What's new

[beta] Dual WAN helper script (discontinued)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

2. I opened the terminal and entered the line chmod a+rx /jffs/scripts/* , but there was no response.
There is no return for this command unless there is an error. It did what it had to do already, making the script executable.
3. I did not understand this point at all:
If you have it, open /jffs/scripts/wan-start in WinsSCP and paste this into it at the end:
Code:
/jffs/scripts/dual-wan-helper # Dual WAN helper
If the file does not exist, create it and paste this:
Code:
#!/bin/sh
/jffs/scripts/dual-wan-helper # Dual WAN helper
Then again run:
Code:
chmod a+rx /jffs/scripts/*

The shebang at the top of the file (#!/bin/sh) is needed, existing file or not.
Please write, this script will work if the primary provider is in the WAN, and the secondary provider is in LAN4?
Sure!
What settings in the router need to be done?
Do the Dual WAN setup and you're all set.
How do I know if the script works or not?
If you have setup to receive email, then it will send an email to the mail address you added.
The script will start running when you next boot the router or when a WAN event happens, such as a disconnect.
 
one question for @thelonelycoder and others interested in fixing Dual WAN failover/failback by workaround - until Asus finally do their job

can we force WAN interface down with command in order to prevent failback going back and forth when IP on WAN interface is 0.0.0.0 but cable is connected?

would "ifconfig eth0 down" do anything against wanduck to force router to stay on Secondary WAN ?

another idea was to force watchdog to ping 8.8.8.8 and then execute command to block ping to 8.8.8.8 only on WAN interface, so this should force fail-over to secondary WAN?

I want to test this, just waiting for Huawei E3372 LTE USB stick to arrive on location, SIM card is ready

however this blocks ougoing ping from my computer, however on router (trought SSH or telnet) it is not blocked

Code:
iptables -I FORWARD -p icmp -d 8.8.8.8 -j DROP

iptables -I FORWARD -p icmp -d 8.8.8.8 -j ACCEPT


what is the correct command to block outgoing ping ICMP from router itself
 
one question for @thelonelycoder and others interested in fixing Dual WAN failover/failback by workaround - until Asus finally do their job

can we force WAN interface down with command in order to prevent failback going back and forth when IP on WAN interface is 0.0.0.0 but cable is connected?

would "ifconfig eth0 down" do anything against wanduck to force router to stay on Secondary WAN ?

another idea was to force watchdog to ping 8.8.8.8 and then execute command to block ping to 8.8.8.8 only on WAN interface, so this should force fail-over to secondary WAN?

I want to test this, just waiting for Huawei E3372 LTE USB stick to arrive on location, SIM card is ready

however this blocks ougoing ping from my computer, however on router (trought SSH or telnet) it is not blocked

Code:
iptables -I FORWARD -p icmp -d 8.8.8.8 -j DROP

iptables -I FORWARD -p icmp -d 8.8.8.8 -j ACCEPT


what is the correct command to block outgoing ping ICMP from router itself
Probably the OUTPUT chain
 
any idea how to set IP 0.0.0.0 by command - on Primary WAN interface (eth0) in order to test own failover script, because ASUS failover lacks 0.0.0.0 detection
wan0_ipaddr
Code:
nvram set wan0_ipaddr="0.0.0.0"
for primary, secondary is wan1_ipaddr
 
how to block ping to 8.8.8.8 only per interface, in order to force/test if watchdog will switch WAN from Primary to Secondary, and vice versa
 
how to block ping to 8.8.8.8 only per interface, in order to force/test if watchdog will switch WAN from Primary to Secondary, and vice versa
I think it's the -o switch, e.g.
Code:
iptables -I OUTPUT -o eth0 -p icmp -d 8.8.8.8 -j DROP
 
tnx @Jack Yaz, it doesn't work with eth0 but it works with interface name change on RT-AC68U

for PPPoE please use ppp0
Code:
iptables -I OUTPUT -o ppp0 -p icmp -d 8.8.8.8 -j DROP
ping -I ppp0 8.8.8.8

for DHCP please use vlan2
Code:
iptables -I OUTPUT -o vlan2 -p icmp -d 8.8.8.8 -j DROP
ping -I vlan2 8.8.8.8


later today I will test failover by blocking ICMP to watchdog target per interface :)
 
Last edited:
OK here is test report - ASUS RT-AC68U running Merlin FW 380.69_2

ASUS watchdog is such a miserable fail - FUBAR

in my setup Google Public DNS is watchdog target - 8.8.8.8

when I block ping to Google Public DNS with command:
iptables -I OUTPUT -o vlan2 -p icmp -d 8.8.8.8 -j DROP

failover is still not happening :(
failback doesn't work either (even when ping to watchdog target on secondary wan is blocked - in my case iptables -I OUTPUT -o ppp0 -p icmp -d 8.8.8.8 -j DROP)

