crisman wrote:
is it supposed to work with 2 wans having the same gateway address?
No
Topic: New package: mwan2; testers wanted.
The content of this topic has been archived between 31 Mar 2018 and 27 Apr 2018. Unfortunately there are posts – most likely complete pages – missing.
Page 8 of 14
ok, any plan to add that feature? is it a limitation in openwrt? thanks
I'd like to get that feature in, but you'll have to help me with that. Can you show me your routing table and your network config when both your wan connections are up (before installing mwan2)?
(Last edited by Adze on 17 Jun 2012, 14:02)
Thank you Adze! This script actually works. I've never been able to get my buffalo wzr-hp-ag300h to work with multiwan (though that may be a function of my limited network administration knowledge), but here load balancing is actually happening. Thank you, keep up the good work!
alan614 - any config you could share on the wzr-hp-ag300h would be welcome.
I can get dual wan ports setup with static IP's, but when I install the mwan2 package and configure, nothing sems to happen. Point a client out to the Internet via the router and I cannot reach any websites.
Turn off mwan2 and which ever WAN connection I set the lower routing matrix number on is used and works fine.
I don't seem to be able to understand what the issue is...
Also - do you have QoS working alongside the mwan2 package? That is what I am hoping to achieve.
Regards
Paul Adams
Hi padams,
Maybe i can help... could you post me your firewall network and mwan2 config? And maybe could you also post the outcome of "ip rule list", "route -n", "iptables -L -t mangle -v -n" and "ip route list table 3"?
Thanks.
Thank you.
Firewall
config defaults
option input 'DROP'
option forward 'REJECT'
option output 'ACCEPT'
option syn_flood '1'
option drop_invalid '1'
config zone
option name 'local'
option network 'lan'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
config zone
option name 'internet'
option network 'wan wan2'
option input 'DROP'
option forward 'DROP'
option output 'ACCEPT'
option masq '1'
config forwarding
option src 'local'
option dest 'internet'
config include
option path '/etc/firewall.user'
Network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
option ifname 'eth0.1'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option _orig_ifname 'eth0'
option _orig_bridge 'true'
option dns '10.10.10.38'
option ipaddr '10.10.10.38'
config interface 'wan'
option ifname 'eth1'
option _orig_ifname 'eth1'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '96.53.67.50'
option gateway '96.53.67.49'
option dns '64.59.144.18 64.59.144.19'
option netmask '255.255.255.252'
option apn 'internet'
option defaultroute '0'
config switch
option name 'eth0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'eth0'
option vlan '1'
option ports '0t 2 3 4'
config switch_vlan
option device 'eth0'
option vlan '2'
option ports '0t 1'
config interface 'wan2'
option ifname 'eth0.2'
option _orig_ifname 'eth0.2'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '204.244.82.18'
option gateway '204.244.82.17'
option dns '204.244.3.130 204.244.3.129'
option netmask '255.255.255.248'
option apn 'internet'
option defaultroute '0'
config route
option interface 'wan'
option target '0.0.0.0'
option netmask '0.0.0.0'
option metric '10'
config route
option interface 'wan2'
option target '0.0.0.0'
option netmask '0.0.0.0'
option metric '20'
mwan2
config 'interface' 'wan'
option 'enabled' '1'
option 'metric' '1'
option 'weight' '1'
option 'track_ip' 'mail.pchtg.ca'
option 'count' '1'
option 'timeout' '2'
option 'interval' '5'
option 'down' '3'
option 'up' '8'
config 'interface' 'wan2'
option 'enabled' '1'
option 'metric' '1'
option 'weight' '1'
option 'track_ip' 'mail.pchtg.ca'
option 'count' '1'
option 'timeout' '2'
option 'interval' '5'
option 'down' '3'
option 'up' '8'
config 'rule'
option 'src_ip' '10.10.10.0/24'
#option 'proto' 'tcp'
#option 'dest_port' '995'
option 'equalize' '1'
list 'use_interface' 'wan'
list 'use_interface' 'wan2'
config 'rule'
option 'dest_ip' '0.0.0.0/0'
#option 'equalize' '1'
list 'use_interface' 'wan'
list 'use_interface' 'wan2'
IP rule list:
root@TestRouter:~# ip rule list
0: from all lookup local
192: from 96.53.67.50 fwmark 0x0/0x8000 lookup 1
256: from all fwmark 0x100/0xff00 lookup 1
258: from all fwmark 0x300/0xff00 lookup 3
32766: from all lookup main
32767: from all lookup default
route -n
root@TestRouter:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 10 0 0 eth1
0.0.0.0 0.0.0.0 0.0.0.0 U 20 0 0 eth0.2
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
96.53.67.48 0.0.0.0 255.255.255.252 U 0 0 0 eth1
204.244.82.16 0.0.0.0 255.255.255.248 U 0 0 0 eth0.2
iptables -L -t mangle -v -n
root@TestRouter:~# iptables -L -t mangle -v -n
Chain PREROUTING (policy ACCEPT 3859 packets, 367K bytes)
pkts bytes target prot opt in out source destination
5092 481K mwan2_pre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 3832 packets, 363K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 5157 packets, 2076K bytes)
pkts bytes target prot opt in out source destination
6871 3056K mwan2_pre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 5157 packets, 2076K bytes)
pkts bytes target prot opt in out source destination
6870 3056K mwan2_post all -- * * 0.0.0.0/0 0.0.0.0/0
Chain mwan2_default (1 references)
pkts bytes target prot opt in out source destination
93 16848 MARK all -- * * 0.0.0.0/0 224.0.0.0/3 mark match !0x8000/0x8000 MARK or 0x8000
6942 2963K MARK all -- * * 0.0.0.0/0 10.10.10.0/24 mark match !0x8000/0x8000 MARK or 0x8000
2336 214K MARK all -- * * 0.0.0.0/0 96.53.67.48/30 mark match !0x8000/0x8000 MARK or 0x8000
8 732 MARK all -- * * 0.0.0.0/0 204.244.82.16/29 mark match !0x8000/0x8000 MARK or 0x8000
Chain mwan2_post (1 references)
pkts bytes target prot opt in out source destination
1168 74456 MARK all -- * eth1 0.0.0.0/0 0.0.0.0/0 mark match !0x8000/0x8000 MARK xset 0x100/0xff00
5255 2953K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x8000/0x8000 MARK and 0xffff7fff
6870 3056K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save mask 0xff00
Chain mwan2_pre (2 references)
pkts bytes target prot opt in out source destination
11963 3537K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore mask 0xff00
0 0 MARK all -- eth1 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x8100/0xff00
4 240 MARK all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x8200/0xff00
11959 3537K mwan2_default all -- * * 0.0.0.0/0 0.0.0.0/0 mark match !0x8000/0x8000
1651 105K mwan2_rules all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xff00
Chain mwan2_rules (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 10.10.10.0/24 0.0.0.0/0 mark match 0x0/0xff00 MARK xset 0x300/0xff00
1275 81300 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xff00 MARK xset 0x300/0xff00
ip route list table 3
root@TestRouter:~# ip route list table 3
default dev eth1 metric 1
Thank you in advance for your help.
Regards
Paul Adams
Please try the following network config:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
option ifname 'eth0.1'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option _orig_ifname 'eth0'
option _orig_bridge 'true'
#option dns '10.10.10.38' <- This does not mean advertise this as dns server on lan, but overrides dns settings for lookups.
option ipaddr '10.10.10.38'
config interface 'wan'
option ifname 'eth1'
option _orig_ifname 'eth1'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '96.53.67.50'
option gateway '96.53.67.49'
option dns '64.59.144.18 64.59.144.19'
option netmask '255.255.255.252'
#option apn 'internet'
option metric '10'
#option defaultroute '0'
config switch
option name 'eth0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'eth0'
option vlan '1'
option ports '0t 2 3 4'
config switch_vlan
option device 'eth0'
option vlan '2'
option ports '0t 1'
config interface 'wan2'
option ifname 'eth0.2'
option _orig_ifname 'eth0.2'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '204.244.82.18'
option gateway '204.244.82.17'
option dns '204.244.3.130 204.244.3.129'
option netmask '255.255.255.248'
#option apn 'internet'
option metric '20'
#option defaultroute '0'Also try to comment out the track_ip option in the mwan2 config at first or use an ip address to prevent lookup problems.
Then reboot, wait a moment for all interfaces to settle, and then post the outcome of "iptables -L -t mangle -v -n" and "ip route list table 3" again please.
(Last edited by Adze on 18 Jun 2012, 21:21)
Thanks - I got confused looking at examples.
OK - changes made, track IP set to thier gateways for each interface, rebooted.
Here's the resutls of the 2 commands below...
root@TestRouter:~# iptables -L -t mangle -v -n
Chain PREROUTING (policy ACCEPT 960 packets, 97064 bytes)
pkts bytes target prot opt in out source destination
1064 112K mwan2_pre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 949 packets, 88110 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1284 packets, 991K bytes)
pkts bytes target prot opt in out source destination
1394 1024K mwan2_pre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 1284 packets, 991K bytes)
pkts bytes target prot opt in out source destination
1393 1024K mwan2_post all -- * * 0.0.0.0/0 0.0.0.0/0
Chain mwan2_default (1 references)
pkts bytes target prot opt in out source destination
21 11050 MARK all -- * * 0.0.0.0/0 224.0.0.0/3 mark match !0x8000/0x8000 MARK or 0x8000
2057 1061K MARK all -- * * 0.0.0.0/0 10.10.10.0/24 mark match !0x8000/0x8000 MARK or 0x8000
72 7488 MARK all -- * * 0.0.0.0/0 96.53.67.48/30 mark match !0x8000/0x8000 MARK or 0x8000
29 2436 MARK all -- * * 0.0.0.0/0 204.244.82.16/29 mark match !0x8000/0x8000 MARK or 0x8000
Chain mwan2_post (1 references)
pkts bytes target prot opt in out source destination
36 2736 MARK all -- * eth1 0.0.0.0/0 0.0.0.0/0 mark match !0x8000/0x8000 MARK xset 0x100/0xff00
20 1491 MARK all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 mark match !0x8000/0x8000 MARK xset 0x200/0xff00
1304 1015K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x8000/0x8000 MARK and 0xffff7fff
1393 1024K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save mask 0xff00
Chain mwan2_pre (2 references)
pkts bytes target prot opt in out source destination
2458 1137K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore mask 0xff00
0 0 MARK all -- eth1 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x8100/0xff00
46 6570 MARK all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x8200/0xff00
2412 1130K mwan2_default all -- * * 0.0.0.0/0 0.0.0.0/0 mark match !0x8000/0x8000
73 5267 mwan2_rules all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xff00
Chain mwan2_rules (1 references)
pkts bytes target prot opt in out source destination
root@TestRouter:~# ip route list table 3
default metric 1
nexthop via 96.53.67.49 dev eth1 weight 1
nexthop via 204.244.82.17 dev eth0.2 weight 1
The "wan" connection is currently unplugged as that IP is in use on the live network, but the wan2 interface is connected and correct. I assume this should not matter because in the even of the 'wan' interface failing, 'wan2' should get all the traffic anyway.
Thanks again
Paul Adams
Looks alot better 
. You are only missing a default rule (but this could be from not completely C/P the output). Make sure you have at least one mwan2 rule configured.
And indeed, all traffic should pass wan2 in the event that wan fails.
Does it work OK now ?
No. Use the ping tool from luci - all pings fail. Use the router as a default gateway out for a client - cannot get to google.
BUT - change the metric's around (wan now = 20 and wan2 now = 10), reboot, works fine.
Change it back, does not work.
It's as if mwan2 is not running at all - like OpenWRT is not using it???
Paul
padams wrote:
It's as if mwan2 is not running at all - like OpenWRT is not using it???
Maybe you are right. Could you please check if mark value is set "cat /proc/net/nf_conntrack":
root@mars:~# cat /proc/net/nf_conntrack
ipv4 2 icmp 1 22 src=82.170.123.114 dst=8.8.8.8 type=8 code=0 id=5249 packets=1 bytes=84 src=8.8.8.8 dst=82.170.123.114 type=0 code=0 id=5249 packets=1 bytes=84 mark=256 use=2
ipv4 2 tcp 6 22 TIME_WAIT src=192.168.33.9 dst=2.22.233.34 sport=55447 dport=80 packets=4 bytes=220 src=2.22.233.34 dst=82.170.123.114 sport=80 dport=55447 packets=2 bytes=112 [ASSURED] mark=256 use=2
ipv4 2 icmp 1 17 src=192.168.33.2 dst=8.8.4.4 type=8 code=0 id=9445 packets=1 bytes=84 src=8.8.4.4 dst=82.170.123.114 type=0 code=0 id=9445 packets=1 bytes=84 mark=256 use=2
