WANFailover Dual WAN Failover Script

[VIper_Rus]

v1.5.6-beta11 Release: ***Disclaimer: This is a beta release and has been untested***

Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***
Clean installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta11.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh install

Upgrade from previous installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta11.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh restart

To revert back to Production Release:

/jffs/scripts/wan-failover.sh update

Beta Readme

***WARNING*** There are some major changes from v1.5.6-beta9 so if you experience issues please collect debug logs and forward to me via DM!

***WARNING*** If you are using an RT-AX88U, read release notes!

***HIGHLIGHT*** Script will now send emails in Failover Mode if the Secondary WAN fails and when the script first starts if both interfaces are Connected.

***HIGHLIGHT*** Script will now create an alias as "wan-failover", once script is updated and restarted. Consoles can now use the new alias instead of the full script path "/jffs/scripts/wan-failover.sh". Consoles open while the script is updated may need to be restarted or the following command executed.

source /jffs/configs/profile.add

Release Notes:
v1.5.6-beta11
- General optimization
- Added a confirmation prompt to Restart Mode.
- Fixed visual bugs when running Restart Mode.
- Load Balance Monitor now triggers Service Restart function during failover events.
- YazFi trigger during service restart will no longer run process in the background to prevent issues with script execution of YazFi.
- IP Rules should no longer create conflict with other scripts such as VPNMON.
- Target IPs for both interfaces can now be the same the Target IP.
- Added Recursive Ping Check feature. If packet loss is not 0% during a check, the Target IP Addresses will be checked again based on the number of iterations specified by this setting before determing a failure or packet loss. RECURSIVEPINGCHECK (Value is in # of iterations). Default: 1
- Resolved issues that prevented 4G USB Devices from properly working in Failover Mode.
- Moved WAN0_QOS_OVERHEAD, WAN1_QOS_OVERHEAD, WAN0_QOS_ATM, WAN1_QOS_ATM, BOOTDELAYTIMER, PACKETLOSSLOGGING and WANDISABLEDSLEEPTIMER to Optional Configuration and no longer are required to be set during Config or Installation. They will be given Default values that can be modified in the Configuration file.
- Created new Optional Configured Option to specify the ping packet size. PACKETSIZE specifes the packet size in Bytes, Default: 56 Bytes.
- Resolve issue where script would loop from WAN Status to Load Balance Monitor when an interface was disabled.
- Load Balance Mode will now dynamically update resolv.conf (DNS) for Disconnected WAN Interfaces.
- Fixed Cron Job deletion during Uninstallation.
- Corrected issue with Failure Detected log not logging if a device was unplugged or powered off from the Router while in Failover Mode.
- Modified Restart Mode logic to better detect PIDs of running instances of the script.
- Created Alias for script as wan-failover to shorten length of commands used in console.
- Fixed issue where if the USB Device is unplugged and plugged back in, script will now leave Disabled State to go back to WAN Status.
- Enhanced WAN Disabled Logging, will relog every 5 minutes the condition causing the script to be in the Disabled State.
- Added additional logging throughout script.
- Email function will check if DDNS is enabled before attempting to use saved DDNS Hostname
- Added cleanup function for when script exits to perform cleanup tasks.
- Service Restarts now include restarting enabled OpenVPN Server Instances.
- Target IP Rules will now compensate for the RT-AX88U however this can create conflicts if the Target IPs are the same or are used for other services/scripts.
- Fixed issue in DNS Switch in Load Balance Mode where WAN1 was using the Status of WAN0.
- Switch WAN Mode will now prompt for confirmation before switching.
- Fixed issue where Switch WAN Mode would fail due to missing Status parameters acquired in Run or Manual Mode.
- Fixed issue where WAN Interface would not come out of Cold Standby if in State 5.
- Script will now reset VPNMON-R2 if it is installed and running during Failover
- Enhanced Ping Monitoring to improve failure/packet loss detection time.
- If an amtm email alert fails to send, an email attempt will be made via AIProtection Alerts if properly configured.
- An email notification will now be sent if the Secondary WAN fails while in Failover Mode and when Failover Monitor starts.
- Fixed issue in Load Balance Mode when a Disconnected WAN Interface would cause WAN Failover to error and crash when creating OpenVPN rules when OpenVPN Split Tunneling is Disabled.

