Now you can start working on the web gui
Dual WAN Failover Script
- Thread starter Ranger802004
- Start date
X2Now you can start working on the web gui
Ranger802004
Very Senior Member
I’m no stranger to peer reviewing lol everything at work is peer reviewed and I 100% agree, a second set of eyes is always good.
Ranger802004
Very Senior Member
Oh boy, lol I haven’t done anything with ASP in awhile….lolNow you can start working on the web gui
It would be kind of nice to click a tab and see status of switchovers etc.. But I setup the email, so not a big deal. Speaking of which, i dont know what the hell was going on with verizon..
if you email phone number XXXXXXXXX@vtext.com it will text you. I did that while messing with it over the weekend. I had to finally block the text. It was sending the same text every 5 minutes for 2 days..
It wasnt my script stuff either, I had removed it through the different versions of your script.
I dont know how many times Ive worked on a project, and had some small thing that just wouldnt work.. no matter how many times I tried. Finally walk away awhile.. Come back.. Instantly "duh, its right there"..
Sometimes we get into tunnel vision maybe?
Im not sure how many people actually use dualwan, but I do think this is a worthy addition to amtm since you have a install script now. maybe @thelonelycoder would consider it.
amplatfus
Senior Member
Hi,
Thank you for this popular thread
Thank you all for ideas and for make this dream real after long period of waiting for a fix.
In my case is working fine (v1.3.7). Only one issue: while using YazFi and while on Secondary WAN (net via USB) the devices are blocked with message: Obtaining IP address
I was wondering what should be changed. The issue was before using this script, but with message: No internet,
All the rest are working fine for the moment Still testing
Thank you for the opportunity.
amplatfus
Thank you for this popular thread
Thank you all for ideas and for make this dream real after long period of waiting for a fix.
In my case is working fine (v1.3.7). Only one issue: while using YazFi and while on Secondary WAN (net via USB) the devices are blocked with message: Obtaining IP address
I was wondering what should be changed. The issue was before using this script, but with message: No internet,
All the rest are working fine for the moment
Still testing Thank you for the opportunity.
amplatfus
Ranger802004
Very Senior Member
Facts lol
Ranger802004
Very Senior Member
Try restarting YazFi when it switches to secondary WAN and tell me the results please. It sounds like it may be related to how to the iptables rules are built and when you change WAN they break, a reload may fix it. I’m not familiar with YazFi but I imagine a restart will force it to rebuild the rules. Another thought is my script restarts firewall service for the same reason so I’m not sure if YazFi rules come back properly, does it add something to firewall start to create the iptables rules?Hi,
Thank you for this popular thread
Thank you all for ideas and for make this dream real after long period of waiting for a fix.
In my case is working fine (v1.3.7). Only one issue: while using YazFi and while on Secondary WAN (net via USB) the devices are blocked with message: Obtaining IP address
I was wondering what should be changed. The issue was before using this script, but with message: No internet,
All the rest are working fine for the moment
Thank you for the opportunity.
amplatfus
Last edited:
Ranger802004
Very Senior Member
I am going to probably incorporate the email function in a later release just need to make it universal where it will bypass if the user doesn’t set it up, which isn’t challenging just need to plan how I want to do it, probably will require a new config variable for enabled or disabled and all of the user variables for email.
amplatfus
Senior Member
Thank you.
While on Secondary WAN, I went to the YazFi and I choose: "Apply settings".
After this I have the message: No internet on my phone.
I tried also restarting Unbound. Same result.
Best regards!
Last edited:
Ranger802004
Very Senior Member
Look at your iptables rules and see if all of the rules created are still coded for wan0 interface or switched to primary wan?
amplatfus
Senior Member
I added below the wl0.1 (YazFi network) iptables [A] On Primary WAN, On secondary WAN and [C] diff output. I do not have a clue if something here is wrong.
