OpenWrt Forum Archive

Topic: mwan3; multi-wan policy routing (general topic)

The content of this topic has been archived between 22 May 2013 and 6 May 2018. Unfortunately there are posts – most likely complete pages – missing.

Post #226
mvilera
26 Apr 2013, 21:12

That's exactly what I'm trying to do, I'm aware that I should accomplish this requirement before installing this. And creating these vlans properly without bricking my unit in the process is exactly my problem due to the lack of experience. That's the help I'm requesting, sorry if I didn't make myself clear in earlier posts. Btw thanks for your quick replies.

Post #227
khanh3t
27 Apr 2013, 12:01

Hi all, this is my config router. I want increase speed when input is 3 x 3Mbps, 1 x 8Mbps, all it is 3G. I use WR703N with OpenWrt Barrier Breaker r36419 / LuCI Trunk (svn-r9807).

But when download, i see on interface, load not balance. 3G#3G1#3G2#3G3



Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.64.64.67     0.0.0.0         UG    10     0        0 3g-3G
0.0.0.0         10.64.64.64     0.0.0.0         UG    20     0        0 3g-3G_1
0.0.0.0         10.64.64.66     0.0.0.0         UG    30     0        0 3g-3G_2
0.0.0.0         10.64.64.65     0.0.0.0         UG    40     0        0 3g-3G_3
10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 3g-3G_1
10.64.64.65     0.0.0.0         255.255.255.255 UH    0      0        0 3g-3G_3
10.64.64.66     0.0.0.0         255.255.255.255 UH    0      0        0 3g-3G_2
10.64.64.67     0.0.0.0         255.255.255.255 UH    0      0        0 3g-3G
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan

Kernel IP routing table
Output of "ip route show"
default via 10.64.64.67 dev 3g-3G proto static metric 10
default via 10.64.64.64 dev 3g-3G_1 proto static metric 20
default via 10.64.64.66 dev 3g-3G_2 proto static metric 30
default via 10.64.64.65 dev 3g-3G_3 proto static metric 40
10.64.64.64 dev 3g-3G_1 proto kernel scope link src 10.65.57.29
10.64.64.65 dev 3g-3G_3 proto kernel scope link src 27.70.103.96
10.64.64.66 dev 3g-3G_2 proto kernel scope link src 10.68.195.236
10.64.64.67 dev 3g-3G proto kernel scope link src 10.82.211.175
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1

Kernel IP routing table
Output of "ip rule show"
0:    from all lookup local
1001:    from all fwmark 0x100/0xff00 lookup 1001
1002:    from all fwmark 0x200/0xff00 lookup 1002
1003:    from all fwmark 0x300/0xff00 lookup 1003
1004:    from all fwmark 0x400/0xff00 lookup 1004
1016:    from all fwmark 0x1000/0xff00 lookup 1016
1017:    from all fwmark 0x1100/0xff00 lookup 1017
1018:    from all fwmark 0x1200/0xff00 lookup 1018
1019:    from all fwmark 0x1300/0xff00 lookup 1019
1020:    from all fwmark 0x1400/0xff00 lookup 1020
1021:    from all fwmark 0x1500/0xff00 lookup 1021
32766:    from all lookup main
32767:    from all lookup default

Kernel IP routing table
Output of "ip route list table 1001-1015"
1001
default via 10.64.64.67 dev 3g-3G
1002
default via 10.64.64.64 dev 3g-3G_1
1003
default via 10.64.64.66 dev 3g-3G_2
1004
default via 10.64.64.65 dev 3g-3G_3

Kernel IP routing table
Chain PREROUTING (policy ACCEPT 23280 packets, 10M bytes)
pkts bytes target     prot opt in     out     source               destination         
24586   11M mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 3852 packets, 348K bytes)
pkts bytes target     prot opt in     out     source               destination         
4146  373K mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 19373 packets, 10M bytes)
pkts bytes target     prot opt in     out     source               destination         
19373   10M mssfix     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 4193 packets, 1042K bytes)
pkts bytes target     prot opt in     out     source               destination         
4495 1125K mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 23566 packets, 11M bytes)
pkts bytes target     prot opt in     out     source               destination         
24746   12M mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain mssfix (1 references)
pkts bytes target     prot opt in     out     source               destination         
   62  2976 TCPMSS     tcp  --  *      3g-3G   0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 /* wan (mtu_fix) */ TCPMSS clamp to PMTU
  155  7440 TCPMSS     tcp  --  *      3g-3G_1  0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 /* wan2 (mtu_fix) */ TCPMSS clamp to PMTU
  193  9264 TCPMSS     tcp  --  *      3g-3G_2  0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 /* wan3 (mtu_fix) */ TCPMSS clamp to PMTU
  324 15552 TCPMSS     tcp  --  *      3g-3G_3  0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 /* wan4 (mtu_fix) */ TCPMSS clamp to PMTU

Chain mwan3_default (1 references)
pkts bytes target     prot opt in     out     source               destination         
   47  2954 MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3          mark match ! 0x8000/0x8000 MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.64.64.64          mark match ! 0x8000/0x8000 MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.64.64.65          mark match ! 0x8000/0x8000 MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.64.64.66          mark match ! 0x8000/0x8000 MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.64.64.67          mark match ! 0x8000/0x8000 MARK or 0x8000
2989  969K MARK       all  --  *      *       0.0.0.0/0            192.168.1.0/24       mark match ! 0x8000/0x8000 MARK or 0x8000

Chain mwan3_post (2 references)
pkts bytes target     prot opt in     out     source               destination         
4177  655K MARK       all  --  *      3g-3G_3  0.0.0.0/0            0.0.0.0/0            mark match ! 0x8000/0x8000 MARK xset 0x400/0xff00
3754  485K MARK       all  --  *      3g-3G_2  0.0.0.0/0            0.0.0.0/0            mark match ! 0x8000/0x8000 MARK xset 0x300/0xff00
1847  200K MARK       all  --  *      3g-3G_1  0.0.0.0/0            0.0.0.0/0            mark match ! 0x8000/0x8000 MARK xset 0x200/0xff00
1746  164K MARK       all  --  *      3g-3G   0.0.0.0/0            0.0.0.0/0            mark match ! 0x8000/0x8000 MARK xset 0x100/0xff00
16789   10M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x8000/0x8000 MARK and 0xffff7fff
28892   12M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK save mask 0xff00

Chain mwan3_pre (2 references)
pkts bytes target     prot opt in     out     source               destination         
29081   12M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore mask 0xff00
4265 2856K MARK       all  --  3g-3G_3 *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x8400/0xff00
4687 3883K MARK       all  --  3g-3G_2 *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x8300/0xff00
1849  901K MARK       all  --  3g-3G_1 *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x8200/0xff00
2109 1321K MARK       all  --  3g-3G  *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x8100/0xff00
15628 2689K mwan3_default  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match ! 0x8000/0x8000
3067  294K mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00

Chain mwan3_rules (1 references)
pkts bytes target     prot opt in     out     source               destination         
  277 26626 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00 statistic mode random probability 0.10000000009 MARK xset 0x100/0xff00
  860 82048 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00 statistic mode random probability 0.33300000010 MARK xset 0x300/0xff00
  584 57921 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00 statistic mode random probability 0.33300000010 MARK xset 0x200/0xff00
1125  107K MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00 statistic mode random probability 0.99999999953 MARK xset 0x400/0xff00

3g-3G     Link encap:Point-to-Point Protocol 
          inet addr:10.82.211.175  P-t-P:10.64.64.67  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1440  Metric:1
          RX packets:2494 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2081 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:1611410 (1.5 MiB)  TX bytes:200782 (196.0 KiB)

3g-3G_1   Link encap:Point-to-Point Protocol 
          inet addr:10.65.57.29  P-t-P:10.64.64.64  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1440  Metric:1
          RX packets:1857 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1858 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:900925 (879.8 KiB)  TX bytes:200347 (195.6 KiB)

3g-3G_2   Link encap:Point-to-Point Protocol 
          inet addr:10.68.195.236  P-t-P:10.64.64.66  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1440  Metric:1
          RX packets:4754 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3809 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:3914154 (3.7 MiB)  TX bytes:506248 (494.3 KiB)

3g-3G_3   Link encap:Point-to-Point Protocol 
          inet addr:27.70.103.96  P-t-P:10.64.64.65  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1440  Metric:1
          RX packets:4373 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4286 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:2897530 (2.7 MiB)  TX bytes:690071 (673.8 KiB)

br-lan    Link encap:Ethernet  HWaddr 14:CF:92:86:C8:F4 
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::16cf:92ff:fe86:c8f4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11380 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12792 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1615156 (1.5 MiB)  TX bytes:10184843 (9.7 MiB)

eth0      Link encap:Ethernet  HWaddr 14:CF:92:86:C8:F4 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11392 errors:0 dropped:5 overruns:0 frame:0
          TX packets:12793 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1775417 (1.6 MiB)  TX bytes:10184885 (9.7 MiB)
          Interrupt:4

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:30 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2975 (2.9 KiB)  TX bytes:2975 (2.9 KiB)

wlan0     Link encap:Ethernet  HWaddr 14:CF:92:86:C8:F4 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:364 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:41494 (40.5 KiB)

config rule
    option proto 'all'
    option equalize '1'
    option use_policy 'wan1_wan2_wan3_wan4_loadbalanced'

config member 'wan1_m1_w3'
    option interface '3G'
    option metric '1'
    option weight '1'

config member 'wan2_m1_w2'
    option interface '3G_1'
    option metric '1'
    option weight '2'

config policy 'wan1_only'
    list use_member 'wan1_m1_w3'

config policy 'wan2_only'
    list use_member 'wan2_m1_w2'

config policy 'wan1_wan2_loadbalanced'
    list use_member 'wan1_m1_w3'
    list use_member 'wan2_m1_w2'

config policy 'wan1_pri_wan2_sec'
    list use_member 'wan1_m1_w3'
    list use_member 'wan2_m2_w2'

config policy 'wan2_pri_wan1_sec'
    list use_member 'wan1_m2_w3'
    list use_member 'wan2_m1_w2'

config interface '3G'
    option enabled '1'
    list track_ip '8.8.8.8'
    option reliability '1'
    option count '3'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config interface '3G_1'
    option enabled '1'
    list track_ip '8.8.8.8'
    option reliability '1'
    option count '3'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config interface '3G_2'
    option enabled '1'
    list track_ip '8.8.8.8'
    option reliability '1'
    option count '3'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config interface '3G_3'
    option enabled '1'
    list track_ip '8.8.8.8'
    option reliability '1'
    option count '3'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config member 'wan3_m1_w3'
    option interface '3G_2'
    option metric '1'
    option weight '3'

config member 'wan4_m1_w3'
    option interface '3G_3'
    option metric '1'
    option weight '4'

config policy 'wan1_wan2_wan3_wan4_loadbalanced'
    list use_member 'wan1_m1_w3'
    list use_member 'wan2_m1_w2'
    list use_member 'wan3_m1_w3'
    list use_member 'wan4_m1_w3'

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option ifname 'eth0'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'

config globals 'globals'
    option ula_prefix 'fdc8:d83b:c3a::/48'

config interface '3G'
    option proto '3g'
    option service 'umts'
    option device '/dev/ttyUSB0'
    option apn 'internet'
    option username 'mms'
    option password 'mms'
    option metric '10'

config interface '3G_1'
    option proto '3g'
    option device '/dev/ttyUSB3'
    option service 'umts'
    option apn 'internet'
    option username 'mms'
    option password 'mms'
    option metric '20'

config interface '3G_2'
    option proto '3g'
    option device '/dev/ttyUSB6'
    option service 'umts'
    option apn 'internet'
    option username 'mms'
    option password 'mms'
    option metric '30'

config interface '3G_3'
    option proto '3g'
    option device '/dev/ttyUSB9'
    option service 'umts'
    option apn 'internet'
    option username 'mms'
    option password 'mms'
    option metric '40'

http://usb3gvn.com/wp-content/uploads/vpn.png


http://usb3gvn.com/wp-content/uploads/vpn11.png


http://usb3gvn.com/wp-content/uploads/vpn3.png

(Last edited by khanh3t on 27 Apr 2013, 12:06)

