OpenWrt Forum Archive

Topic: mwan3; multi-wan policy routing (general topic)

The content of this topic has been archived between 22 May 2013 and 6 May 2018. Unfortunately there are posts – most likely complete pages – missing.

Hi Adze,...
thank you very much for your incredible work on mwan3
I have failover connection on 2 wan by pppoe and 1 by usb gsm and also have 1 tunnel for openvpn
in any case I want to failover for the openvpn because 1 of my pppoe only reach for semi-private ip and not use for internet, but it have backup to for public connection wan and by usb gsm too.
I put 'option keepalive' on my openvpn.cnf and it's take 2-6 minutes for restarting openvpn service, and for my company that's take too much time.
I want trigger script which ifup/ifdown my pppoe then it will restart openvpn service, and I think it will more efficient,...but I don't know how? because I just know that mwan3 also have related to hotplug.d

this is my output from diagnostic mwan3

Software versions : 

OpenWrt - OpenWrt Barrier Breaker 14.07
LuCI - 0.12+svn-r10530

mwan3 - 1.5-10
mwan3-luci - 1.3-5

Output of "cat /etc/config/mwan3" : 

config interface 'cis'
    option enabled '1'
    list track_ip '210.23.66.130'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '5'

config interface 'speedy'
    option enabled '1'
    list track_ip '8.8.8.8'
    list track_ip '210.23.66.130'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '5'

config interface 'gsm'
    option enabled '1'
    list track_ip '8.8.8.8'
    list track_ip '210.23.66.130'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '5'

config member 'speedy_m1_w3'
    option interface 'speedy'
    option metric '1'
    option weight '3'

config member 'speedy_m2_w3'
    option interface 'speedy'
    option metric '2'
    option weight '3'

config member 'speedy_m3_w3'
    option interface 'speedy'
    option metric '3'
    option weight '3'

config member 'speedy_m4_w3'
    option interface 'speedy'
    option metric '4'
    option weight '3'

config member 'gsm_m1_w3'
    option interface 'gsm'
    option metric '1'
    option weight '3'

config member 'gsm_m2_w3'
    option interface 'gsm'
    option metric '2'
    option weight '3'

config member 'gsm_m3_w3'
    option interface 'gsm'
    option metric '3'
    option weight '3'

config member 'gsm_m4_w3'
    option interface 'wan2'
    option metric '4'
    option weight '3'

config member 'cis_m1_w3'
    option interface 'cis'
    option metric '1'
    option weight '3'

config member 'cis_m2_w3'
    option interface 'cis'
    option metric '2'
    option weight '3'

config policy 'speedy_only'
    list use_member 'speedy_m1_w3'

config policy 'gsm_only'
    list use_member 'gsm_m1_w3'

config policy 'speedy_gsm'
    list use_member 'speedy_m1_w3'
    list use_member 'gsm_m2_w3'

config policy 'gsm_speedy'
    list use_member 'speedy_m2_w3'
    list use_member 'gsm_m1_w3'

config policy 'cis_speedy_gsm'
    list use_member 'cis_m1_w3'
    list use_member 'speedy_m2_w3'
    list use_member 'gsm_m3_w3'

config policy 'cis_gsm_speedy'
    list use_member 'cis_m1_w3'
    list use_member 'gsm_m2_w3'
    list use_member 'speedy_m3_w3'

config rule 'vpn_cis_first'
    option proto 'udp'
    option use_policy 'cis_speedy_gsm'
    option dest_port '7068'
    option dest_ip '210.23.66.130'

config rule 'speedy_gsm_fail'
    option proto 'all'
    option use_policy 'speedy_gsm'

Output of "cat /etc/config/network" : 

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fdd8:0249:99c8::/48'

config interface 'lan'
    option ifname 'eth0.1'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option ipaddr '192.176.99.254'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '1 2 3 4 5t'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '0 5t'

config interface 'gsm'
    option proto '3g'
    option device '/dev/ttyUSB2'
    option service 'umts'
    option apn 'internet'
    option metric '20'

config interface 'cis'
    option proto 'pppoe'
    option ifname 'eth0.2'
    USERNAME HIDDEN
    PASSWORD HIDDEN
    option metric '5'

config interface 'speedy'
    option proto 'pppoe'
    option ifname 'eth0.2'
    option metric '10'
    USERNAME HIDDEN
    PASSWORD HIDDEN

config interface 'ussivpn'
    option proto 'none'
    option ifname 'tun0'

