Turning on QoS seems to break outbound IKEv2 IPSec traffic.
Steps to reproduce:
- Install TomatoUSB (version below)
- Enable QoS
- Try to establish an outbound IKEv2 VPN connection
The VPN connection never establishes successfully. A Windows 7 client gives a bogus error message about a username/password error. The server on the other end (2008 R2) simply states that there was a timeout negotiating the VPN link.
What does work:
- The exact same connection w/ QoS turned off
- An IPSec/L2TP VPN connection to the same server
- The same connection but run through a router running stock Tomato firmware (an old WRT54g)
Enabling QoS seems to do something to stop the IKEv2 traffic. I tried creating a rule to prioritize IPSec traffic - that didn't work. I also tried fiddling with the various "Basic Settings" on the main QoS page - that didn't help either.
Firmware: Tomato Firmware v1.28.7476 MIPSR2-Toastman-RT K26 USB Ext
Router: Linksys WRT320n