Dual WAN Failover Script

[Ranger802004]

WAN Failover is designed to replace the factory ASUS WAN Failover functionality, this script will monitor the WAN Interfaces using a Target IP Address and pinging these targets to determine when a failure occurs. When a failure is detected, the script will switch to the Secondary WAN interface automatically and then monitor for failback conditions. When the Primary WAN interface connection is restored based on the Target IP Address, the script will perform the failback condition and switch back to Primary WAN.

Requirements:
- ASUS Merlin Firmware v386.5.2
- JFFS custom scripts and configs Enabled
- Dual WAN Enabled
- Dual WAN to be in Failover Mode
- ASUS Factory Failover Disabled (Network Monitoring Options, Allow Failback Option under WAN > Dual WAN)

Installation:
Install Command to run to install script:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh install

Updating:
Update Command (Updating from v1.3.5 or older):

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh kill

Update Command (Updating from v1.3.7 or newer)

/jffs/scripts/wan-failover.sh update

Uninstallation (v1.3 or newer):

/jffs/scripts/wan-failover.sh uninstall

Configuration:
During installation or reconfiguration, the following settings are configured:
- WAN0 Target: This is the target IP address for WAN0, the script will monitor this IP via ICMP Echo Requests “ping” over the WAN0 interface. Verify the target IP address is a valid server for ICMP Echo Requests prior to installation or configuration. It is recommended to use different Target IP Addresses for each WAN interface. Example: 8.8.8.8
- WAN1 Target: This is the target IP address for WAN1, the script will monitor this IP via ICMP Echo Requests “ping” over the WAN1 interface. Verify the target IP address is a valid server for ICMP Echo Requests prior to installation or configuration. It is recommended to use different Target IP Addresses for each WAN interface. Example: 8.8.4.4
- Ping Count: This is how many consecutive times a ping must fail before a WAN connection is considered disconnected.
- Ping Timeout: This is how many seconds a single ping attempt will execute before timing out from no ICMP Echo Reply “ping”. If using an ISP with high latency such as satellite internet services, consider setting this to a higher value such as 3 seconds or higher.
- WAN Disabled Timer: This is how many seconds the script pauses and checks again if Dual WAN, Failover Mode, or WAN links are disabled/disconnected.
- QoS Settings are configured for each WAN interface because both interfaces may not have the same bandwidth (download/upload speeds). The script will automatically change these settings for each interface as they become the active WAN interface. If QoS is disabled or QoS Automatic Settings are being used, these settings will not be applied.
o WAN0 QoS Download Bandwidth: Value is in Mbps
o WAN1 QoS Download Bandwidth: Value is in Mbps
o WAN0 QoS Upload Bandwidth: Value is in Mbps
o WAN1 QoS Upload Bandwidth: Value is in Mbps
o WAN0 QoS Packet Overhead: Value is in Bytes
o WAN1 QoS Packet Overhead: Value is in Bytes
o WAN0 QoS ATM: This will enable or disable Asynchronous Transfer Mode (ATM) for WAN0, research this technology to verify it is not required for your ISP. In most use cases, this setting is Disabled.
o WAN1 QoS ATM: This will enable or disable Asynchronous Transfer Mode (ATM) for WAN1, research this technology to verify it is not required for your ISP. In most use cases, this setting is Disabled.
- Packet Loss Logging: This will log packet loss detections that are less than 100% packet loss but more than 0% packet loss. These events are not enough to trigger a WAN Failover/Failback condition but may be informal data as to the performance of a WAN interface. If the Ping Timeout setting is too low (1-2 seconds) combined with a high latency WAN interface such as satellite internet services, this logging can become excessive with the described configuration.

Optional Configuration:
- To enable or disable email notifications, pass the command arguments "email enable" or "email disable" ***Email Notifications rely on Alert Preferences configured under AIProtection. Default mode is Enabled. Example: "/jffs/scripts/wan-failover.sh email enable"

Run Modes (v1.3 or newer):
- Install Mode: This will install the script and configuration files necessary for it to run. Add the command argument "install" to use this mode.
- Uninstall Mode: This will uninstall the configuration files necessary to stop the script from running. Add the command argument "uninstall" to use this mode.
- Run Mode: This mode is for the script to run in the background via cron job. Add the command argument "run" to use this mode.
- Update Mode: This mode will check to see if there is an update available from the GitHub Repository and update. (Must be on v1.3.7 or newer)
- Configuration Mode: This will allow reconfiguration of WAN Failover to update or change settings. Add the command argument "config" to use this mode (Must be on v1.4.2 or newer)
- Manual Mode: This will allow you to run the script in a command console. Add the command argument "manual" to use this mode.
- Switch WAN Mode: This will manually switch the Primary WAN. Add the command argument "switchwan" to use this mode.
- Monitor Mode: This will monitor the log file of the script. Add the command argument "monitor" to use this mode.
- Kill Mode: This will kill any running instances of the script. Add the command argument "kill" to use this mode.
- Cron Job Mode: This will create the Cron Jobs necessary for the script to run and also perform log cleaning. Add the command argument "logclean" to use this mode.

Link to Script:
https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover.sh

Readme:
https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover-readme.txt

v1.4.6 Notes
- Fixed issue where if Gateway IP Address changed, script would not return to WAN Status to check if route is created for the monitoring target.
- Created an enable / disable function for email (Instructions added to Configuration of Readme).
- Optimized logic for handling no arguments being inputted from the console.
- Configuration options will not allow WAN0 and WAN1 Target IP Addresses to be the same or match their respective Gateway IP Address.

v1.4.3 Notes
- Fixed issue where Installation Mode would not set WAN1 Target IP Address.
- Fixed issue where Packet Loss Logging was not properly logging if enabled.
- During WAN Status Check, the log to message "***Verify (Target IP) is a valid server for ICMP Echo Requests***" will only occur if there is 100% loss on the initial check.

v1.4.2 Notes
- Added Configuration Mode option to reconfigure configuration file, use argument "config".
- During Installation Mode or Configuration Mode, QoS Download/Upload Bandwidth inputs are now in Mbps instead of Kbps. The script will automatically convert these into Kbps inside the configuration file.
- Added option to configuration for Packet Loss alerts under 100% loss to not be logged, if upgrading from v1.4.1 or older, run Configuration Mode to disable this new option.
- Added checks for configuration input to not allow invalid input(s).

v1.4.1 Notes
- Email Notifications will generate if you have alerts configured under AiProtection > Alert Preferences.
- Redirected all logs to System Log, events will now show up under System Log tab in Web GUI as well as Monitor Mode.
- Monitor mode will now filter logs from System Log
- Log Cleanup Mode has been deprecated. This will now cleanup the Log Clean Mode cron job and delete the old proprietary log file.
- Corrected issue where Monitor Mode would still run in background after it has been exited out.
- Corrected description for Cron Job mode where argument was stated as "cronjob" instead of "cron"
- Replaced ScriptStatus function with file lock.

v1.3.7 Notes
General
- Tied system logs into built in logger method.
- Added Update Mode using argument "update", this will update the script from the GitHub Repository. (If updating from v1.3.5 or older, use the update command from the readme to update).

v1.3.5 Notes
General:
- Renamed WAN0Monitor to WAN0 Failover Monitor
- Renamed WAN0RestoreMonitor to WAN0 Failback Monitor
- Optimized WAN Disabled Logic.
- During WAN Status Check, it will look for 0.0.0.0 as a WAN interface's Gateway or IP Address and mark it as Disconnected.
- Updated logging Verbiage for Switch WAN.
- Moved DNS Resolv File Variable to Global Variables
- Added key events to go to System Log that can be displayed in the ASUS System Log Web GUI. This includes Failures, Primary WAN switching, and Packet Loss detection.

Monitor Mode:
- Monitor Mode will now not be killed by Kill Mode or Log Clean Mode

 

[rlj2]

Hello guys, I have attached a script I wrote to replace the built in Failover function from ASUS that is awful. Please let me know if you have any suggestions or questions, thank you. You can set this to run in the background with a cron job or let another script start it like wan-event, also you will see there are several variables you can set from within the script.

