Im setting up OpenWRT at a number of sites that have a Wireguard VPN to a Voice Server.
Local IP Phones connect to the Voice Server via the VPN only and all other traffic exits the main WAN connection.
The problem I have (although not tested) is that I want to set up QoS on the WAN for the VPN traffic which if I just use standard SQM wont be queued properly as the VPN traffic would have a DSCP of 0.
So the question is:
Can I tune SQM to prioritise the VPN traffic or
Can I set the DSCP of Wireguard packets so they will queue correctly on egress
Why not simply test it first? I also believe that using cake's per-internal-host-IP isolation might help a bit, as it would in a ll likelihood consider all VPN traffic to belong to its own internal host IP and at least should guarantee more bandwidth than by the default per-flow fairness.
But all of this is also possible, for egress that should be relatively simple, for ingress it might be a bit harder. I have not done that myself though, so I have no directs hands-on howto available.
What he said. Cake is designed to handle most situations without config, thouge some of the possible tweaks can help this situation, see the more advanced sections of the docs on the OpenWrt site.
There's so much in that one, though, that it would be a Good Thing(tm) if a few of the knowledgeable folks goes thru it and mines out stuff into a nice instruction page on the various topics and methods...