Question about the preconfigured Turris guest network

xturris · June 4, 2024, 8:19pm

Hi everybody,
A “guest_turris” LAN is configured by default in the Turris Omnia. I have activated this via Luci.
Today I noticed the following. When my business notebook is in the Turris guest network and I dial into the company via VPN, I have subterranean performance and disconnections. Although I have a 500/100 connection. But nevertheless shows a speedtest 40-50 MBit download…
When the notebook is in my private “lan” (Turris “lan”), everything is great. I recently got a fiber optic line and since then the problem has been. Previously, with my old “bad” DSL connection with only 3-4 MBit download, the problems were not so extreme.
Is there any explanation for this? Is the guest_turris somehow restricted? I can’t find anything in the configuration.
I’ll just stay in my private lan for now, but I would have been interested to know why such problems exists …

cocturr · June 4, 2024, 9:34pm

Are your tests done with company VPN active in both cases?

Nones · June 5, 2024, 6:34am

There is a choice for QoS in ReForis guest network tag for limiting speed of guest network.

xturris · June 5, 2024, 6:55am

Yes

@Nones
Where can I found the settings? In reForis I have not activated the Guestnet. I did everything over Luci in this case.

EDIT:
Here my network config:

root@turris:/etc/config# cat network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdca:63c4:818e::/48'

config interface 'lan'
	option proto 'static'
	option ip6assign '60'
	option _turris_mode 'managed'
	list ipaddr '192.168.1.1/24'
	option device 'br-lan.11'

config interface 'wan'
	option device 'eth2'
	option proto 'dhcp'
	option ipv6 '0'
	list dns '127.0.0.1'
	option peerdns '0'

config interface 'guest_turris'
	option enabled '1'
	option proto 'static'
	option ipaddr '10.111.222.1'
	option netmask '255.255.255.0'
	option device 'br-lan.22'

config device 'br_guest_turris'
	option name 'br-guest-turris'
	option type 'bridge'
	option bridge_empty '1'

config device 'br_lan'
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan0'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'wan6'
	option device '@wan'
	option proto 'none'
	option auto '0'

config device 'dev_wan'
	option name 'eth2'

config interface 'iot'
	option proto 'static'
	option ipaddr '10.0.0.1'
	option netmask '255.255.255.0'
	option device 'br-lan.33'

config device
	option name 'br-iot'
	option type 'bridge'
	option bridge_empty '1'

config bridge-vlan
	option device 'br-lan'
	option vlan '11'
	list ports 'lan0:t'
	list ports 'lan1:u*'
	list ports 'lan2:u*'
	list ports 'lan3:u*'
	list ports 'lan4:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '22'
	list ports 'lan0:t'
	list ports 'lan4:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '33'
	list ports 'lan0:t'
	list ports 'lan4:t'

Nones · June 6, 2024, 5:16pm

Try to look to the file: /etc/config/sqm

xturris · June 6, 2024, 8:15pm

@Nones
Ok, here the file:

config queue 'eth1'
        option enabled '0'
        option interface 'eth1'
        option download '85000'
        option upload '10000'
        option qdisc 'cake'
        option script 'piece_of_cake.qos'
        option qdisc_advanced '0'
        option ingress_ecn 'ECN'
        option egress_ecn 'ECN'
        option qdisc_really_really_advanced '0'
        option itarget 'auto'
        option etarget 'auto'
        option linklayer 'none'

I have no idea what to look for and what all this means and has to do with the LAN and guest network.

Nones · June 6, 2024, 8:24pm

It looks OK … no restriction for guest wifi network.

xturris · June 7, 2024, 5:12am

Ok thanks. Can I see this “sqm” settings also over the reForis or Luci?
Can you somehow explain the behavior with the guest network? Could Sentinel or firewall settings also have something to do with it? If the Turris settings are correct, could any device in the guest network be causing such problems?

Nones · June 8, 2024, 4:40am

You can see settings of SQM in LuCI.
You have to install “luci-app-sqm” package (this is LuCI interface for the SQM scripts queue management).
Then the SQM settings apppears in LuCI → Network menu.

moeller0 · June 9, 2024, 5:44am

This shows that sqm is not enabled…

xturris · June 9, 2024, 1:28pm

I never seem to have used it. Do you recommend that I install it and configure it if necessary? But that probably has nothing to do with my original problem.

In the meantime I had configured the guest network exactly the same as the LAN in terms of firewall, zones etc. There are still massive problems with dial-in via VPN at the employer via the guest network.