Cake-wg-pbr script problem


In the past this script by @Lynx worked fine until I had to reset my Mochabin.

The log in /tmp/cake-wg-pbr.log says this:

root@Mochabin:~# cat /tmp/cake-wg-pbr.log
What is "193.<snip>.<snip>.<snip>/32"?
Usage: ... u32 [ match SELECTOR ... ] [ link HTID ] [ classid CLASSID ]
               [ action ACTION_SPEC ] [ offset OFFSET_SPEC ]
               [ ht HTID ] [ hashkey HASHKEY_SPEC ]
               [ sample SAMPLE ] [skip_hw | skip_sw]
or         u32 divisor DIVISOR
       SAMPLE := { ip | ip6 | udp | tcp | icmp | u{32|16|8} | mark }
                 SAMPLE_ARGS [ divisor DIVISOR ]
       FILTERID := X:Y:Z
NOTE: CLASSID is parsed at hexadecimal input.

I'm confused what I'm missing here, do I miss a dependency?

It should be this line of code:
tc filter add dev $wan_if parent ffff: protocol ip prio 1 u32 match ip src ${wg_endpoint}/32 action pass

Presumably a dependency? I take it you have installed:

  • tc-tiny
  • kmod-ifb
  • kmod-sched-core
  • kmod-sched-cake

Any ideas @dave14305?

1 Like

All seem to be installed, I'm running it on 23.05.0-RC3

You could try with tc-full and if that works then perhaps there is another missing dependency. Hopefully @dave14305 has an idea or two.

Is there a chance there is more than one endpoint being detected and passed to the tc command? Never used wireguard myself to know if this is feasible.

1 Like

this is possible because I also use a wgserver.

when I echo this part of the script I see this:

root@Mochabin:~# echo $(wg show | awk '{if($1 == "endpoint:"){split($2,a,":"); print a[1]}}') (local wgserver) 193.x.x.x (mullvad)

between the curly braces this is just a indication not output from the echo command.


I think you found the issue :smiley: , once I replaced the wg_endpoint with the direct mullvad vpn endpoint it worked like a charm, now I only need to figure how I can make it so it uses the correct one since I can use multiple peers.

If multiple peers are possible, @Lynx probably needs to loop over the valid peer IPs in a for loop or similar to add multiple filter statements.

1 Like

Isn't there only ever just one endpoint currently active and wouldn't the hotplug script result in recapturing any endpoint change?

I'm afraid both are active.

the wgserver is kinda configurated like a road warrior so my phone uses a local vpn connection to the Mochabin basicly it shows my phone as endpoint refering to ip, and then cascades it to mullvad via wgclient interface.

So is it that case that we need to loop over endpoints?

Since this setup is more complicated, you might like to consider trying cake-dual-ifb:

It operates using a different mechanism altogether that would deal with this situation I think. Also it means you can properly leverage DSCPs, which is not possible with the wireguard-specific solution.

Slightly more challenging to set up but it's a more powerful solution.

1 Like

Thank you, I gonna look into this :+1:

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.