What's new

[Alpha] 386.2

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Just curious if CAKE affects how a VPN is running...I'm currently using the built-in DoT and full time VPN; I'm also using vpgmgr and when I change the VPN city, everything shows as connected in VPN GUI, however, when I run an ipleak test or dnsleaktest, it's showing my actual IP address and not the VPN IP.

I tried to reboot and it keeps showing my actual IP thought VPN tab shows my VPN is gtg.

I'll try to go back to A. QoS to see if the same applies or it may some be some internal changes within the alpha fw.

I might have to reset router to factory but just thought I would comment here.

Aside from this, CAKE is working without any issues!!!! I'll report back!!!

Thanks!

Update: Switching to A. QoS is doing the same thing. I feel I might have to reset to factory.
 
Last edited:
is there a table for mpu settings, for connections or some sort of calculation?
 
is there a table for mpu settings, for connections or some sort of calculation?
It's tied to the WAN packet overhead. So choose the overhead and MPU should automatically change.
 
Just curious if CAKE affects how a VPN is running...I'm currently using the built-in DoT and full time VPN; I'm also using vpgmgr and when I change the VPN city, everything shows as connected in VPN GUI, however, when I run an ipleak test or dnsleaktest, it's showing my actual IP address and not the VPN IP.

I tried to reboot and it keeps showing my actual IP thought VPN tab shows my VPN is gtg.

I'll try to go back to A. QoS to see if the same applies or it may some be some internal changes within the alpha fw.

I might have to reset router to factory but just thought I would comment here.

Aside from this, CAKE is working without any issues!!!! I'll report back!!!

Thanks!

Update: Switching to A. QoS is doing the same thing. I feel I might have to reset to factory.
Mine is doing the same thing....Im pretty much running the same, but Im running Nextdns
Showing my WAN IP

EDIT: When I set Force Internet traffic through tunnel=YES, I'm able to get back my VPN IP
 
Last edited:
When you refer to 'replacing the qos script with your own' do you mean we would disable Cake in the webui and run something like the present cake-qos, or that we could run something like a 'cake-qos.cfg.add' script to override the web settings?

For instance, I am currently running cake-qos with upload and download options raw diffserv3 rtt 80ms, which I arrived at after a lot of testing and which works for my setup and ISP and gives me a very steady 3x A+ on DSL reports.

This is where the next iteration/updates to cake-qos will get to, providing the ability for those customizations or manually via what you described.
 
I'm testing CAKE-QoS now. If I'm testing w/Comcast do I need to set a value inside MPU or leave it at '0' (default)? Thanks!
If you use the present cake-qos script and it's enabled it will switch off the alpha A.Qos completely. I have mine safely set to stop and all is good while testing the alpha. If I mis-read apologies in advance lol.
 
Click on the red arrow and pick a preset.
Thank you, also wanted to ask why the ptm setting doesn't stick even though the preset for bridged ptm has it, but when it hit apply it reversts to normal?
 
Thank you, also wanted to ask why the ptm setting doesn't stick even though the preset for bridged ptm has it, but when it hit apply it reversts to normal?
Because it's alpha software.
 
on my 68u I disable CTF and enable QOS and then select cake reboot etc but no matter what I do when I go to the very next tab named "Classification" it tells me: Note: QoS is not enabled.

Is this normal? I understand from the post above that this is alpha release firmware so I thought I might ax the experts.
 
on my 68u I disable CTF and enable QOS and then select cake reboot etc but no matter what I do when I go to the very next tab named "Classification" it tells me: Note: QoS is not enabled.

Is this normal? I understand from the post above that this is alpha release firmware so I thought I might ax the experts.
I haven't used the Alpha yet myself, but Cake doesn't use the built-in classifications so the tab isn't needed when Cake is selected. Cake is also not using the Asus QoS mechanisms which will be why you see "QoS is not Enabled".

I use the CakeQoS add-on script which shows exactly the same.

