What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

FlexQoS FlexQoS 1.2.4 - Flexible QoS Enhancement Script for Adaptive QoS

Ok, so the final stats would come from:
Code:
tc -s class show dev eth0 parent 1: | grep -A2 "htb 1:14"
All 3 commands together should increment their counts in unison when picking up traffic from the iptables rule.
Dave,
can you sanity check me?

WAN - AX86u <vpn client> Synology

ax86u as a client to nordvpn @ 167.88.10.181
vpn outbound traffic classified as "Learn-from-Home" - WORKING
PBR to force Synology NAS traffic over the vpn on ax86u.

When I look at the Synology traffic on the NAS itself and a side by side of the FlexQoS, the inbound values do not match in the gui.

Also, how can I tell FlexQoS to put the Nordvpn traffic Inbound to the router into the same "Learn-from-Home" class as it now is outbound?

In the included screen capture the Synology NAS is pulling data down at roughly 8.5MB/s (hopefully through the vpn tunnel on the ax86u) but I am having a difficult time determining which class the AX86U vpn inbound traffic is flowing through in the FlexQoS gui.

I guess what I am really asking is:
1) Can I and how do I configure FlexQoS to put the ax86u's client vpn download traffic into a specific class "Learn-from-Home"?

Thank you
Mike
 

Attachments

  • FlexQoS_Synology.jpg
    FlexQoS_Synology.jpg
    77.1 KB · Views: 150
I guess what I am really asking is:
1) Can I and how do I configure FlexQoS to put the ax86u's client vpn download traffic into a specific class "Learn-from-Home"?
I’ve never used a router VPN client, so I don’t know the answer, but the download traffic stats are measured against the br0 LAN interface. I’m wondering if it’s not being captured by the bwdpi stuff because it exits the tunnel within the router then carries on to the LAN interface potentially unmarked, and therefore not going through the tc filters.

If you run this, is your direct_packets_stat really high?
Bash:
tc -s qdisc show dev br0 root
Or it’s hiding in class 1:2 as LAN traffic.
Code:
tc filter show dev br0 | grep "pref 1 .*flowid" -A1
tc -s class show dev br0 parent 1: | grep " 1:2 " -A4
 
Last edited:
@dave14305 I'm massively confused by your signature:

Screenshot_2021-04-01 FlexQoS - FlexQoS 1 2 3 - Flexible QoS Enhancement Script for Adaptive QoS.png


Is FlexCakeQoS-Merlin already secretly being tested or am I missing something here?
 
@dave14305 I'm massively confused by your signature:

View attachment 32687

Is FlexCakeQoS-Merlin already secretly being tested or am I missing something here?
It’s really an either/or situation. But lately it’s been FlexQoS and my Unbound-UI addon, which was my first. I’ve been revisiting it after learning a lot over the past year.
 
I was originally using Traditional QOS. I moved over to Adaptive QOS and also installed FlexQOS and all working great so far, thanks!

I noticed the original "device priorities" I had setup in Traditional QOS still show. Is this a problem for adaptive QOS? Does adaptive QOS use these priorities?

1617783031259.png
 
I noticed the original "device priorities" I had setup in Traditional QOS still show. Is this a problem for adaptive QOS? Does adaptive QOS use these priorities?
I have never seen any evidence that Adaptive QoS uses these priorities, only Traditional QoS. No problem.
 
I’ve never used a router VPN client, so I don’t know the answer, but the download traffic stats are measured against the br0 LAN interface. I’m wondering if it’s not being captured by the bwdpi stuff because it exits the tunnel within the router then carries on to the LAN interface potentially unmarked, and therefore not going through the tc filters.

If you run this, is your direct_packets_stat really high?
Bash:
tc -s qdisc show dev br0 root
Or it’s hiding in class 1:2 as LAN traffic.
Code:
tc filter show dev br0 | grep "pref 1 .*flowid" -A1
tc -s class show dev br0 parent 1: | grep " 1:2 " -A4
I run a full time VPN on my router.

