WireGuard and Traditional QOS

[Tomo123]

I have an issue, hope you good people can help.

Asus RT-AX86U Pro with latest Merlin, WireGuard enabled on router ( using NoIP ), Traditional QOS enabled, no issues there.

Today, I decided to copy some files from my computer ( at home, connected to router running WireGuard server ) to my mobile phone ( at work, client on 5g mobile network ). Copying started, but was limited to a very slow speed. After some digging around, it seems that the router's QOS is classifying my WireGuard traffic as low priority. I confirmed that by setting router's QOS low priority traffic to 100% upload bandwidth availability ( was at 5% before ). Instantly, I could saturate my upload speed from my home computer to my mobile phone.

Question is... how can I set the router up so QOS completely ignores WireGuard VPN traffic and allows full upload/download speeds when trying to access home network over WireGuard VPN server running on router? Or, at least, set VPN traffic as higher priority, instead of "default" low priority?

Question 2... why, for the love of all that is bandwidth related, does QOS even touch VPN traffic?! Who thought that idea was good, in any way, shape or form?

Thank you very much for your time. Have a great weekend.

 

[Tomo123]

Anyone? Do I just add 10.0.6.* clients under higher classification in QOS, or...?

 

[Kingp1n]

I have an issue, hope you good people can help.

Asus RT-AX86U Pro with latest Merlin, WireGuard enabled on router ( using NoIP ), Traditional QOS enabled, no issues there.

Today, I decided to copy some files from my computer ( at home, connected to router running WireGuard server ) to my mobile phone ( at work, client on 5g mobile network ). Copying started, but was limited to a very slow speed. After some digging around, it seems that the router's QOS is classifying my WireGuard traffic as low priority. I confirmed that by setting router's QOS low priority traffic to 100% upload bandwidth availability ( was at 5% before ). Instantly, I could saturate my upload speed from my home computer to my mobile phone.

Question is... how can I set the router up so QOS completely ignores WireGuard VPN traffic and allows full upload/download speeds when trying to access home network over WireGuard VPN server running on router? Or, at least, set VPN traffic as higher priority, instead of "default" low priority?

Question 2... why, for the love of all that is bandwidth related, does QOS even touch VPN traffic?! Who thought that idea was good, in any way, shape or form?

Thank you very much for your time. Have a great weekend.

I dont believe you can have QoS bypass Wireguard, but I may be wrong. Maybe someone else who uses WG can assist.

 

[Tech9]

Traditional QOS enabled

Why Traditional QoS, by the way? Runner and Flow Cache incompatible, limits WAN-LAN throughput. I also found it not working correctly in many firmware versions.

 

[Tomo123]

Traditional QOS was my weapon of choice, since it was finely tuned towards my needs and the needs of my family ( surfing, online gaming, voice chatting, torrenting... ), but it Traditional QOS is incompatible with WireGuard, I will have to reconsider my options.

What would you recommend as the best course of action? My needs are to finely tune the QOS, and to bypass QOS messing with Wireguard. Is that even possible?

Connection is 100/50 Mbit currently. Will go fiber in the future, but when exactly... who knows.

 

[Tech9]

but it Traditional QOS is incompatible with WireGuard, I will have to reconsider my options.

Must be compatible. With 100/50 ISP you have no issues with any QoS choice. The router can do about 400Mbps with NAT acceleration disabled.

 

[Tomo123]

Thanks. Do you have any suggestions as on how to bypass QOS on VPN traffic, or at least, move VPN traffic from low classification to something higher?

I already tried adding VPN port and 10.6.0.* adresses to higher QOS traffic classification, but nothing works... VPN traffic from home PC to mobile phone on another network is still limited to the speed set to low classification ( 5% ) on the QOS page. So, basically, my VPN traffic is treated same as torrenting...

 

[Tech9]

Keep in mind I found this Traditional QoS broken in many different firmware versions. If IPv6 is enabled on the router - almost guaranteed broken. Does it work correctly on your device, your firmware and your settings - no idea. You have to experiment and see what works for you. The theory of how things should work may not apply.

 

[Tomo123]

IPv6 is disabled. Any suggestions, as I am at a complete loss here? I would like to avoid creating OpenSSH servers on LAN devices I need to access. WireGuard is godsent for what I need, albeit flawed in combination with QOS.

