Would you mind updating the mwan3 wiki with the NDS information when done?

(Last edited by arfett on 16 Nov 2014, 03:31)

I tried to register to to edit the Wiki, it seems to be having issues.  Here is the text if you can update the Wiki since I cant seem to register right now.

- Compatibility with NoDogSplash captive portal

NoDogSplash, by default, uses the same bits as MWAN3 to mark traffic in iptables.  Because of this, NoDogSplash will not work with the default configuration file that is installed.  You can modify the bits that are used by NoDogSplash easily by adding a few lines to the /etc/nodogsplash/nodogsplash.conf file:

# Change the default marking flags to work with MWAN3 and QOS
FW_MARK_AUTHENTICATED 17
FW_MARK_TRUSTED 18
FW_MARK_BLOCKED 19

Can you help me? How can I disable failover? I have two interfaces: wan and wan2. I want to connect through wan only with two IP addresses. With the rest IP adress only through wan address.

Everything works until both interfaces work. When one interface is down the second ignores the policy and connects to each IP address. How to fix it? This is my config:

config interface 'wan'
        option enabled '1'

config interface 'wan2'
        option enabled '1'

config member 'wan_m1_w3'
        option interface 'wan'
        option metric '1'
        option weight '2'

config member 'wan2_m1_w2'
        option interface 'wan2'
        option metric '1'
        option weight '2'

config policy 'wan_only'
        list use_member 'wan_m1_w3'

config policy 'wan2_only'
        list use_member 'wan2_m1_w2'

config rule 'shar1'
        option dest_ip 'here is ip adress'
        option use_policy 'wan2_only'

config rule 'shar2'
        option dest_ip 'here is ip adress'
        option use_policy 'wan2_only'

config rule 'default_rule'
        option dest_ip '0.0.0.0/0'
        option use_policy 'wan_only'

Is it possible to route 8.8.4.4 DNS to WAN2 only?

If you don't need failover, you don't need mwan3. You can just use two static routes and one deafult route..

Yes

Could you write a how to do it? I do not know much about it ...

(Last edited by squallpolska on 18 Nov 2014, 14:30)

Should I use mwan3 rules to configure this or static route?

I do not want 8.8.4.4 pingable even if WAN2 is down.

I would suggest a mwan3 rule.

(Last edited by Adze on 18 Nov 2014, 19:47)

config rule 'dnsstatic'
        option dest_ip '8.8.4.4'
        option dest_port '53'
        option proto 'udp'
        option use_policy 'wan2_only'

This rule is at the top above all else. Is this correct?

Pinging 8.8.4.4 still seem to go through "wan" instead of "wan2".

Another question:

I've been using this as my default rule for a long time.. and just noticed in wiki it's different

config rule 'allelse'                 
        option use_policy 'wan1pri_wan2sec'

wiki:

config rule 'default_rule'
        option dest_ip '0.0.0.0/0'
        option use_policy 'balanced'

Is dest_ip 0.0.0.0/0 necessary for rules to work properly? I have some rules that don't contain ip, just ports.

Is it ok to go without dest_ip?

You set a rule for upd port 53 traffic and you wonder why icmp traffic still goes through wan? I think you will be able to figure this one out yourself...

Yeah not too sure what I was thinking either...

Anyway I think it's fixed. Thanks!

It should be fine without the destination IP set. 0.0.0.0/0 is assumed if nothing is entered there.

Have you guys heard of any strange behavior when you have 2 pppoe wan?

With 14.07 (unsure about 12.04 still) wan2 (pppoe) will have difficulty connecting... example PADO timeout, ive seen other error messages too. Once connected itll stay connected for 1-3 minutes at most before disconnecting. During this connection period, ping timeout requests are just too many.. 80% and then it'll disconnect and once again finds difficulty connecting back.

To test this further, I setup another openwrt router to host one pppoe connection for this 'wan2' line which connects without any issues. (was unable to test 2 concurrent wans at this period.. might do so tomorrow)

Furthermore, my wan1 seem to disconnect quite frequently, maybe once every 1-2 hours. Not sure if this is 14.07 related since just before upgrading I had not been monitoring outages often...

Maybe someone here might have heard/seen something about this somewhere...

Hello,

First things first. Thank you for the time and effort you've put into making this package, it's definitely top notch stuff!

BTW.:I'm a complete rookie, so please bear with me. It's also my first post here.

I'm using OpenWrt BB 14.07 on TP-LINK TL-WDR4300 v1.7.

I have two separate internet connections from the same ISP.

modem and modem2 are connected via. cat6 cables to the wdr4300 in bridge mode.

After configuring Vlan ports, i've created two separate interfaces on the WDR4300, wan and wan2. The interfaces connect to the internet via. PPPoE, and I get a static public ip each, on both interfaces.
wan   = 182.180.162.210/32
wan2 = 182.180.162.212/32

I'm perfectly load-balancing and everything works beautifully.

The question which I want to ask:

When I surf the internet, or maybe download something, anything really; I've noticed my external IP is changing all the time, sometimes I'm using 182.180.162.210 other times 182.180.162.212.

