Hi. Im having trouble setting up failover using mwan3 and a LTE router connected to my OpenWrt device via ethernet.
I have followed the guide for DSA found in the documentation here.
Im stumped at 3.b - choosing the appropriate protocol. The modem GUI doesnt explain anything. Just the APN settings.
What exactly am I to use as protocol for a mobile provider?
Setting it as DHCP client results in it not being reachable, as well as the network going down in general, even though its on a different subnet, 8.1.
Scratching head...
b. Select whatever protocol is required for this interface DHCP, PPPoE etc. For device select the lan port you removed from br-lan earlier.
translates to
Select DHCP. For device select the lan port you removed from br-lan earlier and configured as another WAN, on its own VLAN, etc.
I suggest to start from the simplest configuration with a single uplink (to B315) and no MWAN.
Check if your B315 is capable to run in a bridge mode, that will allow you to avoid triple NAT.
1 Like
The UI is very basic, theres no bridge mode.
Also, the instructions say "select the port you removed from the bridge", so what is it i must choose? the port itself or the VLAN that was created earlier?
Thanks in advance.
Please log into the router via ssh and post the output of the commands below using the preformatted text button (</>)
ubus call system board; uci export network
Redact the public IPs and MAC addresses, if any.
# ubus call system board; uci export network
{
"kernel": "5.10.161",
"hostname": "Router",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "Ubiquiti EdgeRouter X",
"board_name": "ubnt,edgerouter-x",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.3",
"revision": "r20028-43d71ad93e",
"target": "ramips/mt7621",
"description": "OpenWrt 22.03.3 r20028-43d71ad93e"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option ipv6 '0'
option delegate '0'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
option ipv6 '0'
option metric '1'
config device
option type '8021q'
option ifname 'eth4'
option vid '20'
option name 'eth4.20'
config interface 'WANLTE'
option proto 'dhcp'
option device 'eth4'
option metric '3'
It looks like everything is set as per the instructions...
Also this is what /etc/config/mwan3 contains. I dont really understand what "m1_w3" etc. means and i may have set the metrics here inappropriately
config globals 'globals'
option mmx_mask '0x3F00'
option logging '1'
option loglevel 'notice'
list rt_table_lookup '220'
config interface 'wan'
option enabled '1'
list track_ip '1.0.0.1'
list track_ip '1.1.1.1'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
option family 'ipv4'
option reliability '2'
config interface 'wanb'
list track_ip '1.0.0.1'
list track_ip '1.1.1.1'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
option family 'ipv4'
option reliability '1'
option enabled '1'
option initial_state 'online'
option track_method 'ping'
option count '1'
option size '56'
option max_ttl '60'
option timeout '4'
option interval '10'
option failure_interval '5'
option recovery_interval '5'
option down '5'
option up '5'
list flush_conntrack 'ifdown'
list flush_conntrack 'disconnected'
config member 'wan_m1_w3'
option interface 'wan'
option metric '1'
option weight '3'
config member 'wan_m2_w3'
option interface 'wan'
option metric '1'
option weight '3'
config member 'wanb_m1_w2'
option interface 'wanb'
option weight '2'
option metric '3'
config member 'wanb_m1_w3'
option interface 'wanb'
option weight '2'
option metric '3'
config member 'wanb_m2_w2'
option interface 'wanb'
option metric '3'
option weight '2'
config member 'wan6_m1_w3'
option interface 'wan6'
option metric '1'
option weight '3'
config globals 'globals'
option local_source 'lan'
option mmx_mask '0x3F00'
A few things to consider:
- mwan3 configuration uses
wanbbut your secondary interface isWANLTE - Before configuring mwan3, you need to verify that everything works properly. Have you verified that?
- Does OpenWrt get settings on LTE interface? If not, have you connected another system, e.g windows PC to test?
1 Like
I have made a new interface called WANB, with "device" set to eth4, rather than the VLAN - still not clear why its part of the setup process. I am able to connect to the LTE router at 192.168.8.1. However, when doing the verification i see this:
ping -c 1 -I eth4 www.google.com
PING www.google.com (142.250.179.132): 56 data bytes
--- www.google.com ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
root@Router:~# ping -c 1 -I eth0 www.google.com
PING www.google.com (142.250.179.132): 56 data bytes
64 bytes from 142.250.179.132: seq=0 ttl=107 time=44.277 ms
--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 44.277/44.277/44.277 ms
root@Router:~# ping -c 1 -I eth4 www.google.com
PING www.google.com (142.250.179.132): 56 data bytes
Because if this won't work, there is something wrong and there is no point to proceed to configure mwan3.