Output of "ifconfig" : 

br-lan    Link encap:Ethernet  HWaddr 64:70:02:8E:E2:DE  
          inet addr:192.176.99.254  Bcast:192.176.99.255  Mask:255.255.255.0
          inet6 addr: fdd8:249:99c8::1/60 Scope:Global
          inet6 addr: fe80::6670:2ff:fe8e:e2de/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:468 errors:0 dropped:0 overruns:0 frame:0
          TX packets:529 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:56517 (55.1 KiB)  TX bytes:218065 (212.9 KiB)

eth0      Link encap:Ethernet  HWaddr 64:70:02:8E:E2:DE  
          inet6 addr: fe80::6670:2ff:fe8e:e2de/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4696 errors:0 dropped:0 overruns:2383 frame:0
          TX packets:4796 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:378835 (369.9 KiB)  TX bytes:266414 (260.1 KiB)
          Interrupt:4 

eth0.1    Link encap:Ethernet  HWaddr 64:70:02:8E:E2:DE  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:117 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:11408 (11.1 KiB)

eth0.2    Link encap:Ethernet  HWaddr 64:70:02:8E:E2:DE  
          inet6 addr: fe80::6670:2ff:fe8e:e2de/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4695 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4674 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:294261 (287.3 KiB)  TX bytes:234351 (228.8 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:96 (96.0 B)  TX bytes:96 (96.0 B)

pppoe-cis Link encap:Point-to-Point Protocol  
          inet addr:210.23.69.151  P-t-P:210.23.69.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:449 errors:0 dropped:0 overruns:0 frame:0
          TX packets:493 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:26058 (25.4 KiB)  TX bytes:28991 (28.3 KiB)

pppoe-speedy Link encap:Point-to-Point Protocol  
          inet addr:36.80.33.138  P-t-P:36.80.32.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:1052 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1075 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:103903 (101.4 KiB)  TX bytes:77200 (75.3 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:129.70.77.193  P-t-P:129.70.77.194  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr 64:70:02:8E:E2:DE  
          inet6 addr: fe80::6670:2ff:fe8e:e2de/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:468 errors:0 dropped:0 overruns:0 frame:0
          TX packets:545 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:63095 (61.6 KiB)  TX bytes:229629 (224.2 KiB)

Output of "route -n" : 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         210.23.69.1     0.0.0.0         UG    5      0        0 pppoe-cis
0.0.0.0         36.80.32.1      0.0.0.0         UG    10     0        0 pppoe-speedy
36.80.32.1      0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-speedy
129.70.77.0     129.70.77.194   255.255.255.0   UG    0      0        0 tun0
129.70.77.194   0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
192.176.99.0    0.0.0.0         255.255.255.0   U     0      0        0 br-lan
193.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
194.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
195.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
196.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
197.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
198.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
199.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
200.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
201.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
202.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
203.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
204.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
205.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
206.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
207.176.77.0    129.70.77.194   255.255.255.0   UG    0      0        0 tun0
210.23.69.1     0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-cis

basically I want ifup or ifdown pppoe-cis then /etc/init.d/openvpn restart
but I don't know how and where put that script

pardon for my bad english, I'm from Indonesia by the way big_smile
Thanks Adze smile

suriefkasev wrote:

basically I want ifup or ifdown pppoe-cis then /etc/init.d/openvpn restart
but I don't know how and where put that script

/etc/hotplug.d/iface/40-restartopenvpn

#!/bin/sh

if [ "$INTERFACE" == "cis" ]; then
    if [ "$ACTION" == "ifup" ] || [ "$ACTION" == "ifdown" ]; then
        # not sure if this is the right command. replace with your desired restart command
        /etc/init.d/openvpn restart
    fi
fi

exit 0

(Last edited by arfett on 9 Jun 2015, 19:51)

arfett wrote:
suriefkasev wrote:

basically I want ifup or ifdown pppoe-cis then /etc/init.d/openvpn restart
but I don't know how and where put that script

/etc/hotplug.d/iface/40-restartopenvpn

#!/bin/sh

if [ "$INTERFACE" == "cis" ]; then
    if [ "$ACTION" == "ifup" ] || [ "$ACTION" == "ifdown" ]; then
        # not sure if this is the right command. replace with your desired restart command
        /etc/init.d/openvpn restart
    fi
fi

exit 0

thanks arfett
your script works like charm on my router big_smile
but I'm courious when I look at folder /etc/hotplug.d/iface/ I found script 16-mwancustom
here is the script

#!/bin/sh

# to enable this script uncomment the case loop at the bottom
# to report mwan status on interface hotplug ifup/ifdown events modify the lines in the send_alert function

send_alert()
{
    # variable "$1" stores the MWAN status information
    # insert your code here to send the contents of "$1"
    echo "$1"
}

gather_event_info()
{
    # create event information message
    local EVENT_INFO="Interface [ "$INTERFACE" ($DEVICE) ] on router [ "$(uci get -p /var/state system.@system[0].hostname)" ] has triggered a hotplug [ "$ACTION" ] event on "$(date +"%a %b %d %Y %T %Z")""

    # get current interface, policy and rule status
    local CURRENT_STATUS="$(/usr/sbin/mwan3 status)"

    # get last 50 MWAN systemlog messages
    local MWAN_LOG="$(echo -e "Last 50 MWAN systemlog entries. Newest entries sorted at the top:\n$(logread | grep mwan3 | tail -n 50 | sed 'x;1!H;$!d;x')")"

    # pass event info to send_alert function
    send_alert "$(echo -e "$EVENT_INFO\n\n$CURRENT_STATUS\n\n$MWAN_LOG")"
}

#case "$ACTION" in
#    ifup)
#        gather_event_info
#    ;;
#
#    ifdown)
#        gather_event_info
#    ;;
#esac

exit 0

is possible to combine your script 40-restartopenvpn to that script? and if it's possible which part that I should modify?
thanks dude smile

I wrote that script. If you're not familiar with shell scripting don't worry about combining them.

arfett wrote:

I wrote that script. If you're not familiar with shell scripting don't worry about combining them.

whooaaaa that's awesome, yes I'm not familiar on scripting shell....I should learn a lot off course big_smile
and again...great thanks arfett

Hello

A quick question:


I have ddns-scripts installed on my router and i want that each time mwan3 fails over to my UMTS connection (and fails back if the ADSL connection is available again) the ddns update is triggered.

What do i have to place in the 16-mwancustom script?

From  http://wiki.openwrt.org/doc/howto/ddns.client i know that if i want to test ddns i can do so via the command line:


/usr/lib/ddns/dynamic_dns_updater.sh MyDDNSProvider

Best,
Thomas

Thomymaster wrote:

I have ddns-scripts installed on my router and i want that each time mwan3 fails over to my UMTS connection (and fails back if the ADSL connection is available again) the ddns update is triggered.

What do i have to place in the 16-mwancustom script?

Probably the same thing suriefkasev is using but change the interface and command that runs?

(Last edited by arfett on 11 Jun 2015, 17:47)

First all so many thaks to all mwan3 designers and contributers. It has a great openwrt package.

Im envolved on try mwan3 with a new aproach. I have two 'wan' wifi links (both wds clients) to other routers and mwan3 are installed and working fine based on standard balanced configuration, but i need know if is and how possible to create a bridge from mwan3 balanceed end point (point when the packets going to lan) with mwan3 balancer wan connection.

I mean if i create a interface with bridge from wlan (wds client mode) to some eth0 vlan i have full ethernet bridged and frame transparent from that wlan to the ethernet vlanx connector.

Can i do the same but with mwan3 controlling both wan links i have and make a full bridge (frame bridged) from them to some vlan ?

I make some graphic to try to make the idea most understable
                  OPENWRT ROUTER                                                                                             10.0.0.10/24
                  192.168.1.1/24                                                                                               -----------wan (wlan0 wds client) ----------- wan 1 link1
device---vlan0.1---(lan bridge interface - mwan3 end point ??? )---mwan3 engine balancer
                                                                                                                                             -----------wan2 (wlan1 wds client)---------- wan 2 link2
                                                                                                                                                   10.0.2.10/24
Sorry about my poor english :-(

(Last edited by jirm on 14 Jun 2015, 20:17)

Hi,

I'm trying to get mwan3 setup with my sstp connection. I had it working for OpenVPN, but cannot get it to recognize the sstp interface. In the status I am getting:

interface PureVPN is unknown

PureVPN is the interface attached to adapter sstp-PureVPN which is basically a customised pppd interface. I have it setup with a metric of 40 and am able to ping through the interface successfully. Is there any reason mwan would not be able to detect this? I notice on the config page it states PureVPN(X) as opposed to PureVPN(sstp-PureVPN) as would be expected if it was finding the adapter.

Network config of PureVPN is

config interface 'PureVPN'
    option proto 'sstp'
    option server '********.pointtoserver.com'
    option username 'purevpn*******'
    option password '*****'
    option auto '0'
    option sstp_options '--cert-warn'
    option pppd_options 'refuse-eap refuse-pap refuse-chap'
    option defaultroute '0'
    option log_level '4'

When I try to go into diagnostics it says:

Unable to perform diagnostic tests on PureVPN. There is no physical or virtual device associated with this interface

UPDATE****
Looks like nothing gets set in /var/status network, improves when I force my interface in.  I'll have to play around more, looks like a ppp problem.

(Last edited by amwalters on 16 Jun 2015, 05:29)

Hi I have 3 WANs and I have problem with them. Sometimes on of them is down (red in luci)
have a look on my conig:

Software versions :

OpenWrt - OpenWrt Barrier Breaker 14.07
LuCI - 0.12+git-15.037.36195-f1e2a26

mwan3 - 1.5-10
mwan3-luci - 1.3-5

Output of "cat /etc/config/mwan3" :

config interface 'wan'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'
    option enabled '1'

config interface 'WAN2'
    option enabled '1'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config interface 'aero'
option enabled '1'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config member 'wan_m1_w3'
    option interface 'wan'
    option metric '1'
    option weight '3'

config member 'wan_m2_w3'
    option interface 'wan'
    option metric '2'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'WAN2'
    option metric '1'
    option weight '2'

config member 'wan3_m1_w2'
    option interface 'aero'
    option metric '1'
    option weight '2'

config member 'wan3_m2_w2'
    option interface 'aero'
    option metric '2'
    option weight '2'

config member 'wan2_m2_w2'
    option interface 'WAN2'
    option metric '2'
    option weight '2'

config policy 'wan_only'
    list use_member 'wan_m1_w3'

config policy 'wan2_only'
    list use_member 'wan2_m1_w2'

config policy 'wan3_only'
    list use_member 'wan3_m1_w2'

config policy 'balanced'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m1_w2'
list use_member 'wan3_m1_w2'

config policy 'wan_wan2'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m2_w2'

config policy 'wan2_wan'
    list use_member 'wan_m2_w3'
    list use_member 'wan2_m1_w2'

config policy 'wan3_wan'
    list use_member 'wan_m2_w3'
    list use_member 'wan3_m1_w2'


config rule 'sticky_even'
    option src_ip '0.0.0.0/0.0.0.1'
    option dest_port '443'
    option proto 'tcp'
    option use_policy 'wan_wan2'

config rule 'sticky_odd'
    option src_ip '0.0.0.1/0.0.0.1'
    option dest_port '443'
    option proto 'tcp'
    option use_policy 'wan2_wan'

config rule 'default_rule'
    option dest_ip '0.0.0.0/0'
    option use_policy 'balanced'

Output of "cat /etc/config/network" :

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fdbb:11dc:d262::/48'

config interface 'lan'
    option ifname 'eth0.1'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option ipaddr '192.168.1.3'
    option gateway '192.168.1.3'
    option broadcast '192.168.1.3'

config interface 'wan'
    option ifname 'eth0.2'
    option proto 'static'
    option ipaddr '192.168.2.5'
    option netmask '255.255.255.0'
    option gateway '192.168.2.1'
    option dns '8.8.8.8 8.8.4.4 208.67.220.220 208.67.222.222'
    option defaultroute '1'
    option conntrack '1'
    option metric '10'

config interface 'wan6'
    option ifname '@wan'
    option proto 'dhcpv6'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '0t 2 3 4 5'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '0t 1'

config interface 'WAN2'
    option proto 'static'
    option _orig_ifname 'eth2'
    option _orig_bridge 'false'
    option ifname 'eth1'
    option ipaddr '192.168.8.101'
    option netmask '255.255.255.0'
    option gateway '192.168.8.1'
    option dns '8.8.8.8 8.8.4.4 208.67.220.220 208.67.222.222'
    option defaultroute '1'
    option metric '30'

config interface 'aero'
option proto 'dhcp'
option defaultroute '1'
option metric '40'
option dns '8.8.8.8 8.8.4.4 208.67.220.220 208.67.222.222'


Software versions :

OpenWrt - OpenWrt Barrier Breaker 14.07
LuCI - 0.12+git-15.037.36195-f1e2a26

mwan3 - 1.5-10
mwan3-luci - 1.3-5

Output of "cat /etc/config/mwan3" :

config interface 'wan'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'
    option enabled '1'

config interface 'WAN2'
    option enabled '1'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config interface 'aero'
option enabled '1'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config member 'wan_m1_w3'
    option interface 'wan'
    option metric '1'
    option weight '3'

config member 'wan_m2_w3'
    option interface 'wan'
    option metric '2'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'WAN2'
    option metric '1'
    option weight '2'

config member 'wan3_m1_w2'
    option interface 'aero'
    option metric '1'
    option weight '2'

config member 'wan3_m2_w2'
    option interface 'aero'
    option metric '2'
    option weight '2'

