Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Wed Aug 28, 2019 19:03 Post subject:
eugene1973 wrote:
Did the ISP give you the dd-wrt box
to use on their service?
If not you may want to restore factory defaults without that script fix.
No, it's my router. And that line does not come from the script. It's in the route table created by dd-wrt.
My vpn setup is vanilla NordVPN with PBR plus, in the openvpn client config, several "remote" lines with "remote-random" so that I draw a server out of a hat. Nothing exotic at all, and it's worked for a year or so. In fact it's worked great with the script tweaking local access for many months. The script doesn't change any route-table lines. (I don't use anyone's script without careful analysis and testing.) It just copies them from one table to the other. No biggie.
I suspect you are overthinking the questions of gateways and tunnels here. Nothing special is going on. It's an ordinary simple ISP setup with a cable modem. The vpn system builds a tunnel through the wan and isp to the nordvpn server. There is no tunnel within a tunnel here. The ISP connection is not some funky tunnel. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Wed Aug 28, 2019 19:16 Post subject:
egc wrote:
@SurprisedItWorks, to clarify some things...
Thanks, egc. I appreciate the nuggets there.
Looks like the thing for me to do, re the original question, is to update to a new build and in QoS set Port to LAN&WLAN so I can attempt to set priorities at the interface level. I'll go with the HTB and Cake unless I hear a good reason to go a different way. Then I can try setting priorities at the interface level. Looks like I just keep SFE off for now. (Have never used it anyway, because of the PBR issue.)
I guess I'll find out, at least as far as implied by the menus on the QoS page, whether I have independent control of priorities for tun1 and for the interfaces that feed it. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
In my experience a separate tunnel is created in VPN services. I see you have a tunnel. Take windows VPN for instance. It creates a tunnel on the fly. Since we are talking dd-wrt it will create a more permanent tunnel. Normally though the tunnel is not the interface the gateway resides on. But I haven't tried dd-wrt VPN before.
The scope of your IP addresses and routes plays a part in QOS.
Best effort
Expedited forwarding
Assured forwarding
Network controlled
Are the usual names for cos/QOS
If your interface on the wan port of the
dd-wrt box is using QOS it might wig
out if the other side of that cable,
the one that goes to the cable modem.
Because it might be using best effort.
You need to get use of assured forwarding
on the cable modem side. If you can't
you must match assured forwarding as
close as possible in dd-wrt. Check to
find out which QOS values match assured
forwarding the best.
I haven't figured it out yet.
I think.
But if it drops the internet it is a scope
problem. QOS should not ever drop. If
your network is right.
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Wed Aug 28, 2019 19:39 Post subject:
Hey @eugene1973, those sound like issues for the implementer of dd-wrt to sort out, not me. I gather there's been a recent burst of effort on QoS at the dd-wrt implementation level, so for now I'm just going to assume they know what they are doing and try it out (over the weekend). Certainly the categories of QoS effort you mention do not appear on the QoS config page in dd-wrt. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Mon Sep 02, 2019 15:09 Post subject:
egc wrote:
...as far as I know QoS will not work on downstream with SFE turned on (I am not even sure SFE stays on if you enable QoS in earlier builds it was disabled when QoS was turned on, so check with lsmod .
I'm on 40784 now and with SFE enabled, did lsmod before and after enabling QoS (indeed with Cake). Without QoS, there was a module fast_classifier at the top of the list. When QoS was enabled, that module disappeared. So QoS use forces SFE off internally.
I have QoS set up with LAN&WLAN/HTB/Cake and five interface priorities (incl two for bridges) set up with the priorities set from the menus on the right. All the numerical limits in the interface table are set to "none".
What I don't know is how to test this or to even verify that it is working in any way. The suggestions in the wiki article to look at /proc/net/nf_conntrack for mark=... packets is not helpful, as there are no such lines in nf_conntrack's output.
Ideas, anyone? _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
For QoS, it really depends on how you are setting it. For Linux, traffic control is common for setting QoS. To see the current QoS with traffic control you can run the following command: