Tonally deferent
Tonally deferent
No, Tailscale produces individual connections between end points that are coordinated by central servers. Wireguard is hub and spoke.
Why do you need to use WireGuard?
privacyguy123
Senior Member
My VPN provider provide me with WireGuard config files. I don't know how we got on to this, it's off topic and nothing to do with whether or not Cake QoS can work with VPN'd traffic.
Not off topic as I'm looking for a solution to your issue. The issue is your VPN provider and/or VPN can't handle the load. Try a deferent one. QOS will not fix a bad VPN provider. You could avoid using a VPN for the video source you are using though that might have a cost as dose a decent VPN provider.
privacyguy123
Senior Member
DL speed is 120mb down solid with in built WG client on or off, the issue exist(ed?) In the router somewhere. After installing Cake I wasn't too sure how to see if it was doing anything, and was still able to get a video stream to stutter applying load via speed test websites from my Android phone - albeit it wasn't as bad.
FlexQoS shows for sure traffic being sorted into categories and shaped in the stats page and I am unable to get a video to stutter with SkyQ box playing a Netflx stream, Android phone hammering speed tests and qBittorrent on seeding at a couple mb/s so I've answered my own question it seems.
Which VPN and which protocol I'm using never factored in, IMHO. The stutter only happened when applying load from elsewhere, and that is what I understand QoS fixes.
If a bandwidth test is causing stutter, then your bandwidth limits are too high. This is not to say there are not other issues.
heysoundude
Part of the Furniture
I'm the one who nudged things onto this path, looking for distinction between wireguard and tailscale. apologies for starting that whirlwind
heysoundude
Part of the Furniture
Are we certain it's not a Cake overhead and/or network MTU settings creating the issues?
privacyguy123
Senior Member
I run MTU default and was told to do so by another user in another thread. WG sets it to 1420 internally and the router stays at 1500. Windows 10 laptop is at 1500 also ... is this wrong?
It used to be they could at best use only Level 1 - CTF (Cut Through Forwarding) with Adaptive - https://www.speedguide.net/faq/what-is-nat-acceleration-495 , and not Flow Acceleration. But with newer models using Archer I don't know, I'm out of date.
Last edited:
Isn't the egress default dual-srchost that incorporates flows superior?
privacyguy123
Senior Member
Should I be using his external scripts?
Lynx
Senior Member
@dave14305 does the Asus Merlin QoS GUI enable custom upload options for cake?
If so, then perhaps the easiest way to make cake work with WireGuard VPN(s) would be to override the custom upload options for cake to specify:
@privacyguy123 those custom upload options for cake are necessary for cake to distinguish the encrypted flows at the wan interface.
Alternatively, I outlined the steps that I think would make this work on Asus Merlin in this post:
www.snbforums.com
That is, rather than rely on the Asus Merlin QoS GUI to set cake up, you instead set cake up using that override script, and thereby tweak the cake options to specify:
If so, then perhaps the easiest way to make cake work with WireGuard VPN(s) would be to override the custom upload options for cake to specify:
flows nonat.@privacyguy123 those custom upload options for cake are necessary for cake to distinguish the encrypted flows at the wan interface.
Alternatively, I outlined the steps that I think would make this work on Asus Merlin in this post:
CakeQOS - CakeQoS-Merlin v2.1.1
I wonder if this QOS can handle data parcels in such a way that it can send gaming packages to WAN Interface and the rest to VPN? It might not be able to do it out of the box, but can such a feature be implemented? ping @ttgapers
www.snbforums.com
That is, rather than rely on the Asus Merlin QoS GUI to set cake up, you instead set cake up using that override script, and thereby tweak the cake options to specify:
flows nonat.
Last edited:
privacyguy123
Senior Member
I saw that post yes. The GUI does allow for custom parameters - I assume I just add them in to the upload box right there?@dave14305 does the Asus Merlin QoS GUI enable custom upload options for cake?
If so, then perhaps the easiest way to make cake work with WireGuard VPN(s) would be to override the custom upload options for cake to specify:flows nonat.
@privacyguy123 those custom upload options for cake are necessary for cake to distinguish the encrypted flows at the wan interface.
Alternatively, I outlined the steps that I think would make this work on Asus Merlin in this post:
CakeQOS - CakeQoS-Merlin v2.1.1
I wonder if this QOS can handle data parcels in such a way that it can send gaming packages to WAN Interface and the rest to VPN? It might not be able to do it out of the box, but can such a feature be implemented? ping @ttgapers
So rather than rely on the Asus Merlin QoS GUI to set up cake, you instead set cake up using that override script, and leverage that to tweak the cake options to include 'flows nonat'.
Would this alleviate the need for the hacky scripts?
Can a set up like this be achieved on FlexQoS so that acceleration can stay enabled?
Last edited:
Lynx
Senior Member
Not sure if this GUI will allow you to specify the correct settings. Does the priority queue dropdown include the 'flows' option? If not, what options does it include? Set NAT Lookup to "No". Ultimately you want to end up with 'flows nonat' in the cake upload options. To verify this, login to the router using ssh and then paste the output of 'tc qdisc ls' here. The WAN packet overhead should now also include the WireGuard overhead - 80 bytes I think.
privacyguy123
Senior Member
None of those other options need tweaked? I haven't got it up and running just yet, was hoping to get my head around it beforehand.
privacyguy123
Senior Member
I'm not seeing an option to specify what the upload and download interface is which is needed in the case of using a VPN, right?
Lynx
Senior Member
No with this option you stick with the default (wan upload and ifb created for download based on wan). You just need to end up with 'flows nonat' by either tweaking the options and/or specifying custom upload parameters. And you can verify all worked well using:
when logged in via ssh. The point is that cake can actually distinguish encrypted flows on wan when the 'flows nonat' options are set because of something called skb->hash preservation - see here:
tc qdisc ls when logged in via ssh. The point is that cake can actually distinguish encrypted flows on wan when the 'flows nonat' options are set because of something called skb->hash preservation - see here:
Similar threads
Similar threads
Similar threads
-
-
scMerlin Not Showing Free jffs With Merlin 388.7 alpha2- Started by Ripshod
- Replies: 10
-
-
-
scMerlin scMerlin 2.5.2 - Service and script control menu for Asuswrt-Merlin, April 22, 2024- Started by thelonelycoder
- Replies: 44
-
uKasa uKasa - A utility script that manages Kasa smart outlets and switches with Asuswrt-Merlin routers- Started by JGrana
- Replies: 29
-
Solved 2 routers with Merlin + OpenVPN + AdGuard Home: DNS does not work from OVPN client side
- Started by Luntim
- Replies: 2
-
Updated Hue Utility - huetil Control and manage your Hue system from Asuswrt-Merlin or Raspbian
- Started by JGrana
- Replies: 1
-
DNScrypt Dnscrypt Proxy Installer For Asuswrt-Merlin late 2023 Releases- Started by SomeWhereOverTheRainBow
- Replies: 8