EDIT: I had assumed you were using a RT-AX68U, and didn't spot the full model in your signature. See @dave14305 reply further down - Cake is only supported on HND routers and therefore not the RT-AC68U
 
Last edited:
Just loaded, seems some trouble with iproute2

octopus@RT-AX86U-EA08:/tmp/home/root# routes
Table 254
default via 158.xxx.xxx.x dev eth0
Table 111
Table 112
Table 113
Table 114
Table 115


Error: argument "ovpnc1" is wrong: table id value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: invalid table ID

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc1" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: table id value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: invalid table ID

Error: argument "ovpnc3" is wrong: "table" value is invalid

Error: argument "ovpnc3" is wrong: "table" value is invalid
@RMerlin
 
Last edited:
Hi Eric ( @RMerlin ),

I installed the latest alpha version on my RT-AX88U, which was released March 4, 2021.

After flashing this firmware version I noticed that selective routing doesn't work well anymore. Maybe something got broke in this version (?)


Test case #1:
LAN IP client: 192.168.1.10

Settings for VPN client #1:
Accept DNS Configuration: Exclusive

1614943735220.png

. VPN is running.
. webpages don't load (no DNS!)
. Pinging 1.1.1.1 results in replies.

When 'Accept DNS Configuration' is set to 'strict' or 'relaxed', internet access works but the VPN's DNS server is NOT used. Instead, the WAN's DNS server is used. This is to be expected when the VPN's DNS server is not responding.


Test case #2:
LAN IP client: 192.168.1.10

Settings for VPN client #1:
Accept DNS Configuration: Exclusive

1614943858372.png


Now everything works fine (selective routing disabled). No DNS leaks, DNS server from VPN provider is used.

For the time being I disabled selective routing.

If you want me to test something, please let me know!

Regards,
Alex
 
Last edited:
on my 68u I disable CTF and enable QOS and then select cake reboot etc but no matter what I do when I go to the very next tab named "Classification" it tells me: Note: QoS is not enabled.

Is this normal? I understand from the post above that this is alpha release firmware so I thought I might ax the experts.
Cake isn’t available on the AC68U (kernel too old). Only HND models.
 
couldn't get ematch to work. Wasted a whole evening on it. tc keeps complaining about a syntax problem, even after updating to the latest tc version (5.11.0), and copying all files to /etc/iproute2/ . Same problem with both u32() and cmp() tests that I did.
ematch_map must be in /etc/iproute2
Is it properly installed?

Code:
@RT-AC86U-69B8:/rom/etc/iproute2# ls
ematch_map  rt_tables
@RT-AC86U-69B8:/rom/etc/iproute2# tc filter add dev eth5 parent 8003: protocol ip prio 1 basic match 'cmp(u16 at 0 layer transport gt 70) and cmp(u16 at 0 layer transport lt 90)'
flowid 1:3
@RT-AC86U-69B8:/rom/etc/iproute2# tc filter add dev eth5 parent 8003: protocol ip prio 1 basic match 'u32(u16 0x1122 0xffff at nexthdr+4)' flowid 1:4
@RT-AC86U-69B8:/rom/etc/iproute2# tc filter show dev eth5
filter parent 8003: protocol ip pref 1 basic
filter parent 8003: protocol ip pref 1 basic handle 0x2 flowid 1:4
  u32(11220000/ffff0000 at nexthdr+4)

filter parent 8003: protocol ip pref 1 basic handle 0x1 flowid 1:3
  cmp(u16 at 0 layer 2 gt 70)
  AND cmp(u16 at 0 layer 2 lt 90)

but ipset..
Code:
@RT-AC86U-69B8:/rom/etc/iproute2# modprobe em_ipset
@RT-AC86U-69B8:/rom/etc/iproute2# lsmod | grep em_ipset
em_ipset                1717  0
ip_set                 28859  2 em_ipset,ip_set_hash_ip
@RT-AC86U-69B8:/rom/etc/iproute2# ipset -N youtube hash:ip
@RT-AC86U-69B8:/rom/etc/iproute2# tc filter add dev eth5 parent 8003: protocol ip prio 30 basic match 'ipset(youtube src)' action skbedit priority 8003:3
Unknown ematch "ipset"
Illegal "ematch"