Does this mean anything to me while using FlexQoS and a VPN:

Code:
ASUSWRT-Merlin RT-AX88U 386.2_0 Fri Apr  2 02:50:53 UTC 2021

admin@RT-AX88U-0D80:/tmp/home/root# tc -s qdisc show dev br0 root
qdisc htb 1: root refcnt 2 r2q 10 default 0 direct_packets_stat 168 direct_qlen 2
Sent 22631680795 bytes 18426979 pkt (dropped 55, overlimits 234376 requeues 0)
backlog 0b 0p requeues 0

admin@RT-AX88U-0D80:/tmp/home/root# tc filter show dev br0 | grep "pref 1 .*flowid" -A1
filter parent 1: protocol all pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:2
  mark 0x0000 0xc0000000 (success 166233)

admin@RT-AX88U-0D80:/tmp/home/root# tc -s class show dev br0 parent 1: | grep " 1:2 " -A4
class htb 1:2 root leaf 803d: prio 0 rate 1Gbit ceil 1Gbit burst 1249375b cburst 1249375b
Sent 87327813 bytes 187763 pkt (dropped 0, overlimits 0 requeues 0)
rate 2472bit 3pps backlog 0b 0p requeues 0
lended: 166281 borrowed: 0 giants: 0
tokens: 156168 ctokens: 156168
 
I run a full time VPN on my router.

Does this mean anything to me while using FlexQoS and a VPN:
No, it doesn’t confirm my theory at all. Do you have any problems with download traffic over VPN not showing up in the charts?
 
@dave14305

What is a MASK and how do you use it in a rule?

I ask because there both an IPTABLE rule and APPLICATION rule

Skype/TeamsUDP3478:3481000000Work-From-Home

========

Microsoft Teams060025Work-From-Home

Skype060001Work-From-Home
 
Last edited:
No, it doesn’t confirm my theory at all. Do you have any problems with download traffic over VPN not showing up in the charts?
I believe everything looks OK but I'll keep an eye out on this. Thanks.
 
So, can FlexQoS help me? I have a VPN-Client running 24/7 (ExpressVPN) that covers the whole LAN. I use Usenet every day, as well as stream content (Netflix, HBO Max, Amazon Prime, HULU, and so on) on my Apple TV. I want to prioritize the streaming so when Usenet downloads automatically start my TV won't buffer.

But I am wondering if FlexQoS will still work with the VPN Client running 24/7?
 
@dave14305

What is a MASK and how do you use it in a rule?

I ask because there both an IPTABLE rule and APPLICATION rule

Skype/TeamsUDP3478:3481000000Work-From-Home

========

Microsoft Teams060025Work-From-Home

Skype060001Work-From-Home
If you are asking about MARK (not MASK), these are values assigned by the Trend Micro component of Adaptive QoS to identify traffic by its likely application. 000000 means unidentifiable traffic. Everything else is a combination of a 2 digit category and 4 digit application ID (both in hexadecimal).

You can learn the Mark for a particular connection in your list by clicking on the colored Application name. You can use that value in a rule if you want to change the Class (hence the priority) of that particular traffic.

There would be no reason to use those 2 AppDB rules since Skype and Teams (when correctly identified) are already in Work-From-Home. The iptables rule takes unidentified traffic on the likely udp ports and puts the traffic in Work-From-Home.

Lately I’ve found the iptables rule ineffective because most of my Skype/Teams traffic is being identified as STUN, and since I have no other use for STUN, I set and AppDB rule to send STUN traffic (1400AC) to WFH, and deleted the iptables rule.
 
So, can FlexQoS help me? I have a VPN-Client running 24/7 (ExpressVPN) that covers the whole LAN. I use Usenet every day, as well as stream content (Netflix, HBO Max, Amazon Prime, HULU, and so on) on my Apple TV. I want to prioritize the streaming so when Usenet downloads automatically start my TV won't buffer.

But I am wondering if FlexQoS will still work with the VPN Client running 24/7?
It won’t help on uploads since the traffic is already encrypted by the time QoS would apply and all looks the same. In theory download should work but there have been odd reports lately from VPN users. I’ve never tested it myself, so I can’t say with any certainty how it will behave.
 
1.) Enhancement Request - I want to assign the "Router/VPN Client Outbound Traffic Class" to streaming for VPN client 1 and another "Router/VPN Client Outbound Traffic Class" to file transfer for VPN client 2, etc...

