Topic: mwan3; multi-wan policy routing (general topic)

The content of this topic has been archived between 22 May 2013 and 6 May 2018. Unfortunately there are posts – most likely complete pages – missing.

Page 4 of 65

Post #76

doctor64

21 Jan 2013, 23:18

Hi, Adze.

I'm upgrading my home network and trying to create dual wan setup. Unfortunately, only first wan is working. Please, can you help me?
My config:

network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option ifname 'eth0.1'
    option type 'bridge'
    option proto 'static'
    option netmask '255.255.255.0'
    option ipaddr '192.168.64.192'
#    option dns '192.168.64.66'

config interface 'wan'
    option ifname 'eth0.2'
    option _orig_ifname 'eth0.2'
    option _orig_bridge 'false'
    option proto 'static'
    option ipaddr '89.252.1.74'
    option netmask '255.255.255.0'
    option gateway '89.252.1.1'
    option macaddr '00:90:27:57:1f:84'
    option metric '10'

config switch
    option name 'rtl8366rb'
    option reset '1'
    option enable_vlan '1'
    option enable_vlan4k '1'

config switch_vlan
    option device 'rtl8366rb'
    option vlan '1'
    option ports '2 3 4 5t'

config switch_vlan
    option device 'rtl8366rb'
    option vlan '2'
    option ports '0 5t'

config switch_vlan
    option device 'rtl8366rb'
    option vlan '3'
    option ports '1 5t'

config interface 'wan2'
    option proto 'dhcp'
    option ifname 'eth0.3'
    option metric '20'

mwan3 


config interface 'wan'
    option enabled '1'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '89.252.1.1'
    option reliability '2'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config interface 'wan2'
    option enabled '1'
    option interval '5'
    option down '3'
    option up '8'
    option timeout '2'
    option count '1'
    list track_ip '93.73.88.1'
    option reliability '1'

config member 'wan_m1_w3'
    option interface 'wan'
    option metric '1'
    option weight '3'

config member 'wan_m2_w3'
    option interface 'wan'
    option metric '2'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'wan2'
    option metric '1'
    option weight '2'

config member 'wan2_m2_w2'
    option interface 'wan2'
    option metric '2'
    option weight '2'

config policy 'wan_only'
    list use_member 'wan_m1_w3'

config policy 'wan2_only'
    list use_member 'wan2_m1_w2'

config policy 'wan_wan2_loadbalanced'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m1_w2'

config policy 'wan_pri_wan2_sec'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m2_w2'

config policy 'wan2_pri_wan_sec'
    list use_member 'wan_m2_w3'
    list use_member 'wan2_m1_w2'

config rule
    option dest_ip '0.0.0.0/0'
    option use_policy 'wan_pri_wan2_sec'

firewall


config defaults
    option syn_flood '1'
    option input 'DROP'
#'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'lan'
    option network 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
    option network 'wan wan2'

config forwarding
    option src 'lan'
    option dest 'wan'

config rule
    option name 'Allow-DHCP-Renew'
    option src 'wan'
    option proto 'udp'
    option dest_port '68'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-DHCPv6'
    option src 'wan'
    option proto 'udp'
    option src_ip 'fe80::/10'
    option src_port '547'
    option dest_ip 'fe80::/10'
    option dest_port '546'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Input'
    option src 'wan'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'router-solicitation'
    list icmp_type 'neighbour-solicitation'
    list icmp_type 'router-advertisement'
    list icmp_type 'neighbour-advertisement'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Forward'
    option src 'wan'
    option dest '*'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config include
    option path '/etc/firewall.user'

Basically, i want what most time my main connection (wan) used, but in case of link fail, wan2 goes active.
But then i disconnect wan, nothing switched.

Post #77

Adze

22 Jan 2013, 09:34

Hi doctor64,

Your config looks good in general. There are two things i would change, but that should not be the cause of your problem. The two things i would change are:

1. Remove the lines "option _orig_ifname 'eth0.2'" and "option _orig_bridge 'false'" form the network config. I have seen some troubles with this line in conjunction with mwan3
2. Remove the lines "option interval '5'", "option down '3'", "option up '8'", "option timeout '2'", "option count '1'", "list track_ip '93.73.88.1'" and "option reliability '1'" from the mwan3 config in the "wan2" interface config section. As this is a gateway of last resort, it has no added functionality to check if it is up.