The script sends a notification to an empty email address. My address is in the hidden copy. Test email from amtm is sent normally

from:	xxxxkaya 23/2 <xxxxxx@gmail.com>
to:
bcc:	xxxx@xxxxx.ru
date:	Aug 7, 2022, 12:22 PM
subject:	WAN Failover Notification
mailed-by:	gmail.com

 

[VIper_Rus]

Confirmed working now for my setup - 4G LTE USB stick as Secondary.



Confirmed as half-working!
That is - I DON'T get an email when I disconnect the USB stick, but I DO get an email when I reconnect the USB stick!

I'll PM you the logs via the usual method ...

I don't have a USB plugged directly into the router, but USB inserted into a small Chinese router, and LAN is already coming to asus. So I just checked, both alerts come DISCONNECTED and CONNECTED

 

[Stephen Harrington]

Since beta9 and newer broken access to my wan1 device. I can not enter the web interface of this device, which was very convenient.

Seems to be fixed for me in Beta 11.

 

[Stephen Harrington]

I don't have a USB plugged directly into the router, but USB inserted into a small Chinese router, and LAN is already coming to asus. So I just checked, both alerts come DISCONNECTED and CONNECTED

Ok, interesting data point - and it is detecting/using your AMTM email settings?

 

[VIper_Rus]

Ok, interesting data point - and it is detecting/using your AMTM email settings?

Yes, using AMTM email settings.

 

[VIper_Rus]

Seems to be fixed for me in Beta 11.

I noticed it too

 

[amplatfus]

Hi,

Thank you for every version.

I just noticed that there are multiple pids.
I was wondering if is normal?

/tmp/home/root#:pidof wan-failover.sh
11963 6642 6641

I am on RT-AX88U on latest FW 386.7_2

Thank you!
amplatfus

 

[Ranger802004]

Hi,

Thank you for every version.

I just noticed that there are multiple pids.
I was wondering if is normal?

/tmp/home/root#:pidof wan-failover.sh
11963 6642 6641

I am on RT-AX88U on latest FW 386.7_2

Thank you!
amplatfus

Yes that is normal because it is launched by cron and there are sub processes launched within the script.

 

[Ranger802004]

Ok, interesting data point - and it is detecting/using your AMTM email settings?

I think your issue is more specific to the direct USB being plugged in so we’ll work on it. I will review your logs shortly.

 

[Ranger802004]

v1.5.6-beta12 Release: ***Disclaimer: This is a beta release and has been untested***

Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***
Clean installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta12.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh install

Upgrade from previous installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta12.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh restart

To revert back to Production Release:

/jffs/scripts/wan-failover.sh update

Beta Readme

***WARNING*** There are some major changes from v1.5.6-beta9 so if you experience issues please collect debug logs and forward to me via DM!

***WARNING*** If you are using an RT-AX88U, read release notes!

***HIGHLIGHT*** Script will now send emails in Failover Mode if the Primary or Secondary WAN fails or is disabled.

***HIGHLIGHT*** Script will now create an alias as "wan-failover", once script is updated and restarted. Consoles can now use the new alias instead of the full script path "/jffs/scripts/wan-failover.sh". Consoles open while the script is updated may need to be restarted or the following command executed.