 

[rlj2]

Ill mess with this later, but apparently its failing with the ping command, probably this though
wan0_dns=1.1.1.1 8.8.8.8
wan0_dns1_x=
wan0_dns2_x=


[email protected]:/jffs/scripts# ./wanup
Checking if ./wanup is already running...
BusyBox v1.25.1 (2022-03-25 10:23:25 EDT) multi-call binary.

Usage: ping [OPTIONS] HOST

Send ICMP ECHO_REQUEST packets to network hosts

-4,-6 Force IP or IPv6 name resolution
-c CNT Send only CNT pings
-s SIZE Send SIZE data bytes in packets (default:56)
-t TTL Set TTL
-I IFACE/IP Use interface or IP address as source
-M hint Path MTU Discovery strategy [do|want|dont]
-W SEC Seconds to wait for the first response (default:10)
(after all -c CNT packets are sent)
-w SEC Seconds until ping exits (default:infinite)
(can exit earlier with -c CNT)
-q Quiet, only display output at start
and when finished
-p Pattern to use for payload

 

[Ranger802004]

Ill mess with this later, but apparently its failing with the ping command, probably this though
wan0_dns=1.1.1.1 8.8.8.8
wan0_dns1_x=
wan0_dns2_x=


[email protected]:/jffs/scripts# ./wanup
Checking if ./wanup is already running...
BusyBox v1.25.1 (2022-03-25 10:23:25 EDT) multi-call binary.

Usage: ping [OPTIONS] HOST

Send ICMP ECHO_REQUEST packets to network hosts

-4,-6 Force IP or IPv6 name resolution
-c CNT Send only CNT pings
-s SIZE Send SIZE data bytes in packets (default:56)
-t TTL Set TTL
-I IFACE/IP Use interface or IP address as source
-M hint Path MTU Discovery strategy [do|want|dont]
-W SEC Seconds to wait for the first response (default:10)
(after all -c CNT packets are sent)
-w SEC Seconds until ping exits (default:infinite)
(can exit earlier with -c CNT)
-q Quiet, only display output at start
and when finished
-p Pattern to use for payload

You can change those but whatever IP you pick for each WAN you will need to have a route made for it. DNS servers and gateway already are routed for you over each WAN interface. Also the variables to set are…
WAN0TARGET=
WAN1TARGET=

 

[rlj2]

You can change those but whatever IP you pick for each WAN you will need to have a route made for it. DNS servers and gateway already are routed for you over each WAN interface. Also the variables to set are…
WAN0TARGET=
WAN1TARGET=

Guess I dont understand, your pinging wan0_dns1_x= for the check, but mine is empty, for wan0 and wan1, so these need set outsite the script?

 

[Ranger802004]

Guess I dont understand, your pinging wan0_dns1_x= for the check, but mine is empty, for wan0 and wan1, so these need set outsite the script?

In the script there is a section for variables to change which you will want to do for your QoS Settings as well.

Look for :

WAN0TARGET="$(nvram get wan0_dns1_x)"

Change to:

WAN0TARGET="$(nvram get wan0_dns | awk '{print $1}')"

 

[rlj2]

In the script there is a section for variables to change which you will want to do for your QoS Settings as well.

Look for :

WAN0TARGET="$(nvram get wan0_dns1_x)"

Change to:

WAN0TARGET="$(nvram get wan0_dns | awk '{print $1}')"

Played with it some this mornign, once I made it check the right dns, seems to be working. Fyi, my secondary wan always comes up in Cold Standby. The script doesnt seem to make it go into to hot
standby. I just added service "restart_wan_if 1" to beginning, which makes it hot.

 

[Ranger802004]

Played with it some this mornign, once I made it check the right dns, seems to be working. Fyi, my secondary wan always comes up in Cold Standby. The script doesnt seem to make it go into to hot
standby. I just added service "restart_wan_if 1" to beginning, which makes it hot.

Interesting, I’ll look into that as a check and adding a function for next version.

 

[rlj2]

Interesting, I’ll look into that as a check and adding a function for next version.