config member 'wan2_m2_w2'
    option interface 'WAN2'
    option metric '2'
    option weight '2'

config policy 'wan_only'
    list use_member 'wan_m1_w3'

config policy 'wan2_only'
    list use_member 'wan2_m1_w2'

config policy 'wan3_only'
    list use_member 'wan3_m1_w2'

config policy 'balanced'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m1_w2'
list use_member 'wan3_m1_w2'

config policy 'wan_wan2'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m2_w2'

config policy 'wan2_wan'
    list use_member 'wan_m2_w3'
    list use_member 'wan2_m1_w2'

config policy 'wan3_wan'
    list use_member 'wan_m2_w3'
    list use_member 'wan3_m1_w2'


config rule 'sticky_even'
    option src_ip '0.0.0.0/0.0.0.1'
    option dest_port '443'
    option proto 'tcp'
    option use_policy 'wan_wan2'

config rule 'sticky_odd'
    option src_ip '0.0.0.1/0.0.0.1'
    option dest_port '443'
    option proto 'tcp'
    option use_policy 'wan2_wan'

config rule 'default_rule'
    option dest_ip '0.0.0.0/0'
    option use_policy 'balanced'

Output of "cat /etc/config/network" :

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fdbb:11dc:d262::/48'

config interface 'lan'
    option ifname 'eth0.1'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option ipaddr '192.168.1.3'
    option gateway '192.168.1.3'
    option broadcast '192.168.1.3'

config interface 'wan'
    option ifname 'eth0.2'
    option proto 'static'
    option ipaddr '192.168.2.5'
    option netmask '255.255.255.0'
    option gateway '192.168.2.1'
    option dns '8.8.8.8 8.8.4.4 208.67.220.220 208.67.222.222'
    option defaultroute '1'
    option conntrack '1'
    option metric '10'

config interface 'wan6'
    option ifname '@wan'
    option proto 'dhcpv6'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '0t 2 3 4 5'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '0t 1'

config interface 'WAN2'
    option proto 'static'
    option _orig_ifname 'eth2'
    option _orig_bridge 'false'
    option ifname 'eth1'
    option ipaddr '192.168.8.101'
    option netmask '255.255.255.0'
    option gateway '192.168.8.1'
    option dns '8.8.8.8 8.8.4.4 208.67.220.220 208.67.222.222'
    option defaultroute '1'
    option metric '30'

config interface 'aero'
option proto 'dhcp'
option defaultroute '1'
option metric '40'
option dns '8.8.8.8 8.8.4.4 208.67.220.220 208.67.222.222'

Output of "ifconfig" :

br-lan    Link encap:Ethernet  HWaddr 78:94:F6:3F:55:1C 
          inet addr:192.168.1.3  Bcast:192.168.1.3  Mask:255.255.255.0
          inet6 addr: fe80::ea94:f6ff:fe3f:551c/64 Scope:Link
          inet6 addr: fdbb:11dc:d262::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:706382 errors:0 dropped:10 overruns:0 frame:0
          TX packets:721730 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:85742512 (81.7 MiB)  TX bytes:719412745 (686.0 MiB)

eth0      Link encap:Ethernet  HWaddr 78:94:F6:3F:55:1C 
          inet6 addr: fe80::ea94:f6ff:fe3f:551c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1039579 errors:0 dropped:1 overruns:0 frame:0
          TX packets:918616 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:429174308 (409.2 MiB)  TX bytes:750161666 (715.4 MiB)
          Interrupt:4

eth0.1    Link encap:Ethernet  HWaddr 78:94:F6:3F:55:1C 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:744057 errors:0 dropped:0 overruns:0 frame:0
          TX packets:721816 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:95465487 (91.0 MiB)  TX bytes:719420101 (686.0 MiB)

eth0.2    Link encap:Ethernet  HWaddr E8:94:F6:3F:55:1C 
          inet addr:192.168.2.5  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::ea94:f6ff:fe3f:551c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:295494 errors:0 dropped:0 overruns:0 frame:0
          TX packets:196793 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:314994697 (300.4 MiB)  TX bytes:27066471 (25.8 MiB)

eth1      Link encap:Ethernet  HWaddr 0C:5B:8F:27:9A:64 
          inet addr:192.168.8.101  Bcast:192.168.8.255  Mask:255.255.255.0
          inet6 addr: fe80::e5b:8fff:fe27:9a64/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:317655 errors:0 dropped:0 overruns:0 frame:0
          TX packets:212518 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:354954096 (338.5 MiB)  TX bytes:32255514 (30.7 MiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:332 errors:0 dropped:0 overruns:0 frame:0
          TX packets:332 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:27412 (26.7 KiB)  TX bytes:27412 (26.7 KiB)

wlan0     Link encap:Ethernet  HWaddr E8:94:F6:3F:55:1D 
          inet addr:192.168.7.100  Bcast:192.168.7.255  Mask:255.255.255.0
          inet6 addr: fe80::ea94:f6ff:fe3f:551d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:80703 errors:0 dropped:0 overruns:0 frame:0
          TX packets:77949 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:36159566 (34.4 MiB)  TX bytes:16937203 (16.1 MiB)

