Dual WAN Failover Script

[Ubimo]

During install, I get these kernel messages:
Must I be concerned?

Sep  6 21:34:07 custom_script: Running /jffs/scripts/nat-start
Sep  6 21:34:07 custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Sep  6 21:34:07 custom_script: Running /jffs/scripts/service-event-end (args: restart firewall)
Sep  6 21:34:12 wan-failover.sh: Debug - Checking wan1 for null IP or Gateway
Sep  6 21:34:12 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x4
Sep  6 21:34:12 kernel: bcm63xx_nand ff801800.nand: intfc status c80000e0
Sep  6 21:34:12 wan-failover.sh: Debug - Checking wan1 for Default Route in 200
Sep  6 21:34:12 wan-failover.sh: WAN Status - Adding default route for wan1 Routing Table via 192.168.8.1 dev eth7
Sep  6 21:34:12 wan-failover.sh: WAN Status - Added default route for wan1 Routing Table via 192.168.8.1 dev eth7
Sep  6 21:34:12 wan-failover.sh: Debug - Recursive Ping Check: 1
Sep  6 21:34:12 wan-failover.sh: Debug - Checking wan1 for IP Rule to 9.9.9.9
Sep  6 21:34:13 wan-failover.sh: WAN Status - Adding IP Rule for 9.9.9.9 to monitor wan1
Sep  6 21:34:13 wan-failover.sh: WAN Status - Added IP Rule for 9.9.9.9 to monitor wan1
Sep  6 21:34:13 wan-failover.sh: Debug - Checking wan1 for packet loss via 9.9.9.9 - Attempt: 1
Sep  6 21:34:13 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x4
Sep  6 21:34:13 kernel: bcm63xx_nand ff801800.nand: intfc status c80000e0
Sep  6 21:34:13 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x4
Sep  6 21:34:13 kernel: bcm63xx_nand ff801800.nand: intfc status c80000e0
Sep  6 21:34:16 wan-failover.sh: Debug - wan1 Packet Loss: 100%
Sep  6 21:34:16 wan-failover.sh: WAN Status - Adding IP Rule for 9.9.9.9 to monitor wan1 without specifying Outbound Interface
Sep  6 21:34:16 wan-failover.sh: WAN Status - Added IP Rule for 9.9.9.9 to monitor wan1 without specifying Outbound Interface
Sep  6 21:34:16 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x1
Sep  6 21:34:16 kernel: bcm63xx_nand ff801800.nand: intfc status f00000e0
Sep  6 21:34:17 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x1
Sep  6 21:34:17 kernel: bcm63xx_nand ff801800.nand: intfc status f00000e0
Sep  6 21:34:17 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x1
Sep  6 21:34:17 kernel: bcm63xx_nand ff801800.nand: intfc status f80000e0
Sep  6 21:34:17 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x1
Sep  6 21:34:17 kernel: bcm63xx_nand ff801800.nand: intfc status f00000e0
Sep  6 21:34:18 wan-failover.sh: Debug - wan1 Packet Loss: 0%
Sep  6 21:34:18 wan-failover.sh: WAN Status - ***Warning*** Compatibility issues with 9.9.9.9 may occur without specifying Outbound Interface
Sep  6 21:34:18 wan-failover.sh: Debug - Checking wan1 for Default Route in 200
Sep  6 21:34:18 wan-failover.sh: Debug - wan1 Ping Path: 2
Sep  6 21:34:18 wan-failover.sh: WAN Status - wan1 has 0% packet loss
Sep  6 21:34:18 wan-failover.sh: Debug - wan1 Status: CONNECTED

And what does this warning mean?

Sep  6 21:54:08 wan-failover.sh: WAN Status - ***Warning*** Compatibility issues with 1.1.1.2 may occur without specifying Outbound Interface

 

[Ranger802004]

During install, I get these kernel messages:
Must I be concerned?

