2wan on tp-link wr1043n v5 using mwan3?

I am interested in configuring the wr1043n v5 for 2wan using mwan3. Can anyone look at my configuration files and tell me what I am doing wrong? I beleive i have properly configured the switch, which should be the hard part, but I can only get ONE of the two wans to actually work no matter what. There also seem to be problems with the DNS.

/etc/config/network:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd28:7776:b82b::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.98.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device 'lan_dev'
	option name 'eth0.1'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'dhcp'

config device 'wan_dev'
	option name 'eth0.2'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0t 1 2 3'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 5'
	option vid '2'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option ports '0t 4'
	option vid '4'

config interface 'wan_orange'
	option ifname 'eth0.4'
	option proto 'dhcp'

etc/config/mwan3:

config globals 'globals'
	option mmx_mask '0x3F00'
	option local_source 'lan'

config interface 'wan'
	option enabled '1'
	option family 'ipv4'
	option reliability '2'
	option count '1'
	option timeout '2'
	option interval '5'
	option down '3'
	option up '8'
	option initial_state 'online'
	option track_method 'ping'
	option size '56'
	option check_quality '0'
	option failure_interval '5'
	option recovery_interval '5'
	option flush_conntrack 'never'
	list track_ip '80.58.61.254'
	list track_ip '80.58.61.250'

config interface 'wan_orange'
	option enabled '1'
	option family 'ipv4'
	option track_method 'ping'
	option reliability '1'
	option count '1'
	option size '56'
	option timeout '2'
	option interval '5'
	option failure_interval '5'
	option recovery_interval '5'
	option down '3'
	option up '3'
	option flush_conntrack 'never'
	option check_quality '0'
	list track_ip '62.36.225.150'
	list track_ip '62.37.228.20'

config rule 'https'
	option sticky '1'
	option dest_port '443'
	option proto 'tcp'
	option use_policy 'balanced'

config rule 'default_rule'
	option dest_ip '0.0.0.0/0'
	option use_policy 'balanced'

config member 'wan_orange_member'
	option interface 'wan_orange'
	option metric '1'
	option weight '5'

config member 'wan_movistar_member'
	option interface 'wan'
	option metric '1'
	option weight '3'

config policy 'balanced'
	list use_member 'wan_orange_member'
	list use_member 'wan_movistar_member'
	option last_resort 'unreachable'

/etc/config/firewall:

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6 wan_orange'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

/etc/config/dhcp:

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	option start '20'
	option limit '490'
	option leasetime '2h'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

I also get this error: WARNING: Interface wan_orange has no default route in the main routing table I have tried putting a static IP, no luck.

I think you need to add a metric parameter to the interfaces in network. Add
option metric '10'
under config interface 'wan' and 20 under wan_orange.

thanks, i tried that, didn't have much luck. I did however find the correct configuration for an Archer C7 v2.0 online, and so I grabbed one and go it working, here: https://github.com/vdxlab/openwrt-mwan-config

I will take up the wr1043n again at some point, since I've lots of them.... Thanks anyway, @per!

I also found this thread, which has some clues I've not yet had time to look into:

which leads to:

you need to add also:

config dhcp 'wan_orange'
   option interface 'wan_orange'
   option ignore '1'

The metric is important, you need to set different metric to each wan's

Hi, I wrote that file, I don't know if you are confused with the switch-vlan-port-physicalports thing, I was some time ago, thats because I wrote that notes.

There is two ways that I know to properly know and detect the physical port <-> switch port:
one way using luci, is to make a change (set a port to tagged for example, and and see on "unsaved changes" which one changed, usually on recent Luci versions the physical ports are named correctly.

another way, connected to ssh, and issue the command swconfig dev switch0 show | grep link (see sample output below) and connect/disconnect an ethernet cable to see if it changes the "link" on some...
Other thing that you need to know is that one or two port are usually CPU connected (will be always be connected) and are named eth0 and eth1 if there is two. If you will use your device as Router it will be useful to separate wan's and lan's on each of those, if you are gonna use for dumb AP's will be faster to leave the WAN port connected to the same CPU as the lan ports, but don't get confused on that if not necessary now.
If you need more help, let me know.