I would appreciate any hint
Later edit1: I guess the 5th is the one that is wrong and should change from:
YazFiREJECT all -- wl0.1 !eth0
to:
YazFiREJECT all -- wl0.1 !eth8
Bash:
[A] On Primary WAN
iptables --line-numbers --list -v | grep "wl0.1"
1 4 240 YazFiREJECT all -- wl0.1 any anywhere !10.10.175.47
1 0 0 REJECT udp -- wl0.1 any anywhere anywhere udp dpt:ntp reject-with icmp-port-unreachable
2 0 0 REJECT tcp -- wl0.1 any anywhere anywhere tcp dpt:ntp reject-with icmp-port-unreachable
3 0 0 ACCEPT all -- wl0.1 !eth0 anywhere anywhere state RELATED,ESTABLISHED
4 0 0 ACCEPT all -- !eth0 wl0.1 anywhere anywhere
5 0 0 YazFiREJECT all -- wl0.1 !eth0 anywhere anywhere
6 157 28864 ACCEPT all -- wl0.1 any anywhere anywhere
1 16 1143 ACCEPT udp -- wl0.1 any anywhere anywhere udp dpt:domain
2 0 0 ACCEPT tcp -- wl0.1 any anywhere anywhere tcp dpt:domain
3 0 0 ACCEPT tcp -- wl0.1 any anywhere 10.10.185.2 multiport dports www,https
4 54 6658 ACCEPT all -- wl0.1 any anywhere base-address.mcast.net/4
5 0 0 ACCEPT udp -- wl0.1 any anywhere anywhere multiport dports netbios-ns,netbios-dgm
6 1 334 ACCEPT udp -- wl0.1 any anywhere anywhere multiport dports bootps,ntp
7 0 0 ACCEPT icmp -- wl0.1 any anywhere anywhere
8 0 0 YazFiREJECT all -- wl0.1 any anywhere anywhere
[B] On secondary WAN
iptables --line-numbers --list -v | grep "wl0.1"
1 0 0 YazFiREJECT all -- wl0.1 any anywhere !10.10.175.47
1 0 0 REJECT udp -- wl0.1 any anywhere anywhere udp dpt:ntp reject-with icmp-port-unreachable
2 0 0 REJECT tcp -- wl0.1 any anywhere anywhere tcp dpt:ntp reject-with icmp-port-unreachable
3 0 0 ACCEPT all -- wl0.1 !eth0 anywhere anywhere state RELATED,ESTABLISHED
4 0 0 ACCEPT all -- !eth0 wl0.1 anywhere anywhere
5 9 540 YazFiREJECT all -- wl0.1 !eth0 anywhere anywhere
6 0 0 ACCEPT all -- wl0.1 any anywhere anywhere
1 3 200 ACCEPT udp -- wl0.1 any anywhere anywhere udp dpt:domain
2 0 0 ACCEPT tcp -- wl0.1 any anywhere anywhere tcp dpt:domain
3 0 0 ACCEPT tcp -- wl0.1 any anywhere 10.10.185.2 multiport dports www,https
4 28 3387 ACCEPT all -- wl0.1 any anywhere base-address.mcast.net/4
5 0 0 ACCEPT udp -- wl0.1 any anywhere anywhere multiport dports netbios-ns,netbios-dgm
6 1 334 ACCEPT udp -- wl0.1 any anywhere anywhere multiport dports bootps,ntp
7 0 0 ACCEPT icmp -- wl0.1 any anywhere anywhere
8 0 0 YazFiREJECT all -- wl0.1 any anywhere anywhere
[C] diff output:
/jffs/tmp/eth0.txt /jffs/tmp/eth8.txt
1 4 240 YazFiREJECT all -- wl0.1 any anywher | 1 0 0 YazFiREJECT all -- wl0.1 any anywher
5 0 0 YazFiREJECT all -- wl0.1 !eth0 anywher | 5 9 540 YazFiREJECT all -- wl0.1 !eth0 anywher
6 157 28864 ACCEPT all -- wl0.1 any anywhere | 6 0 0 ACCEPT all -- wl0.1 any anywhere
1 16 1143 ACCEPT udp -- wl0.1 any anywhere | 1 3 200 ACCEPT udp -- wl0.1 any anywhere
4 54 6658 ACCEPT all -- wl0.1 any anywhere | 4 28 3387 ACCEPT all -- wl0.1 any anywhere
8 0 0 YazFiREJECT all -- wl0.1 any anywher | 8 0 0 YazFiREJECT all -- wl0.1 any anywher
Last edited:
Ranger802004
Very Senior Member
Yea it is continuing to rebuild the rules with eth0 instead of new wan interface. Not sure if it is hard coded or if they use nvram get wan_ifname from NVRAM, my script does update that value, double check that when you switch to Secondary WANI added below the wl0.1 (YazFi network) iptables [A] On Primary WAN, On secondary WAN and [C] diff output. I do not have a clue if something here is wrong.
I would appreciate any hint
Later edit1: I guess the 5th is the one that is wrong and should change from:
YazFiREJECT all -- wl0.1 !eth0
to:
YazFiREJECT all -- wl0.1 !eth8
Bash:[A] On Primary WAN iptables --line-numbers --list -v | grep "wl0.1" 1 4 240 YazFiREJECT all -- wl0.1 any anywhere !10.10.175.47 1 0 0 REJECT udp -- wl0.1 any anywhere anywhere udp dpt:ntp reject-with icmp-port-unreachable 2 0 0 REJECT tcp -- wl0.1 any anywhere anywhere tcp dpt:ntp reject-with icmp-port-unreachable 3 0 0 ACCEPT all -- wl0.1 !eth0 anywhere anywhere state RELATED,ESTABLISHED 4 0 0 ACCEPT all -- !eth0 wl0.1 anywhere anywhere 5 0 0 YazFiREJECT all -- wl0.1 !eth0 anywhere anywhere 6 157 28864 ACCEPT all -- wl0.1 any anywhere anywhere 1 16 1143 ACCEPT udp -- wl0.1 any anywhere anywhere udp dpt:domain 2 0 0 ACCEPT tcp -- wl0.1 any anywhere anywhere tcp dpt:domain 3 0 0 ACCEPT tcp -- wl0.1 any anywhere 10.10.185.2 multiport dports www,https 4 54 6658 ACCEPT all -- wl0.1 any anywhere base-address.mcast.net/4 5 0 0 ACCEPT udp -- wl0.1 any anywhere anywhere multiport dports netbios-ns,netbios-dgm 6 1 334 ACCEPT udp -- wl0.1 any anywhere anywhere multiport dports bootps,ntp 7 0 0 ACCEPT icmp -- wl0.1 any anywhere anywhere 8 0 0 YazFiREJECT all -- wl0.1 any anywhere anywhere [B] On secondary WAN iptables --line-numbers --list -v | grep "wl0.1" 1 0 0 YazFiREJECT all -- wl0.1 any anywhere !10.10.175.47 1 0 0 REJECT udp -- wl0.1 any anywhere anywhere udp dpt:ntp reject-with icmp-port-unreachable 2 0 0 REJECT tcp -- wl0.1 any anywhere anywhere tcp dpt:ntp reject-with icmp-port-unreachable 3 0 0 ACCEPT all -- wl0.1 !eth0 anywhere anywhere state RELATED,ESTABLISHED 4 0 0 ACCEPT all -- !eth0 wl0.1 anywhere anywhere 5 9 540 YazFiREJECT all -- wl0.1 !eth0 anywhere anywhere 6 0 0 ACCEPT all -- wl0.1 any anywhere anywhere 1 3 200 ACCEPT udp -- wl0.1 any anywhere anywhere udp dpt:domain 2 0 0 ACCEPT tcp -- wl0.1 any anywhere anywhere tcp dpt:domain 3 0 0 ACCEPT tcp -- wl0.1 any anywhere 10.10.185.2 multiport dports www,https 4 28 3387 ACCEPT all -- wl0.1 any anywhere base-address.mcast.net/4 5 0 0 ACCEPT udp -- wl0.1 any anywhere anywhere multiport dports netbios-ns,netbios-dgm 6 1 334 ACCEPT udp -- wl0.1 any anywhere anywhere multiport dports bootps,ntp 7 0 0 ACCEPT icmp -- wl0.1 any anywhere anywhere 8 0 0 YazFiREJECT all -- wl0.1 any anywhere anywhere [C] diff output: /jffs/tmp/eth0.txt /jffs/tmp/eth8.txt 1 4 240 YazFiREJECT all -- wl0.1 any anywher | 1 0 0 YazFiREJECT all -- wl0.1 any anywher 5 0 0 YazFiREJECT all -- wl0.1 !eth0 anywher | 5 9 540 YazFiREJECT all -- wl0.1 !eth0 anywher 6 157 28864 ACCEPT all -- wl0.1 any anywhere | 6 0 0 ACCEPT all -- wl0.1 any anywhere 1 16 1143 ACCEPT udp -- wl0.1 any anywhere | 1 3 200 ACCEPT udp -- wl0.1 any anywhere 4 54 6658 ACCEPT all -- wl0.1 any anywhere | 4 28 3387 ACCEPT all -- wl0.1 any anywhere 8 0 0 YazFiREJECT all -- wl0.1 any anywher | 8 0 0 YazFiREJECT all -- wl0.1 any anywher
Probably the pain with this is , most people use gmail nowaways. I had trouble getting the CA file to work, and using "less secure apps" supposedly stops 5/30/2022. That might be a issue beyond your control, and not worthwhile.. maybe the option
Ranger802004
Very Senior Member
The router has built in support for gmail for the AIProtection alerts so we will see, I use a device password from GMail because I have MFA enabled for my account.
Ranger802004
Very Senior Member
Lol I will look into it and see what I can come up with but at this time no promises.This can be apart of the brand
new fancy gui were getting
Similar threads
Similar threads
Similar threads
-
-
-
-
DDNS does not update dyndns.org when WAN IP changes
- Started by jbodnar
- Replies: 11
-
-
spdMerlin WAN speed is correct...VPN is very low!!- Started by rwheaton1
- Replies: 20
-
wan-failover (2.0.5) showing 100% packet loss, but not failing over
- Started by monorailmedic
- Replies: 0
-
-
AdGuardHome How to open WAN access of web UI after install AMAGHI?
- Started by darkj2k
- Replies: 7
Latest threads
-
-
-
-
-
ASUSwrt DNSMASQ service can't be restarted
- Started by pseu_asus
- Replies: 1
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!