Sep  6 21:34:07 custom_script: Running /jffs/scripts/nat-start
Sep  6 21:34:07 custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Sep  6 21:34:07 custom_script: Running /jffs/scripts/service-event-end (args: restart firewall)
Sep  6 21:34:12 wan-failover.sh: Debug - Checking wan1 for null IP or Gateway
Sep  6 21:34:12 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x4
Sep  6 21:34:12 kernel: bcm63xx_nand ff801800.nand: intfc status c80000e0
Sep  6 21:34:12 wan-failover.sh: Debug - Checking wan1 for Default Route in 200
Sep  6 21:34:12 wan-failover.sh: WAN Status - Adding default route for wan1 Routing Table via 192.168.8.1 dev eth7
Sep  6 21:34:12 wan-failover.sh: WAN Status - Added default route for wan1 Routing Table via 192.168.8.1 dev eth7
Sep  6 21:34:12 wan-failover.sh: Debug - Recursive Ping Check: 1
Sep  6 21:34:12 wan-failover.sh: Debug - Checking wan1 for IP Rule to 9.9.9.9
Sep  6 21:34:13 wan-failover.sh: WAN Status - Adding IP Rule for 9.9.9.9 to monitor wan1
Sep  6 21:34:13 wan-failover.sh: WAN Status - Added IP Rule for 9.9.9.9 to monitor wan1
Sep  6 21:34:13 wan-failover.sh: Debug - Checking wan1 for packet loss via 9.9.9.9 - Attempt: 1
Sep  6 21:34:13 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x4
Sep  6 21:34:13 kernel: bcm63xx_nand ff801800.nand: intfc status c80000e0
Sep  6 21:34:13 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x4
Sep  6 21:34:13 kernel: bcm63xx_nand ff801800.nand: intfc status c80000e0
Sep  6 21:34:16 wan-failover.sh: Debug - wan1 Packet Loss: 100%
Sep  6 21:34:16 wan-failover.sh: WAN Status - Adding IP Rule for 9.9.9.9 to monitor wan1 without specifying Outbound Interface
Sep  6 21:34:16 wan-failover.sh: WAN Status - Added IP Rule for 9.9.9.9 to monitor wan1 without specifying Outbound Interface
Sep  6 21:34:16 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x1
Sep  6 21:34:16 kernel: bcm63xx_nand ff801800.nand: intfc status f00000e0
Sep  6 21:34:17 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x1
Sep  6 21:34:17 kernel: bcm63xx_nand ff801800.nand: intfc status f00000e0
Sep  6 21:34:17 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x1
Sep  6 21:34:17 kernel: bcm63xx_nand ff801800.nand: intfc status f80000e0
Sep  6 21:34:17 kernel: bcm63xx_nand ff801800.nand: timeout waiting for command 0x1
Sep  6 21:34:17 kernel: bcm63xx_nand ff801800.nand: intfc status f00000e0
Sep  6 21:34:18 wan-failover.sh: Debug - wan1 Packet Loss: 0%
Sep  6 21:34:18 wan-failover.sh: WAN Status - ***Warning*** Compatibility issues with 9.9.9.9 may occur without specifying Outbound Interface
Sep  6 21:34:18 wan-failover.sh: Debug - Checking wan1 for Default Route in 200
Sep  6 21:34:18 wan-failover.sh: Debug - wan1 Ping Path: 2
Sep  6 21:34:18 wan-failover.sh: WAN Status - wan1 has 0% packet loss
Sep  6 21:34:18 wan-failover.sh: Debug - wan1 Status: CONNECTED

And what does this warning mean?

Sep  6 21:54:08 wan-failover.sh: WAN Status - ***Warning*** Compatibility issues with 1.1.1.2 may occur without specifying Outbound Interface

Not sure about your first question but the second one means your router was unable to properly ping using the IP Rule that specifies an outbound interface so it degraded to one without and got a successful ping.

 

[JohnSmith]

Still seeing these messages for my RT-AX88U rev A1, but Merlin V386.8 has been up over 28 days, and latest beta Dual WAN script appears to be working on FailOver/FailBack setup with two major ISP connections.

Sep 11 13:18:00 wan-failover.sh: System Check - ***386.8 is not supported, issues may occur from running this version***
Sep 11 13:18:00 wan-failover.sh: System Check - ***386.8 is not supported, issues may occur from running this version***

 

[Ranger802004]

Still seeing these messages for my RT-AX88U rev A1, but Merlin V386.8 has been up over 28 days, and latest beta Dual WAN script appears to be working on FailOver/FailBack setup with two major ISP connections.

Sep 11 13:18:00 wan-failover.sh: System Check - ***386.8 is not supported, issues may occur from running this version***
Sep 11 13:18:00 wan-failover.sh: System Check - ***386.8 is not supported, issues may occur from running this version***

It’s not available for most router models yet so I’m going to continue to wait on this.

 

[Ranger802004]

Does anyone have any feedback regarding latest beta?

 

[VIper_Rus]

Does anyone have any feedback regarding latest beta?

everything is great. I just don’t understand one thing, why does the script do something when the wan1 connection is lost. I turn off the Internet on wan1 and the script starts doing something, so even on wan0 the Internet disappears for a short time. why do something at all, if it’s enough just to continue to wait for recovery and that’s it.