	link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
	link: port:1 link:down
	link: port:2 link:down
	link: port:3 link:down
	link: port:4 link:down
	link: port:5 link:up speed:1000baseT full-duplex txflow rxflow auto
	link: port:6 link:up speed:1000baseT full-duplex txflow rxflow 

you could also run something like

swconfig dev switch0 show | grep link; sleep 3; echo "(...)";swconfig dev switch0 show | grep link
and connect/disconnect immediately the cable and wait for 5 to 6 seconds and connect it againt... it should show changes, something like (if you disconnect for some seconds you should now loose your ssh connection).

	link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
	link: port:1 link:down
	link: port:2 link:down
	link: port:3 link:up speed:100baseT full-duplex txflow rxflow auto
	link: port:4 link:down
	link: port:5 link:up speed:1000baseT full-duplex txflow rxflow auto
	link: port:6 link:up speed:1000baseT full-duplex txflow rxflow 
(...)
	link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
	link: port:1 link:down
	link: port:2 link:down
	link: port:3 link:down
	link: port:4 link:down
	link: port:5 link:up speed:1000baseT full-duplex txflow rxflow auto
	link: port:6 link:up speed:1000baseT full-duplex txflow rxflow

Gracias braian87b, I added that to the dhcp file. Thanks Per for the tip about the metric. Guifipedro also pointed out that there was a line like
option dns '8.8.8.8'
missing the network file, which now reads:

 config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'
        option dns '8.8.8.8'
        option metric '10'

config interface 'wan_orange'
        option ifname 'eth0.4'
        option proto 'dhcp'
        option dns '8.8.8.8'
        option metric '20'

1 Like

well, I'm still a bit confused. works sometimes, but sometimes stops working.


root@multiwan:~# logread -f | mwan3 status
Interface status:
interface wan is unknown and tracking is down
interface wan_orange is unknown and tracking is down

Current ipv4 policies:

Current ipv6 policies:

Directly connected ipv4 networks:

Directly connected ipv6 networks:

Active ipv4 user rules:

Active ipv6 user rules:

swconfig dev switch0 show | grep link

link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
link: port:1 link:up speed:100baseT full-duplex txflow rxflow auto
link: port:2 link:up speed:1000baseT full-duplex txflow rxflow auto
link: port:3 link:down
link: port:4 link:up speed:1000baseT full-duplex txflow rxflow auto
link: port:5 link:up speed:1000baseT full-duplex txflow rxflow auto
link: port:6 link:down

here are the results from the luci mwan3 troubleshooting thingy:




Software-Version
-------------------------------------------------
OpenWrt - OpenWrt 18.06.0-rc2 r7141-e4d0ee5af5
LuCI - git-18.196.56128-9112198


Output of "ip a show"
-------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.7.1/32 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether b0:4e:26:b0:a9:be brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b24e:26ff:feb0:a9be/64 scope link 
       valid_lft forever preferred_lft forever
9: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b0:4e:26:b0:a9:be brd ff:ff:ff:ff:ff:ff
    inet 192.168.7.1/24 brd 192.168.7.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fd28:7776:b82b::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::b24e:26ff:feb0:a9be/64 scope link 
       valid_lft forever preferred_lft forever
10: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether b0:4e:26:b0:a9:be brd ff:ff:ff:ff:ff:ff
11: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b0:4e:26:b0:a9:be brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b24e:26ff:feb0:a9be/64 scope link 
       valid_lft forever preferred_lft forever
12: eth0.4@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b0:4e:26:b0:a9:be brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b24e:26ff:feb0:a9be/64 scope link 
       valid_lft forever preferred_lft forever
13: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether b0:4e:26:b0:a9:be brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b24e:26ff:feb0:a9be/64 scope link 
       valid_lft forever preferred_lft forever


Output of "ip route show"
-------------------------------------------------
default via 192.168.7.1 dev lo 
192.168.7.0/24 dev br-lan proto kernel scope link src 192.168.7.1