Post #228
Adze
27 Apr 2013, 17:59
khanh3t wrote:

I want increase speed when input is 3 x 3Mbps, 1 x 8Mbps, all it is 3G. I use WR703N with OpenWrt Barrier Breaker r36419 / LuCI Trunk (svn-r9807). But when download, i see on interface, load not balance. 3G#3G1#3G2#3G3


Your config is looking good. One download will never exceed the speed of one interface, as one session is always routed over the same interface.

You will need at least 4 (but probably more) downloads, to see an increase in total download speed.

Post #229
arfett
27 Apr 2013, 23:31
Adze wrote:
khanh3t wrote:

I want increase speed when input is 3 x 3Mbps, 1 x 8Mbps, all it is 3G. I use WR703N with OpenWrt Barrier Breaker r36419 / LuCI Trunk (svn-r9807). But when download, i see on interface, load not balance. 3G#3G1#3G2#3G3


Your config is looking good. One download will never exceed the speed of one interface, as one session is always routed over the same interface.

You will need at least 4 (but probably more) downloads, to see an increase in total download speed.

In those pictures he was using uTorrent and also a download manager which was splitting up his download into multiple pieces.

Post #230
khanh3t
28 Apr 2013, 06:47

hi all. i try multi session and multi computer download ( in some test, active connect maybe is 1000-2000 or more ). but nothing change. sometime, it increase but not at all. Load balancing is fail when many pc connect and download.

i has test ram and cpu, it isn't overload. I thing something wrong in my setting, maybe metric or weight, but i has change but nothing change. Then i thing maybe subnetmark my connect, but it cann't be change, it provide from isp.

could someone help me? sorry my bad english.

@ adze: if you need, i can upload my config file

(Last edited by khanh3t on 28 Apr 2013, 06:52)

Post #231
der.ruben
28 Apr 2013, 12:07

Hi all!

First of all, thanks Adze for this great package!

I am trying to do pretty much the same thing that swoofz tried to do here: https://forum.openwrt.org/viewtopic.php?pid=191481#p191481 and I also get about the same result. Difference is, I am using pptp for connecting to the VPN.

Before installing mwan I was connecting to specific networks through VPN by using static routes. Now I would like to route specific devices through VPN.

All traffic from the machine I'm trying to route through VPN gets stuck while all other machines have no trouble connecting through WAN.

My VPN Interface has metric 5, WAN has 10.

Please, if anyone could kindly advise what to do - I'm stuck here.

Thanks!

route -n:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         95.168.135.254  0.0.0.0         UG    10     0        0 eth1
10.100.0.1      0.0.0.0         255.255.255.255 UH    0      0        0 pptp-VPN
46.4.253.175    95.168.135.254  255.255.255.255 UGH   10     0        0 eth1
95.168.135.0    0.0.0.0         255.255.255.0   U     10     0        0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan

ping works:

# ping -c 1 -I eth1 www.google.com
PING www.google.com (173.194.69.104): 56 data bytes
64 bytes from 173.194.69.104: seq=0 ttl=50 time=15.394 ms

# ping -c 1 -I pptp-VPN www.google.com
PING www.google.com (173.194.69.103): 56 data bytes
64 bytes from 173.194.69.103: seq=0 ttl=48 time=53.150 ms