 

[Ranger802004]

everything is great. I just don’t understand one thing, why does the script do something when the wan1 connection is lost. I turn off the Internet on wan1 and the script starts doing something, so even on wan0 the Internet disappears for a short time. why do something at all, if it’s enough just to continue to wait for recovery and that’s it.

1. When WAN1 goes down the script can no longer perform Failover function or guarantee it is ready to Failover because the routes and rules for that interface get automatically deleted.
2. The script alerts you on these events to allow you to take action otherwise you may not notice or know it is down.

 

[VIper_Rus]

1. When WAN1 goes down the script can no longer perform Failover function or guarantee it is ready to Failover because the routes and rules for that interface get automatically deleted.
2. The script alerts you on these events to allow you to take action otherwise you may not notice or know it is down.

Well, I don't agree that this is correct. I'm not talking about the case when, for example, the cable is pulled out, but about the case of a very short-term loss of the Internet, for example, due to unstable mobile communications. in fact, at this moment only your script knows that wan1 is inoperative, the router naturally does not know about it. for me personally, for example, it would be more convenient for the script to do nothing in this case, but only report, but not delete any routes and restore them again after a short period of time. the all affects the connection via wan0 a little.

maybe I'm wrong, but personally I would be much calmer if wan1 glitches did not affect the stability of wan0 in any way


But otherwise I'm very happy with the script. set up scribe, the logs are now separate. on all routers I see the quality of the Internet, any packet loss can be viewed. If only emails would come once a day/week with statistics (how many switches, how many packet losses per day/week) it would be generally super, but it's convenient but not really necessary, your creation performs its functions 100%.

 

[Ranger802004]

Well, I don't agree that this is correct. I'm not talking about the case when, for example, the cable is pulled out, but about the case of a very short-term loss of the Internet, for example, due to unstable mobile communications. in fact, at this moment only your script knows that wan1 is inoperative, the router naturally does not know about it. for me personally, for example, it would be more convenient for the script to do nothing in this case, but only report, but not delete any routes and restore them again after a short period of time. the all affects the connection via wan0 a little.

maybe I'm wrong, but personally I would be much calmer if wan1 glitches did not affect the stability of wan0 in any way

Any deletion of routes and rules is done by the router itself (usually happens when cable is unplugged or IP assignment is lost, that is 100% out of my control. The only time I delete routes is during actual Failover events and that is to create the replacement route. Unfortunately sometimes the router firmware will delete the route or rules for WAN0 even if only WAN1 fails. With that said if I simply did nothing with these events your script would crash and and fill your error logging up with messages about being unable to create routes or rules due to invalid Gateway IP or interface.

 

[VIper_Rus]

Any deletion of routes and rules is done by the router itself (usually happens when cable is unplugged or IP assignment is lost, that is 100% out of my control. The only time I delete routes is during actual Failover events and that is to create the replacement route. Unfortunately sometimes the router firmware will delete the route or rules for WAN0 even if only WAN1 fails. With that said if I simply did nothing with these events your script would crash and and fill your error logging up with messages about being unable to create routes or rules due to invalid Gateway IP or interface.

I will later throw off the logs about the case that I mean, namely when the script sees 100% losses, but there are no other problems (the cable is inserted, the ip is assigned). those. I would like such a setting that generally disables the wan1 check for ping, and even better if this check was performed, but only for information, without active actions from the script. but this is actually already nit-picking, the main thing is that the script is super!

 

[Ranger802004]

I will later throw off the logs about the case that I mean, namely when the script sees 100% losses, but there are no other problems (the cable is inserted, the ip is assigned). those. I would like such a setting that generally disables the wan1 check for ping, and even better if this check was performed, but only for information, without active actions from the script. but this is actually already nit-picking, the main thing is that the script is super!

It goes to 100% loss because the router deletes the rules / routes for that WAN interface. Again, same reasoning why the script does what it does.

 

[Ubimo]

How do I clean-install the latest beta?
What's the command line?

Edit:
To be more specific and clear, may I suggest to write "- Allow Failback Disabled" instead of "- ASUS Factory Failover Disabled (Network Monitoring Options, Allow Failback Option under WAN > Dual WAN)" in OP.

 

[recluse]

Hi,

first of all, thank you for the work on this script. I could never get the Asus Dual Wan feature to work properly.

With this script, the switch to WAN1 happens very fast!

Unfortunately, the script never switches back to primary once it's reconnected.

I'm using my Asus-AC86U (192.168.1.1) to connect to DSL via PPPoE using a FritzBox 7530. After the FritzBox re-aquires the DSL syncronization, the interface in Asus shows that it is now in Hot-Standby, yet it never switches back.
I'm also unable to reach the FritzBox Web-Interface (on 192.168.178.0 subnet) once it has switched to secondary.

I tried to call the switchwan function, but fritzbox stays unreachable.

Currently i need to do a asus reboot for the primary to be connected again.

There are no error messages whatsoever in my syslog, I'm not really sure where I should look for errors, and I'm also not very well versed in routing etc.

This happens with both the current stable as well as the latest beta version.

 

[Ranger802004]

Can you turn on debug logging for your router and perform testing again and send me logs? Thank you

 

[Ubimo]

I think, I found an issue during install:
My primary WAN0 is a PPPoE connection, my secondary WAN1 is a LTE USB-Stick.

WAN1 is in Cold-Standby:

During install, I see, that the script thinks WAN1 has 0.0.0.0

ASUSWRT-Merlin RT-AC86U 386.7_2 Sun Jul 24 21:39:14 UTC 2022
admin@RT-AC86U-9AD0:/tmp/home/root# /usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-
failover.sh install
wan-failover.sh - Install Mode
Press any key to continue to install...Administration > System > Enable JFFS custom scripts and configs is enabled...
Creating /jffs/configs/wan-failover.conf...
/jffs/configs/wan-failover.conf created.
Setting Custom Variables...
***WAN Target IP Addresses will be routed via WAN Gateway dev WAN Interface***
Configure WAN0 Target IP Address - Will be routed via 88.116.190.96 dev ppp0: 8.8.8.8
Configure WAN1 Target IP Address - Will be routed via 0.0.0.0 dev eth7:

WAN1 should have 192.168.8.1 in Hot-Standby.
Is it possible, that the script fires up WAN1 before install?
The script should put WAN1 in hot-standby in order to get the correct route-IP.

 

[recluse]

this is my system messages log from dual wan enable restart.
I pulled the modem phone cable until desync and the script switched to wan1, plugged it in again.. after a while it reconnected but the script never switched back, i guess because it reports 100% packet loss.

Interestingly, this time around I'm able to reach the modem web-interface....

Let me know if you need anything else.



thank you.

 

[recluse]

while i wrote this post, some more stuff happend, and the fritzbox interface is now no longer available. attached are further logs starting from the end of the log above.

I can, however, ping the fritzbox from within the asus router when connecting over ssh, but not from my computer

 

[Ranger802004]

I think, I found an issue during install:
My primary WAN0 is a PPPoE connection, my secondary WAN1 is a LTE USB-Stick.

WAN1 is in Cold-Standby:
View attachment 44334

During install, I see, that the script thinks WAN1 has 0.0.0.0

ASUSWRT-Merlin RT-AC86U 386.7_2 Sun Jul 24 21:39:14 UTC 2022
admin@RT-AC86U-9AD0:/tmp/home/root# /usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-
failover.sh install
wan-failover.sh - Install Mode
Press any key to continue to install...Administration > System > Enable JFFS custom scripts and configs is enabled...
Creating /jffs/configs/wan-failover.conf...
/jffs/configs/wan-failover.conf created.
Setting Custom Variables...
***WAN Target IP Addresses will be routed via WAN Gateway dev WAN Interface***
Configure WAN0 Target IP Address - Will be routed via 88.116.190.96 dev ppp0: 8.8.8.8
Configure WAN1 Target IP Address - Will be routed via 0.0.0.0 dev eth7:

WAN1 should have 192.168.8.1 in Hot-Standby.
Is it possible, that the script fires up WAN1 before install?
The script should put WAN1 in hot-standby in order to get the correct route-IP.

Good point, yea this is resolved on the operational side of the script but not for installation. Will look into fixing that.

 

[Smokey613]

i am glad to see this excellent script continuing to be improved. I no longer have need of it as my primary fiber 100/100 connection had become too unreliable to justify it’s continued expense. I have cancelled it and back to relying on my old reliable cable 100/10 service. Hopefully in the future, another ISP will become available…. maybe even gigabit! Nah, never happen here in my lifetime.

 

[Ranger802004]

i am glad to see this excellent script continuing to be improved. I no longer have need of it as my primary fiber 100/100 connection had become too unreliable to justify it’s continued expense. I have cancelled it and back to relying on my old reliable cable 100/10 service. Hopefully in the future, another ISP will become available…. maybe even gigabit! Nah, never happen here in my lifetime.

I appreciate your time and effort in testing and validating stuff for the script. Hope to see you back in the Dual WAN world soon.