source /jffs/configs/profile.add

Release Notes:
v1.5.6-beta12
- General optimization
- Added a confirmation prompt to Restart Mode.
- Fixed visual bugs when running Restart Mode.
- Load Balance Monitor now triggers Service Restart function during failover events.
- YazFi trigger during service restart will no longer run process in the background to prevent issues with script execution of YazFi.
- IP Rules should no longer create conflict with other scripts such as VPNMON.
- Target IPs for both interfaces can now be the same the Target IP.
- Added Recursive Ping Check feature. If packet loss is not 0% during a check, the Target IP Addresses will be checked again based on the number of iterations specified by this setting before determing a failure or packet loss. RECURSIVEPINGCHECK (Value is in # of iterations). Default: 1
- Resolved issues that prevented 4G USB Devices from properly working in Failover Mode.
- Moved WAN0_QOS_OVERHEAD, WAN1_QOS_OVERHEAD, WAN0_QOS_ATM, WAN1_QOS_ATM, BOOTDELAYTIMER, PACKETLOSSLOGGING and WANDISABLEDSLEEPTIMER to Optional Configuration and no longer are required to be set during Config or Installation. They will be given Default values that can be modified in the Configuration file.
- Created new Optional Configured Option to specify the ping packet size. PACKETSIZE specifes the packet size in Bytes, Default: 56 Bytes.
- Resolve issue where script would loop from WAN Status to Load Balance Monitor when an interface was disabled.
- Load Balance Mode will now dynamically update resolv.conf (DNS) for Disconnected WAN Interfaces.
- Fixed Cron Job deletion during Uninstallation.
- Corrected issue with Failure Detected log not logging if a device was unplugged or powered off from the Router while in Failover Mode.
- Modified Restart Mode logic to better detect PIDs of running instances of the script.
- Created Alias for script as wan-failover to shorten length of commands used in console.
- Fixed issue where if the USB Device is unplugged and plugged back in, script will now leave Disabled State to go back to WAN Status.
- Enhanced WAN Disabled Logging, will relog every 5 minutes the condition causing the script to be in the Disabled State.
- Added additional logging throughout script.
- Email function will check if DDNS is enabled before attempting to use saved DDNS Hostname
- Added cleanup function for when script exits to perform cleanup tasks.
- Service Restarts now include restarting enabled OpenVPN Server Instances.
- Target IP Rules will now compensate for the RT-AX88U however this can create conflicts if the Target IPs are the same or are used for other services/scripts.
- Fixed issue in DNS Switch in Load Balance Mode where WAN1 was using the Status of WAN0.
- Switch WAN Mode will now prompt for confirmation before switching.
- Fixed issue where Switch WAN Mode would fail due to missing Status parameters acquired in Run or Manual Mode.
- Fixed issue where WAN Interface would not come out of Cold Standby during WAN Status Check.
- Script will now reset VPNMON-R2 if it is installed and running during Failover
- Enhanced Ping Monitoring to improve failure/packet loss detection time.
- If an amtm email alert fails to send, an email attempt will be made via AIProtection Alerts if properly configured.
- An email notification will now be sent if the Primary or Secondary WAN fails or is disabled while in Failover Mode.
- Fixed issue in Load Balance Mode when a Disconnected WAN Interface would cause WAN Failover to error and crash when creating OpenVPN rules when OpenVPN Split Tunneling is Disabled.

 

[Ranger802004]

v1.5.6-beta12 Release: ***Disclaimer: This is a beta release and has been untested***

Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***
Clean installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta12.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh install

Upgrade from previous installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta12.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh restart

To revert back to Production Release:

/jffs/scripts/wan-failover.sh update

Beta Readme

***WARNING*** There are some major changes from v1.5.6-beta9 so if you experience issues please collect debug logs and forward to me via DM!

***WARNING*** If you are using an RT-AX88U, read release notes!

***HIGHLIGHT*** Script will now send emails in Failover Mode if the Primary or Secondary WAN fails or is disabled.

***HIGHLIGHT*** Script will now create an alias as "wan-failover", once script is updated and restarted. Consoles can now use the new alias instead of the full script path "/jffs/scripts/wan-failover.sh". Consoles open while the script is updated may need to be restarted or the following command executed.