/etc/config/network

# cat /etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option ifname 'eth0.1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option mtu '1492'

config interface 'wan'
    option ifname 'eth1'
    option proto 'dhcp'
    option mtu '1492'
    option metric '10'

config globals 'globals'
    option ula_prefix 'fdd3:b755:f480::/48'

config switch
    option name 'rtl8366s'
    option reset '1'
    option enable_vlan '1'
    option blinkrate '2'
    option enable_vlan4k '1'

config switch_vlan
    option device 'rtl8366s'
    option vlan '1'
    option ports '0 1 2 3 5t'

config switch_vlan
        option device 'rtl8366s'
        option vlan '2'
        option ports '4 5t'

config interface 'VPN'
    option proto 'pptp'
    option server 'VPN SERVER'
    option username 'VPN USERNAME'
    option password 'VPN PASSWORD'
    option mtu '1492'
    option defaultroute '0'
    option metric '5'

config interface 'wan1'
    option ifname 'eth0.1'
    option _orig_ifname 'eth0.1'
    option _orig_bridge 'false'
    option proto 'dhcp'
    option metric '15'
    option mtu '1492'

/etc/config/mwan3

# cat /etc/config/mwan3

config interface 'wan'
    option enabled '1'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option reliability '1'
    option up '8'

config interface 'VPN'
    option enabled '1'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'
    option reliability '2'

config member 'wan_m1_w3'
    option interface 'wan'
    option weight '3'
    option metric '2'

config member 'VPN_m1_w2'
    option interface 'VPN'
    option metric '1'
    option weight '2'

config policy 'wan_only'
    list use_member 'wan_m1_w3'

config policy 'VPN_only'
    list use_member 'VPN_m1_w2'

config rule
    option use_policy 'VPN_only'
    option proto 'all'
    option src_ip '192.168.1.183'

config rule
    option dest_ip '0.0.0.0/0'
    option proto 'all'
    option use_policy 'wan_only'

/etc/config/firewall

# cat /etc/config/firewall

config defaults
    option syn_flood '1'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option network 'lan'

config zone
    option name 'wan'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
    option input 'ACCEPT'
    option network 'wan'

config rule
    option name 'Allow-DHCP-Renew'
    option src 'wan'
    option proto 'udp'
    option dest_port '68'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-DHCPv6'
    option src 'wan'
    option proto 'udp'
    option src_ip 'fe80::/10'
    option src_port '547'
    option dest_ip 'fe80::/10'
    option dest_port '546'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Input'
    option src 'wan'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'router-solicitation'
    list icmp_type 'neighbour-solicitation'
    list icmp_type 'router-advertisement'
    list icmp_type 'neighbour-advertisement'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Forward'
    option src 'wan'
    option dest '*'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config include
    option path '/etc/firewall.user'

config include
    option type 'script'
    option path '/usr/share/firewall/ipv6-ula-border.sh'
    option family 'IPv6'
    option reload '1'

config forwarding
    option dest 'lan'
    option src 'wan'

config forwarding
    option dest 'wan'
    option src 'lan'

config zone
    option output 'ACCEPT'
    option name 'VPN'
    option masq '1'
    option network 'VPN'
    option input 'REJECT'
    option forward 'REJECT'

config rule
    option target 'ACCEPT'
    option src 'lan'
    option dest 'VPN'
    option name 'VPN'

# ip rule show
0:    from all lookup local
1001:    from 95.168.135.237 fwmark 0x0/0x8000 lookup 1001
1008:    from all fwmark 0x100/0xff00 lookup 1001
1016:    from all fwmark 0x1000/0xff00 lookup 1016
1017:    from all fwmark 0x1100/0xff00 lookup 1017
32766:    from all lookup main
32767:    from all lookup default

Thanks again!

Post #232
Adze
29 Apr 2013, 08:17
der.ruben wrote:

My VPN Interface has metric 5, WAN has 10.
route -n:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         95.168.135.254  0.0.0.0         UG    10     0        0 eth1
10.100.0.1      0.0.0.0         255.255.255.255 UH    0      0        0 pptp-VPN
46.4.253.175    95.168.135.254  255.255.255.255 UGH   10     0        0 eth1
95.168.135.0    0.0.0.0         255.255.255.0   U     10     0        0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan

I don't see any default route for your VPN.