But now to tackle the real problem; could you paste me the outcome of the following comands:

ip rule
ip addr list
ip route list
ip route list table 1001
ip route list table 1002
ip route list table 1019
iptables -L -t mangle -v -n

Thnx!

(Last edited by Adze on 22 Jan 2013, 09:35)

Post #78

doctor64

22 Jan 2013, 11:32

Hello Adze!

I make proposed changes in config files, still not switching. regarding (2) - in the future i plan implement more sophisticated routing like "torrents on wan", "http load balancing", etc.

root@ap1:~# ping www.google.com -I eth0.2
PING www.google.com (77.88.221.34): 56 data bytes
64 bytes from 77.88.221.34: seq=0 ttl=59 time=1.265 ms
64 bytes from 77.88.221.34: seq=1 ttl=59 time=0.769 ms
^C
--- www.google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.769/1.017/1.265 ms
root@ap1:~# ping www.google.com -I eth0.3
PING www.google.com (77.88.221.44): 56 data bytes
64 bytes from 77.88.221.44: seq=0 ttl=59 time=14.942 ms
64 bytes from 77.88.221.44: seq=1 ttl=59 time=15.444 ms
^C
--- www.google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 14.942/15.193/15.444 ms
root@ap1:~# ip rule
0:      from all lookup local
1001:   from 89.252.1.74 fwmark 0x0/0x8000 lookup 1001
1002:   from 93.73.90.160 fwmark 0x0/0x8000 lookup 1002
1008:   from all fwmark 0x100/0xff00 lookup 1001
1009:   from all fwmark 0x200/0xff00 lookup 1002
1016:   from all fwmark 0x1000/0xff00 lookup 1016
1017:   from all fwmark 0x1100/0xff00 lookup 1017
1018:   from all fwmark 0x1200/0xff00 lookup 1018
1019:   from all fwmark 0x1300/0xff00 lookup 1019
1020:   from all fwmark 0x1400/0xff00 lookup 1020
32766:  from all lookup main
32767:  from all lookup default
root@ap1:~# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether d8:5d:4c:d7:c5:c4 brd ff:ff:ff:ff:ff:ff
4: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether c2:d9:60:fe:22:f3 brd ff:ff:ff:ff:ff:ff
5: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether ea:af:d8:ff:8d:8f brd ff:ff:ff:ff:ff:ff
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether d8:5d:4c:d7:c5:c4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.64.192/24 brd 192.168.64.255 scope global br-lan
7: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP
    link/ether d8:5d:4c:d7:c5:c4 brd ff:ff:ff:ff:ff:ff
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 00:90:27:57:1f:84 brd ff:ff:ff:ff:ff:ff
    inet 89.252.1.74/24 brd 89.252.1.255 scope global eth0.2
9: eth0.3@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether d8:5d:4c:d7:c5:c4 brd ff:ff:ff:ff:ff:ff
    inet 93.73.90.160/21 brd 93.73.95.255 scope global eth0.3
10: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP qlen 32
    link/ether d8:5d:4c:d7:c5:c4 brd ff:ff:ff:ff:ff:ff
root@ap1:~# ip route list
default via 89.252.1.1 dev eth0.2  proto static  metric 10
default via 93.73.88.1 dev eth0.3  proto static  metric 20
89.252.1.0/24 dev eth0.2  proto static  scope link  metric 10
93.73.88.0/21 dev eth0.3  proto static  scope link  metric 20
192.168.64.0/24 dev br-lan  proto kernel  scope link  src 192.168.64.192
root@ap1:~# ip route list table 1001
default via 89.252.1.1 dev eth0.2
root@ap1:~# ip route list table 1002
default via 93.73.88.1 dev eth0.3
root@ap1:~# ip route list table 1019
default via 89.252.1.1 dev eth0.2  metric 1
default via 93.73.88.1 dev eth0.3  metric 2
blackhole default  metric 1000
root@ap1:~# iptables -L -t mangle -v -n
Chain PREROUTING (policy ACCEPT 26469 packets, 6906K bytes)
 pkts bytes target     prot opt in     out     source               destination
27824 7093K mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT 5673 packets, 605K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 20707 packets, 6293K bytes)
 pkts bytes target     prot opt in     out     source               destination
21543 6426K zone_wan_MSSFIX  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 5442 packets, 402K bytes)
 pkts bytes target     prot opt in     out     source               destination
 5751  426K mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 26149 packets, 6695K bytes)
 pkts bytes target     prot opt in     out     source               destination
27153 6842K mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain mwan3_default (1 references)
 pkts bytes target     prot opt in     out     source               destination
   73  9782 MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3         mark match !0x8000/0x8000 MARK or 0x8000
  155 11942 MARK       all  --  *      *       0.0.0.0/0            89.252.1.0/24       mark match !0x8000/0x8000 MARK or 0x8000
    0     0 MARK       all  --  *      *       0.0.0.0/0            93.73.88.0/21       mark match !0x8000/0x8000 MARK or 0x8000
 5267  554K MARK       all  --  *      *       0.0.0.0/0            192.168.64.0/24     mark match !0x8000/0x8000 MARK or 0x8000