Output of "route -n" :

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.3     0.0.0.0         UG    0      0        0 br-lan
0.0.0.0         192.168.2.1     0.0.0.0         UG    10     0        0 eth0.2
0.0.0.0         192.168.8.1     0.0.0.0         UG    30     0        0 eth1
0.0.0.0         192.168.7.1     0.0.0.0         UG    40     0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.2.0     0.0.0.0         255.255.255.0   U     10     0        0 eth0.2
192.168.7.0     0.0.0.0         255.255.255.0   U     40     0        0 wlan0
192.168.8.0     0.0.0.0         255.255.255.0   U     30     0        0 eth1

Output of "ip rule show" :

0:    from all lookup local
1001:    from all iif eth0.2 lookup main
1002:    from all iif eth1 lookup main
1003:    from all iif wlan0 lookup main
2001:    from all fwmark 0x100/0xff00 lookup 1
2002:    from all fwmark 0x200/0xff00 lookup 2
2003:    from all fwmark 0x300/0xff00 lookup 3
2253:    from all fwmark 0xfd00/0xff00 blackhole
2254:    from all fwmark 0xfe00/0xff00 unreachable
32766:    from all lookup main
32767:    from all lookup default

Output of "ip route list table 1-250" :

1
default via 192.168.2.1 dev eth0.2
2
default via 192.168.8.1 dev eth1
3
default via 192.168.7.1 dev wlan0


Firewall

config defaults
    option syn_flood '1'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'
    option network 'lan'

config zone
    option name 'wan'
    option output 'ACCEPT'
    option masq '1'
    option mtu_fix '1'
    option input 'ACCEPT'
    option forward 'ACCEPT'
    option network 'wan wan6 WAN2 aero'

config forwarding
    option src 'lan'
    option dest 'wan'

config rule
    option name 'Allow-DHCP-Renew'
    option src 'wan'
    option proto 'udp'
    option dest_port '68'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-DHCPv6'
    option src 'wan'
    option proto 'udp'
    option src_ip 'fe80::/10'
    option src_port '547'
    option dest_ip 'fe80::/10'
    option dest_port '546'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Input'
    option src 'wan'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'router-solicitation'
    list icmp_type 'neighbour-solicitation'
    list icmp_type 'router-advertisement'
    list icmp_type 'neighbour-advertisement'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Forward'
    option src 'wan'
    option dest '*'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config include
    option path '/etc/firewall.user'

config include 'miniupnpd'
    option type 'script'
    option path '/usr/share/miniupnpd/firewall.include'
    option family 'any'
    option reload '1'

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'lan'
    option proto 'tcp udp'
    option src_dport '8080'
    option dest_ip '192.168.1.104'
    option dest_port '8080'
    option name 'opensprlinkler'

Hi,
since I am using mwan3 my latency on both interfaces is doubled high.
Without mwan3 my latency on interface wan1 is 15ms, wan2 30ms and now with mwan3 activated it is 35ms on wan1 and 70ms on wan2.
Does anybody know why?

I'm looking to upgrade my OpenWRT MWAN3 router (running on NETGEAR WNDR3700 v4) to faster hardware.  I intend to use OpenVPN to provide encrypted VPN connections through 2-3 gateways.  Given we're talking about 30-40Mbps, I need a more modern router such as a Netgear R6250/R6300 to handle the OpenVPN encryption/decryption.

http://www.myopenrouter.com/download/43 … for-R6300/
http://www.myopenrouter.com/download/dd-wrt-r6300

These faster routers are only well supported on DD-WRT.  Has anyone attempted to use MWAN3 on DD-WRT instead?  Did you get LUCI support working on DD-WRT or just manual vi table editting?