Post #233
der.ruben
29 Apr 2013, 19:24
Adze wrote:

I don't see any default route for your VPN.

Well well well...you are absolutely right - I checked "Use default gateway" in my VPN interfaces settings and it's working now. Thank you again Adze!

Post #234
arfett
29 Apr 2013, 22:23

Well my work is just about done on the LuCI page. The last thing I'm working on now is converting the troubleshooting tab to refresh automatically and not have the save & apply button like the overview tab.

If anyone has any requests I'll consider them but I'm trying to keep it to mwan3 functionality (no integration with e-mail apps, etc etc)

(Last edited by arfett on 1 May 2013, 03:36)

Post #235
biatche
29 Apr 2013, 22:33

In the case of a pppoe connection going down, hotplug is triggered, yes?

In the case of a pppoe-MODEM losing its dsl connectivity but connected to openwrt with static ip/gateway, is hotplug triggered still?

Will mwan3 trigger hotplug based on ping of track ips?

(Last edited by biatche on 29 Apr 2013, 22:34)

Post #236
arfett
30 Apr 2013, 02:06
biatche wrote:

In the case of a pppoe connection going down, hotplug is triggered, yes?

In the case of a pppoe-MODEM losing its dsl connectivity but connected to openwrt with static ip/gateway, is hotplug triggered still?

Will mwan3 trigger hotplug based on ping of track ips?

Yes. Hotplug events are only triggered from mwan3 by the tracking of test IPs.

I believe mwan3 assumes the link is always up if it is not being tested.

Post #237
toogle
1 May 2013, 05:55

Hi all,
First thanks the author for giving such a simply way to configure multiwan policy routing.

I was stuck when I am trying to find a method to setup a pptp tunnel through one specific wan (pppoe-wan1) port of my two wan interfaces (pppoe-wan1 and pppoe-wan2). Someone said maybe mwan3 could help. But I couldn't make it.

my original post for help with illustrations of requirement can be found
https://forum.openwrt.org/viewtopic.php?id=43828

Now my situation is:
After I configured a pptp-vpn interface by add a pptp interface. I checked the route. the pptp-vpn sometimes connected through pppoe-wan1 sometimes connected through pppoe-wan2. I guess this depends on which pppoe got connected first.

As mwan3 seems to work based on the definition of interfaces, I don't know how to configure mwan3 to let my pptp connect
as I expected.

Hope someone can help me

Thx

Post #238
arfett
2 May 2013, 05:09
toogle wrote:

Hi all,
First thanks the author for giving such a simply way to configure multiwan policy routing.

I was stuck when I am trying to find a method to setup a pptp tunnel through one specific wan (pppoe-wan1) port of my two wan interfaces (pppoe-wan1 and pppoe-wan2). Someone said maybe mwan3 could help. But I couldn't make it.

my original post for help with illustrations of requirement can be found
https://forum.openwrt.org/viewtopic.php?id=43828

Now my situation is:
After I configured a pptp-vpn interface by add a pptp interface. I checked the route. the pptp-vpn sometimes connected through pppoe-wan1 sometimes connected through pppoe-wan2. I guess this depends on which pppoe got connected first.

As mwan3 seems to work based on the definition of interfaces, I don't know how to configure mwan3 to let my pptp connect
as I expected.

Hope someone can help me

Thx

Could you post the output of "uci show -p /var/state network" when you have your connections up and running with the VPN on the right interface?

(Last edited by arfett on 2 May 2013, 05:10)

Post #239
toogle
2 May 2013, 13:31
arfett wrote:

Could you post the output of "uci show -p /var/state network" when you have your connections up and running with the VPN on the right interface?