Chain mwan3_post (1 references)
 pkts bytes target     prot opt in     out     source               destination
   25  1171 MARK       all  --  *      eth0.3  0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x200/0xff00
15973 5341K MARK       all  --  *      eth0.2  0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x100/0xff00
11042 1491K MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x8000/0x8000 MARK and 0xffff7fff
27153 6842K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff00

Chain mwan3_pre (2 references)
 pkts bytes target     prot opt in     out     source               destination
33575 7519K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff00
   31  3297 MARK       all  --  eth0.3 *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8200/0xff00
11214 1530K MARK       all  --  eth0.2 *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8100/0xff00
22260 5979K mwan3_default  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000
 5320  448K mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00

Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination
 4639  394K MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 MARK xset 0x1300/0xff00

Chain zone_wan_MSSFIX (1 references)
 pkts bytes target     prot opt in     out     source               destination
  925 47404 TCPMSS     tcp  --  *      eth0.2  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    0     0 TCPMSS     tcp  --  *      eth0.3  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
root@ap1:~#

Post #79

Adze

22 Jan 2013, 11:43

Hi doctor64,

As far as i can see, all looks OK... Could you bring down the primary link, wait for 30 seconds and then paste the outcome of all the commands again please?

Thnx!

Post #80

doctor64

22 Jan 2013, 12:24

Hello Adze!

I disconnect main wan cable and wait few minutes.

