I’m trying to setup Qos on an Openvpn Interface, my Queues and Mangle Table are matching but simple Queues are not working.
When I am connected via Openvpn to my router and using ssh, its very slow because of other traffic on this Interface
You could indeed setup a tree on the ovpn interface, but remember that this is a virtual interface, and that it will encapsulate every packet into another. This encapsulation doesn’t carry over the initial markings.
So when the traffic is leaving real interface, you have no way to determine what traffic is inside the tunnel, only that it’s traffic related to tunnel.
On the real interface you can only prioritise the ovpn tunnel as a whole (or not).
perhaps i should go in more detail.
I am using the integrated web proxy on the router.
Over Openvpn I am using this web proxy for my browser.
If there are many connections to the proxy, the ssh connection to the router itself is very slow.
Therefore I wanted to priorize SSH more than the rest of traffic
You should understand that OpenVPN is a VPN over TCP, all of these (including SSTP) share “bad performance under load”.
When you throttle the datarate well under the maximum interface rate (e.g. using Queue Tree) there should be some improvement.
But it will never be completely OK until you use a VPN that can indvidually mark and re-order packets based on priority.
(e.g. GRE over IPsec with dscp=inherit option)
If the ssh session does NOT go over VPN, you can indeed prioritise it over vpn traffic. Simply assign a lower priority class to ssh traffic, and the queue tree will do the rest.
BUT remember that this needs to be implemented on the real outgoing interface.
AND
mark in post routing, as prerouting doesn’t apply to traffic leaving RB itself