CAKE QoS Script (OpenWrt)

yes add port to firewall

port forward exactly wan to lan ip your console

Hello everybody,

I am currently using elan's script for video games (Call of duty) but I have a little issue here, let me explain it.

The script is used on LAN : br-lan and WAN:eth0.2.

My packets (XXXXX -> 3074) are correctly marked (DSCP -> CS4), however all packages from egress traffic (from 3074 to XXXXX) are not correctly marked (DSCP -> CS0).

I captured packets using tcpdump with the follwing command :
tcpdump -i br-lan -p udp port 3074 -w pathToWrite

Furthermore, only packets from br-lan (or eth0.1) from ingress traffic are correctly marked (DSCP -> CS4).

Can someone help me please ? :slight_smile:

@Dopam-IT_1987 happy to see I am not the only french ahah (je voulais t'envoyer un message privé, mais je ne sais pas comment faire :frowning:)

This should only get you marked ingress packets, for the egress packet you probably need to capture on the wan interface, but note you will only see your external IP address as source address, but the port numbers should still help you to find candidate packet to check for DSCP values. Also make sure that you do not have cake's "wash" option enabled on egress during the packet capture, otherwise you will only see CS0.

1 Like

Hello all,

I have installed the script according to instructions and customized the script according to my device (pppoe-telekom).

I have my internet connection with Deutsche Telekom and therefore have a PPPOE connection.

Once I run the script, all the rules are applied and almost everything works.

However, I lose my IPv6 connection with all devices to the internet. Internal ip6 is still working. The IPv6 on the router still works (Diagnostics -> IPv6 Ping). The devices also all get a public IP6 via RA / DHCP. However, the firewall does not seem to "route" the packets anymore.

Can you help me please?

Thank you

The maximum name length of a linux network interface name is 16, which means 15 usable characters, if you renamed "wan" to "pppoe-telekom" this is getting dangerously close to that, especially if you (don't-) account for the automatic prefixes (e.g. br- for bridges) or suffixes (e.g. _6or 6, depending on how you configured the IPv6 connectivity). So please, keep your interface names short, concise and all-lower-case. This might very well be the cause of your troubles with IPv6.

hi kev sei if you want use the script please check your interface wan and put in script

then create interface veth directly in interface i can help if you want


thank you for your help. I have adjusted the name of the interface. However, since the pppoe- is given, I can only influence the length behind it. This has accordingly if I name the interface Wan no effect on the IP6 issue.

I have now uninstalled the script again and the following initial situation (see screenshot). As you can see, the pppoe-wan is a tunel interface, which builds the IP4 and IP6 traffic.

In the script I must necessarily store the name pppoe-wan. If I only store wan it does not work, because pppoe-wan is the device (see screenshot).

However, the IP6 traffic is no longer forwarded by the clients after applying the script.

What do I have to do?


try this

# /etc/config/firewall
uci del
uci add_list'lan'
uci add_list'veth0'
# /etc/config/network
uci set network.veth0=interface
uci set network.veth0.proto='none'
uci set network.veth0.device='veth0'
# Saving all modified values
uci commit

connect to ssh to your router and put my all command

you can see veth0 then with traffic after in interface

do you have check and done ?

1 Like

thx is working!

1 Like

Hello all,

I am currently using the script.
Everything works as well, only my wireguard does not work anymore.
A connection is established and I also get into my network.
However, no traffic is routed through the tunnel to the Internet (I have allowed all IPs in the tunnel.).
If I throw the script including packages down again, it runs again.

It seems to me that the traffic from the VPN tunnel is not routed to the wan.
Can anyone help me?


hi do you has configurate firewall ? in zone settings

Hey, yes. The VPN is in the LAN Zone.

I have now uninstalled the script and the VPN runs again immediately. So it seems to hang somewhere.

I would guess it might be related to the veth redirection of ingress traffic.... but I have no clear theory of 'how'.

Does anyone have the possibility to test this? So Wireguard as a server and script for the WAN interface. I also assume that it has something to do with the routing through the virtual interface. But my knowledge is not sufficient to find the problem.

Or is there currently a newer / different script that enables Qos and DSCP on ingress that I can test?

Thank you!

1 Like

Are you using docker? I’m asking because docker enables bridge firewalling and this could interfere with the veth setup in this script…

Yes, there are other scripts that take a different approach:


Both pretty much do the same. The main difference to this script is: DSCPs are set on egress and are automatically restored from conntrack on ingress.

Hello gents,

is it possible to use this script for dual wan setup with mwan3 ?

i saw this small section:

### Interfaces ###
## Go to "Network -> Interfaces" and write the name of the "device" used for the 'WAN' interface.
WAN="wan"  # Example: eth0, eth0.2, eth1, eth1.2, wan, etc.

any tips ?
can i do like WAN="wana,wanb"?

I think the original developer is not all that active on this forum anymore, maybe ask on their github page directly?

1 Like

After a week of intensive use I am still getting great bufferbloat results. With a basic configuration and with a speed of 950mb


@Hudra Can we try to apply ct info to it? That would be great, thank you