DualWAN in LoadBalancing mode doesn't work properly either
I have tested policy based routing
source 192.168.1.10 - destination 0.0.0.0 - interface Primary WAN
source 192.168.1.20 - destination 0.0.0.0 - interface Secondary WAN

wanduck is using no logic whatsoever that any sain brain could understand

other than that, I have tested DualWAN on MerlinFW 382.2beta3 and 384.3alpha they have BUG and those versions don't work with 3G/4G USB mobile stick

here is error:
Code:
kernel: option: `0x12d1 product=0x1506' invalid for parameter `vendor'
syslog: can't load module option (kernel/drivers/usb/option.ko): Invalid argument

as already reported here: https://www.snbforums.com/threads/b...ta-is-now-available.43043/page-21#post-370100

I didn't tested john9527 fork, but I guess it is the same
I have opened a few tickets with ASUS Tech Support, but it leads nowhere "have you tried latest firmware?"
"Yes, I have tried your latest firmware, it is NOT working"

@john9527 or @RMerlin - could you compile test build of firmware without "wanduck" ? is it used anywhere else, other than DualWAN ?

if we could have DualWAN connection where both connections are active (Primary WAN and Secondary WAN) MAYBE we could switch interface by command, if ping fails simply force new route to interface that is still working (Primary WAN to Secondary WAN or vice-versa)

when I disconnect cable from Primary WAN (Asus WAN interface) it goes to Secondary WAN (Huawei E3372 with Vodafone LTE) pretty decent speed, 50/30Mbps - actually quite usable, if/when failover would detect other problems too (watchdog target is down, primary WAN IP is 0.0.0.0 failover should be to detect that and switch interface, etc.)

I have tried to script if Primary WAN IP is 0.0.0.0 to do "ifconfig vlan2 down" or "ifconfig eth0 down" but it doesn't help much, because I don't have idea how to script failback while testing primary WAN in the background
 
Last edited:
@john9527 or @RMerlin - could you compile test build of firmware without "wanduck" ? is it used anywhere else, other than DualWAN ?
Oh yes...there's a lot of function in there other than dual wan.

You may want to try my fork. I made some changes for dual wan a while back. Some reported it helped....others not.
 
wanduck is using no logic whatsoever that any sain brain could understand
This is the reason I have given up spending time on this. Try john's LTS fork, it may help. Be aware that it behaves different and if I remember less consistent/predictable with the timeout settings in dual wan.
 
Oh yes...there's a lot of function in there other than dual wan.

You may want to try my fork. I made some changes for dual wan a while back. Some reported it helped....others not.

Tnx @john9527, I will try your fork for sure, just downloaded Asus firmware restoration tool

just one question, can you send me (link?) to your wanduck.c
https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/rc/wanduck.c

I would like to compare it to Asus stock/RMerlin, to some extent I can read C code, but there is so much going on, without comments it is hard to follow... what @thelonelycoder wrote was a short shell script already working better than asus wanduck itself

dual wan failover is no SF Voodoo, it should use very simple logic and hit the home run every time...
 
dual wan failover is no SF Voodoo, it should use very simple logic and hit the home run every time.
It seems so simple but someone made it complicated and walked away from it unfinished.
And fixing dual wan functionality will be low on the priority list, it does not sell more units. New features do.
 
I have tried almost every firmware out there :) and there is NO firmware where DualWAN ACTUALLY fully works

I have opened new ticket by Asus Support (again)

RMerlin FW, Johns Fork, latest Asus FW - and many factory resets later, still at square one

I have tried even Load Balancing, hoping that I could script if Primary or Secondary WAN go down, simply to route whole 192.168.1.0/24 to 0.0.0.0/0 to working interface, but Asus had "better idea"

y4mlNaaYmzNXW8Y_T77iE00VII-OmWTBpQdlC01Wv3bYGNrxDeJmSOF0f9qHlGjxIPzo5B8CqaZ6DM_QWbnuzgE9ZSWIcGyGd9br8bX7jcO5nBrA6NfwWpj6kQWWVrE2xtGb10VMpEuH-P9NbBJKiBZOZj3dtCamAysk4cw2anOTBMDToRdLglm_Yn4BICA0-addXYAO1NIp8wl7t8NA2xqCw


y4mOHvGI_lSKGtUgI8TTKz0fnKvTcpX6LCYP-kg8LE2WNqTjCbXiF9F3JdXI__XkBsxDSkEvu_royzAlillZoZPW0_OfcrXxlfcvD1c_X6Ei9fm23egg6UQzB5VQpRB0Iu3HgyPG6fCqU7OjKbF5DtSG1ohW0Vt9y-VqyseWTqpHMGpipMvV9hiBjicSw02JIfvsdlJhFd5VicpHuSWG3U_Sw


y4mrsne08tSmaASUQAFdV4nkk6YAeQtljeeYvs8JjovzKJKgwT3D-ewpH03NZ0CLlyR7uOwnP2MFTHpRHgjWdsorvDnNviviLYW1roxE4Lw6f9hZo9Pd3ugTJ5_s7awD9VjHpq3SerQk_LGswYQZaU62UQR5atSCGHHn-58siOEHemAMAXZnVdfmweHuQBIMU1Qb5W57QOwQX0wZjmbzFT4hA