source /jffs/configs/profile.add

Release Notes:
v1.5.6-beta12
- General optimization
- Added a confirmation prompt to Restart Mode.
- Fixed visual bugs when running Restart Mode.
- Load Balance Monitor now triggers Service Restart function during failover events.
- YazFi trigger during service restart will no longer run process in the background to prevent issues with script execution of YazFi.
- IP Rules should no longer create conflict with other scripts such as VPNMON.
- Target IPs for both interfaces can now be the same the Target IP.
- Added Recursive Ping Check feature. If packet loss is not 0% during a check, the Target IP Addresses will be checked again based on the number of iterations specified by this setting before determing a failure or packet loss. RECURSIVEPINGCHECK (Value is in # of iterations). Default: 1
- Resolved issues that prevented 4G USB Devices from properly working in Failover Mode.
- Moved WAN0_QOS_OVERHEAD, WAN1_QOS_OVERHEAD, WAN0_QOS_ATM, WAN1_QOS_ATM, BOOTDELAYTIMER, PACKETLOSSLOGGING and WANDISABLEDSLEEPTIMER to Optional Configuration and no longer are required to be set during Config or Installation. They will be given Default values that can be modified in the Configuration file.
- Created new Optional Configured Option to specify the ping packet size. PACKETSIZE specifes the packet size in Bytes, Default: 56 Bytes.
- Resolve issue where script would loop from WAN Status to Load Balance Monitor when an interface was disabled.
- Load Balance Mode will now dynamically update resolv.conf (DNS) for Disconnected WAN Interfaces.
- Fixed Cron Job deletion during Uninstallation.
- Corrected issue with Failure Detected log not logging if a device was unplugged or powered off from the Router while in Failover Mode.
- Modified Restart Mode logic to better detect PIDs of running instances of the script.
- Created Alias for script as wan-failover to shorten length of commands used in console.
- Fixed issue where if the USB Device is unplugged and plugged back in, script will now leave Disabled State to go back to WAN Status.
- Enhanced WAN Disabled Logging, will relog every 5 minutes the condition causing the script to be in the Disabled State.
- Added additional logging throughout script.
- Email function will check if DDNS is enabled before attempting to use saved DDNS Hostname
- Added cleanup function for when script exits to perform cleanup tasks.
- Service Restarts now include restarting enabled OpenVPN Server Instances.
- Target IP Rules will now compensate for the RT-AX88U however this can create conflicts if the Target IPs are the same or are used for other services/scripts.
- Fixed issue in DNS Switch in Load Balance Mode where WAN1 was using the Status of WAN0.
- Switch WAN Mode will now prompt for confirmation before switching.
- Fixed issue where Switch WAN Mode would fail due to missing Status parameters acquired in Run or Manual Mode.
- Fixed issue where WAN Interface would not come out of Cold Standby during WAN Status Check.
- Script will now reset VPNMON-R2 if it is installed and running during Failover
- Enhanced Ping Monitoring to improve failure/packet loss detection time.
- If an amtm email alert fails to send, an email attempt will be made via AIProtection Alerts if properly configured.
- An email notification will now be sent if the Primary or Secondary WAN fails or is disabled while in Failover Mode.
- Fixed issue in Load Balance Mode when a Disconnected WAN Interface would cause WAN Failover to error and crash when creating OpenVPN rules when OpenVPN Split Tunneling is Disabled.

Reuploaded beta12 to fix a minor syntax bug.

 

[Ranger802004]

Hello guys, I see several downloads of the new beta so I'd just like to get some feedback on how it is running for everyone? Thank you.

 

[JohnSmith]

Hello guys, I see several downloads of the new beta so I'd just like to get some feedback on how it is running for everyone? Thank you.

Only had the ability this morning to test using the command line to "kill" , run "switchwan", and then "cron", and failover and failback worked.

The only thing I noticed from that test was now I am using amtm now for emails for when ISP01 or ISP02 are down, and during this test, I only received one email.

No logs captured for this test, and network got busy, so will have to test more thoroughly, maybe later tonight.

 

[VIper_Rus]

Reuploaded beta12 to fix a minor syntax bug.

I have no logs, but there was a strange moment. wan1 had a short failure and a quick recovery. After that, there was a loss of one packet on wan0 (10%) and for some reason the script perceived this as a serious problem on wan0 and switched to wan1. If there is a repetition, I will send the logs.

 

[Ranger802004]

I have no logs, but there was a strange moment. wan1 had a short failure and a quick recovery. After that, there was a loss of one packet on wan0 (10%) and for some reason the script perceived this as a serious problem on wan0 and switched to wan1. If there is a repetition, I will send the logs.

Probably what happened was it had 10% loss followed by the next interval being 100% loss and did the switch.

 

[VIper_Rus]

Probably what happened was it had 10% loss followed by the next interval being 100% loss and did the switch.

Maybe. I have now enabled debug logging mode on all routers for testing purposes.