root@ap1:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
14 packets transmitted, 0 packets received, 100% packet loss
root@ap1:~# ping 8.8.8.8 -I eth0.3
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=46 time=40.580 ms
64 bytes from 8.8.8.8: seq=1 ttl=46 time=62.562 ms
64 bytes from 8.8.8.8: seq=2 ttl=46 time=40.363 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 40.363/47.835/62.562 ms
root@ap1:~# ip rule
0:      from all lookup local
1001:   from 89.252.1.74 fwmark 0x0/0x8000 lookup 1001
1002:   from 93.73.90.160 fwmark 0x0/0x8000 lookup 1002
1008:   from all fwmark 0x100/0xff00 lookup 1001
1009:   from all fwmark 0x200/0xff00 lookup 1002
1016:   from all fwmark 0x1000/0xff00 lookup 1016
1017:   from all fwmark 0x1100/0xff00 lookup 1017
1018:   from all fwmark 0x1200/0xff00 lookup 1018
1019:   from all fwmark 0x1300/0xff00 lookup 1019
1020:   from all fwmark 0x1400/0xff00 lookup 1020
32766:  from all lookup main
32767:  from all lookup default
root@ap1:~# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether d8:5d:4c:d7:c5:c4 brd ff:ff:ff:ff:ff:ff
4: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether c2:d9:60:fe:22:f3 brd ff:ff:ff:ff:ff:ff
5: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether ea:af:d8:ff:8d:8f brd ff:ff:ff:ff:ff:ff
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether d8:5d:4c:d7:c5:c4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.64.192/24 brd 192.168.64.255 scope global br-lan
7: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP
    link/ether d8:5d:4c:d7:c5:c4 brd ff:ff:ff:ff:ff:ff
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 00:90:27:57:1f:84 brd ff:ff:ff:ff:ff:ff
    inet 89.252.1.74/24 brd 89.252.1.255 scope global eth0.2
9: eth0.3@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether d8:5d:4c:d7:c5:c4 brd ff:ff:ff:ff:ff:ff
    inet 93.73.90.160/21 brd 93.73.95.255 scope global eth0.3
10: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP qlen 32
    link/ether d8:5d:4c:d7:c5:c4 brd ff:ff:ff:ff:ff:ff
root@ap1:~# ip route list
default via 89.252.1.1 dev eth0.2  proto static  metric 10
default via 93.73.88.1 dev eth0.3  proto static  metric 20
89.252.1.0/24 dev eth0.2  proto static  scope link  metric 10
93.73.88.0/21 dev eth0.3  proto static  scope link  metric 20
192.168.64.0/24 dev br-lan  proto kernel  scope link  src 192.168.64.192
root@ap1:~# ip route list table 1001
default via 89.252.1.1 dev eth0.2
root@ap1:~# ip route list table 1002
default via 93.73.88.1 dev eth0.3
root@ap1:~# ip route list table 1019
default via 93.73.88.1 dev eth0.3  metric 2
blackhole default  metric 1000
root@ap1:~# iptables -L -t mangle -v -n
Chain PREROUTING (policy ACCEPT 44209 packets, 20M bytes)
 pkts bytes target     prot opt in     out     source               destination
 477K  302M mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT 6609 packets, 727K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 37588 packets, 19M bytes)
 pkts bytes target     prot opt in     out     source               destination
 438K  298M zone_wan_MSSFIX  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 9050 packets, 717K bytes)
 pkts bytes target     prot opt in     out     source               destination
40005 3064K mwan3_pre  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 46594 packets, 20M bytes)
 pkts bytes target     prot opt in     out     source               destination
 478K  301M mwan3_post  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain mwan3_default (1 references)
 pkts bytes target     prot opt in     out     source               destination
   81 10404 MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3         mark match !0x8000/0x8000 MARK or 0x8000
 6095  587K MARK       all  --  *      *       0.0.0.0/0            89.252.1.0/24       mark match !0x8000/0x8000 MARK or 0x8000
   19  1121 MARK       all  --  *      *       0.0.0.0/0            93.73.88.0/21       mark match !0x8000/0x8000 MARK or 0x8000
 6006  607K MARK       all  --  *      *       0.0.0.0/0            192.168.64.0/24     mark match !0x8000/0x8000 MARK or 0x8000

Chain mwan3_post (1 references)
 pkts bytes target     prot opt in     out     source               destination
 3287  228K MARK       all  --  *      eth0.2  0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x100/0xff00
30463   20M MARK       all  --  *      eth0.3  0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000 MARK xset 0x200/0xff00
 175K   23M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x8000/0x8000 MARK and 0xffff7fff
 478K  301M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff00

Chain mwan3_pre (2 references)
 pkts bytes target     prot opt in     out     source               destination
 517K  305M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff00
    0     0 MARK       all  --  eth0.2 *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8100/0xff00
19709 1777K MARK       all  --  eth0.3 *       0.0.0.0/0            0.0.0.0/0           MARK xset 0x8200/0xff00
 347K  283M mwan3_default  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x8000/0x8000
30372 2630K mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00

Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination
 2642  236K MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 MARK xset 0x1300/0xff00