(Last edited by Sorbe on 19 Jun 2015, 02:03)

Sorbe wrote:

I'm looking to upgrade my OpenWRT MWAN3 router (running on NETGEAR WNDR3700 v4) to faster hardware.  I intend to use OpenVPN to provide encrypted VPN connections through 2-3 gateways.  Given we're talking about 30-40Mbps, I need a more modern router such as a Netgear R6250/R6300 to handle the OpenVPN encryption/decryption.

http://www.myopenrouter.com/download/43 … for-R6300/
http://www.myopenrouter.com/download/dd-wrt-r6300

These faster routers are only well supported on DD-WRT.  Has anyone attempted to use MWAN3 on DD-WRT instead?  Did you get LUCI support working on DD-WRT or just manual vi table editting?

Have you considered using a PC Engines APU? These things are rather powerful and have a dual core x86 CPU. Works fine with OpenWrt. I was using a Kingston 60GB SSD with mine.

http://pcengines.ch/apu.htm

Hello. I have 2 WANs
How to set percentage for each WAN?

phineasmax wrote:

Hello. I have 2 WANs
How to set percentage for each WAN?

Weight.
http://wiki.openwrt.org/doc/howto/mwan3

(Last edited by arfett on 27 Jun 2015, 04:11)

hi, im using mwan3 since more than a year now, and it works very well and reliable. thank you for that! smile

but i have one thing which really annoys me.
i want to make rules, where i can put a dns as destination. for example a rule that all traffic for youtube.com goes over WAN_2.
as i know, it works, but it doesn't resolve all ip-addresses only the first one.

is it planed to implement this feature in future? is it even possible?
(and is there anywhere a changelog avaiable?)

thank you.

(Last edited by johndoe on 30 Jun 2015, 21:17)

johndoe wrote:

as i know, it works, but it doesn't resolve all ip-addresses only the first one.

Mwan3 1.6 supports ipset that would allow you to do this. Use trunk or Chaos Calmer and install mwan3 and the luci app then check the wiki.

I have problems with too many ping to address that will refuse to answer eventually.
Found that provider gateway and DNS may be useful, but auto-discovery (traceroute) unimplemented.
Reading Wiki, found I'm not alone. Got some ideas:

Reliable public ip addresses to ping: Your other WAN!
If You have 2 or more balanced WANs, is better to ping yourself, and if a ping fails, ping a public IP to know which WAN fails.
Why is not implemented?

BGP establish a TCP connection between routers, TCP drops if connection drops. A BGP-like connection between your 2 WANs may signal a failure.

Cable Modem has a status page, may read link status from there if user/pass is provided.

Do I need to setup a ping for a pppoe ADSL? If it drops, hotplug fires, so I thing should be "Never drops"

(Last edited by Nilfred on 1 Jul 2015, 06:16)

Nilfred wrote:

I have problems with too many ping to address that will refuse to answer eventually.
Found that provider gateway and DNS may be useful, but auto-discovery (traceroute) unimplemented.
Reading Wiki, found I'm not alone. Got some ideas:

Reliable public ip addresses to ping: Your other WAN!
If You have 2 or more balanced WANs, is better to ping yourself, and if a ping fails, ping a public IP to know which WAN fails.
Why is not implemented?

BGP establish a TCP connection between routers, TCP drops if connection drops. A BGP-like connection between your 2 WANs may signal a failure.

Cable Modem has a status page, may read link status from there if user/pass is provided.

Do I need to setup a ping for a pppoe ADSL? If it drops, hotplug fires, so I thing should be "Never drops"

Use different IP addresses if you have problems with your chosen ones.

Pinging the other WAN will not always be possible if the WANs are behind NAT.

Logging into the modem page is not something that will be added to mwan3 I'm sure of it.

I am unclear as to what you were asking about " never drops"... If you don't configure any tracking IP addresses mwan3 considers the link up. It may work as expected if hotplug events are generated outside of the mwan3track process.

(Last edited by arfett on 1 Jul 2015, 14:45)

Hi!

Mwan3 is not working at the Moment in latest Trunk.
I try also a Standard Setting with a Fresh Install.

MWan says thinks like:


MWAN Detailed Status

Interface status:
interface wan is unknown
interface wan2 is unknown


Diagnostic Results

Unable to perform diagnostic tests on wan. There is no physical or virtual device associated with this interface