* Plex/Emby server on VPN client 1
* IOT devices on VPN client 2 (via YazFi)

2.) More of a lesson learned. I almost posted about another issue where my bufferbloat was really bad so thought fq_codel wasn't doing its job, but turns out I had to manually type in the "bandwidth setting" as leaving it set to "automatic setting" wasn't doing anything for the bufferbloat problem I was experiencing. So now the bufferbloat is under control, I still see some ping spikes as soon as the download test starts, same with upload, but then it settles right away, not a deal breaker but just an observation there.

- AX86U, 386.2, FlexQOS 1.2.4 Dev., YazFi, IPV6 enabled
 
FlexQoS Version 1.2.4 - Released 11-Apr-2021

CHANGED

  • Improved webui mounting during startup, adopting community locking standard.
FIXED
  • iptables rules were not properly evaluated in the connection list when a rule contained multiple ports for both local and remote ports.
  • Hide last update check result when initiating new check for update.
 
1.) Enhancement Request - I want to assign the "Router/VPN Client Outbound Traffic Class" to streaming for VPN client 1 and another "Router/VPN Client Outbound Traffic Class" to file transfer for VPN client 2, etc...

* Plex/Emby server on VPN client 1
* IOT devices on VPN client 2 (via YazFi)
You would need to setup your own iptables rules in the mangle OUTPUT table to identify and classify the traffic from each VPN client. How would you uniquely identify this traffic as it leaves the router within the encrypted tunnel? By the remote VPN server IP address? By the remote VPN server port? Are they both unique compared to the other VPN clients on the router?
 
You would need to setup your own iptables rules in the mangle OUTPUT table to identify and classify the traffic from each VPN client. How would you uniquely identify this traffic as it leaves the router within the encrypted tunnel? By the remote VPN server IP address? By the remote VPN server port? Are they both unique compared to the other VPN clients on the router?
Thanks for the reply. I noticed that I can put any VPN traffic into a select category, under options you have "Router/VPN Client Traffic Outbound Traffic Class" and I can choose a category class .i.e.. others, streaming, and so I figured you already had a way to distinguish VPN vs. non-VPN traffic. I wasn't looking to classify each individual node on the network that uses a VPN (running on router side), but more of having a classification based on the interface tun11-00, tun12-00, etc..., this way all nodes hitting those tunnels can be classified accordingly. Maybe I'm really far off the mark, no pun intended :-), but thought I'd check anyways.
 
So, can FlexQoS help me? I have a VPN-Client running 24/7 (ExpressVPN) that covers the whole LAN. I use Usenet every day, as well as stream content (Netflix, HBO Max, Amazon Prime, HULU, and so on) on my Apple TV. I want to prioritize the streaming so when Usenet downloads automatically start my TV won't buffer.

But I am wondering if FlexQoS will still work with the VPN Client running 24/7?
I'm doing the same thing with Express VPN, sure it works, but you won't be able to optimize uploads. Go to the router's open vpn configuration page and in time put Accept DNS Configuration to Exclusive. Then go down to the advanced settings and force all the traffic through the tunnel with 'policy rules (strict)', further down select all your devices one by one and decide which one must pass in the VPN and which one not ... .... I have them all in VPN, then save everything. React the adaptive qos of the router and set custom priorities, put streaming etc first and put learn to home last.

Go to the qos flez and under customize select Router / VPN Client Outbound Traffic Class on Streaming
 
I noticed that I can put any VPN traffic into a select category, under options you have "Router/VPN Client Traffic Outbound Traffic Class" and I can choose a category class .i.e.. others, streaming, and so I figured you already had a way to distinguish VPN vs. non-VPN traffic.
We mark all non-DNS and non-NTP traffic originating from the router (not clients) with the category chosen in the GUI. There's no real awareness of whether it's VPN traffic or not. It's only coincidence that the majority of traffic caught by this rule is usually VPN client upload traffic.
 
I've setup a VPN Client on my router (using a free ProtonVPN account) to understand how Adaptive QoS behaves. I was tired of saying I've never used a VPN client on my router. It seems to work how I expected it to work:
  • Downloads show up correctly in the download graph and the Tracked Connections list.
  • Uploads show up correctly in the upload graph under a single chosen Class, but not listed under Tracked Connections.
This is on a AC86U, so I'm guessing there may be ASUS issues with the AX86U with the current GPL used in 386.2, since there were several reports of strange behavior with that model.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top