Chain zone_wan_MSSFIX (1 references)
 pkts bytes target     prot opt in     out     source               destination
  833 43096 TCPMSS     tcp  --  *      eth0.3  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
root@ap1:~#
root@ap1:~# logread|grep mwan3
Jan 22 12:18:04 ap1 user.notice root: mwan3: ifup interface wan (eth0.2)
Jan 22 12:18:12 ap1 user.notice root: mwan3: ifup interface wan2 (eth0.3)
Jan 22 12:30:29 ap1 user.notice root: mwan3: Interface wan (eth0.2) is offline
Jan 22 12:30:29 ap1 user.notice root: mwan3: ifdown interface wan (eth0.2)
Jan 22 12:33:01 ap1 user.notice root: mwan3: Lost 16 ping(s) on interface wan (eth0.2)
Jan 22 12:33:37 ap1 user.notice root: mwan3: Interface wan (eth0.2) is online
Jan 22 12:33:38 ap1 user.notice root: mwan3: ifup interface wan (eth0.2)
Jan 22 13:12:05 ap1 user.notice root: mwan3: Interface wan (eth0.2) is offline
Jan 22 13:12:05 ap1 user.notice root: mwan3: ifdown interface wan (eth0.2)

Post #81

Adze

22 Jan 2013, 12:48

Hi doctor64,

I think mwan3 works OK, only your test method is worng... Let me explain.

If you don't use the loopback routing trick i mentioned in the TS (experimental section), packets originating from the router itself aren't load-balanced by mwan3. I recon that if you do this test from a client on your LAN it does failover.

Everything looks OK to me. Can you test from a client (not from the router) or use the loopback trick please?

Thnx!

(Last edited by Adze on 22 Jan 2013, 12:50)

Post #82

doctor64

22 Jan 2013, 13:06

Hello Adze!

AAAA! I'm idiot! It's my stupid fault I'm also relocate DNS server from internal network to router. ping to ip address (not name) from internal network works like charm. After i run

ip route add default via 127.0.0.1 dev lo src 192.168.64.192

all is working as expected

Great thanks for your understanding and help.

Just two silly question:
1: where is right place to put this command on openwrt? Im not very familiar with linux, sorry
2: it will be nice if luci frontend can display current status of multiwan via web-interface, like original multiwan do...

Post #83

Adze

22 Jan 2013, 13:34

Hi doctor64,

Nice to see it is solved!

The way i permanently configure this loopback trick is i first define an alias ip on my loopback interface. This is to keep LAN and router originated traffic separate. I then add a static rule to the rc.common file.

/etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config alias
    option interface 'loopback'
    option proto 'static'
    option ipaddr '192.168.2.1'
    option netmask '255.255.255.255'

cat /etc/rc.local

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
ip route add default via 192.168.2.1 dev lo src 192.168.2.1 metric 5
exit 0

As for remark 2, i don't use the webinterface. It is/was an independent project from Arfett. I won't be adding this functionality myself, but maybe you have some spare time to add this?!? Mwan3 itself doee not monitor status or saves states of a wan interface. It just runs some commands when an interface goes up or down and then exits.

Post #84

doctor64

22 Jan 2013, 15:16

Hi Adze!

Sorry for asking again, but i should substitute 192.168.2.1 and 255.255.255.255 with actual values of my lan interface or use another address within my lan subnet? I mean my lan have address 192.168.64.192 - i should use 192.168.64.192 or 192.168.64.193 for example?

Post #85

Adze

22 Jan 2013, 15:18

Use a whole new ip address (range) for this, separate from LAN.

Post #86

doctor64

22 Jan 2013, 17:17

Hi Adze

thank you very much again.

Now little question about load balancing - as i understand for load balancing metric value of two interfaces (in mwan3 config) should be equal. and traffic divided accordingly to weight values?
So, for example, wan1 have weight 60 and wan2 have weight 40 mean what 60% of traffic goes to wan1 and 40% goes to wan2?

Post #87

Adze

22 Jan 2013, 17:25

Yes, although mwan3 balances based on sessions. So it is possible that one session creates a lot more traffic than another. So you might not see exactly a 60/40 ratio back in the interface counters.

