Dual WAN Failover ***v2 Release***

[Phalsa]

Ok I will wait for feedback

I believe I have this same issue:
1. Wan failed over (took a while to fail over - may have had to run the script to do so? - still working this one out - did this by removing the cable connection, not the ethernet for a "true" failure).
2. Reconnected the cable and let the modem resync.
3. WAN0 never failed back (ping remains consistent on my WAN1).

System logs look like it is in a loop.

Asus RT-AX86U
Loaded Merlin 388.1 last week with a factory reset and manual settings.
Updated to Merlin 388.2 this week prior to the Dual WAN Failover Script Install.
Received my LTE Internet today, connected everything in Bridge mode.
Set Dual Wan to true. Fallback unchecked. Nothing else changed (did I screw up something here?).
Installed Dual WAN Failover Script today - Directly installed 2.0.3.
Defaults for everything (for the first test - modified the ping Maximum to 150ms due to the LTE ping delay).

IPv6 is enabled.
QoS is disabled.
No AiMesh (single router).
Cox Cable Internet WAN0
Verizon LTE Internet WAN1
Failover configuration.
No AiProtection enabled.
UPnP disabled.
No VPNs enabled.

Restart of the script (Option 12) corrected the issue. Failback successful.

I will send you my system logs. What else would be helpful?

Thank you!

 

[Phalsa]

I believe I have this same issue:
1. Wan failed over (took a while to fail over - may have had to run the script to do so? - still working this one out - did this by removing the cable connection, not the ethernet for a "true" failure).
2. Reconnected the cable and let the modem resync.
3. WAN0 never failed back (ping remains consistent on my WAN1).

System logs look like it is in a loop.

Asus RT-AX86U
Loaded Merlin 388.1 last week with a factory reset and manual settings.
Updated to Merlin 388.2 this week prior to the Dual WAN Failover Script Install.
Received my LTE Internet today, connected everything in Bridge mode.
Set Dual Wan to true. Fallback unchecked. Nothing else changed (did I screw up something here?).
Installed Dual WAN Failover Script today - Directly installed 2.0.3.
Defaults for everything (for the first test - modified the ping Maximum to 150ms due to the LTE ping delay).

IPv6 is enabled.
QoS is disabled.
No AiMesh (single router).
Cox Cable Internet WAN0
Verizon LTE Internet WAN1
Failover configuration.
No AiProtection enabled.
UPnP disabled.
No VPNs enabled.

Restart of the script (Option 12) corrected the issue. Failback successful.

I will send you my system logs. What else would be helpful?

Thank you!

Attempted to disable IPV6 (turns out WAN1 was not getting an IPV6 address). Also enabled NVRAM checks. No change.

Same behavior. Logs look like they are stuck in some kind of loop. Packet loss remains at 100% on the primary WAN. Script restart corrects the issue and failback occurs.

Also, moved the Ping max back to the default 80 and failover happened almost instantaneously. Need to test that more, but thought that was interesting.

 

[pseu_asus]

To better understand dual WAN, could anyone let me know what these means in nvram?
wan0_realip_ip= #this is either empty or same as wan0_ipaddr
wan0_realip_state= #the value is [0,1,2] as I noticed
wan1_realip_ip= #this is either empty or same as wan1_ipaddr
wan1_realip_state= #the value is [0,1,2] as I noticed

I used dual WAN failover most of the time. Sometimes, I switch to load balance mode to do some WAN speed testing or mobile app testing, I noticed wan0_realip_ip sometimes contained an IP address, which was the same as wan0_ipaddr when I set wan0 as primary. wan0_realip_state could be value of [0,1,2], what does each really mean?

Thanks,

 

[Ranger802004]

I believe I have this same issue:
1. Wan failed over (took a while to fail over - may have had to run the script to do so? - still working this one out - did this by removing the cable connection, not the ethernet for a "true" failure).
2. Reconnected the cable and let the modem resync.
3. WAN0 never failed back (ping remains consistent on my WAN1).

System logs look like it is in a loop.

Asus RT-AX86U
Loaded Merlin 388.1 last week with a factory reset and manual settings.
Updated to Merlin 388.2 this week prior to the Dual WAN Failover Script Install.
Received my LTE Internet today, connected everything in Bridge mode.
Set Dual Wan to true. Fallback unchecked. Nothing else changed (did I screw up something here?).
Installed Dual WAN Failover Script today - Directly installed 2.0.3.
Defaults for everything (for the first test - modified the ping Maximum to 150ms due to the LTE ping delay).

IPv6 is enabled.
QoS is disabled.
No AiMesh (single router).
Cox Cable Internet WAN0
Verizon LTE Internet WAN1
Failover configuration.
No AiProtection enabled.
UPnP disabled.
No VPNs enabled.

Restart of the script (Option 12) corrected the issue. Failback successful.

I will send you my system logs. What else would be helpful?

Thank you!

I responded.

 

[Ranger802004]

To better understand dual WAN, could anyone let me know what these means in nvram?
wan0_realip_ip= #this is either empty or same as wan0_ipaddr
wan0_realip_state= #the value is [0,1,2] as I noticed
wan1_realip_ip= #this is either empty or same as wan1_ipaddr
wan1_realip_state= #the value is [0,1,2] as I noticed

I used dual WAN failover most of the time. Sometimes, I switch to load balance mode to do some WAN speed testing or mobile app testing, I noticed wan0_realip_ip sometimes contained an IP address, which was the same as wan0_ipaddr when I set wan0 as primary. wan0_realip_state could be value of [0,1,2], what does each really mean?

Thanks,

The Real IP values are used to detect your actual IP Address for scenarios like where you are in a Double NAT.

 

[alisou]

Hello @Ranger802004
Now I got a new ASUS router (AX88U) previous (AC88U).
And I'm testing your script.
I have some questions :
1- Can WAN0 and WAN1 use the same IP address ?
Ex :
wan0 : 192.168.1.2
wan1 : 192.168.1.2
If no, is it possible on same subnet ?
wan0 : 192.168.1.2
wan1 : 192.168.1.3

2- I'm using OpenVPN client. I tested WAN0 OK WAN1 OK.
I disconnected WAN0, the script switch on WAN1.
The VPN was connected from WAN1.
I connected WAN0, the script switch to WAN0.
But the OpenVPN Client still using WAN1.

I think that a restart of OpenVPN clients is needed after switch wan.
For testing :
I modified the script by adding on line 5126 :
#Restart OpenVPN client
service restart_vpnclient1

And now it working perfectly.

Is it possible to add this on the next release please ^^ ?

Thank you.

 

[Phalsa]

I responded.

For others that ran into this issue:

After a bunch of testing, it appears to have something to do with the DHCP DNS addresses from the provider. When I set the DNS servers to a static value in WAN - WAN DNS Setting to Google (8.8.8.8 / 8.8.4.4) for WAN0, failback now works as expected. WAN1 still has DNS set to automatic, but it works now as expected for both failover and failback.

 

[Ranger802004]

Hello @Ranger802004
Now I got a new ASUS router (AX88U) previous (AC88U).
And I'm testing your script.
I have some questions :
1- Can WAN0 and WAN1 use the same IP address ?
Ex :
wan0 : 192.168.1.2
wan1 : 192.168.1.2
If no, is it possible on same subnet ?
wan0 : 192.168.1.2
wan1 : 192.168.1.3

2- I'm using OpenVPN client. I tested WAN0 OK WAN1 OK.
I disconnected WAN0, the script switch on WAN1.
The VPN was connected from WAN1.
I connected WAN0, the script switch to WAN0.
But the OpenVPN Client still using WAN1.

I think that a restart of OpenVPN clients is needed after switch wan.
For testing :
I modified the script by adding on line 5126 :
#Restart OpenVPN client
service restart_vpnclient1

And now it working perfectly.

Is it possible to add this on the next release please ^^ ?

Thank you.

I specifically left the OpenVPN Client restart out of the function because it would create conflicts with VPNMON by @Viktor Jaep .

 

[Ranger802004]

For others that ran into this issue:

After a bunch of testing, it appears to have something to do with the DHCP DNS addresses from the provider. When I set the DNS servers to a static value in WAN - WAN DNS Setting to Google (8.8.8.8 / 8.8.4.4) for WAN0, failback now works as expected. WAN1 still has DNS set to automatic, but it works now as expected for both failover and failback.

I responded to your DM about this.

 

[alisou]

@Ranger802004
Did you know if its possible :
WAN0 and WAN1 use the same IP address ?
Ex :
wan0 : 192.168.1.2
wan1 : 192.168.1.2
If no, is it possible on same subnet ?
wan0 : 192.168.1.2
wan1 : 192.168.1.3

 

[alisou]

On wan0 and wan1 i'm using the google dns 8.8.8.8 and 8.8.4.4
When testing failover from wan0 to wan1. The route for google DNS has not changed.
The result is : after failover I can't ping/access to DNS (8.8.8.8).

gateway wan0 : 192.168.4.1
gateway wan1 : 192.168.1.1 (DSL-AC68U-8298)

Before the failover from wan0 to wan1 :
Destination Gateway Genmask Flags Metric Ref Use Iface
default DSL-AC68U-8298 0.0.0.0 UG 0 0 0 eth4
8.8.4.4 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0
8.8.8.8 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0

After failover from wan0 to wan1 (same routes) :
Destination Gateway Genmask Flags Metric Ref Use Iface
default DSL-AC68U-8298 0.0.0.0 UG 0 0 0 eth4
8.8.4.4 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0
8.8.8.8 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0

It should be :
Destination Gateway Genmask Flags Metric Ref Use Iface
default DSL-AC68U-8298 0.0.0.0 UG 0 0 0 eth4
8.8.4.4 DSL-AC68U-8298 255.255.255.255 UGH 1 0 0 eth0
8.8.8.8 DSL-AC68U-8298 255.255.255.255 UGH 1 0 0 eth0

On log I have seen :
Apr 24 16:47:35 wan-failover: Failback - ***Error*** Unable to delete default route via 192.168.4.1 dev eth0
Apr 24 16:48:03 wan-failover: Check Routing Table - Adding default route for wan1 Routing Table via 192.168.1.1 dev eth4
Apr 24 16:48:03 wan-failover: Check Routing Table - Added default route for wan1 Routing Table via 192.168.1.1 dev eth4
Apr 24 16:48:03 wan-failover: Debug - Checking wan1 for route to Target IP: 8.8.4.4 for wan1 Routing Table via 192.168.1.1 dev eth4
Apr 24 16:48:03 wan-failover: Check Routing Table - Adding route to Target IP: 8.8.4.4 for wan1 Routing Table via 192.168.1.1 dev eth4
Apr 24 16:48:03 wan-failover: Check Routing Table - Added default route to Target IP: 8.8.4.4 for wan1 Routing Table via 192.168.1.1 dev eth4

 

[JohnSmith]

On wan0 and wan1 i'm using the google dns 8.8.8.8 and 8.8.4.4
When testing failover from wan0 to wan1. The route for google DNS has not changed.
The result is : after failover I can't ping/access to DNS (8.8.8.8).

gateway wan0 : 192.168.4.1
gateway wan1 : 192.168.1.1 (DSL-AC68U-8298)

Before the failover from wan0 to wan1 :
Destination Gateway Genmask Flags Metric Ref Use Iface
default DSL-AC68U-8298 0.0.0.0 UG 0 0 0 eth4
8.8.4.4 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0
8.8.8.8 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0

After failover from wan0 to wan1 (same routes) :
Destination Gateway Genmask Flags Metric Ref Use Iface
default DSL-AC68U-8298 0.0.0.0 UG 0 0 0 eth4
8.8.4.4 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0
8.8.8.8 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0

It should be :
Destination Gateway Genmask Flags Metric Ref Use Iface
default DSL-AC68U-8298 0.0.0.0 UG 0 0 0 eth4
8.8.4.4 DSL-AC68U-8298 255.255.255.255 UGH 1 0 0 eth0
8.8.8.8 DSL-AC68U-8298 255.255.255.255 UGH 1 0 0 eth0

On log I have seen :
Apr 24 16:47:35 wan-failover: Failback - ***Error*** Unable to delete default route via 192.168.4.1 dev eth0
Apr 24 16:48:03 wan-failover: Check Routing Table - Adding default route for wan1 Routing Table via 192.168.1.1 dev eth4
Apr 24 16:48:03 wan-failover: Check Routing Table - Added default route for wan1 Routing Table via 192.168.1.1 dev eth4
Apr 24 16:48:03 wan-failover: Debug - Checking wan1 for route to Target IP: 8.8.4.4 for wan1 Routing Table via 192.168.1.1 dev eth4
Apr 24 16:48:03 wan-failover: Check Routing Table - Adding route to Target IP: 8.8.4.4 for wan1 Routing Table via 192.168.1.1 dev eth4
Apr 24 16:48:03 wan-failover: Check Routing Table - Added default route to Target IP: 8.8.4.4 for wan1 Routing Table via 192.168.1.1 dev eth4

Are you sure you have an RT-AX88U as per your signature? There is no V386.10 ASUS Merlin firmware for this product, only V386.8 (which I am on), V388.1 and V388.2.

My RT-AC3100 uses V386.10.

Are you using an AC68U instead as per "gateway wan1 : 192.168.1.1 (DSL-AC68U-8298)"?

 

[alisou]

It’s error on my signature
I have AX88U with latest version V388.2.
The AC68U it’s my gateway on wan1

 

[Ranger802004]

@Ranger802004
Did you know if its possible :
WAN0 and WAN1 use the same IP address ?
Ex :
wan0 : 192.168.1.2
wan1 : 192.168.1.2
If no, is it possible on same subnet ?
wan0 : 192.168.1.2
wan1 : 192.168.1.3

No i believe you’ll have conflicts with this.

 

[Ranger802004]

On wan0 and wan1 i'm using the google dns 8.8.8.8 and 8.8.4.4
When testing failover from wan0 to wan1. The route for google DNS has not changed.
The result is : after failover I can't ping/access to DNS (8.8.8.8).

gateway wan0 : 192.168.4.1
gateway wan1 : 192.168.1.1 (DSL-AC68U-8298)

Before the failover from wan0 to wan1 :
Destination Gateway Genmask Flags Metric Ref Use Iface
default DSL-AC68U-8298 0.0.0.0 UG 0 0 0 eth4
8.8.4.4 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0
8.8.8.8 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0

After failover from wan0 to wan1 (same routes) :
Destination Gateway Genmask Flags Metric Ref Use Iface
default DSL-AC68U-8298 0.0.0.0 UG 0 0 0 eth4
8.8.4.4 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0
8.8.8.8 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0

It should be :
Destination Gateway Genmask Flags Metric Ref Use Iface
default DSL-AC68U-8298 0.0.0.0 UG 0 0 0 eth4
8.8.4.4 DSL-AC68U-8298 255.255.255.255 UGH 1 0 0 eth0
8.8.8.8 DSL-AC68U-8298 255.255.255.255 UGH 1 0 0 eth0

On log I have seen :
Apr 24 16:47:35 wan-failover: Failback - ***Error*** Unable to delete default route via 192.168.4.1 dev eth0
Apr 24 16:48:03 wan-failover: Check Routing Table - Adding default route for wan1 Routing Table via 192.168.1.1 dev eth4
Apr 24 16:48:03 wan-failover: Check Routing Table - Added default route for wan1 Routing Table via 192.168.1.1 dev eth4
Apr 24 16:48:03 wan-failover: Debug - Checking wan1 for route to Target IP: 8.8.4.4 for wan1 Routing Table via 192.168.1.1 dev eth4
Apr 24 16:48:03 wan-failover: Check Routing Table - Adding route to Target IP: 8.8.4.4 for wan1 Routing Table via 192.168.1.1 dev eth4
Apr 24 16:48:03 wan-failover: Check Routing Table - Added default route to Target IP: 8.8.4.4 for wan1 Routing Table via 192.168.1.1 dev eth4

Try changing your target IPs to something other than what your WAN interfaces are using for DNS.

 

[alisou]

Try changing your target IPs to something other than what your WAN interfaces are using for DNS.

It won't be enough. Because when failover occur. dual wan can ping target ip.
But VPNMON can't resolve URL because the DNS will be unreachable.

Can you test to see if you get the same behavior as me ?
Thank you.

 

[Ranger802004]

It won't be enough. Because when failover occur. dual wan can ping target ip.
But VPNMON can't resolve URL because the DNS will be unreachable.

Can you test to see if you get the same behavior as me ?
Thank you.

I need you to change your target IP to something different so WAN failover isn’t depending on the DNS route created by the firmware for your WAN interface.

 

[alisou]

I need you to change your target IP to something different so WAN failover isn’t depending on the DNS route created by the firmware for your WAN interface.

You are right. I changed target to 1.1.1.1. Now wan failover change route of 1.1.1.1.
But I still having problem on static route of my DNS (8.8.8.8) always on eth0 (wan0).
When wan failover on wan1. The router can't reach his DNS (impact : VPNMON didn't work, ntp ko...).

Did you know how disabling static route of DNS ?
Or can wan failover script change the static route ?

 

[Ranger802004]

You are right. I changed target to 1.1.1.1. Now wan failover change route of 1.1.1.1.
But I still having problem on static route of my DNS (8.8.8.8) always on eth0 (wan0).
When wan failover on wan1. The router can't reach his DNS (impact : VPNMON didn't work, ntp ko...).

Did you know how disabling static route of DNS ?
Or can wan failover script change the static route ?

Is this DNS also assigned to WAN1?

 

[alisou]

Yes, here the route If I put same DNS on wan0 and wan 1 :
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.4.1 0.0.0.0 UG 0 0 0 eth0
8.8.4.4 192.168.1.1 255.255.255.255 UGH 1 0 0 eth4
8.8.4.4 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0
8.8.8.8 192.168.1.1 255.255.255.255 UGH 1 0 0 eth4
8.8.8.8 192.168.4.1 255.255.255.255 UGH 1 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
192.168.1.0 * 255.255.255.0 U 0 0 0 eth4
192.168.1.1 * 255.255.255.255 UH 0 0 0 eth4
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
192.168.4.0 * 255.255.255.0 U 0 0 0 eth0

But this will result to problem.
Because the DNS will be accessible ony from one route.
If we disconnect wan1 we lots DNS access.

I'm testing with wan0 : DNS Google. wan1 : other dns provider.
In this case, the router can access to DNS when failover to wan1 (after script wan failover changing DNS config).
But VPNMON still detect issue on WAN, even if no problem on WAN.