Stats for Tun Interface ignored (Tomato RAF)

Discussion in 'Tomato Firmware' started by NikCoul, Dec 29, 2013.

  1. NikCoul

    NikCoul Reformed Router Member

    Hi All.

    I'm currently running on TomatoRAF and have an issue I'm wondering might not existing in a different version / build.

    Basically all of my router traffic is routed over a VPN connection, so very little traffic goes out via the WAN port (in fact in theory non) as my tomato router is actually acting as a switch / hub that sits behind my main internet router.

    When I look at my router bandwidth history there is as expected no / very little WAN traffic:


    But the real traffic going via the router (via VPN) is more like:


    So in summary, I'm trying to understand how I can get the Tomato router to capture this traffic and report it in the bandwidth history.


  2. Victek

    Victek Network Guru Member

    Please test other versions to verify it's a tomato code issue, the iptraffic feature developed for tomato need some review. I don't use VPN in my unit.
    NikCoul likes this.
  3. jerrm

    jerrm Network Guru Member

    Tomato usually places the auto VPN rules at the top of the FORWARD/INPUT chains. Try relocating the VPN rules below the account rules in the account rules in the FORWARD chain.

    No promises, but that would be where I would start.
    NikCoul likes this.
  4. NikCoul

    NikCoul Reformed Router Member

    Any tips on how / where to do that ?
  5. jerrm

    jerrm Network Guru Member

    post the results of "iptables -vnL FORWARD"
  6. NikCoul

    NikCoul Reformed Router Member

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    25M 34G ACCEPT all -- tun12 *
    13M 664M all -- * * account: network/netmask: name: lan
    86 4708 ACCEPT all -- br0 br0
    902 45432 DROP all -- * * state INVALID
    17681 995K TCPMSS tcp -- * * tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    0 0 monitor all -- * vlan2
    12M 640M ACCEPT all -- * * state RELATED,ESTABLISHED
    0 0 wanin all -- vlan2 *
    0 0 wanout all -- * vlan2
    197K 24M ACCEPT all -- br0 *
    0 0 upnp all -- vlan2 *

    Looks like it is up top already ?

    Again it shows lots of traffic thats not being accounted for.


  7. jerrm

    jerrm Network Guru Member

    Try this:
    iptables -D FORWARD -i tun12 -j ACCEPT
    iptables -I FORWARD 2 -i tun12 -j ACCEPT
    Let it run a while and see if stats start showing.
    NikCoul likes this.
  8. NikCoul

    NikCoul Reformed Router Member

    Done and seeing stats, perfect !

    Is there a way I can save that command so it always runs (I guess) when the VPN tun1 or tun2 comes up ?

    Thanks for your help !