ipv4 2 tcp 6 82 TIME_WAIT src=192.168.33.9 dst=87.233.15.240 sport=55440 dport=80 packets=12 bytes=2485 src=87.233.15.240 dst=82.170.123.114 sport=80 dport=55440 packets=8 bytes=1352 [ASSURED] mark=256 use=2
ipv6 10 udp 17 33 src=fe80:0000:0000:0000:4a5d:60ff:fee3:624b dst=2001:0610:064d:0001:0000:0000:0000:0003 sport=31466 dport=53 packets=1 bytes=71 [UNREPLIED] src=2001:0610:064d:0001:0000:0000:0000:0003 dst=fe80:0000:0000:0000:4a5d:60ff:fee3:624b sport=53 dport=31466 packets=0 bytes=0 mark=0 use=2
ipv4 2 tcp 6 53 CLOSE_WAIT src=192.168.33.9 dst=188.40.166.25 sport=55498 dport=80 packets=7 bytes=1866 src=188.40.166.25 dst=82.170.123.114 sport=80 dport=55498 packets=5 bytes=584 [ASSURED] mark=256 use=2
ipv4 2 icmp 1 7 src=82.170.123.114 dst=8.8.8.8 type=8 code=0 id=5236 packets=1 bytes=84 src=8.8.8.8 dst=82.170.123.114 type=0 code=0 id=5236 packets=1 bytes=84 mark=256 use=2
ipv4 2 tcp 6 53 CLOSE_WAIT src=192.168.33.9 dst=188.40.166.25 sport=55496 dport=80 packets=11 bytes=3532 src=188.40.166.25 dst=82.170.123.114 sport=80 dport=55496 packets=8 bytes=1188 [ASSURED] mark=256 use=2
ipv4 2 icmp 1 13 src=192.168.34.3 dst=8.8.4.4 type=8 code=0 id=5242 packets=1 bytes=84 src=8.8.4.4 dst=192.168.34.3 type=0 code=0 id=5242 packets=1 bytes=84 mark=512 use=2
ipv4 2 tcp 6 102 TIME_WAIT src=192.168.33.9 dst=188.64.64.61 sport=55527 dport=80 packets=14 bytes=2091 src=188.64.64.61 dst=82.170.123.114 sport=80 dport=55527 packets=16 bytes=15865 [ASSURED] mark=256 use=2
ipv4 2 tcp 6 3487 ESTABLISHED src=192.168.33.9 dst=216.137.59.174 sport=55455 dport=80 packets=4 bytes=712 src=216.137.59.174 dst=82.170.123.114 sport=80 dport=55455 packets=3 bytes=526 [ASSURED] mark=256 use=2
ipv4 2 tcp 6 52 TIME_WAIT src=192.168.33.9 dst=213.239.154.20 sport=55483 dport=80 packets=20 bytes=1791 src=213.239.154.20 dst=82.170.123.114 sport=80 dport=55483 packets=18 bytes=19127 [ASSURED] mark=256 use=2Hmmm - I see a lot of mark = 0 in my output...
Paul
root@TestRouter:~# cat /proc/net/nf_conntrack
ipv4 2 udp 17 43 src=10.10.10.12 dst=10.10.10.255 sport=137 dport=137 packets=6 bytes=468 [UNREPLIED] src=10.10.10.255 dst=10.10.10.12 sport=137 dport=137 packets=0 bytes=0 mark=0 use=2
ipv4 2 icmp 1 29 src=204.244.82.18 dst=204.244.82.17 type=8 code=0 id=3838 packets=1 bytes=84 src=204.244.82.17 dst=204.244.82.18 type=0 code=0 id=3838 packets=1 bytes=84 mark=0 use=2
ipv4 2 udp 17 3 src=204.244.82.18 dst=66.254.57.165 sport=57154 dport=123 packets=1 bytes=76 src=66.254.57.165 dst=204.244.82.18 sport=123 dport=57154 packets=1 bytes=76 mark=512 use=2
ipv4 2 icmp 1 14 src=204.244.82.18 dst=204.244.82.17 type=8 code=0 id=3819 packets=1 bytes=84 src=204.244.82.17 dst=204.244.82.18 type=0 code=0 id=3819 packets=1 bytes=84 mark=0 use=2
ipv4 2 udp 17 50 src=10.10.10.128 dst=10.10.10.255 sport=137 dport=137 packets=9 bytes=702 [UNREPLIED] src=10.10.10.255 dst=10.10.10.128 sport=137 dport=137 packets=0 bytes=0 mark=0 use=2
ipv4 2 tcp 6 3599 ESTABLISHED src=10.10.10.59 dst=10.10.10.38 sport=50417 dport=22 packets=32 bytes=3176 src=10.10.10.38 dst=10.10.10.59 sport=22 dport=50417 packets=33 bytes=10262 [ASSURED] mark=0 use=2
ipv4 2 udp 17 15 src=10.10.10.163 dst=10.10.10.255 sport=138 dport=138 packets=1 bytes=229 [UNREPLIED] src=10.10.10.255 dst=10.10.10.163 sport=138 dport=138 packets=0 bytes=0 mark=0 use=2
ipv4 2 udp 17 59 src=10.10.10.125 dst=10.10.10.255 sport=137 dport=137 packets=3 bytes=234 [UNREPLIED] src=10.10.10.255 dst=10.10.10.125 sport=137 dport=137 packets=0 bytes=0 mark=0 use=2
ipv4 2 udp 17 39 src=204.244.82.18 dst=208.83.212.8 sport=47322 dport=123 packets=1 bytes=76 src=208.83.212.8 dst=204.244.82.18 sport=123 dport=47322 packets=1 bytes=76 mark=512 use=2
ipv4 2 udp 17 58 src=10.10.10.125 dst=255.255.255.255 sport=68 dport=67 packets=1 bytes=328 [UNREPLIED] src=255.255.255.255 dst=10.10.10.125 sport=67 dport=68 packets=0 bytes=0 mark=0 use=2
