Dual WAN issues RT-86ACU

[Tech9]

Have you filed a bug report to ASUS?

No. I don't use home routers in my networks. There are more bugs in Asuswrt and enough folks around with Asus routers to report them.

To be fair, this dual WAN issue many only exist in some setups.

See how many Asus routers I have in my collection. I have tested them all, if Dual WAN option was available, on multiple firmware versions from 380 to current 386 base. Including AX88U like yours. The best home router for Dual WAN is Synology rt2600ac. Cisco RV routers work well, Netgate appliances, Peplink Ballance routers. From cheaper options TP-Link ER605, Ubiquiti ER series. I don't have any MikroTik routers to test with. On routers with FreshTomato support it works better, but I still had some events with no failback. Test your luck.

 

[DualWANer]

Just to be clear, I am running ASUS factory code, not some third party open source WRT. Are all these issues I am reading applicable only to the open source WRT?

 

[Tech9]

Your router has no other 3rd party options, but Asuswrt-Merlin. The code is the same as in Asuswrt. Again, if you really need reliable Dual WAN with 30sec reaction time, get ER605 for Dual WAN management only and run your Asus behind it. ER605 can do 4x WAN, actually. It's $60 on Amazon.

 

[tarzan2000]

Exactly. It works reliably only when you unplug the WAN/LAN cable or power off the modem. If you lose Internet connection, but the cable connection between your router and your modem is up, most of the time it doesn't failover/failback. Sometimes it does failover after minutes, but when the main connection is restored it doesn't failback. You have to test it thoroughly, before you disagree. Someone may buy an Asus router for the purpose of Dual WAN and we start the same discussions over and over again. There are multiple threads on SNB about the issue.

Well, I'll try to simulate the failure of the main provider without disabling the WAN port and report to the topic. But keep in mind, my configuration has been living for a year and probably I had logical failures of the provider and I did not notice it ..... probably.

Alternatively, I can disconnect the provider cable from port 1 of the switch, while the VAN cable of the router is inserted into port 5 of the switch. Those. I physically do not turn off the VAN port, but I drop the logic of the Internet channel. Would such a test suit you?

My conf : Cable ISP----port1 (D-Link DGS-1100-05V2/A1A 5G)------Port5---WAN Asus AX86U

 

[Smokey613]

Well, I'll try to simulate the failure of the main provider without disabling the WAN port and report to the topic. But keep in mind, my configuration has been living for a year and probably I had logical failures of the provider and I did not notice it ..... probably.

Alternatively, I can disconnect the provider cable from port 1 of the switch, while the VAN cable of the router is inserted into port 5 of the switch. Those. I physically do not turn off the VAN port, but I drop the logic of the Internet channel. Would such a test suit you?

My conf : Cable ISP----port1 (D-Link DGS-1100-05V2/A1A 5G)------Port5---WAN Asus AX86U

View attachment 39294

That should provide a reasonable test of the failover functioning. I did the same test a couple of years ago on a RT-AC1900. I had two isp connections with the primary being on the router’s WAN port and the backup on LAN port 1. I unplugged the cable from port one on the little switch to the primary isp ONT and it failed over but once I plugged the port 1 back into the isp ONT, the link came up but the asus never returned to routing traffic out the primary wan connection. I had to unplug the failover wan connection to the backup cable modem to get it to fail back and even then it took awhile. I was running Merlin 384.19. I gave up on Asus failover.

My current setup works perfectly and fairly quickly.

 

[Tech9]

I had logical failures of the provider and I did not notice it ..... probably.

You may notice it when it drains your mobile Internet plan because it didn't failback. The way I test is by unplugging the coax cable from the cable modem or the phone line from the ADSL modem. If you set 40+ attempts, it may eventually work, but very slow with minutes reaction time. If you use your second ISP line for emergency backup only this is not a problem. You can even unplug the cables, if you're home. Not a good option for reliability though or fast reaction. I really hope Asus will fix this at some point. Unfortunately, Asus is more focused on AiMesh than anything else. Also, I've noticed Adaptive QoS perhaps doesn't work in Dual WAN configuration. Manually assigned up/down bandwidth is ignored. I don't know if AiProtection works.

the link came up but the asus never returned to routing traffic out the primary wan

This is exactly what happens in my tests as well. If the secondary WAN port is up, the router may never failback to primary WAN. Sometimes it does.

 

[Ranger802004]

Dual WAN Failover Script

WAN Failover is designed to replace the factory ASUS WAN Failover functionality, this script will monitor the WAN Interfaces using a Target IP Address and pinging these targets to determine when a failure occurs. When a failure is detected in Failover Mode, the script will switch to the...

www.snbforums.com

 

[tarzan2000]

How do you test?

It turned out to be the opposite for me. I have been using the WAN+USB configuration (Huawei E3372h-153)) for a long time and unfortunately it did not always work correctly. Then I decided that WAN + LAN would be the best solution.
I bought a Dlink DIR-300 at a flea market, installed AsusWRT firmware on it, plugged a USB modem (Huawei E3372h-153) into it and set up static addressing on LAN4 AX86U and LAN1 DIR300. Those it turns out that Dir300 keeps a GPRS session with the modem all the time (does not fall a sleep) and in the event of a WAN drop in AX86, switching to LAN4 is almost instantaneous.

I just test, or I take out the WAN cable, or the IPOE session falls on the WAN port.

 

[Aiadi]

Some excellent tips and advice here and so thanks to all. I need to use multi-WAN in a load balancing way as my ISPs are still from last century. I confirm that trying various configurations on both original firmware and Merlin's have not worked well at all. I am very interested in trying the TL-ER605 as a budget option that has been mentioned on several fora as a decent options. What I am looking for is to use the ER605 as the internet gateway but would like it to pass all the internet traffic unrestricted to my Asus router (like using the TP-Link in a bridge mode if that makes sense). However, I have not yet been able to conform that this is possible in a multi-wan situation with the ER605 nor have I found any guidance on the web on how to set this up and I would greatly appreciate any pointers in this regard.

 

[Smokey613]

You would place each of the ER605 WAN ports in a DMZ of their respective ISP devices.

Setup the ER605 for Dual WAN Load Balance, then place your Asus router in a DMZ on the ER605.

Yes this is a lot of NATing but it works.

This is what I am currently doing and it works very well.

 

[Aiadi]

You would place each of the ER605 WAN ports in a DMZ of their respective ISP devices.

Setup the ER605 for Dual WAN Load Balance, then place your Asus router in a DMZ on the ER605.

Yes this is a lot of NATing but it works.

This is what I am currently doing and it works very well.

That is very helpful, thank you. My current Draytek gateway allows DMZ traffic to flow from only one of its WAN ports on to a LAN client (and not multi-WAN to single LAN if that makes sense). Is this not the case with the ER605 (i.e. will the dual wan combined go the DMZ with no issues)? Also in the Draytek, I have never been able to pass my ISP's public IP through to my Asus using DMZ and would only be able to do so if I put Draytek in modem-only mode which would obviously make NATing and dual-wan defunct.

 

[Smokey613]

The ER605 allows both WAN ports to participate in the DMZ to the downstream router.

 

[Aiadi]

Just trying the The ER605 and the Dual WAN load balance is actually working fairly well so far but adding my ASUS as DMZ has so far been a complete disaster and I cannot access any of my LAN clients remotely as a result of double NAT. I will keep on trying to crack this

 

[Smokey613]

Just trying the The ER605 and the Dual WAN load balance is actually working fairly well so far but adding my ASUS as DMZ has so far been a complete disaster and I cannot access any of my LAN clients remotely as a result of double NAT. I will keep on trying to crack this

Are you running the stock firmware or RMerlin firmware?

If you are running RMerlin firmware, you should be able to use the OpenVPN Server of the Asus router.

You will need to use a DDNS service to make sure you have a hostname mapped to the current internet WAN IP address.

To make it simple, just use the Asus built in DDNS service and then you can download the client config file from the Asus OpenVPN Server web page to use with your OpenVPN client on your remote device.

This setup is what I used when I was running my AC86U behind the ER605.

 

[Aiadi]

Are you running the stock firmware or RMerlin firmware?

If you are running RMerlin firmware, you should be able to use the OpenVPN Server of the Asus router.

You will need to use a DDNS service to make sure you have a hostname mapped to the current internet WAN IP address.

To make it simple, just use the Asus built in DDNS service and then you can download the client config file from the Asus OpenVPN Server web page to use with your OpenVPN client on your remote device.

This setup is what I used when I was running my AC86U behind the ER605.

Your help is again appreciated. Using Merlin but unfortunately no way to get DDNS working with double NAT and with the DMZ appearing to be completely non-functional at this stage on the ER605. I just wish that the TP-Link had some sort of True-DMZ like my Draytek which works when nothing else does. I might try and replace my Asus with another router downstream from the ER605 and see what happens.

 

[Tech9]

If you are running RMerlin firmware, you should be able to use the OpenVPN Server of the Asus router.

Running OpenVPN server in stock Asuswrt is not an issue. The *.ovpn configuration file may have to be changed a bit with DDNS info.

remote xxxx.ddns.net 1032

Asuswrt uses the private WAN IP address in double NAT for some reason. Example above - No-IP and port 1032 instead of standard 1194.

 

[Tech9]

Using Merlin but unfortunately no way to get DDNS working with double NAT

Check your configuration file and the WAN IP your DDNS service is pointing to.