Post #88

doctor64

22 Jan 2013, 18:28

Ok, to be more clear "60% of sessions goes to wan1 and 40% goes to wan2"?

Post #89

kir0

22 Jan 2013, 20:58

Hi Adze
I sent you a letter to the PM for help..
Sorry for my english...

Post #90

Steltek

31 Jan 2013, 22:50

Just wondering, does this support NAT reflection? Asking because since I've set it up, I can't seem to be able to access my own systems via my external IP any more.

Post #91

baojia

1 Feb 2013, 03:03

hi, all

does anyone know how to use mwan3 with multiple pppoe sessions?
i've tried to use macvlan, but the others sessions keep failing.

and i've tested it with pfsense virtualbox, my network works with multiple pppoe sessions.

thx

(Last edited by baojia on 1 Feb 2013, 03:04)

Post #92

Adze

1 Feb 2013, 16:58

Steltek wrote:

Just wondering, does this support NAT reflection? Asking because since I've set it up, I can't seem to be able to access my own systems via my external IP any more.

NAT reflection in combination with mwan3 works. (should work)

Post #93

Adze

1 Feb 2013, 17:01

baojia wrote:

hi, all
does anyone know how to use mwan3 with multiple pppoe sessions?
i've tried to use macvlan, but the others sessions keep failing.
and i've tested it with pfsense virtualbox, my network works with multiple pppoe sessions.
thx

mwan3 works OK with multiple pppoe sessionss. Multiple pppoe sessions don't work with only one layer-3 interface. It's not a mwan3 problem.

Post #94

Steltek

2 Feb 2013, 12:52

Adze wrote:

Steltek wrote:
Just wondering, does this support NAT reflection? Asking because since I've set it up, I can't seem to be able to access my own systems via my external IP any more.
NAT reflection in combination with mwan3 works. (should work)

Thanks, I'll have to check my setup then because mine definitely worked before I installed mwan3 and now no longer does.

The nat_reflection_fwd table is definitely in iptables but doesn't appear to be getting any packets, so something must be intercepting them before.

Post #95

kir0

4 Feb 2013, 16:54

Hi Adze
I sent you a letter to the PM for help.. )

Post #96

kokko

5 Feb 2013, 09:09

Do you have package for brcm47xx architecture?

I have Asus Wl-500GP with AA 12.09-rc1, just bought backup WAN and found out on forum that mwan3 is the best for multi WAN. Could you share brcm47xx package or show me the way how to make it by my own?

Post #97

kir0

6 Feb 2013, 19:39

Hi doctor64!
I wanted to see your configuration mwan3
I have a problem mwan3
Sorry for my english...
thx!

Post #98

swoofz

9 Feb 2013, 09:42

Hi Adze,
I've been using your mwan2 for almost a year and realized that you now come up with the mwan3.

I use a VPN connection to watch movies from netflix and hulu but the VPN connection is done from the clients (PC, tablet, iphone, etc). I'm thinking of establishing the VPN connection from my TPLink router so I don't need to set it up from clients.

I managed to connect to the VPN Server using OpenVPN from my router :

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.143.1.9      128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.0.1     0.0.0.0         UG    10     0        0 br-lan
0.0.0.0         111.94.77.1     0.0.0.0         UG    20     0        0 eth1
10.143.1.1      10.143.1.9      255.255.255.255 UGH   0      0        0 tun0
10.143.1.9      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
50.7.31.186     192.168.0.1     255.255.255.255 UGH   0      0        0 br-lan
111.94.77.0     0.0.0.0         255.255.255.0   U     20     0        0 eth1
128.0.0.0       10.143.1.9      128.0.0.0       UG    0      0        0 tun0
192.168.0.0     0.0.0.0         255.255.255.0   U     10     0        0 br-lan

I'm able to ping using both connection :

root@OpenWrt:/# ping -c 1 -I eth1 google.com
PING google.com (111.94.248.24): 56 data bytes
64 bytes from 111.94.248.24: seq=0 ttl=63 time=9.258 ms

