1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Just a quick question about QOS

Discussion in 'Asuswrt-Merlin' started by Skeptical.me, Jun 14, 2018 at 3:04 AM.

  1. Skeptical.me

    Skeptical.me Occasional Visitor

    Joined:
    Sep 22, 2016
    Messages:
    23
    Location:
    Australia
    Does QOS still operate when using one of the OpenVPN VPN Clients?


    (ASUS RT-AC87U WRT-Merlin Firmware 584.5)
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,389
    Yes. I would suggest using FReshJR_QOS on adaptive QOS. This is by far the most granular control within reason for ovpn with QOS users.
     
  4. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    694
    Not really,

    With the router acting like an OpenVPN server the following happens:

    Out of the box 25% of traffic is accounted for. (Partial WAN UPLOAD traffic detection)
    It is possible to get 50% of traffic accounted for with a custom rule. (Full WAN UPLOAD traffic detection).

    Eg with a VPN, traffic flows like this

    Code:
    Download traffic
     -router downloads file
     -router uploads file to VPN client      (I can make custom QOS rule to detect this)
    
    Upload Traffic
      -router downloads file from VPN client
      -router uploads the file                (detected by QOS as part of default configuration)
    
    
    As you can see, the entire portion "WAN download" is not accounted for when using the VPN server.

    It should be possible to get "WAN download" working but the setup is beyond my knowledge.
     
    Last edited: Jun 14, 2018 at 11:09 AM
  5. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,389
    @FreshJR
    Code:
    Download traffic
     -router downloads file
     -router uploads file to VPN client      (I can make custom QOS rule to detect this)
    What custom rule are you thinking of here?
     
  6. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    694
    Currently the upload portion you quoted is completely whitelisted from upload QOS traffic (it shouldn't be).

    Since that upload traffic is already present and transversing the eth0 interface, the data just has to be marked so QOS will start accounting for it on the upload portion instead of it being zero-rated.

    As for download traffic, the traffic control qos system functions something like this (for non VPN traffic).

    [​IMG]

    Download traffic comes in on eth0 from WAN
    Download traffic gets forwarded to br0
    Download traffic gets QOS'd as it leaves br0 towards LAN device
    LAN --> LAN traffic leaving br0 is whitelisted

    --

    Upload traffic gets QOS'd as it leaves from eth0 and pushed onto WAN.

    --

    The issue with VPN traffic is that ALL data transfer is between eth0 & tun21.
    (The traffic never touches br0 so it cannot hit the br0 limiter)


    It is easy to segregate download VPN traffic from the remainder all other traffic on eth0.

    The hard part ?impossible? part is that I do not know how to do is send the segregated traffic onto the "br0" interface and then forward it back onto the "eth0" interface. This redundant step needs to be done, so it can be part of the br0 bandwidth limiter.

    --

    So back to my original answer.
    Currently QOS + VPN traffic is mostly broken out of the box. (75% broken)
    It can be made slightly better, but will remain 50% broken.

    ASUS should really fix it ... grumble .. grumble ...
    It literally is their job. Doesn't have to be identified, just NOT whitelisted.

    Whitelisting WAN traffic breaks QOS performance completely.
     
    Last edited: Jun 15, 2018 at 1:21 AM
    skeal likes this.
  7. Skeptical.me

    Skeptical.me Occasional Visitor

    Joined:
    Sep 22, 2016
    Messages:
    23
    Location:
    Australia
    I thought that was the case, as when I'm streaming video (which is priority 1) and downloading large files over usenet the video will buffer. However, without the VPN client on QOS appears to work fine. Thanks for answering the question.


    Sent from my iPhone using Tapatalk Pro
     
  8. Skeptical.me

    Skeptical.me Occasional Visitor

    Joined:
    Sep 22, 2016
    Messages:
    23
    Location:
    Australia
    I'll take a look at this FReshJR_QOS, cheers :)


    Sent from my iPhone using Tapatalk Pro
     
  9. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    694
    The script won’t fix the VPNServer data from being not detected by QOS.

    Once again,

    Upload traffic can be properlly accounted via the script and an additional custom rule.

    Download traffic will not be properly accounted for no matter what, due it never touching the bro interface.
     
  10. Skeptical.me

    Skeptical.me Occasional Visitor

    Joined:
    Sep 22, 2016
    Messages:
    23
    Location:
    Australia
    Ok, got it.

    That's a shame.

    I understood your post I replied to first, the second reply I actually thought that was from another user and I was replying just to be polite (I don't usually use this Tapatalk App, I don't think I like it.)


    Sent from my iPhone using Tapatalk Pro
     
  11. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    694
    After rereading your use case, it seems I misunderstood your question.

    My reply was towards following VPN configuration:

    1) The router can act as a VPN server.
    This means if when you are using public WiFi, to keep your data private, you can tunnel into your own VPN server by having the router act as a VPN provider instead of paying for a privately hosted VPN. As an additional bonus you can also access local devices on your home network as if you never left WiFi.

    I think your use VPN as follows.

    2) You have LAN client connect to the router like normal, but you have set up the router to tunnel all the LAN clients traffic through a private VPN instead of directly through your ISP.

    For configuration (2) it might be possible to get VPN traffic fully accounted on both upload and download.

    Unfortunately for me, I use the setup defined in configuration (1).

    I do not subscribe to a private VPN so I cannot see how the underlying ASUS configuration is actually implemented for configuration (2) and potentially develop rules.
     
    Last edited: Jun 15, 2018 at 4:05 AM
  12. Skeptical.me

    Skeptical.me Occasional Visitor

    Joined:
    Sep 22, 2016
    Messages:
    23
    Location:
    Australia
    Yeah, when you wrote "VPN server" in your earlier post I thought you may have misunderstood. However, QOS definitely isn't working with configuration (1). It's not a big deal, its just annoying at times. Thanks for your time. :)


    Sent from my iPhone using Tapatalk Pro
     
  13. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    694
    I developed custom rules to make QOS work properly when the router acts as a VPN client.

    Enjoy!
     
    Skeptical.me and skeal like this.
  14. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,389
    Sorry Fresh where do I find the custom rules? Am I missing something? I use a ovpn client for streaming full time.
     
  15. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    694
    https://www.snbforums.com/threads/r...-and-inner-workings.36836/page-78#post-412034

    Keep in mind I couldn't test performance properly since the freeVPN server I was using was limited to ~1mbps.

    I could barely discern if traffic is being whitelisted (due to background traffic) or simply occurring such small quantities. o_O
     
    Last edited: Jun 16, 2018 at 4:58 AM
  16. Skeptical.me

    Skeptical.me Occasional Visitor

    Joined:
    Sep 22, 2016
    Messages:
    23
    Location:
    Australia
    Great, thank you. Thanks for taking the time to address the issue, I appreciate it. I will test it, thanks again. :)
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!