Output of "ip rule show"
-------------------------------------------------
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default


Output of "ip route list table 1-250"
-------------------------------------------------


Output of "iptables -L -t mangle -v -n"
-------------------------------------------------
Chain PREROUTING (policy ACCEPT 4181 packets, 316K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 3087 packets, 203K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 890 packets, 53640 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 TCPMSS     tcp  --  *      eth0.2  0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 /* !fw3: Zone wan MTU fixing */ TCPMSS clamp to PMTU
    0     0 TCPMSS     tcp  --  *      eth0.4  0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 /* !fw3: Zone wan MTU fixing */ TCPMSS clamp to PMTU

Chain OUTPUT (policy ACCEPT 3926 packets, 252K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 3926 packets, 252K bytes)
 pkts bytes target     prot opt in     out     source               destination

falta_switch

the switch option disappears!

Mh, which version of Lede Mwan3 are you using ? sadly I only tested MWAN3 on OpenWRT 15.05.1 I have around many LEDE 17.1.4 Routers that I should upgrade later to Lede 17.1.5 or even better try OpenWRT 18.06.0 on those... I will try to recreate my Mwan3 configuration on those and come back next week. There are many users with issues that is because I stay away from upgrading it.

I suggest you wait for 18.06.1 (should be tagged tomorrow) and then wget these updated files from the pull request https://github.com/openwrt/packages/pull/6515/files :
/usr/sbin/mwan3
/usr/sbin/mwan3rtmon
/lib/mwan3/mwan3.sh
/etc/hotplug.d/iface/16-mwan3
Click View, then Raw for each file to get the URLs.

18.06.1 also contains a somewhat important security fix so it's a good idea to install it.

1 Like

turns out that it is working after all. What happens is actually that i was testing by opening a ping to 8.8.8.8, unplugging one wan cable, seeing for connectivity, reconnecting it, then unplugging the other wan cable. Some kind of combination of unplugging and replugging results in one or the other of the connections hanging, and it doesn't allow traffic even after minutes pass. I will try 18.06.1, and if I can reproduce the behaviour, (with 18.06 I can reproduce on the Archer C7) I will file a bug report. Thanks all!

also I found I was having problems with the DNS, but only sometimes. It seems to have improved after adding these two lines to /etc/config/dhcp in the section config dnsmasq:

config dnsmasq
        list server '8.8.8.8'
        list server '8.8.4.4'
1 Like

I had the same issue with broken DNS while using multiple wan, while one connection was in failed state.
In interfaces it helped to uncheck the option Use advertised DNS by peer and Use custom DNS servers: 8.8.8.8, 8.8.4.4 for both wan interfaces in the advanced options.

0xdGmm8

When one wan connection is in fail state, the advertised DNS by peer breaks the local DNS.

Then is it possible during a switch event to check that the DNS is available by pinging the DNS server, and if no response switch to another DNS server?

Find some way to trigger the script on interface state change:

NET_IF="wan"
NET_DOMAIN="openwrt.org"
NET_DNS="$(ifstatus "${NET_IF}" \
| jsonfilter -e "@['inactive']['dns-server'][0]")"
NET_BDNS="8.8.8.8 8.8.4.4"
NET_BDNS6="2001:4860:4860::8888 2001:4860:4860::8844"
if nslookup ${NET_DOMAIN} ${NET_DNS} 2>&1 \
| grep -q -e NXDOMAIN
then
uci set network.${NET_IF}.peerdns="${NET_PDNS}"
uci set network.${NET_IF}.dns="${NET_DNS}"
uci set network.${NET_IF}6.peerdns="${NET_PDNS}"
uci set network.${NET_IF}6.dns="${NET_DNS6}"
else
uci -q delete network.${NET_IF}.peerdns
uci -q delete network.${NET_IF}.dns
uci -q delete network.${NET_IF}6.peerdns
uci -q delete network.${NET_IF}6.dns
fi
/etc/init.d/network reload
1 Like

Or I would just set up additional fall back DNS servers directly in use custom DNS servers.

1 Like