Im setting up OpenWRT at a number of sites that have a Wireguard VPN to a Voice Server.
Local IP Phones connect to the Voice Server via the VPN only and all other traffic exits the main WAN connection.
The problem I have (although not tested) is that I want to set up QoS on the WAN for the VPN traffic which if I just use standard SQM wont be queued properly as the VPN traffic would have a DSCP of 0.
So the question is:
Can I tune SQM to prioritise the VPN traffic or
Can I set the DSCP of Wireguard packets so they will queue correctly on egress
Why not simply test it first? I also believe that using cake's per-internal-host-IP isolation might help a bit, as it would in a ll likelihood consider all VPN traffic to belong to its own internal host IP and at least should guarantee more bandwidth than by the default per-flow fairness.
But all of this is also possible, for egress that should be relatively simple, for ingress it might be a bit harder. I have not done that myself though, so I have no directs hands-on howto available.
There's so much in that one, though, that it would be a Good Thing(tm) if a few of the knowledgeable folks goes thru it and mines out stuff into a nice instruction page on the various topics and methods...