ipv4 2 udp 17 38 src=10.10.10.9 dst=10.10.10.255 sport=137 dport=137 packets=1 bytes=78 [UNREPLIED] src=10.10.10.255 dst=10.10.10.9 sport=137 dport=137 packets=0 bytes=0 mark=0 use=2
ipv4 2 udp 17 55 src=10.10.10.153 dst=10.10.10.255 sport=138 dport=138 packets=1 bytes=229 [UNREPLIED] src=10.10.10.255 dst=10.10.10.153 sport=138 dport=138 packets=0 bytes=0 mark=0 use=2
ipv4 2 udp 17 5 src=204.244.82.18 dst=67.212.74.220 sport=48608 dport=123 packets=1 bytes=76 src=67.212.74.220 dst=204.244.82.18 sport=123 dport=48608 packets=1 bytes=76 mark=512 use=2
ipv4 2 icmp 1 24 src=204.244.82.18 dst=204.244.82.17 type=8 code=0 id=3833 packets=1 bytes=84 src=204.244.82.17 dst=204.244.82.18 type=0 code=0 id=3833 packets=1 bytes=84 mark=0 use=2
ipv4 2 udp 17 35 src=204.244.82.18 dst=66.254.57.165 sport=46849 dport=123 packets=1 bytes=76 src=66.254.57.165 dst=204.244.82.18 sport=123 dport=46849 packets=1 bytes=76 mark=512 use=2
ipv4 2 udp 17 32 src=204.244.82.18 dst=66.96.30.35 sport=40351 dport=123 packets=1 bytes=76 src=66.96.30.35 dst=204.244.82.18 sport=123 dport=40351 packets=1 bytes=76 mark=512 use=2
ipv4 2 icmp 1 9 src=204.244.82.18 dst=204.244.82.17 type=8 code=0 id=3815 packets=1 bytes=84 src=204.244.82.17 dst=204.244.82.18 type=0 code=0 id=3815 packets=1 bytes=84 mark=0 use=2
ipv4 2 udp 17 19 src=10.10.10.132 dst=10.10.10.255 sport=138 dport=138 packets=1 bytes=229 [UNREPLIED] src=10.10.10.255 dst=10.10.10.132 sport=138 dport=138 packets=0 bytes=0 mark=0 use=2
ipv4 2 udp 17 37 src=204.244.82.18 dst=67.212.74.220 sport=50853 dport=123 packets=1 bytes=76 src=67.212.74.220 dst=204.244.82.18 sport=123 dport=50853 packets=1 bytes=76 mark=512 use=2
ipv4 2 udp 17 52 src=10.10.10.30 dst=10.10.10.255 sport=42637 dport=3052 packets=36 bytes=18252 [UNREPLIED] src=10.10.10.255 dst=10.10.10.30 sport=3052 dport=42637 packets=0 bytes=0 mark=0 use=2
ipv4 2 udp 17 50 src=10.10.10.152 dst=255.255.255.255 sport=68 dport=67 packets=1 bytes=341 [UNREPLIED] src=255.255.255.255 dst=10.10.10.152 sport=67 dport=68 packets=0 bytes=0 mark=0 use=2
ipv4 2 udp 17 7 src=204.244.82.18 dst=208.83.212.8 sport=33059 dport=123 packets=1 bytes=76 src=208.83.212.8 dst=204.244.82.18 sport=123 dport=33059 packets=1 bytes=76 mark=512 use=2
ipv4 2 tcp 6 3544 ESTABLISHED src=10.10.10.59 dst=78.24.191.177 sport=50410 dport=443 packets=11 bytes=1478 src=78.24.191.177 dst=204.244.82.18 sport=443 dport=50410 packets=15 bytes=15515 [ASSURED] mark=512 use=2
ipv4 2 udp 17 35 src=10.10.10.156 dst=10.10.10.255 sport=138 dport=138 packets=1 bytes=229 [UNREPLIED] src=10.10.10.255 dst=10.10.10.156 sport=138 dport=138 packets=0 bytes=0 mark=0 use=2
ipv4 2 udp 17 47 src=10.10.10.21 dst=10.10.10.255 sport=138 dport=138 packets=1 bytes=229 [UNREPLIED] src=10.10.10.255 dst=10.10.10.21 sport=138 dport=138 packets=0 bytes=0 mark=0 use=2
ipv4 2 tcp 6 3540 ESTABLISHED src=10.10.10.59 dst=78.24.191.177 sport=50411 dport=443 packets=7 bytes=780 src=78.24.191.177 dst=204.244.82.18 sport=443 dport=50411 packets=7 bytes=5302 [ASSURED] mark=512 use=2
ipv4 2 icmp 1 19 src=204.244.82.18 dst=204.244.82.17 type=8 code=0 id=3824 packets=1 bytes=84 src=204.244.82.17 dst=204.244.82.18 type=0 code=0 id=3824 packets=1 bytes=84 mark=0 use=2
ipv4 2 icmp 1 4 src=204.244.82.18 dst=204.244.82.17 type=8 code=0 id=3811 packets=1 bytes=84 src=204.244.82.17 dst=204.244.82.18 type=0 code=0 id=3811 packets=1 bytes=84 mark=0 use=2
ipv4 2 unknown 2 495 src=10.10.10.3 dst=224.0.0.1 packets=14 bytes=448 [UNREPLIED] src=224.0.0.1 dst=10.10.10.3 packets=0 bytes=0 mark=0 use=2
ipv4 2 udp 17 0 src=10.10.10.135 dst=10.10.10.255 sport=137 dport=137 packets=3 bytes=234 [UNREPLIED] src=10.10.10.255 dst=10.10.10.135 sport=137 dport=137 packets=0 bytes=0 mark=0 use=2
ipv4 2 udp 17 53 src=10.10.10.128 dst=10.10.10.255 sport=138 dport=138 packets=4 bytes=817 [UNREPLIED] src=10.10.10.255 dst=10.10.10.128 sport=138 dport=138 packets=0 bytes=0 mark=0 use=2
padams wrote:
Hmmm - I see a lot of mark = 0 in my output...
Output looks OK!... What strikes me is the output of "ip route list table 3" you posted earlier:
padams wrote:
root@TestRouter:~# ip route list table 3
default metric 1
nexthop via 96.53.67.49 dev eth1 weight 1
nexthop via 204.244.82.17 dev eth0.2 weight 1
This indicates that both links are alive.. Which is not the case. The track function should bring it down if it is not reachable...
You can manually trigger hotplug to bring interfaces up or down by:
ACTION=ifup DEVICE=eth1 INTERFACE=wan /sbin/hotplug-call iface
ACTION=ifdown DEVICE=eth0.2 INTERFACE=wan2 /sbin/hotplug-call iface(Last edited by Adze on 18 Jun 2012, 23:05)
Yes - I agree, the 'WAN' link should be shutting down.
Tried the command - gave an error, so I tried just /sbin/hotplug-call eth1
And the system log shows:
Jun 18 15:16:58 TestRouter user.notice ifup: Enabling Router Solicitations on wan (eth1)
Jun 18 15:16:58 TestRouter user.notice root: mwan2: Adding rules for interface wan (eth1)
Jun 18 15:16:59 TestRouter user.info firewall: removing wan (eth1) from zone internet
Jun 18 15:16:59 TestRouter user.info firewall: adding wan (eth1) to zone internet
Jun 18 15:17:17 TestRouter user.notice ifup: Enabling Router Solicitations on wan (eth1)
Jun 18 15:17:17 TestRouter user.notice root: mwan2: Adding rules for interface wan (eth1)
Jun 18 15:17:18 TestRouter user.info firewall: removing wan (eth1) from zone internet
Jun 18 15:17:18 TestRouter user.info firewall: adding wan (eth1) to zone internet
Jun 18 15:18:08 TestRouter user.notice ifup: Enabling Router Solicitations on wan (eth1)
Jun 18 15:18:08 TestRouter user.notice root: mwan2: Adding rules for interface wan (eth1)
Jun 18 15:18:09 TestRouter user.info firewall: removing wan (eth1) from zone internet
Jun 18 15:18:09 TestRouter user.info firewall: adding wan (eth1) to zone internet
Regards
Paul
(Last edited by padams on 18 Jun 2012, 23:27)
Will get back to you...
(Last edited by Adze on 18 Jun 2012, 23:31)
padams wrote:
Tried the command - gave an error
This is probably where it goes wrong, because mwan2 relies on this command to work... What kind of error?
padams wrote:
alan614 - any config you could share on the wzr-hp-ag300h would be welcome.
I can get dual wan ports setup with static IP's, but when I install the mwan2 package and configure, nothing sems to happen. Point a client out to the Internet via the router and I cannot reach any websites.
Turn off mwan2 and which ever WAN connection I set the lower routing matrix number on is used and works fine.
I don't seem to be able to understand what the issue is...
Also - do you have QoS working alongside the mwan2 package? That is what I am hoping to achieve.
Regards
Paul Adams
I'm on attitude adjustment r32130
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
option ifname 'eth0.1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
option peerdns '0'
option dns '8.8.8.8 8.8.4.4'
option metric '10'
config switch
option name 'eth0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'eth0'
option vlan '1'
option ports '0t 2 3 4'
config switch_vlan
option device 'eth0'
option vlan '2'
option ports '0t 1'
config interface 'wan2'
option ifname 'eth0.2'
option proto 'dhcp'
option peerdns '0'
option dns '8.8.8.8 8.8.4.4'
option metric '20'
option macaddr '4C:E6:76:C2:65:15'Made the 4th LAN port the wan port. I'm not sure if giving the wan2 interface a unique mac address was necessary but it seemed harmless enough. Both of my broadband connections (ADSL and Cable) are DHCP so the wan interfaces are basic enough. The interfaces need to be brought down and back up or you can reboot your router though I don't think it is necessary.