here is the output

network.loopback=interface
network.loopback.ifname=lo
network.loopback.proto=static
network.loopback.ipaddr=127.0.0.1
network.loopback.netmask=255.0.0.0
network.loopback.up=1
network.loopback.connect_time=16
network.loopback.device=lo
network.lan=interface
network.lan.type=bridge
network.lan.proto=static
network.lan.netmask=255.255.255.0
network.lan.ipaddr=192.168.1.1
network.lan.up=1
network.lan.connect_time=14
network.lan.device=eth0.1
network.lan.ifname=br-lan
network.@switch[0]=switch
network.@switch[0].name=rtl8366s
network.@switch[0].reset=1
network.@switch[0].enable_vlan=1
network.@switch[0].blinkrate=2
network.@switch[0].enable_vlan4k=1
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device=rtl8366s
network.@switch_vlan[0].vlan=1
network.@switch_vlan[0].ports=0 1 5t
network.@switch_port[0]=switch_port
network.@switch_port[0].device=rtl8366s
network.@switch_port[0].port=1
network.@switch_port[0].led=6
network.@switch_port[1]=switch_port
network.@switch_port[1].device=rtl8366s
network.@switch_port[1].port=2
network.@switch_port[1].led=9
network.@switch_port[2]=switch_port
network.@switch_port[2].device=rtl8366s
network.@switch_port[2].port=5
network.@switch_port[2].led=2
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device=rtl8366s
network.@switch_vlan[1].vlan=2
network.@switch_vlan[1].ports=3 5t
network.@switch_vlan[2]=switch_vlan
network.@switch_vlan[2].device=rtl8366s
network.@switch_vlan[2].vlan=3
network.@switch_vlan[2].ports=2
network.wan1=interface
network.wan1.proto=pppoe
network.wan1.username=name
network.wan1.password=pass
network.wan1.metric=10
network.wan1.up=1
network.wan1.connect_time=29
network.wan1.device=eth1
network.wan1.ifname=pppoe-wan1
network.wan2=interface
network.wan2.proto=pppoe
network.wan2.username=name
network.wan2.password=pass
network.wan2.metric=20
network.wan2.up=1
network.wan2.connect_time=26
network.wan2.device=eth0.2
network.wan2.ifname=pppoe-wan2
network.vpn=interface
network.vpn.proto=pptp
network.vpn.server=68.68.32.79
network.vpn.username=name
network.vpn.password=pass
network.vpn.mtu=1450
network.vpn.metric=30
network.vpn.up=1
network.vpn.connect_time=403
network.vpn.ifname=pptp-vpn

Some more thing I'd say is that the network outputs do not change when the pptp connect via different wan. Actually I am not sure which pppoe-wan* does the pptp-vpn use if I don't use routetrace. And when the two pppoe-wan interfaces are activated, pptp link is quite unstable. If I delete one pppoe-wan interface, the pptp link works much better.

So I guess the unstable problem may be due to the vpn control packets sometimes goes to wan1 and sometimes wan2. just guess. because it seems not clear about the default gateway.

And this is the output from "route -n"

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         68.68.36.129    0.0.0.0         UG    0      0        0 pptp-vpn
0.0.0.0         111.173.20.1    0.0.0.0         UG    10     0        0 pppoe-wan1
0.0.0.0         219.139.228.1   0.0.0.0         UG    20     0        0 pppoe-wan2
68.68.32.79     111.173.20.1    255.255.255.255 UGH   10     0        0 pppoe-wan1
68.68.32.79     219.139.228.1   255.255.255.255 UGH   20     0        0 pppoe-wan2
68.68.36.129    0.0.0.0         255.255.255.255 UH    0      0        0 pptp-vpn
111.173.20.1    0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
219.139.228.1   0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan2

(Last edited by toogle on 2 May 2013, 13:41)

Post #240
arfett
2 May 2013, 13:38

Are you able to put a metric on the vpn interface? What did your mwan3 config look like?

Post #241
toogle
2 May 2013, 13:49
arfett wrote:

Are you able to put a metric on the vpn interface? What did your mwan3 config look like?

the three interfaces use different metric
10 20 30

mwan3 configure rules only for simple test first,  wan1 only wan2 only vpn only.

since my network may stop work if I configured vpn and multiple wan.

currently I delete wan2 and vpn interfaces.

I can try to reconfigure as you recommended.