--- google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 9.258/9.258/9.258 ms
root@OpenWrt:/# ping -c 1 -I tun0 google.com
PING google.com (111.94.248.32): 56 data bytes
64 bytes from 111.94.248.32: seq=0 ttl=47 time=565.236 ms

--- google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 565.236/565.236/565.236 ms

Make a simple mwan3 config :

config interface 'WAN'
        option enabled '1'
        list track_ip '8.8.4.4'
        option reliability '1'
        option count '1'
        option timeout '2'
        option interval '5'
        option down '3'
        option up '8'

config interface 'VPN'
        option 'enabled' '1'
        list track_ip '8.8.4.4'
        option reliability '1'
        option count '1'
        option timeout '2'
        option interval '5'
        option down '3'
        option up '8'

config member 'wan1_m1_w3'
        option interface 'WAN'
        option metric '1'
        option weight '3'

config member 'wan1_m2_w3'
        option interface 'WAN'
        option metric '2'
        option weight '3'

config member 'vpn_m1_w3'
        option interface 'VPN'
        option metric '1'
        option weight '3'

config policy 'wan1_only'
        list use_member 'wan1_m1_w3'

config policy 'vpn_only'
        list use_member 'vpn_m1_w3'

config rule
       option src_ip '192.168.0.25'
       option use_policy 'vpn_only'

config rule
        option dest_ip '0.0.0.0/0'
        option use_policy 'wan1_only'

192.168.0.25 is my PC's IP Address, I would like to simply test that all connection made from my PC will be routed through the VPN tunnel

I then setup the firewall rule to allow traffic from LAN to VPN

root@OpenWrt:/# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        option network 'lan'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option forward 'ACCEPT'
        option input 'ACCEPT'
        option network 'WAN'

config include
        option path '/etc/firewall.user'

config forwarding
        option dest 'wan'
        option src 'lan'

config forwarding
        option dest 'lan'
        option src 'wan'

config zone
        option name 'VPN'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option network 'VPN'
        option masq '1'

config forwarding
        option dest 'lan'
        option src 'VPN'

config forwarding
        option dest 'VPN'
        option src 'lan'

Restarted the router and try to access the internet from my PC but no traffic at all, tried to ping google.com but lost all connection to internet from my PC. Tried to tcpdump -i tun0 while ping google.com from my PC but seems there's no traffic routed to the interface.

root@OpenWrt:/# ip rule show
0:      from all lookup local
1001:   from 111.94.77.98 fwmark 0x0/0x8000 lookup 1001
1008:   from all fwmark 0x100/0xff00 lookup 1001
1009:   from all fwmark 0x200/0xff00 lookup 1002
1016:   from all fwmark 0x1000/0xff00 lookup 1016
1017:   from all fwmark 0x1100/0xff00 lookup 1017
32766:  from all lookup main
32767:  from all lookup default

Please kindly advise. Thanks !

Post #99

Adze

10 Feb 2013, 18:02

Hi swoofz,

I'd like to help you get things working. A couple of things strike me. I have some questions:

Why is there a default route to your br-lan interface?
Why is there no default route for the tun0 interface (mwan3 needs this, so this is the reason it doesn't work!)?
Is interface VPN defined in your network config?

Thnx

Post #100

swoofz

11 Feb 2013, 01:32

Adze wrote:

Hi swoofz,

I'd like to help you get things working. A couple of things strike me. I have some questions:
Why is there a default route to your br-lan interface?
Why is there no default route for the tun0 interface (mwan3 needs this, so this is the reason it doesn't work!)?
Is interface VPN defined in your network config?

Thnx

Hi Adze,
Thanks for your response.

I think the default route for br-lan interface is there because the router create bridges between eth0 & my wireless network i guess...

The way I connect to VPN is using the OpenVPN module, once I started it in luci it will then automatically define the route

Yes I defined the VPN in network config :

config interface 'VPN'
        option proto 'none'
        option ifname 'tun0'
        option defaultroute '0'
        option peerdns '0'
        option auto '1'

Please kindly advise. Thank you.

Page 4 of 65