Easy Toastman QoS setup breaks VPN

Discussion in 'Tomato Firmware' started by SolidCactus, Nov 3, 2010.

  1. SolidCactus

    SolidCactus Networkin' Nut Member

    Hi all,

    I setup my QOS using the Easy Toastman QoS setup (as mentioned here http://tomatousb.org/tut:easy-toastman-qos-setup). After using this QOS setup my VPN setup breaks and a connection is no longer established. I get the following errors in my logs:

    Does anyone know what in the below settings might be causing this?

    nvram set "ct_tcp_timeout=0 1200 20 20 20 20 10 20 20 0"
    nvram set "ct_udp_timeout=10 10"
    nvram set "qos_enable=1"
    nvram set "qos_ack=0"
    nvram set "qos_default=8"
    nvram set "qos_fin=1"
    nvram set "qos_icmp=1"
    nvram set "qos_irates=10,10,60,90,0,70,70,70,80,1"
    nvram set "qos_orates=5-20,5-20,5-25,5-80,10-80,20-80,5-80,5-80,5-90,1-1"
    nvram set "qos_orules=0<<-1<d<53,37,123,3445<0<<0:10<0<DNS,Time,NTP,RSVP>0<<6<s<80<0<<<3<Remote Web Access>0<<-1<d<11999,2300:2400,6073,28800:29100,47624<0<<0:50<1<Some well known games>0<<-1<a<<0<flash<<2<Flash Video (Youtube, etc...)>0<<-1<a<<0<httpvideo<<2<HTTP Video (Youtube, etc...)>0<<6<a<<0<shoutcast<<2<Shoutcast>0<<-1<d<554,1755,5004,5005,6970:7170,8554<0<<<2<RTP,RTSP>0<<-1<d<1935,5060:5063,1719,1720,3478,3479,15000<0<<<2<RTMP,MMS,SIP,H323,STUN>0<<6<d<80,443<0<<0:256<4<WWW,SSL>0<<-1<d<25,465,563,587,110,119,143,220,993,995<0<<<5<Mail (SMTP,POP3,IMAP)>0<<-1<d<1220,1234,5100,6005,6970<0<<<2<QT,Camfrog,VLC>0<<-1<d<1502:1503,1863,3389,5061,5190:5193,7001<0<<<6<MSGR1 - Windows Live>0<<-1<d<194,1720,1730:1732,6660:6669,22555<0<<<6<MSGR2 - Chat Services>0<<-1<d<5000:5010,5050,5100,5222,5223,8000:8002<0<<<6<MSGR3 - Chat Services>0<<-1<x<20:23,6571,6891:6901<0<<256:<7<FTP,SFTP,WLM File Transfers>0<<6<d<80,443<0<<256:<7<HTTP, SSL File Transfers>0<<17<d<1:65535<0<<<9<P2P (uTP, UDP)"
    nvram set "qos_pfifo=0"
    nvram set "qos_reset=1"
    nvram set "qos_rst=1"
    nvram set "qos_syn=1"
    sleep 2
    nvram commit
    sleep 10

    Any ideas or help would be much appreciated! Ideally I would like to be able to use the above QoS settings as it saves so much time to setup but I don't want to loose my VPN either!

  2. Toastman

    Toastman Super Moderator Staff Member Member

  3. SolidCactus

    SolidCactus Networkin' Nut Member

    Hi Toastman,

    Thanks for getting back to me.

    I'm running a Linksys WRT610N v2 which has 64mb of RAM. I don't believe I'm running out of resources. I have monitored the RAM with QOS and VPN enabled and I still have around 70%+ free.

    Also I have around 6K free of NVRAM after applying the QOS Rules.

    Any other ideas?

  4. Toastman

    Toastman Super Moderator Staff Member Member

    Nope. I wouldn't think so if you have a 610N. I never used VPN so I don't know if anything will conflict with it, perhaps the QOS rules are responsible, or maybe something else. Maybe someone else who uses VPN can comment ?

    Does the VPN break immediately? Is it possible to disable all rules, then enable say one at a time and see if a particular rule is responsible ... a process of elimination?
  5. srouquette

    srouquette Network Guru Member

    I had the same problem.
    Yes, the VPN breaks immediately, and it starts working again when I disable QoS.

    To make these rules work, I entered them manually, and I removed some of them.
    Here are my current rules: http://imgur.com/lutaR.jpg

    I have a WTR54GL with 3MB of RAM left, and 6k of nvram.
  6. Toastman

    Toastman Super Moderator Staff Member Member

    Mmm. You both have around 6k of NVRAM left - maybe you need to keep this much empty ?
  7. srouquette

    srouquette Network Guru Member

    I don't know...

    What do you think about this top?

    When I type "free", it says 300k left with QoS and 700k without it (I was wrong about the 3MB).

    Which process manage QoS ?
  8. rhester72

    rhester72 Network Guru Member

    Don't use top to check memory.

    Under Administration/Debugging, make sure that "Count cache memory and buffers as free memory" _IS_ checked. Status/Overview/Total/Free Memory will then provide the correct total (i.e. the number on the right-hand side after the slash).

    QoS is managed by iptables and the kernel, there is no process as such.

  9. SolidCactus

    SolidCactus Networkin' Nut Member

    Thanks Rhester. I was checking memory via this method previously. I still have around 70%+ free with QoS enabled and VPN failing so I don't think this is a memory issue.

    I guess I will have to step through the rules and see which breaks it.
  10. srouquette

    srouquette Network Guru Member

    @rhester72: ah that's right, I didn't remember but that's where I saw 3MB free :)
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice