As big fan of the OpenWRT based routers and long time user of my Asus RT-N16 with Toastman Tomato USB firmware, the Turris Omnia caugt my eye.
Now my RT-N16 died two weeks ago and the Omnia was finally available. So I went and bought it.
I consider myself a poweruser/tweaker but I prefer to do everything in GUI.
So for you guys working with command line is probably considered a noob.
After a week of tweaking and testing I’m getting a quite sad about the Omina, especially since its way more expensive then an Asus router and I’m missing so much that’s already in the Tomato/OpenWRT project present.
So, I hope you guy can clear something up for me, the following functionality I’m missing:
NAS GUI -> I’m forced to go into command line to configure all the Samba shares
Acces Restriction GUI based on:
a. Level 7 packet inspection (block P2P traffic)
b. Keyword
c. Websites / ip address
d. MAC address
A good configurable QoS with rules (SipleQOS is not cutting it on my network, and yes I have read all the discussions on wondershaper, pie/cake), whatever option I choose, it’s not able to see the difference between streaming (Netflix, youtube, etc), VOIP/Skype, DNS, Downloading, P2P, Webbrowsing etc. So once Steam is updating on my computer my NAS is downloading something, all other computers will then stall (netfilx and voip)
a. Configurable QoS with based on:
i. Port number(s)
ii. Protocol (Layer 7)
iii See here:
Setting up OpenDNS for content filtering with rebind protection in GUI (block all P2P acces)
(and yes I have read about the DNS Sec problem, so setting up an alternative in that case)
Traffic usage trackers and graphs (per IP). I know the functionality is there, but implementing it is the trick.
I don’t really understand why to leave such functions that make a router so much more powerfull for many users out of (it and) its GUI, when it’s already present in other open firmwares and most windows users have zero experience in commandline…
So what is my main question (to the moderator / Omnia dev team)?
I believe in your statements and I’m super grateful for this project, but… Will It ever incorporate such features in this router? Can I wait for that, I will this ever stay a command line only router?
If the latter, this router is very sadly not for me and I will send it back a.s.a.p and go for the Tomato based ones.
Have you tried actually tried the new modes for cake that promise per-internal-host-IP fairness? That will still not solve the problem on individual hosts that ere concurrently used for steam downloads and web browsing, but it at least should make your steam machine and NAS share internet bandwidth better with other internal computers. If you have tried that (the keywords are “nat dual-srchost” on egress and “nat dual-dsthost” on ingress) and it failed please let me know… If that does not work maybe try qos-scripts instead of sqm-scripts, as your usecase detailed configuration of QOS is not the goal of sqm-scripts; sqm-scripts aims to create a n AQM/QOS system with minimal settings that will most of the time for most people do the right thing…
Well, unfortunately I tried all possible options in GUI… I refuse to go into commandline.
The one thing a router sould be best at is routing, so bad QoS it really killing its router part compared to other OpenSource projects… I’m returning the router this week (the 14 day limit) and going to switch to a Netgear Nighthawk R7000 with Tomato firmware.
I hope one day the Turris project will mature enough to truly compete with all the other Open Source projects!
Sorry, I have 14 days for this router for refund and I really need good QoS. So back to a Tomato firmware router.
If Tomato can do it (good QoS and GUI),then I hope that one day Turris can do it as well!!!
Just have a loop here: http://toastmanfirmware.yolasite.com/
??? I do not want to sound impolite, but did I mention the CLI? I asked whether you tested cake with specific options or not. I take it you response is an indirect, “no I did not try” rather than “I tried and it did not work”. In case I am correct, I would like to offer my help in configuring cake from inside the SQM gui so that you can test the mentioned mode. I can not guarantee that this will work for your use case, but I would be interested to learn whether it does.
Please note I am only a omnia user and hence am impartial to your other issues. I am a helping hand at sqm-scripts development and with my sqm-scripts hat on, I really would like to know whether we can offer performance inside our goal of keeping configuration simple/basic that comes close to what you used to use with tomato, namely L7 and port specific QOS configuration.
Really appreciated, and yes, I googled a lot for these settings in Cake and both Cake and SimpleQoS are not cutting it.
An old slow Asus RT-N16 was powerfull enough to with only 25% load route traffic of many users while all were still able to do there things (Skype, Netflix, gaming with 17-23ms Ping) whlie almost completely killing illegal P2P using OpenDNS and L-7 filters. Now my RT-N16 broke down so for me it was only logic to go for the Omnia. I spend 2 full day’s in trying everything, but every time I had to go into the commandline. This for me is just to much work/time consuming and something I did not grow up with. So for me it should be possible in GUI only and somehow I cant get it to work. The QoS will devide bandwith between users, but cannot tell Steam network and VPN traffc properly (wich can be port assigned), and using multiple services on one computer will make Steam again win. So I coul throttle Steam on the computer itself. But like Toasman writes, I have to provide equal and good internet experience to manny other rooms and block the illegal activities if possible, all inside the router. And no I dont want to sound rude, I just gave up… Sorry. Maybe in a few years the Turris project will be there?!
So, did you just google or did you actually test? And specifically did you test layer_cake with “nat dual-dsthost” added to ingress and “nat dual-srchost” added to egress?
I am not doubting that sqm-script might not be “cutting it” for your use-case, I just want to figure out whether you have hard data showing this or not?