I've got one more question. i have device wan1 with ip address 10.100.0.1. Now I can access it at any time. A 4g modem is inserted into it and has the address 10.100.10.1 and I can only access it when the wan1 connection is active. Is it possible to make it so that the modem is always available?

I'm not asking specifically for the script to do this, maybe you can somehow manually make it.
iptables -t nat -A POSTROUTING -o eth5 ! -s 10.100.10.0/24 -j MASQUERADE
did not help (eth5 is wan1 interface on asus)

 

[VIper_Rus]

Google Drive: Sign-in

Access Google Drive with a Google account (for personal use) or Google Workspace account (for business use).

drive.google.com

Again there was a short-term failure of wan1. Did the script work correctly?

I don't see WAN1 Status: CONNECTED in end.

 

[Stephen Harrington]

just like to get some feedback on how it is running for everyone? Thank you.

In terms of my setup I'm only interested in Failover Mode, I'm using a Huawei E8372h-608 4G LTE Cat 4 USB Stick (Telstra Australia branded /locked) as my Secondary, plugged into an RT-AX86U …

The Failover/Fallback functionality is working very well, far superior to the stock implementation, and seems faster in Beta 12 than earlier 1.5.6 iterations.
Integration with VPNMON-R2 now seems pretty solid for my use case in terms of OpenVPN clients and VPN Director rules recovering after an interruption to Main WAN, and subsequent fallback.

There are definitely still some issues with how the script copes with the USB stick being unplugged and plugged back in (or “glitching” or rebooting perhaps) sometimes resulting in many many emails instead of just a “pair” for the unplug/plug, but in day to day use this mostly (I’m hoping) wouldn’t be much of a drama, and @Ranger802004 we've discussed in DM's that you have a "cunning plan" going forward to hopefully fix this in future versions. The issue of my OpenVPN server “stalling” on stick removal (and only coming good when the stick was replaced) is now confirmed as fixed in last few betas.

So from my point of view the script continues to make very solid and surprisingly rapid progress and although my use of a USB stick as a secondary is perhaps a little precarious, I still hope it will be reliable enough to be "better off with it than without it" in terms of having a short-term backup if my main HFC WAN fails.

Unfortunately the Australian NBN broadband system (a government monopoly wholesaler) is extremely sub-standard and far from "best of breed" in world comparative terms and is very prone to drop-outs, equipment failures and "unscheduled maintenance", so the need for a backup internet strategy for us poor Aussies is real, especially with Work-from-Home and demands for 100% uptime not now being restricted to businesses. Many ISPs here "give in to the inevitable" and already supply routers with built-in 4G backup, but of course they are generally pretty mediocre units that are not nearly as versatile as the the Asus-with-Merlin models we all love. This script is already VERY helpful in terms of "best of both worlds". Looking forward to seeing it keep on improving.

 

[Pak Kriss]

What would be the optional monitor/trigger conditions for failover and failback under the following ISP conditions:

When the ISP1 gets into trouble, the most common changes are as follows:
1) Download bandwidth drops from 200 Mbps to 0.1-0.5 Mbps
2) Ping on 8.8.8.8 increases from under 100-300ms to over 500-3000ms, sometimes even without packet loss

The primary WAN link is simply unusable in this state.

For now I just turn off the ISP1 CPE and the factory built in dual WAN failover to 2nd ethernet connected WAN interface to ISP2 works.

Can the manual actions be automated with your script under the conditions described above? @Ranger802004

 

[Ranger802004]

What would be the optional monitor/trigger conditions for failover and failback under the following ISP conditions:

When the ISP1 gets into trouble, the most common changes are as follows:
1) Download bandwidth drops from 200 Mbps to 0.1-0.5 Mbps
2) Ping on 8.8.8.8 increases from under 100-300ms to over 500-3000ms, sometimes even without packet loss

The primary WAN link is simply unusable in this state.

For now I just turn off the ISP1 CPE and the factory built in dual WAN failover to 2nd ethernet connected WAN interface to ISP2 works.

Can the manual actions be automated with your script under the conditions described above? @Ranger802004

1. No I don't monitor bandwidth.
2. You can set ping timeout to 1 second and 3000ms pings would be considered packet loss.