Should I look to see if it's a problem with the firmware's ipset?

kernel configuration
Code:
CONFIG_NET_EMATCH=y
CONFIG_NET_EMATCH_STACK=32
CONFIG_NET_EMATCH_CMP=y
CONFIG_NET_EMATCH_NBYTE=y
CONFIG_NET_EMATCH_U32=y
CONFIG_NET_EMATCH_META=y
CONFIG_NET_EMATCH_TEXT=y
CONFIG_NET_EMATCH_IPSET=m

Edit : It looks em_ipset.c of iproute2 was not compiled.
I should take a look at the check_ipset() part of iproute2's configure file.

Edit2 : I modified iproute2 to make it a bit dirty for a quick test and confirmed that it works.
I believe you will be able to modify this code more elegantly.

iproute2-5.11.0/include/xtables-version.h
Code:
+#define XTABLES_VERSION "libxtables.so.7"
+#define XTABLES_VERSION_CODE 7

iproute2-5.11.0/tc/Makefile
Code:
TCMODULES += q_ets.o
+TCMODULES += em_ipset.o

    TCMODULES += em_ipt.o
-    ifeq ($(TC_CONFIG_IPSET),y)
-      TCMODULES += em_ipset.o
-    endif
  else

Code:
@RT-AC86U-69B8:/tmp/home/root# modprobe em_ipset
@RT-AC86U-69B8:/tmp/home/root# ipset -N youtube hash:ip
@RT-AC86U-69B8:/tmp/home/root# tc filter add dev eth5 parent 8001: protocol ip prio 30 basic match 'ipset(youtube src)' action skbedit priority 8001:3
@RT-AC86U-69B8:/tmp/home/root# ipset add youtube 220.122.1.19

@RT-AC86U-69B8:/tmp/home/root# tc -s qdisc show dev eth5
qdisc cake 8001: root refcnt 2 bandwidth 90Mbit diffserv4 hosts nonat nowash ingress no-ack-filter split-gso rtt 100ms raw overhead 0
Sent 12885305 bytes 10243 pkt (dropped 5, overlimits 8970 requeues 0)
backlog 0b 0p requeues 0
memory used: 278400b of 4500000b
capacity estimate: 90Mbit
min/max network layer size:           20 /    1514
min/max overhead-adjusted size:       20 /    1514
average network hdr offset:           14

                   Bulk  Best Effort        Video        Voice
  thresh       5625Kbit       90Mbit       45Mbit    22500Kbit
  target            5ms          5ms          5ms          5ms
  interval        100ms        100ms        100ms        100ms
  pk_delay          0us       11.6ms       22.5ms         10us
  av_delay          0us       2.83ms       13.7ms          2us
  sp_delay          0us          3us       5.52ms          2us
  backlog            0b           0b           0b           0b
  pkts                0         1239         8683          326
  bytes               0       861139     12009132        19506
  way_inds            0            0            0            0
  way_miss            0           44            2            3
  way_cols            0            0            0            0
  drops               0            3            2            0
  marks               0            0            0            0
  ack_drop            0            0            0            0
  sp_flows            0            0            0            0
  bk_flows            0            0            1            0
  un_flows            0            0            0            0
  max_len             0         1514         1484          342
  quantum           300         1514         1373          686

qdisc ingress ffff: parent ffff:fff1 ----------------
Sent 229274 bytes 1542 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
 
Last edited:
Testing Cake and so far it works quite well, even with multiple video streams. Compared to FlexQOS, video streams seem to start more quickly (I had previously prioritized the "Work from Home" classification). I'll be testing VOIP and Zoom later today.

Quick question re WAN Packet Overhead in Cake: I'm running AT&T VDSL in IP Passthrough Mode to my RT-AC1900P. I selected "PPPoE VDSL," which gives me a value of 27. Would this be appropriate given the not-quite-bridge-mode I am using with the modem? Also, should I choose normal, ATM, or PTM? Thanks, all.
 
Status
Not open for further replies.

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top