EDIT: I am also not in the business to convince you to stick to the omnia, for all I know your requirements are better served by tomato; I am only responding as I wanted to get more real world data on whether the new cake modifications work as expected or not.
How did you separate legel P2P from illegap P2P? As far as I can tell this seems almost impossible short of knowing the legal status of exchanged files in the jurisdiction you live in?[quote=“Dutch87, post:7, topic:3302”]
The QoS will devide bandwith between users, but cannot tell Steam network and VPN traffc properly (wich can be port assigned), and using multiple services on one computer will make Steam again win.
[/quote]
I am confused, with per-internal host fairness you have solved the “equal and good internet experience” requirements in my eyes. If a user prefers to run an unmanaged steam client on his IP address the only one feeling the pain would be that user. But I guess I have no idea which guarantees you make to your users, so my opinion really is just that an random stranger’s opinion on the internet.
-yes i did try the “dual dsthost”, not the other one…
-It’s better to not have the legal-illegal p2p discussion here, I kown downloading Ubuntu using Torrent is more load friendly for them and perfectly legal. Lets say the internet is on my name and Dutch law is such that I get in big trouble if someone else is downloading/uploading copyrighted material. So to not take any chanes al P2P traffic is blocked on or grinded to 0,1KB/s on my network (Tomato even has a Captive portal to let the user agree on the terms) (using OpenDNS filter with DNS rebind protection, L-7 filter, keywords, common domains/IP and QoS to put Unkown UDP traffic that uses very high port numbers on 0.1 KB/s).I can only imagine other people that have to share their internet connection in countries with these law’s would like this kind of protection. Or in buisnesses where emplyees are wasting time using Facebook and whatsapp while the boss is paying… etc etc
-It was not able to classyfy my Steam downloads at all, it was prioritized a lot strangely on the whole network. Still, other people would nag me if they are downloading something and watching netflix or using skype and it would stutter as if I or someone else would be the cause… Tomato was able to prevent this at Router level. This week is giving me already enough troubles as it is… Also page fetching feels much slower with the Omnia compared to my RT-N16.
So I dont know what kind of magic Toastman is doing with Tomato’s QoS, but I can only say, check it out! It works on very old routers seamlessly! (just some outdated L-7 filters see here http://l7-filter.sourceforge.net/). For now, I’m not able to support the Turris project in any wayother then pointing this out and donating money… This router is just too complex for me…
Well, dual-dsthost on ingress really wants dual-srchost on egress as otherwise you can get contention on the ACK return path that is not per-internal-IP fair. And you need the nat option as otherwise all packets have the same dsthost address the external IPv4 address of your router, in that case the dual isolation potion does not offer anything above the normal flow-fairness…
So my offer stands, if you are still willing to test that I am willing to help you get it configured as correctly as I can. (I realize that this is time consuming and you already sunk too much time into the omnia as is, so “no” is a perfectly fine answer for whether you are willing to test that again.)
Good point, but it turns out that all you want is to reign into P2P irrespective of the legality and that is a different question that to reign in on illegal P2P traffic. And your question has technical answers (and the non-technical issues are between you and your users).
Well, sqm-scripts and cake do not even attempt to single out steam or other traffic (except for boosting sparse flows in general). The idea would be to use DSCPs to mark different priority classes based on whatever (I admit we punt this off to the user) and push steam and friends into the background tin.
This might be related to the DNS setup you are using, but I am guessing here… (not my area of expertise)
Well, if that works for you, great at least you have a viable strategy back to reliably working router.
Thank you very much indeed for your kind offer and effort!
Although I’m going to decline. The router is going back to the shop for refund.
I’ll have to make due with the Nighthawk R7000 using Toastman’s Tomato.
Like I said I can only hope one day the Turris project will be as user friendly as a Tomato or Synology GUI and will out preform them in every way! Until then its the most complex, powerfull and probrably secure router out there perfect for people that really really know what they are doing and command line is their bread and butter (should be added in the commercial :p)
I’d like to chip in that I really miss an option to prioritize certain traffic flows and clients. I’m guessing a large download, a windows update and a Netflix stream will get the same handling using this system, but the have completely different requirements.
??? So layer_cake.qos (and simple.qos for that matter) will look at the DSCP field in the IP header to sort data packets into different priority tiers. All you need to do is make sure the packets are appropriately DSCP marked. BUt more importantly, you do not need to guess, just test it and feel free to come back with real data under your belt. It is so much easier to discuss real data than intuition… And to nitpick, as fa as I can tell neither of the 3 flows you compare has any inherent requirements, it is rather that the user might prefer different policies of how to treat those. SQM-scripts goal was never to create the ultimate fine-grained QOS configuration machine, but rather to allow to develop a (or rather a small set of) script that will set-up and AQM/QOS system that rquires minimal input /configuration from the user while mostly doing the right thing. It seems that you want something else (nothing bad with that wish) so maybe sqm-scripts is not the right toll for you. But please before you decide that, just go and try it, maybe it will be good enough? Especially the recently added combination of IPv4-deNATing and dual isolation options allows effectively to set up by-internal-IP-fairness that, while not being ideal, seems to help a lot of users to achieve a network in which machine A’s large download will not interfere unduly with another machines Netflix stream (as long as there is enough bandwidth). Note that if you want the download and netflix work nicely on the same host this will not help you much…