Traffic is going to WAN qOthersDefault?



  • Heres a quick traffic capture on the WAN interface:

    11:11:41.943715 IP vpn.provider.ip.address.53 > my.wan.ip.address.29897: UDP, length 1445
    11:11:41.944190 IP my.wan.ip.address.29897 > vpn.provider.ip.address.53: UDP, length 101
    11:11:41.952465 IP vpn.provider.ip.address.53 > my.wan.ip.address.29897: UDP, length 1445
    11:11:41.953709 IP vpn.provider.ip.address.53 > my.wan.ip.address.29897: UDP, length 1445
    11:11:41.954131 IP my.wan.ip.address.29897 > vpn.provider.ip.address.53: UDP, length 101
    11:11:41.961211 IP vpn.provider.ip.address.53 > my.wan.ip.address.29897: UDP, length 1445
    11:11:41.962458 IP vpn.provider.ip.address.53 > my.wan.ip.address.29897: UDP, length 1445
    11:11:41.962868 IP my.wan.ip.address.29897 > vpn.provider.ip.address.53: UDP, length 101
    11:11:41.974631 IP my.wan.ip.address.11137 > dunno.443: tcp 0
    11:11:41.982340 IP dunno.443 > my.wan.ip.address.43826: tcp 233
    11:11:41.982518 IP my.wan.ip.address.43826 > dunno.443: tcp 0
    11:11:41.983585 IP dunno.443 > my.wan.ip.address.43826: tcp 46
    11:11:41.983730 IP my.wan.ip.address.43826 > dunno.443: tcp 0
    11:11:41.983846 IP my.wan.ip.address.43826 > dunno.443: tcp 46
    11:11:41.985865 IP my.wan.ip.address.29897 > vpn.provider.ip.address.53: UDP, length 101
    11:11:41.986207 IP vpn.provider.ip.address.53 > my.wan.ip.address.29897: UDP, length 1445
    11:11:41.987468 IP vpn.provider.ip.address.53 > my.wan.ip.address.29897: UDP, length 1445
    11:11:41.987596 IP vpn.provider.ip.address.53 > my.wan.ip.address.29897: UDP, length 1445
    11:11:41.988631 IP my.wan.ip.address.29897 > vpn.provider.ip.address.53: UDP, length 101
    11:11:42.019965 IP vpn.provider.ip.address.53 > my.wan.ip.address.29897: UDP, length 1445
    11:11:42.022456 IP vpn.provider.ip.address.53 > my.wan.ip.address.29897: UDP, length 1445
    11:11:42.022843 IP my.wan.ip.address.29897 > vpn.provider.ip.address.53: UDP, length 101
    11:11:42.023719 IP vpn.provider.ip.address.53 > my.wan.ip.address.29897: UDP, length 1445
    11:11:42.024960 IP vpn.provider.ip.address.53 > my.wan.ip.address.29897: UDP, length 1445
    11:11:42.025329 IP my.wan.ip.address.29897 > vpn.provider.ip.address.53: UDP, length 101
    

    Looks like my VPN traffic to/from my local machine of ip 192.168.1.100 is being put into qOthersDefault when this traffic should be qP2P.
    I've just used the wizard with PRIQ on both interfaces.

    Heres is my rules (all default):



  • Remember the fundamentals; floating rules are last-matched applies, interface is first-match, and if you use NAT that outgoing/b] traffic on WAN will have switched to your WAN IP..



  • @Nullity:

    Remember the fundamentals; floating rules are last-matched applies, interface is first-match, and if you use NAT that **outgoing/b] traffic on WAN will have switched to your WAN IP..

    So i put my VPN hosts IP, udp port 53 as destination as a floating rule right down the bottom and it had no effect.

    Just to clarify, the WAN queue is uploads?**



  • @kripz:

    @Nullity:

    Remember the fundamentals; floating rules are last-matched applies, interface is first-match, and if you use NAT that **outgoing/b] traffic on WAN will have switched to your WAN IP..

    So i put my VPN hosts IP, udp port 53 as destination as a floating rule right down the bottom and it had no effect.

    Just to clarify, the WAN queue is uploads?

    I have no experience with a VPN or it's peculiarities, so I would just be guessing why your rules are non-functioning. :\

    WAN queue is usually upload, yeah.**



  • The snippet you showed only has DNS and HTTPS traffic, and your rules have those set to go to qOthersHigh.  Something else is being sent to qOthersDefault.



  • @KOM:

    The snippet you showed only has DNS and HTTPS traffic, and your rules have those set to go to qOthersHigh.  Something else is being sent to qOthersDefault.

    VPN server listens on port 53 and uses UDP, that was VPN traffic.
    HTTPS was just me looking at google i think, i cant remember where the ip pointed to.

    Is it possible to find out what is being sent to qOthersDefault?



  • Keep sniffing while the queue is active and see which ports are triggering the rule.


Log in to reply