y4mEqiUtg0gTfzHChEdiDTZC9UaTl8mkF5vUY9fsc_l46ie7s8tSwOXkSveWtCZsdIwVykilfSYUXJc8Or1WDsy7JRpB09zrLZjLJ0_VnUi2w_7Qf02shekxGXdRcXWPfOpT40p6t6CYc80aa2peZ3_UBU3juwKu25qnGhY00SlQt60PevoOcQlyWriHEjTe_grkgshOj2TKUmKrbQF4UtbTg


y4mSTayani6aJEL0-GTJFbaHm7GlkQg64PTVQTiEd1rPkGwXM4VzqEtwTaJOMtSA1psmSY7bMAls7TiXGp4vMIoAcYLyVEu2zzx5XQML-tPawi1fa-xRgx-uwu_TdwuSIfmFkvx1g3dLli8LTYMwXjbjxnLK8xI1ce8kMhuthGZ-LWYvNraOwjTTp12MzHziXmTqApsu5FsrFPMIFm6AkR9kA
 
Last edited:
At least on my fork, make sure 'Redirect to error page' is set to 'Link or WAN down'....it has a special meaning under dual wan.
 
At least on my fork, make sure 'Redirect to error page' is set to 'Link or WAN down'....it has a special meaning under dual wan.
yes I thought so, that is the reason why I have posted screenshot, take a look two posts above, you will see it

still no luck, when I simulate ISP outage (pull COAX cable from cable modem) primary WAN goes to 0.0.0.0 and Asus is not switching to Secondary WAN even there is watchdog in place (target is google.com)

when I pull out WAN cable from Primary WAN interface, it goes to Secondary WAN (4G - LTE USB) but it breaks connection often due to failback tries, even there is no cable connected at Primary WAN at all

the same (failback connection interruptions) goes when Primary WAN have IP 0.0.0.0

short list of dual-wan bugs:

ping to watchdog target is not working, not doing necessary failover
failover not working on Primary WAN (Asus router WAN blue port) when Automatic IP - DHCP has outage and IP is 0.0.0.0
failback breaks active connection every X seconds
failback is trying to failback to interface that is down (no cable connected)
failback is trying to failback to interface even there is no Internet at all (IP 0.0.0.0)
for failover there is no option to choose Cold-Standby or Hot-Standby, I would prefer Hot-Standby for faster failover and failback switch - less downtime

Load Balancing - Policy route is not working - unable to route everything to specified interface 0.0.0.0 or 0.0.0.0/0

Load Balancing with policy route could be workaround for failover (with custom script to ping/switch interface when there is no reply) - if policy route would actually work/accept 0.0.0.0 as destination

DynamicDNS for WAN2 is missing (for Load Balancing)
Port-Forwarding for WAN2 is missing (for Load Balancing)
 
Last edited:
At least on my fork, make sure 'Redirect to error page' is set to 'Link or WAN down'....it has a special meaning under dual wan.
Can someone explain this? This exact setting doesn't appear to exist on my 86u running 384.3. Instead it's "Enable WAN down browser redirect notice" and "Redirect webui access to router.asus.com" I'm trying to use Dual WAN with a secondary 4G stick as backup and the behavior is erratic to say the least!

TIA
 
Can someone explain this? This exact setting doesn't appear to exist on my 86u running 384.3. Instead it's "Enable WAN down browser redirect notice" and "Redirect webui access to router.asus.com" I'm trying to use Dual WAN with a secondary 4G stick as backup and the behavior is erratic to say the least!

TIA
john's LTS fork has it named "Link or WAN down" , while in RMerlin's Asuswrt-Merlin it's "Enable WAN down browser redirect notice".
Set that as it apparently sets some internal Wanduck flags that supposedly helps for dual WAN.
As you've likely read, this script is no longer under development. I still have hope that Asus fixes that mess inside Wanduck at one point.
 
john's LTS fork has it named "Link or WAN down" , while in RMerlin's Asuswrt-Merlin it's "Enable WAN down browser redirect notice".
Set that as it apparently sets some internal Wanduck flags that supposedly helps for dual WAN.
As you've likely read, this script is no longer under development. I still have hope that Asus fixes that mess inside Wanduck at one point.

Thanks for the explanation, and also thanks for producing the script. There seems to be a dearth of information on how to configure Dual WAN regardless, so we're left with piecing it all together from forums. Like others, I am finding that if I switch on the "ping" option (apparently called "watchdog" by many) then the whole thing moves back and forward between WANs. Maybe ASUS' developer thought that option meant "ping pong" and provided that behavior for us to enjoy.

One question I do have: if I switch off the "ping" option to get some stability, will the router semi reliably failover and then failback? I assume that the ping was to establish that the primary WAN was working again, so how would it do that otherwise?

Many thanks.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top