Posted: Thu Apr 26, 2018 4:11 Post subject: When OpenVPN is on it ignores QoS Down/Uplink Limits + More
Hi there,
I updated my router from v3.10.103-r30681 (09-22-2016) to DD-WRT v3.0-r35681 std (04/06/1 recently, I could no longer wait for a version with non-looping ebtables which would break OpenVPN that was KRACK patched.
I substituted ebtables with a working version, CPU usage came down and OpenVPN would connect, however, when OpenVPN is enabled: QoS Down/Uplink limits are ignored, bufferbloat is high, packet loss and erratic speeds.
Considering that the ebtables has been replaced with a functional build, I was wondering if anyone had any ideas on how to get OpenVPN traffic to respect the QoS limits? I tried running iptables -t mangle -vnL in SCP, it listed all traffic as exempt.
Is this a specific problem with the OpenVPN build on this version? I cannot find any information on this, not in the ebtables replacement topic or in the thread for the (04/06/1 version. Nobody is complaining about the issue but me when ebtables is replaced on this build.
The router was reset before and after the upgrade. Anything you can do to help would be wonderful, thanks.
TP-Link Archer C9 V1
DD-WRT v3.0-r35681 std (04/06/1
Kernel Version
Linux 4.4.126 #2890 SMP Fri Apr 6 09:30:11 CEST 2018 armv7l
Did you try disabling shortcut forwarding engine under the setup tab?
Yeah, I already tried disabling it, it didn't help. OpenVPN respects QoS and symptoms go away if I don't substitute the ebtables file with one that works... but without substituting my ebtables my routers CPU usage climbs to 75% on the dual core 1ghz when idling with OpenVPN enabled. Scratch that, after 12 minutes uptime the CPU usage has climbed to 90% at idle.
Edit: I tried disabling the firewall as well, still same effect.
Policy based Routing N/A-Blank
PKCS12 Key N/A-Blank
CA Cert Private
Public Client Cert N/A-Blank
Private Client Key N/A-Blank
Shortcut Forwarding Engine Disabled
Quality of Service
Start QoS Enable
Port LAN & WLAN (have tried just WAN, makes no difference.)
Packet Scheduler HFSC (Have tried changing this.)
Queueing Discipline FQ_CODEL (Have tried changing this.)
Downlink (kbps) 27000
Uplink (kbps) 26940
TCP-Packet Priority
ACK Unchecked (Have tried changing these.)
SYN Checked (Have tried changing these.)
FIN Checked (Have tried changing these.)
RST Checked (Have tried changing these.)
Other settings under QoS not configured, have tried changing them, no change, so deleted.
I have several Port Triggering rules for various programs, haven't tried to see if those are being ignored w/without ebtables replacement while OpenVPN is enabled or disabled. File size of ebtables is different from older versions or other router builds. Testing ebtables without replacement locks router up and requires restart.
Should be noted, manually changed settings to match working build when upgraded, have tried various tweaks and toggles, but eventually returned values to last known working settings on old build.
Btw, the router is hooked up to my fiber ONT and is being used as a wireless access point, symptoms persist weather using wireless or using ethernet ports in previously described scenarios.
recently, I could no longer wait for a version with non-looping ebtables which would break OpenVPN that was KRACK patched.