What is the output of : ip -4 addr; ip -4 ro
Remove this.
Change the interface name to wanb in lowercase.
config interface 'wanb'
option proto 'dhcp'
option device 'eth4'
option metric '3'
Assign the wanb interface to the wan firewall zone.
Restart the network and firewall services and try pinging google again.
1 Like
Here it is:
ip -4 addr; ip -4 ro
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: eth0@dsa: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 1000
inet xxx.xx.xxx.xxx/24 brd xxx.xx.xxx.xxx scope global eth0
valid_lft forever preferred_lft forever
7: eth4@dsa: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.8.100/24 brd 192.168.8.255 scope global eth4
valid_lft forever preferred_lft forever
10: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
default via xxx.xx.xxx.x dev eth0 proto static src xxx.xx.xxx.xxx metric 1
default via 192.168.8.1 dev eth4 proto static src 192.168.8.100 metric 3
xxx.xx.xxx.x/24 dev eth0 proto static scope link metric 1
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.8.0/24 dev eth4 proto static scope link metric 3
I have done as you instructed. No dice, cant ping google...
The routing table looks good. Post the result of
uci show firewall.@zone[1]; nft list chain inet fw4 srcnat; nft list chain inet fw4 srcnat_wan
Here it is:
# uci show firewall.@zone[1]; nft list chain inet fw4 srcnat; nft list chain inet fw4 srcnat_wan
firewall.cfg03dc81=zone
firewall.cfg03dc81.name='wan'
firewall.cfg03dc81.input='REJECT'
firewall.cfg03dc81.output='ACCEPT'
firewall.cfg03dc81.forward='REJECT'
firewall.cfg03dc81.masq='1'
firewall.cfg03dc81.mtu_fix='1'
firewall.cfg03dc81.network='wan' 'WANB' 'wanb'
table inet fw4 {
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
oifname "br-lan" jump srcnat_lan comment "!fw4: Handle lan IPv4/IPv6 srcnat traffic"
oifname { "eth0", "eth4" } jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
}
}
table inet fw4 {
chain srcnat_wan {
meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 wan traffic"
}
}
Well, everything seems fine to me. You need to remove WANB from the listed networks, but that doesn't cause problems.
What is the output of
traceroute -i eth4 8.8.8.8
Also restart the mwan3 service and check the status of the two interfaces running mwan3 interfaces
EDIT:
If you plug a computer directly into the LTE device, can you access the internet?
Ive plugged directly into the modem and it works. Just double checked. Traceroute gives this:
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 46 byte packets
1 192.168.8.100 (192.168.8.100) 3159.713 ms !H 3110.052 ms !H 3110.013 ms !H
Also MWAN3 says both interfaces are online:
Interface status:
interface wan is online 01h:08m:13s, uptime 01h:08m:24s and tracking is active
interface wanb is online 01h:08m:18s, uptime 01h:08m:24s and tracking is active
Could it be some sort of policy problem with MWAN3 itself?
This traceroute is showing issues. Is this from OpenWrt or another system connected directly on the modem?
Can you ping or traceroute anything else? Like 1.1.1.1 or 9.9.9.9 ?
1 Like
All is being done from OpenWrt (main router, wan) secure shell. 1.1.1.1 shows similar times, a little faster but still very slow...
100.64 IPs are not public (this is a range reserved for the customer side of an ISP using CG-NAT) so you don't necessarily have to redact them.
Can you ping or traceroute the LTE modem 192.168.8.1? It appears that the 192.168.8 interface is being chosen, but it should hop to 192.168.8.1 next.
If you've never had the LTE modem work with OpenWrt, start by setting up your router with LTE as the only Internet connection and confirm that works.
1 Like
Strange, I'm seeing the same behavior.
root@MikroTik:~# traceroute -i lan5 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 46 byte packets
1 192.168.168.3 (192.168.168.3) 3110.991 ms !H 3110.026 ms !H 192.168.168.1 (192.168.168.1) 1786.582 ms
If I stop the main wan interface (ifdown wan), traceroute starts working.
After re-enabling the interface, traceroute from the second (wan2) interface continues to work.
I am running the same OpenWrt version.
I will look into the problem these days.
1 Like
Ok, thanks for the tip 
I am able to ping/traceroute the LTE device (192.168.8.1) and enter its GUI from PCs on the main subnet (192.168.1.0/24) and from OpenWrt shell.
Incidentally, when using the MWAN3 diagnostics to "Check IP rules", this is the output:
Missing fwmark and iif IP rule for interface "wanb"