laiyangwuying

About

I faced bandwidth issues between a WG Peer and a WG server. Download bandwidth when downloading from WG Server to WG peer was reduced significantly and upload bandwidth was practically non existent.
I found a few reddit posts that said that we need to choose the right MTU. So I wrote a script to find an optimal MTU.
Ideally I would have liked to have run all possible MTU configurations for both WG Server and WG Peer but for simplicity I choose to fix the WG Server to the original 1420 MTU and tried all MTUs from 1280 to 1500 for the WG Peer.

Testing

On WG server, I started an iperf3 server
On WG peer, I wrote a script that does the following:
- wg-quick down wg0
Edit MTU in the /etc/wireguard/wg0.conf file

Smart Queue

Initial Setup

opkg update
opkg install luci-app-sqm kmod-sched-ctinfo iptables-mod-hashlimit ipset nano

# Install modified layer_cake to sqm-scripts
wget https://gist.githubusercontent.com/heri16/06c94b40f0d30f11e3a82166eca718f3/raw/layer_cake_ct.qos -O /usr/lib/sqm/layer_cake_ct.qos

代理服务器 Cake 队列规则常用参数推荐

注意，BBR 等基于延迟判断发送窗口的拥塞控制算法可能与 AQM 发生冲突！！！对于使用 BBR 的设备，fq 可能还是最好的选择。

为什么选用 Cake

Cake 使用主动队列管理(AQM)技术保持全局同步，可以控制延迟，有效利用宽带。同时它还可以保证每个主机，每个流公平的分享宽带。

使用 Cake 的条件

Cake 与 kernel 4.19 并入主线，因此使用 Cake 需要 kernel 和 iproute2 版本大于 4.19。如何确认 kernel 和 iproute2 版本，以及如何升级本文不做详细说明。

山东济南电信IPTV+OpenWrt配置方法

适用

适用于：

光猫需要有telcomadmin权限
光猫不改桥接
光猫到路由器使用单线连接

	# DNS 配置可自行修改
	port: 7890
	allow-lan: true
	mode: rule
	log-level: info
	unified-delay: true
	global-client-fingerprint: chrome
	dns:
	enable: true
	listen: :53

	# Docs:
	- https://wiki.ubuntu.com/FoundationsTeam/AutomatedServerInstalls
	- https://wiki.ubuntu.com/FoundationsTeam/AutomatedServerInstalls/ConfigReference
	- https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html
	- https://discourse.ubuntu.com/t/please-test-autoinstalls-for-20-04/15250/53

	# Download ISO Installer:
	wget https://ubuntu.volia.net/ubuntu-releases/20.04.3/ubuntu-20.04.3-live-server-amd64.iso

	# Create ISO distribution dirrectory:

	#cloud-config
	autoinstall:
	version: 1
	refresh-installer: # start with an up-to-date installer
	update: yes
	interactive-sections: # Install groups listed here will wait for user input
	- storage
	storage: # should set the interactive default but doesn't seem to work??
	layout:
	name: direct

	# For recent versions of Ubuntu:
	- https://www.pugetsystems.com/labs/hpc/ubuntu-22-04-server-autoinstall-iso/

	# Docs:
	- https://wiki.ubuntu.com/FoundationsTeam/AutomatedServerInstalls
	- https://wiki.ubuntu.com/FoundationsTeam/AutomatedServerInstalls/ConfigReference
	- https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html
	- https://discourse.ubuntu.com/t/please-test-autoinstalls-for-20-04/15250/53

	# Download ISO Installer:

	IPtables DDOS protection :

	In my config i assume the server is not a router and already profit from some filtering by the hosting company on shitty
	networks.

	I have tested this on ubuntu server 18.04 with the kernel 4.15.0-36-generic.

	Protect from malformed packet, ACK FIN RST attack and SYN-flood.
	Flood which profit of TCP-KEEPALIVE (so there a no SYN packet) should be handled by the web server (rate-limit in nginx for
	exemple). Connlimit can also be helpfull to limit the number of connexion per ip.

	#cloud-config
	instance-id: iid-local01
	hostname: cloudimg