I have WireGuard setup on the router and clients connected through it to use RDP.
I am currently using simple queues to shape everything but I can’t seem to get WireGuard to register with simple queues.
Can WireGuard be shaped with simple queues?
Any suggestions?
So I have found that I can configure mangle rules to mark connection and mark packet but no matter what I do I can’t get that mangle to register with the simple queue rule that I have in place.
What am I missing here?
RB1100ahx4 RouterOS 7.14
Factory Default configuration with fasttrack disable
Is there no way to shape wireguard because it is encrypted?
Well not sure what you are trying to do.
Typically queues are used so that not one user or not one subnet etc, uses all the available WAN bandwidth for its connections…
So if you have subnets A,B going out WAN interface, and subnet C going out Wireguard interface ( but clearly through the WAN just in a tunnel ).
I guess your asking
How to ensure A, B, C are still using roughly the same amount of throughput available on the WAN ??
( the assumption is that just because the subnet C traffic is in a tunnel it somehow doesnt use up available bandwidth… )
The only thing I can think of is accept that you have to manually divy up the subnets in your head.
Treat the local WAN as one WAN with 2/3s of the available BW and the wirguard interface as a second WAN and give it 1/3 of the BW.
This really sucks because the beauty of queues parent/child etc… is that you can split up traffic equally between users or subnets such that
they use all the available bw until the next user comes along and its then share between those two and so on…
With your situation, the most available to reg WAN users is 2/3 and to WG users is 1/3 ( vice all of it )
You hit the nail on the head. Wireguard doesn’t seem to be counted as wan bandwidth.
I don’t have a ton of upload to work with in this situation so splitting it up isn’t practical.
You did get me to a solution I believe though.
WG isn’t counted because it is running as an interface on the router itself. If I move WG to say Ubuntu or WS4W it will be behind the router and I should be able to include it in the WAN queue.
Testing now, will report back with my findings.
Thanks for getting me back on track.
I have tried using mangle rules to mark WG subnet and it processes but when adding to a simple queue it does nothing when WG is running through the router.
Can you give me a use case example when using WG through the router if you have made it work?
Do I need to switch to Queue Tree?
Nevermind, just switched over to Queue Tree instead of simple queue and the WireGuard interface is processing correctly from both the router as well as WG installed behind it.
I don’t understand why a simple queue can’t handle this since I am using the same mangle rule for both.
Mistaken again. What Anav said earlier was correct. I have to treat Wireguard as a separate interface like ether1 and split the load.
If you are able to shape WG and ether1 into one big queue by some means, please provide an example for me to work with.
OK so after testing different scenarios I found that running Wireguard on a virtual machine behind the router works best for my needs.
I converted everything over to queue tree and was able to mangle the specific server IP and port to feed into queue tree. I am also able to set a limit per child so I can fair share the Wireguard tunnel with each client.
Thanks everyone for getting the gears turning in my head. It was a big help 