Is it possible to configure something, so I only use one of the external IP's, either 210 or 212 and still be able to load-balance?

I've tried on my own for several hours, but the thing is, I don't know where to start looking.

I can provide any information needed.

A helping hand please

Thanks in advance, any help would be highly appreciated.

Kind Regards,
M. Usman

http://wiki.openwrt.org/doc/howto/mwan3
http://ofmodemsandmen.com/multiweb.html

I've looked at the 2nd link you've provided: http://ofmodemsandmen.com/multiweb.html
Every information the link states I understood, and my mwan3 configuration is setup properly with wan#1 having the higher precedence when load-balancing. But still I don't get to keep the wan#1 external ip 182.180.162.210.

I've also tried adding a rule like rule#3 showed in the 2nd link at the bottom, but still without success.

config rule 'test'
    option proto 'all'
    option use_policy 'wan_only'
    option src_ip '182.180.162.212/32'

EDIT: I'm actually getting some hits on this rule, but don't know what that means.

In the first link: http://wiki.openwrt.org/doc/howto/mwan3
Am i supposed to look at SNAT?

(Last edited by Usi on 24 Nov 2014, 04:25)

Yes and No...

You cannot load-balance one LAN client and have only one public ip. It is either load-balance and multiple external ip's, or active-failover. You can however (if you have multiple LAN clients) have each client load-balance to the internet and each client will have it's own external ip address. The default mwan3 configuration has an example for tcp 443, which does exactly that.

(Last edited by Adze on 24 Nov 2014, 20:04)

Use the client LAN ip address as src-Ip and not the WAN address.

So, if I've understood correctly; I cannot load-balance one LAN client, and expect to have only one external ip; But i can add a separate rule for each LAN client (e.g. X client uses wan1, X client uses wan2 and again X client uses wan1 etc. etc.) and like that use both wan1 and wan2, and this should be achievable via. the following e.g. Right?

config rule 'test'
option proto 'all'
option use_policy 'wan_only'
option src_ip '192.168.1.110/24'

But, you're saying that it's the sticky_even and sticky_odd that can accomplish that. Now I am completely confused. I don't understand those two rules sticky_even and sticky_odd.

Can you guide me a little, I'm still a bit lost.

Please don't mind me, I'm new and trying to understand/learn.

Thanks so much again. So far! It feels great learning.

^ Yes

^ No

This src_ip should be '192.168.1.110/32', if it is for one lan client only.

The policy you have chosen is wan_only. If this wan were to go down, this client will not be able to reach the internet. You should consider a policy with a backup, like 'wan_wan2'. But then again you only use one isp, so you should be fine.

The sticky rules can be confusing at first. I will try to explain the sticky_even example rule.

The proto and port settings need no explanation. The src_ip '0.0.0.0/0.0.0.1' is a bit harder to explain. The first part (0.0.0.0) is the network address, the second part the mask. Mask defines which bits should match the given network address. A mask of 0.0.0.1 means that only the very last bit of an ip address needs to match the configured network address. The last bit in the network address in this example rule is '0'. All the packets that match this rule have the last bit of the source ip address set to zero. TL'DR: source ip addresses that end with 0, 2, 4, 6, or 8.

The reason i added the two sticky rules to the default mwan3 config is because a lot of https sites (like banking sites) don't like it when your source ip address changes during your https session. Those two sticky rules create some kind of faked lan_client-wan_address stickiness, so that all https request come from the same wan.

(Last edited by Adze on 24 Nov 2014, 20:53)

Hi Adze, thanks for this note. I have seen this behavior as well on various sites that use HTTPS. I will be in an authenticated session and using the site normally and then I will suddenly be taken to the site login page for no clear reason. The cause being a source IP change makes sense and the HTTPS rules you describe fixed it.

I have added a wiki note to highlight this:

http://wiki.openwrt.org/doc/howto/mwan3 … ps.traffic

Regards,
Tim Miller Dyck

Hope can somebody help me with the dual wan setup.

I have a clean openwrt install in my tplink 1043nd v2.

vlan1 is lan ports
vlan2 is wan1(eth.0)
vlan3 is wan2(eth1.3)

Wan1 is a pppoe connection to modem #1
wan2 is DHCP connection to modem #2

I have made the metric and default gateway settings in every wan connection and my route -n is as follows

Does this look ok? Shouldnt the METRIC in third line be 10 and not 0?(Pppoe-cy)

Ping from both interfaces work ok.

I verified the acting routing table and its ok.

Should i continue to install mwan3?
Would it be a problem that the second connection uses dhcp?

@edit
Everything works fine...boths interfaces tracking active. Now my two lines are combined and can have faster download speeds with download manager.

Now have to make some QoS rules so can have my iptv connection first and then web surfing and last torrent...

(Last edited by kartheo on 27 Nov 2014, 16:13)

Hi kartheo,

eth1.3 and br-lan have the same ip address range. Change your br-lan settings and you are good to go. Everything else looks ok to me. Good luck!