Thanks

Post #242
arfett
2 May 2013, 14:47
toogle wrote:
arfett wrote:

Are you able to put a metric on the vpn interface? What did your mwan3 config look like?

the three interfaces use different metric
10 20 30

mwan3 configure rules only for simple test first,  wan1 only wan2 only vpn only.

since my network may stop work if I configured vpn and multiple wan.

currently I delete wan2 and vpn interfaces.

I can try to reconfigure as you recommended.

Thanks

The metric on the vpn route shows 0
0.0.0.0         68.##.##.###    0.0.0.0         UG    0      0        0 pptp-vpn

Assuming your vpn is connecting on the correct physical interface I don't see why the mwan3 rules wouldn't work correctly. You just have to ensure the names you give the mwan3 interfaces directly matches the interface names from the network config. I believe the case of the letters matters so make sure they match in /etc/config/network and /etc/config/mwan3.

(Last edited by arfett on 2 May 2013, 14:48)

Post #243
toogle
2 May 2013, 16:18
arfett wrote:

The metric on the vpn route shows 0
0.0.0.0         68.##.##.###    0.0.0.0         UG    0      0        0 pptp-vpn

Assuming your vpn is connecting on the correct physical interface I don't see why the mwan3 rules wouldn't work correctly. You just have to ensure the names you give the mwan3 interfaces directly matches the interface names from the network config. I believe the case of the letters matters so make sure they match in /etc/config/network and /etc/config/mwan3.

I am afraid the assumption does not hold.  My vpn seems not working correctly with two pppoe-wan interfaces. I first suppose I can use mwan3 to let the pptp-vpn interface to be set up through one of the two pppoe-wan interfaces and then use mwan3 again, to do policy routing between vpn and the other pppoe-wan.

However I found mwan3 first need interfaces already well configured, and then define the rules. when I add the new pptp interface, I just can't control the tunnel's routing path.

Post #244
arfett
2 May 2013, 21:16

It is possible to route the router's own traffic using policies. Previously you needed to create an alias for your loopback interface and it's discussed somewhere between pages 1-3. I think this method has been replaced by the new experimental note mentioned in the first post. Could you not do this and then create a rule for esp/vpn traffic destined to the remote VPN endpoint out one of your WAN ports to do what you want? If you track the VPN tunnel then mwan3 should add the appropriate rules/routes once it is available.

Any traffic that matches a rule will be blackholed if the configured policy can't be used so it shouldn't use the unwanted WAN if the other one is not available yet.

(Last edited by arfett on 2 May 2013, 21:28)

Post #246
Thomymaster
4 May 2013, 21:26

Hi


I tried to install the mwan3 package from 22.04.2013 (mwan3_1.1-10_ar71xx.ipk) but the installation failed with:

root@gateway:/tmp# opkg install mwan3_1.1-10_ar71xx.ipk
Installing mwan3 (1.1-10) to root...
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for mwan3:
 *      ip *
 * opkg_install_cmd: Cannot install package mwan3.

Is there an error in the package, or can somebody give me the latest binary for this target (ar71xx -> TP-Link WDR4300)?

Cheers

Thomy

(Last edited by Thomymaster on 4 May 2013, 21:27)

Post #248
Thomymaster
5 May 2013, 00:22

Same problem with these binaries (same error message) sad

Post #249
arfett
5 May 2013, 00:43
Thomymaster wrote:

Same problem with these binaries (same error message) sad

I just installed them on my 3700v2. Don't see why it wouldn't work on any other AR7161 router.

Just download the files from github and SCP them to the router.

scp -r ./files/* root@192.168.1.1:/

Run that from mwan3 and mwan3-luci directory. Replace the IP with your router's LAN IP.

(Last edited by arfett on 5 May 2013, 03:07)

Post #250
Thomymaster
5 May 2013, 10:59

OK i havent tried this yet, what i am concerned about is if there is an error in the package (look at the error message above).


What i forget to say is that the error appeared after upgrading from 12.01rc1 to 12.09 release

(Last edited by Thomymaster on 5 May 2013, 13:48)