 

[Tech9]

My available test Asus router is a different model and runs on a different Asus GPL, I guess.

I'm inviting @ZebMcKayhan to this conversation. He knows details around WireGuard on Asuswrt.

 

[Tomo123]

Thank you very much.

 

[ZebMcKayhan]

I'm inviting @ZebMcKayhan to this conversation. He knows details around WireGuard on Asuswrt.

Thanks for the invite, but I don't have anything to contribute to this thread. I have never used any QoS and I don't know the first thing about how it works.

 

[Tomo123]

Thank you for your time, Zeb. Much appreciated.

P.S. Just tried a quick OpenVPN setup. Same thing. QOS is a must for me now, but the incompatibility with any kind of VPN is a damn shame...

 

[Tech9]

What happens if you prioritize the port your VPN is using? Still not working?

 

[Tomo123]

As it happens, I already tried that. Basically, I tried the following:

1. prioritize WG VPN IP range, 10.6.0.*, and later tried individual VPN IPs ( 10.6.0.1, 10.6.0.2 ) - not working
2. prioritize WG VPN port - not working
3. prioritize by client MAC adress - not working

Everything I try, it keeps setting my VPN traffic to "Low" classification. Disabling QOS solves all my issues, and speeds are peachy. But, since RT-AX86U Pro ( as a heart of the network ) is serving a lot of devices and a few wired APs, and internet traffic being quite "colourful", finely tuned Traditional QOS is key to happiness of everyone connected. Or they will cave my head in

Until this QOS/VPN issue is solved ( ain't holding my breath, since it seems a long standing issue ), I guess I'll have to go back to running an OpenSSH, WG or OpenVPN server on my home PC and just have access to that.

 

[Tech9]

Running the server on a network device and prioritizing the device sound like a good workaround. Something small and power efficient like RPi may work well for you.

 

[glens]

... internet traffic being quite "colourful", finely tuned Traditional QOS is key to happiness of everyone connected. Or they will cave my head in

Got to ask: when was (how long ago) the last time you tried making everyone happy /without/ QOS? Has nothing changed at all since then?

 

[heywire]

I don't really understand the goal here: why you would want to deprioritize other traffic, including tasks sensitive to delay, like gaming, voip and streaming, in order to gain some more speed downloading files? And how often is this really a problem? And when it is, would you seriously prefer that all these other time sensitive tasks gets totally strangled to a halt so that you can download your files a little faster?

Why are you choosing Traditional QOS for "finely tuning", isn't Adaptive QOS just plain better and gives more customization options, in addition to the fact that you get hardware acceleration (activation of Trend Micro is the only downside). There is also FlexQOS which gives you more options for fine tuning upon that.

But first of all, I'd like to suggest that you take CakeQOS for a spin, as it is designed to be simple to set up, but do fair sharing and eliminate bufferbloat (it also doesn't rely on Trend Micro, but downside is that it has no hw acceleration, which means you're limited to about <350Mbit wan).

 

[heywire]

Oh, and in case what you really want is an unrestricted wireguard connection for time sensitive tasks on it, maybe this is what you're seeking, "split-tunnelling":

CakeQOS - CakeQoS-Merlin v2.1.1

I wonder if this QOS can handle data parcels in such a way that it can send gaming packages to WAN Interface and the rest to VPN? It might not be able to do it out of the box, but can such a feature be implemented? ping @ttgapers

www.snbforums.com

 

[Tomo123]

@glens Well, a lot of people are doing a lot of different things online at the same time. One is torrenting, other one wants to voice chat, little cousins are watching some skibi dibi crap on YouTube, others are sharing stuff over Whatsapp, surfing, streaming movies and whatnot, playing games online... I had them all write up all apps they mostly use, and looked up ports so I could tune up QOS for all their needs. Took me a while to setup and tweak. Had to almost memorize Toastman's QOS tutorial by heart, but finally, everyone seems happy. No big complaints so far. Honestly, I am scared to change up everything as it is now. When bandwidth gets upgraded in the future, I will crash everything without survivors and retweak the entire system, while avoiding Traditional QoS.

@heywire Thank you for your insight into the matter. You gave me some hard cold facts and quite a bit of food for thought. Thank you for that. And thank you for pointing me to split-tunneling. Will read up on it for sure.