As for QoS, I'm still observing that. If my torrents maxes out both connections, web surfing suffers even if the port and service for bittorrent is set to low priority while port 80 is given normal. But I'm only using Luci for the qos, lowering the Download speed of my wan2(as it's more inconsistent) seems to sometimes help.
my mwan2 config for padams
config 'interface' 'wan'
option 'enabled' '1'
option 'metric' '1'
option 'weight' '1'
option 'track_ip' '8.8.8.8'
option 'count' '1'
option 'timeout' '2'
option 'interval' '5'
option 'down' '3'
option 'up' '8'
config 'interface' 'wan2'
option 'enabled' '1'
option 'metric' '1'
option 'weight' '1'
option 'track_ip' '8.8.8.8'
option 'count' '1'
option 'timeout' '2'
option 'interval' '5'
option 'down' '3'
option 'up' '8'
config 'rule'
option 'dest_ip' '192.168.0.0/16'
list 'use_interface' 'default'
config 'rule'
option 'dest_port' '22'
list 'use_interface' 'wan'
config 'rule'
option 'dest_ip' '0.0.0.0/0'
option 'equalize' '1'
list 'use_interface' 'wan'
list 'use_interface' 'wan2'
#list 'use_interface' 'wan3'Adze,
I don't know if this is helpful with regards to the qos, but here the output on my router
root@OpenWrt:~# iptables -L mwan2_pre -t mangle -v
Chain mwan2_pre (2 references)
pkts bytes target prot opt in out source destination
21M 12G CONNMARK all -- any any anywhere anywhere CONNMARK restore mask 0xff00
2655K 3042M MARK all -- eth0.2 any anywhere anywhere MARK xset 0x8200/0xff00
6641K 5458M MARK all -- eth1 any anywhere anywhere MARK xset 0x8100/0xff00
12M 3908M mwan2_default all -- any any anywhere anywhere mark match !0x8000/0x8000
360K 39M mwan2_rules all -- any any anywhere anywhere mark match 0x0/0xff00
root@OpenWrt:~# iptables -L mwan2_post -t mangle -v
Chain mwan2_post (1 references)
pkts bytes target prot opt in out source destination
1748K 573M MARK all -- any eth1 anywhere anywhere mark match !0x8000/0x8000 MARK xset 0x100/0xff00
2377K 311M MARK all -- any eth0.2 anywhere anywhere mark match !0x8000/0x8000 MARK xset 0x200/0xff00
2069K 2573M MARK all -- any any anywhere anywhere mark match 0x8000/0x8000 MARK and 0xffff7fff
12M 4673M CONNMARK all -- any any anywhere anywhere CONNMARK save mask 0xff00
root@OpenWrt:~# iptables -L mwan2_post -t mangle -v
Chain mwan2_post (1 references)
pkts bytes target prot opt in out source destination
1748K 573M MARK all -- any eth1 anywhere anywhere mark match !0x8000/0x8000 MARK xset 0x100/0xff00
2377K 311M MARK all -- any eth0.2 anywhere anywhere mark match !0x8000/0x8000 MARK xset 0x200/0xff00
2069K 2573M MARK all -- any any anywhere anywhere mark match 0x8000/0x8000 MARK and 0xffff7fff
12M 4673M CONNMARK all -- any any anywhere anywhere CONNMARK save mask 0xff00
root@OpenWrt:~# iptables -L mwan2_rules -t mangle -v
Chain mwan2_rules (1 references)
pkts bytes target prot opt in out source destination
109 5729 MARK all -- any any anywhere 192.168.0.0/16 mark match 0x0/0xff00 MARK xset 0x8000/0xff00
50553 7117K MARK all -- any any anywhere anywhere mark match 0x0/0xff00 statistic mode random probability 0.500000 MARK xset 0x200/0xff00
50148 7090K MARK all -- any any anywhere anywhere mark match 0x0/0xff00 statistic mode random probability 1.000000 MARK xset 0x100/0xff00
root@OpenWrt:~# iptables -L qos_Default -t mangle -v
Chain qos_Default (4 references)
pkts bytes target prot opt in out source destination
6205K 1442M CONNMARK all -- any any anywhere anywhere CONNMARK restore mask 0xff
850K 97M qos_Default_ct all -- any any anywhere anywhere mark match 0x0/0xff
61912 61M MARK all -- any any anywhere anywhere mark match 0x1/0xff length 400:65535 MARK and 0xffffff00
0 0 MARK all -- any any anywhere anywhere mark match 0x2/0xff length 800:65535 MARK and 0xffffff00
3391 1044K MARK udp -- any any anywhere anywhere mark match 0x0/0xff length 0:500 MARK xset 0x2/0xff
19906 3014K MARK icmp -- any any anywhere anywhere MARK xset 0x1/0xff
671K 71M MARK tcp -- any any anywhere anywhere mark match 0x0/0xff tcp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
59828 60M MARK udp -- any any anywhere anywhere mark match 0x0/0xff udp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
4703 269K MARK tcp -- any any anywhere anywhere length 0:128 mark match !0x4/0xff tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN MARK xset 0x1/0xff
