How does cake-wg-pbr work to not degrade VPN performance with SQM/QoS?

package by LynxTheCat @Lynx

Just to confirm I understand how this package works

when using separate WireGuard, PBR, CAKE (QoSify or SQM or something else). It is by default


QoS/SQM treats VPN as "big traffic" can that cause VPN to be of lower priority within network and QoS/SQM doesn't work for VPN.

But when using cake-wg-pbr it is


That is when using separate packages QoS/SQM, it harms VPN traffic performance but VPN traffic is unaffected when using cake-wg-pbr. Am I right ?
If yes, Why isn't that the default behavior when using separate packages ?

Package was written by me not by @richb-hanover-priv! But as on GitHub I wasn't able to follow the question.

Maybe someone else on this forum can though. @moeller0 are you able to interpret the question above?

Here is what I wrote on GitHub:

Hmm, I can't follow your nomenclature. Basically if you just use default SQM, cake cannot distinguish the encrypted flows as all encrypted flows are bundled into one stream.

cake-wg-pbr operates as follows: for download, cake-wg-pbr combines the non-VPN flows (from wan) with the VPN flows in their unencrypted state (from the VPN interface); and for upload it relies upon skb->hash preservation, thereby to ensure that cake can regulate everything properly notwithstanding the mixture of encrypted and unencrypted flows.

For download, see:

For upload, see:

See also: