Dual WAN Failover ***v2 Release***

[rlj2]

Im running 2.1.0 on a AX86u, Im lucky to get 24hrs without the script going "unresponsive". Nothing shows up in the logs

 

[RandomUser777]

Dual Wan Failover has been working great for me (RT-AX86U_Pro). Whether I unplug the ethernet cable or unplug the cable modem coax, the failover to WAN1 happens quickly. Failback takes ~30-60 seconds.

I did notice that once I installed Skynet, the wanfailover script has problems (Secondary Wan keeps changes from disconnected to cold-standby). Once Skynet is uninstalled, the problem resolves.

 

[Ranger802004]

Im running 2.1.0 on a AX86u, Im lucky to get 24hrs without the script going "unresponsive". Nothing shows up in the logs

Try turning on NVRAM Checks in the configuration and restarting WAN Failover.

 

[Ranger802004]

Dual Wan Failover has been working great for me (RT-AX86U_Pro). Whether I unplug the ethernet cable or unplug the cable modem coax, the failover to WAN1 happens quickly. Failback takes ~30-60 seconds.

I did notice that once I installed Skynet, the wanfailover script has problems (Secondary Wan keeps changes from disconnected to cold-standby). Once Skynet is uninstalled, the problem resolves.

A lot of users use Skynet (including myself), there could be something else in your configuration / environment causing this issue. Collect debug logs and I'll take a look.

 

[RandomUser777]

A lot of users use Skynet (including myself), there could be something else in your configuration / environment causing this issue. Collect debug logs and I'll take a look.

Log snippet attached (ip address redacted or altered)

This was 100% repeatable for me: once Skynet was installed (around line 60 in this logfile), secondary wan was disconnected. Uninstall skynet and reboot, everything works fine.

 

[JohnSmith]

***v2.1.0 Release***
Enhancements:
- Added WAN0 and WAN1 Web GUI configuration options to create routes for the device portals for each WAN interface.
- Added Reset Default Configuration to Configuration Menu, additionally the command argument resetconfig can be used.
- Enhanced uninstallation prompt for verifying to uninstall.

Fixes:
- Fixed an issue where update would hang if WAN Failover wasn't running.
- Fixed an issue that would allow Load Balance FWMarks and Masks to be non-hexidecimal values in console.
- Added function to verify reverse path filtering is disabled after restarting WAN interfaces and when performing initial WAN Status checks. This is already disabled by the firmware by default but automatically re-enables when an interface is restarted and can cause issues with the target IP rules.

1. If you add a WAN0 or WAN1 Web GUI IP address, and it doesn't allow you to get to the devices portal, are there any troubleshooting steps to try?

2. If you add a WAN0 or WAN1 Web GUI IP address, and then you want those to be "Disabled" again, how do you revert those back, as the logic only seems to allow an IP address?

 

[Ranger802004]

1. If you add a WAN0 or WAN1 Web GUI IP address, and it doesn't allow you to get to the devices portal, are there any troubleshooting steps to try?

2. If you add a WAN0 or WAN1 Web GUI IP address, and then you want those to be "Disabled" again, how do you revert those back, as the logic only seems to allow an IP address?

They just add routes into the main route table so you can go in there and find them and delete them or a reboot will clear them out. May need more info on your configuration as this function is working in my prod and lab environment.

 

[JohnSmith]

They just add routes into the main route table so you can go in there and find them and delete them or a reboot will clear them out. May need more info on your configuration as this function is working in my prod and lab environment.

I deleted them via SSH, but then I had to go into the "wan-failover.conf" file and blank out the IP address I gave for WAN0. Was looking for an automatic way as part of the script to re-disable it again, which would remove the route created by it.

No worries, all back to the way it was.

Normally I would take my laptop to the ISP supplied router, and plug directly into an ethernet port on it (as SSID's turned off for their routers, and they are in bridged mode), and assign static IP's to get onto the interface to make any changes. Security vs convenience, I'll take security

 

[nunu]

Hello every body !

First thanks to @Ranger802004 for this huge script.

I try to make it works, but i have a question: does this script is supposed to work with openvpn connections ?

i mean, in case of failure, are VPN routes set to use the secondary WAN ?

An other question: is it possible, in failover mode to keep connection with de secondary WAN ?
in fact in my set up, Primary connexion is the fastest one, but behind a GCNAT (so no possibility to connect from internet to my local network), but the seconday WAN is the slowest connection (but ADSL box with public ip address).


regards

 

[Ranger802004]

Hello every body !

First thanks to @Ranger802004 for this huge script.

I try to make it works, but i have a question: does this script is supposed to work with openvpn connections ?

i mean, in case of failure, are VPN routes set to use the secondary WAN ?

An other question: is it possible, in failover mode to keep connection with de secondary WAN ?
in fact in my set up, Primary connexion is the fastest one, but behind a GCNAT (so no possibility to connect from internet to my local network), but the seconday WAN is the slowest connection (but ADSL box with public ip address).


regards

Yes it works with OpenVPN and and the only condition to stay on Secondary is if the Primary has failed network detection via ping with a 100% loss or you disable the Primary WAN.

 

[nunu]

Thanks for the answer.

In load balacing mode (for example 90% - 10%), which is the output WAN used by an openvpn client ? Does the script influence the output WAN port used ?

regards

 

[Ranger802004]

Thanks for the answer.

In load balacing mode (for example 90% - 10%), which is the output WAN used by an openvpn client ? Does the script influence the output WAN port used ?

regards

There are configuration settings for this, I would recommend to read the readme.

 

[nunu]

Got it !
thanks a lot !
need some testing now !

 

[nunu]

so, to be sure to understand correctly, if i want in load balancing mode, 2 WANs ok, openvpn client on WAN0 only:

- OVPNSPLITTUNNEL: This will enable or disable OpenVPN Split Tunneling while in Load Balance Mode. Default: 1 (Enabled)
=> need to set to 0
- OVPNWAN0PRIORITY: This defines the OpenVPN Tunnel Priority for WAN0 if OVPNSPLITTUNNEL is 0 (Disabled). Default: 100
=> 100 is prior to 200 ? so i let these default values ?
- OVPNWAN1PRIORITY: This defines the OpenVPN Tunnel Priority for WAN1 if OVPNSPLITTUNNEL is 0 (Disabled). Default: 200

regards

 

[nunu]

Hi,

i made some tests without OPENVPN clients: load balancing is working fine.

Bu with ovpn client, it seems not working correctly on my router.

For example i have :

Status Unresponsive
WAN0 status : Connected
WAN1 status : Connected

but the router on port WAN0 (4G) has been power off (so like cable unplugged).

i need to remake the test and provide traces.

regards

 

[Cedarhillguy]

Having issues with wan-failover (2.1.0) on a new GT-AX6000 router with the latest merlin firmware (388.5). No issues installing it, but CPU usage is spiking and I can't get the wan-failover status page to show. It just hangs when I select 1 to show status.

I turned on debug logging and the same entry keeps repeating "wan-failover: Debug - failed to set WAN1GWIFNAME". I checked and this value is set to 'usb0'. I've also tried with NVRAM check both enabled and disabled, no change.

Looking for suggestions on what I need to change to get it working.

EDIT(12/9): I resolved the issue and it's working now. I terminated wan-failover, then manually disconnected the primary wan, so the ASUS router routine switched to the secondary. This populated all the NVRAM settings and when I restarted wan-failover it worked.

 

[nunu]

Hello,

i'am facing an issue, i think it is related to ip tables ?!

If router is set to failover, i have access to ip 192.168.1.x through my VPN.

If i switch to Load Balancing, i have no access to 192.168.1.x from a device on the local network, but i can ping a device on 192.168.1.x from the router itself.
Here the ip table:

0: from all lookup local
100: from all to 8.8.8.8 iif lo oif eth4 lookup wan0
100: from all to 8.8.4.4 iif lo lookup wan1
100: from all to 82.67.33.113 lookup wan0
100: from all to 84.17.52.18 lookup wan0
150: from all fwmark 0x80000000/0xf0000000 lookup wan0
150: from all fwmark 0x90000000/0xf0000000 lookup wan1
200: from 192.168.3.2 lookup wan0
200: from 192.168.2.2 lookup wan1
200: from 9.9.9.11 lookup wan0
200: from 149.112.112.11 lookup wan0
200: from 9.9.9.11 lookup wan1
200: from 149.112.112.11 lookup wan1
200: from all to 82.67.33.113 lookup wan1
200: from all to 89.149.22.47 lookup wan1
400: from all to 192.168.3.1 lookup wan0
400: from all to 192.168.2.1 lookup wan1
400: from all to 9.9.9.11 lookup wan0
400: from all to 149.112.112.11 lookup wan0
400: from all to 9.9.9.11 lookup wan1
400: from all to 149.112.112.11 lookup wan1
10210: from all to 192.168.1.0/24 lookup ovpnc1
32766: from all lookup main
32767: from all lookup default

Maybe it is fwmark that are prior to "10210: from all to 192.168.1.0/24 lookup ovpnc1" ?

Just a little thing in the script, i found a little mistake in a logger message:

if [[ -z "$(sed -n '/\bEMAILTIMEOUT=\b/p' "$CONFIGFILE")" ]] &>/dev/null;then
logger -p 6 -t "$ALIAS" "Debug - Setting OVPNWAN1PRIORITY Default: Priority 200"
echo -e "EMAILTIMEOUT=30" >> $CONFIGFILE
fi

i will remove the script to check if this issue is due to the script

NB: i have remove it, and still have a problem ...
maybe something is not set correctly on the router or script config file to get local balancing + vpn client or in the config file ? (i have default config with only option OVPNSPLITTUNNEL=0 )

i have attached route and ip rule dump .

regards

 

[nunu]

hi,
any idea, or do i need to provide additional traces ?
regards

 

[Ranger802004]

Hello,

i'am facing an issue, i think it is related to ip tables ?!

If router is set to failover, i have access to ip 192.168.1.x through my VPN.

If i switch to Load Balancing, i have no access to 192.168.1.x from a device on the local network, but i can ping a device on 192.168.1.x from the router itself.
Here the ip table:


Maybe it is fwmark that are prior to "10210: from all to 192.168.1.0/24 lookup ovpnc1" ?

Just a little thing in the script, i found a little mistake in a logger message:



i will remove the script to check if this issue is due to the script

NB: i have remove it, and still have a problem ...
maybe something is not set correctly on the router or script config file to get local balancing + vpn client or in the config file ? (i have default config with only option OVPNSPLITTUNNEL=0 )

View attachment 54714

View attachment 54715

i have attached route and ip rule dump .

regards

You can try changing the priority of the Load Balance Rules from the default (150) in the configuration menu (Option 30) to something below your VPN rules. Reboot for this change to take effect.

 

[nunu]

hi,
i don't understand. It seems taht by default, ovpn rules are low priority

here my vpn rule : 10210: from all to 192.168.1.0/24 lookup ovpnc1

So Load Balance priority is lowest than ovpns one.

Do i need to set some specific entries in dual wan mode in menu (Routing rules for Dual WAN, enable/disable routing rules ? add some entries ?)

regards