67271 3261K MARK tcp -- any any anywhere anywhere length 0:128 mark match !0x4/0xff tcp flags:FIN,SYN,RST,PSH,ACK,URG/ACK MARK xset 0x1/0xff
root@OpenWrt:~# iptables -L qos_Default_ct -t mangle -v
Chain qos_Default_ct (1 references)
pkts bytes target prot opt in out source destination
1284 131K MARK all -- any any anywhere anywhere mark match 0x0/0xff LAYER7 l7proto skypetoskype MARK xset 0x1/0xff
8 320 MARK tcp -- any any anywhere anywhere mark match 0x0/0xff tcp multiport ports ssh,domain MARK xset 0x1/0xff
2030 137K MARK udp -- any any anywhere anywhere mark match 0x0/0xff udp multiport ports ssh,domain MARK xset 0x1/0xff
4831 269K MARK tcp -- any any anywhere anywhere mark match 0x0/0xff tcp multiport ports ftp-data,ftp,smtp,www,pop3,https,imaps,pop3s MARK xset 0x3/0xff
52736 2702K MARK tcp -- any any anywhere anywhere mark match 0x0/0xff tcp multiport ports 51413 MARK xset 0x4/0xff
101K 21M MARK udp -- any any anywhere anywhere mark match 0x0/0xff udp multiport ports 51413 MARK xset 0x4/0xff
186 23923 MARK all -- any any anywhere anywhere mark match 0x0/0xff LAYER7 l7proto bittorrent MARK xset 0x4/0xff
850K 97M CONNMARK all -- any any anywhere anywhere CONNMARK save mask 0xffAnother thing, would be possible to direct traffic to a wan according to l7 service? For example, I would like to direct the skypetoskype l7 service to wan
Thanks
THANK YOU!
Copied your config - removed the MAC address line - adjusted for my static IP addresses - it works fine.
The only difference I can see is these two lines in network...
option _orig_ifname 'eth1'
option _orig_bridge 'false'
I might try putting them back one by one to see which one is causing the issue - but it is working fine now.
Boots with both interfaces, shuts down wan (eth1) as it should, wan2 (eth0.2) continues without issues. Client surf the internet just fine.
:-)
Regards
Paul Adams
padams wrote:
Boots with both interfaces, shuts down wan (eth1) as it should, wan2 (eth0.2) continues without issues. Client surf the internet just fine.
Nice
alan614 wrote:
Another thing, would be possible to direct traffic to a wan according to l7 service? For example, I would like to direct the skypetoskype l7 service to wan.
That should not be very hard to realize. I'll try to update mwan2 with this feature..
Hello - me again...
Adze - I see from other posts you started mwan2 because you could not get OpenVPN to working correctly with dual wan. Maybe you could give me some advice on OpenVPN / mwan2 / routing.
I'm using TUN connections, site-to-site. I can set mwan2 to respect that certain ports goto certain wan links - so that takes care of establishing the actual tunnels (this works OK - tunnels established).
I'm using route add -net commands in the openvpn setup on the server to add routes to the client networks. When both tunnels to one remote network are up, routing stops. I assume this is because both metrics are 0.
How do I correctly setup OpenVPN so that it uses one tunnel per destination OR weights routing correctly? Ideally - I'd like to preference on tunnel over another. For example - use the wan baed TUN links normally, but in the event of a wann failure, use the wan2 based TUN links.
I'd like to hear how you run your OpenVPN link with mwan2.
I hope the explination makes sense.
regards
Paul Adams
Hi Paul,
I'm not sure if i understand you correctly, but i assume you want to create a site-to-site vpn with two load-balanced tunnels. I didn't try this myself, but i did manage to get a redundant site-to-site vpn using one tunnel at a time.
To correctly connect to remote sites you need two things: Create a route for that subnet to the tunnel interface (DON'T use a default route) and add a network rule in mwan2 config for that site-subnet to use the default routing table (list 'use_interface' 'default'). Be sure to trigger mwan2 after making changes in the mwan2 config.
Redundancy is created by the fact that if one wan interface is down, openvpn will try to re-establish the tunnel from the other wan. So for active-backup scenario, you don't have to create two openvpn tunnels.
If you want to give load-balancing on two vpn tunnels a try, i'd be happy to help. Please PM me as it is an experiment for me also...
Thanks.
(Last edited by Adze on 20 Jun 2012, 20:24)
Sorry, posts 201 to 200 are missing from our archive.
Page 8 of 14