We must have something different on our routers, I have a AX86u running latest merlin version. I just switched the wc from 5 to 1, and then it always thinks the script is running. I had it pop up a grep error also while running, but havent been able to mess with it since. Just giving you my issues, not complaining at all. ty

 

[Ranger802004]

We must have something different on our routers, I have a AX86u running latest merlin version. I just switched the wc from 5 to 1, and then it always thinks the script is running. I had it pop up a grep error also while running, but havent been able to mess with it since. Just giving you my issues, not complaining at all. ty

Yea it will do that if you try and run it manually in console unless you increase that number. What was the grep error you received? No worries, I figured other models would have various things come up differently than my environment.

 

[rlj2]

Yea it will do that if you try and run it manually in console unless you increase that number. What was the grep error you received? No worries, I figured other models would have various things come up differently than my environment.

 

[rlj2]

This is when it was switching after I killed my primary line. i fixed the wan-event issue.

##############

Checking if ./wanup is already running...
Switching to wan1
grep: option requires an argument -- 'e'
Usage: grep [OPTION]... PATTERNS [FILE]...
Try 'grep --help' for more information.

Done.

Done.

Done.

Done.
./wanup: line 310: /jffs/scripts/wan-event: not found

 

[Ranger802004]

This is when it was switching after I killed my primary line. i fixed the wan-event issue.

##############

Checking if ./wanup is already running...
Switching to wan1
grep: option requires an argument -- 'e'
Usage: grep [OPTION]... PATTERNS [FILE]...
Try 'grep --help' for more information.

Done.

Done.

Done.

Done.
./wanup: line 310: /jffs/scripts/wan-event: not found

Ah yes, if you don’t have a wan-event script made it will error out, I will make a check for that on next release, a little oversight.

 

[rlj2]

Ah yes, if you don’t have a wan-event script made it will error out, I will make a check for that on next release, a little oversight.

You think thats what the grep issue was also? Something I can add, but if your working on this. Something handy sending a email when failover kicks in would be nice, somewhere on this forum I wrote a uptime script
that would email, but you can also email your cellular provider and it will send you a text.

 

[Ranger802004]

You think thats what the grep issue was also? Something I can add, but if your working on this. Something handy sending a email when failover kicks in would be nice, somewhere on this forum I wrote a uptime script
that would email, but you can also email your cellular provider and it will send you a text.

I actually have my custom version emailing me, but I didn’t include that in my public version. The grep error is coming from trying to grep without a - parameter, did you add or edit any of the grep commands?

 

[rlj2]

I actually have my custom version emailing me, but I didn’t include that in my public version. The grep error is coming from trying to grep without a - parameter, did you add or edit any of the grep commands?

I did not change anything but the WAN0TARGET= , and added the
service "restart_wan_if 1", I will probably add a option to change qos or not to variable. But thats when Im bored.
If you already have the email version, mind sending it? Save me having to add it.

 

[Ranger802004]

I did not change anything but the WAN0TARGET= , and added the
service "restart_wan_if 1", I will probably add a option to change qos or not to variable. But thats when Im bored.
If you already have the email version, mind sending it? Save me having to add it.

Send me a copy of your modified script and let me take a look, yea when I get home I’ll send it over, it’s a separate script and my failover script just has a function that calls to send email whenever a switch happens.

 

[rlj2]

I did not change anything but the WAN0TARGET= , and added the
service "restart_wan_if 1", I will probably add a option to change qos or not to variable. But thats when Im bored.
If you already have the email version, mind sending it? Save me having to add it.

That happened when it switched to wan1, I bet I have another blank nvram setting that needs changed on Wan1. My script is literally exactly yours, I changed the WAN0Target to what you pasted here.
and just commented out wan-event.

 

[Ranger802004]

That happened when it switched to wan1, I bet I have another blank nvram setting that needs changed on Wan1. My script is literally exactly yours, I changed the WAN0Target to what you pasted here.
and just commented out wan-event.

Did you lowercase the variable? It has to match how it is called in the script. WAN0TARGET is how I wrote it.

 

[rlj2]

Did you lowercase the variable? It has to match how it is called in the script. WAN0TARGET is how I wrote it.

WAN0TARGET="$(nvram get wan0_dns | awk '{print $1}')"
WAN1TARGET="$(nvram get wan1_gateway)"