Config is basic config (but my own config is also not working anymore)

config interface 'wan'
    option enabled '1'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option reliability '2'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config interface 'wan2'
    option enabled '0'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config member 'wan_m1_w3'
    option interface 'wan'
    option metric '1'
    option weight '3'

config member 'wan_m2_w3'
    option interface 'wan'
    option metric '2'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'wan2'
    option metric '1'
    option weight '2'

config member 'wan2_m2_w2'
    option interface 'wan2'
    option metric '2'
    option weight '2'

config policy 'wan_only'
    list use_member 'wan_m1_w3'

config policy 'wan2_only'
    list use_member 'wan2_m1_w2'

config policy 'balanced'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m1_w2'

config policy 'wan_wan2'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m2_w2'

config policy 'wan2_wan'
    list use_member 'wan_m2_w3'
    list use_member 'wan2_m1_w2'

config rule 'youtube'
    option sticky '1'
    option ipset 'youtube'
    option dest_port '80,443'
    option proto 'tcp'
    option use_policy 'balanced'

config rule 'https'
    option sticky '1'
    option dest_port '443'
    option proto 'tcp'
    option use_policy 'balanced'

config rule 'default_rule'
    option dest_ip '0.0.0.0/0'
    option use_policy 'balanced'

Network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd0f:1b32:5751::/48'

config interface 'lan'
    option ifname 'eth0.1'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config interface 'wan'
    option ifname 'eth0.2'
    option proto 'dhcp'

config interface 'wan2'
    option ifname 'eth0.3'
    option proto 'dhcp'

DarkStarXxX wrote:

Hi!

Mwan3 is not working at the Moment in latest Trunk.
I try also a Standard Setting with a Fresh Install.

MWan says thinks like:


MWAN Detailed Status

Interface status:
interface wan is unknown
interface wan2 is unknown


Diagnostic Results

Unable to perform diagnostic tests on wan. There is no physical or virtual device associated with this interface

Config is basic config (but my own config is also not working anymore)

config interface 'wan'
    option enabled '1'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option reliability '2'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config interface 'wan2'
    option enabled '0'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config member 'wan_m1_w3'
    option interface 'wan'
    option metric '1'
    option weight '3'

config member 'wan_m2_w3'
    option interface 'wan'
    option metric '2'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'wan2'
    option metric '1'
    option weight '2'

config member 'wan2_m2_w2'
    option interface 'wan2'
    option metric '2'
    option weight '2'

config policy 'wan_only'
    list use_member 'wan_m1_w3'

config policy 'wan2_only'
    list use_member 'wan2_m1_w2'

config policy 'balanced'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m1_w2'

config policy 'wan_wan2'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m2_w2'

config policy 'wan2_wan'
    list use_member 'wan_m2_w3'
    list use_member 'wan2_m1_w2'

config rule 'youtube'
    option sticky '1'
    option ipset 'youtube'
    option dest_port '80,443'
    option proto 'tcp'
    option use_policy 'balanced'

config rule 'https'
    option sticky '1'
    option dest_port '443'
    option proto 'tcp'
    option use_policy 'balanced'

config rule 'default_rule'
    option dest_ip '0.0.0.0/0'
    option use_policy 'balanced'

Network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd0f:1b32:5751::/48'

config interface 'lan'
    option ifname 'eth0.1'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config interface 'wan'
    option ifname 'eth0.2'
    option proto 'dhcp'

config interface 'wan2'
    option ifname 'eth0.3'
    option proto 'dhcp'

There is a bug in mwan3 script and luci-app-mwan3 where when compiled with musl c-library (as trunk does) it calls uci with parameters in wrong order. Here is a bug report and patch for mwan3 to make it working: https://github.com/openwrt/packages/issues/1502

Hi yes that brings the Status in Log back to Active.
But there must be more wrong.
Luci Web if shows everything as offline (disabled)

I also changed uci get -p to uci -p in lua file but this is not working

Edit: My fault. I take a deeper look into the code an it's working now.

(Last edited by DarkStarXxX on 2 Jul 2015, 11:29)

ase wrote:

There is a bug in mwan3 script and luci-app-mwan3 where when compiled with musl c-library (as trunk does) it calls uci with parameters in wrong order. Here is a bug report and patch for mwan3 to make it working: https://github.com/openwrt/packages/issues/1502

With the UCI arguments reordered would this work on trunk AND pre-trunk OpenWrt?

I'll look into making a fixed luci-app-mwan3 release tonight or tomorrow.

(Last edited by arfett on 2 Jul 2015, 18:54)

arfett wrote:
ase wrote:

There is a bug in mwan3 script and luci-app-mwan3 where when compiled with musl c-library (as trunk does) it calls uci with parameters in wrong order. Here is a bug report and patch for mwan3 to make it working: https://github.com/openwrt/packages/issues/1502

With the UCI arguments reordered would this work on trunk AND pre-trunk OpenWrt?

I'll look into making a fixed luci-app-mwan3 release tonight or tomorrow.

Yes, reordering the arguments will work for both pre-trunk (uClibc) and current trunk (musl) implementations.

Adze is very busy but will fix his mwan3 scripts sometime soon.

I'll upload a fixed luci-app-mwan3 tomorrow.