of your issues and CAKE QOS is not the fix. A VPN is not designed for real time traffic, it's a security mechanism and bending it to route video traffic will frequently result in what you are experiencing. You need to address your design.

Does this translate to "Cake or any QoS setting does not work when VPN is enabled in router firmware" ?

 

[Morris]

Does this translate to "Cake or any QoS setting does not work when VPN is enabled in router firmware" ?

Sometimes. QOS is not a setting, it's an algorithm.

All traffic traveling over a VPN is treated as a single connection by a QOS solution. If the host of the VPN server has all there ducks in order, then a single video stream with no other traffic on the VPN link will work as well as the VPN host's network and/or the CPU of the VPN server and/or the VPN client's CPU.

 

[privacyguy123]

To be honest, installing this seems to cut out the choppiness in video streams when under load, so it seems to be doing something. Some recommended settings posted earlier in the thread are doing *something* - although I notice the script turns off the acceleration on my particular model, I assume due to it being a slower router. Perhaps that was the fix after all.

 

[heysoundude]

Even with WireGuard which is not particularly CPU intensive, a VPN introduces multiple places for congestion and this makes them less than ideal for real time applications such as video. You might have better luck with Tailscale as the VPN provider's network is not part of the flow.

I am probably mistaken or misunderstanding, but I was under the impression that Tailscale is simply a preconfigured version of WireGuard. perhaps even a branded one.

 

[privacyguy123]

I am probably mistaken or misunderstanding, but I was under the impression that Tailscale is simply a preconfigured version of WireGuard. perhaps even a branded one.

Tailscale is some "magic DNS" thing that allows computers connected to it's special subnet to communicate with eachother even from outside LAN.

I cannot use Tailscale to connect to my VPN providers WireGuard server.

 

[Yakumo]

To be honest, installing this seems to cut out the choppiness in video streams when under load, so it seems to be doing something. Some recommended settings posted earlier in the thread are doing *something* - although I notice the script turns off the acceleration on my particular model, I assume due to it being a slower router. Perhaps that was the fix after all.

All the QoS options and the Traffic Analyzer disable acceleration, the inspection is done by CPU so packets can't just run through the acceleration hardware as that is bypassing the CPU.

 

[privacyguy123]

All the QoS options and the Traffic Analyzer disable acceleration, the inspection is done by CPU so packets can't just run through the acceleration hardware as that is bypassing the CPU.

Strange, I didn't notice Adaptive turning those options off.