Mapping Lan traffic to specific WAN

Heya , I got 2 individual pppoe wan interfaces on my tplink 940n running openwrt v18.06.
Was wondering how can I create 2 seperate wifi AP and map each to a WAN ?
Wifi LAN1 traffic going through WAN1
Wifi LAN2 traffic going through WAN2
Both pairs seperate from each other

mwan3 package is a no go cause of space limitation , tried building a custom image too but no luck

and 18.06 is long since obsolete and unsupported and probably has security vulnerabilities that will not be patched.

mwan3: I think this is a requirement for what you want to do. I'm not even sure that it is possible to get multiple WANs to function in general without this package.

It is time to get a new device.

Please see the following

Mwan isn't required from what I can tell.

Cool. I guess mwan simplifies this, but pbr could theoretically do the same thing. @solaris7 - have you tried installing policy based routing?

No , I haven't tried policy based routing , would be helpful if you could point me to the docs
Also similar to my situation, I found Routing all external traffic from one specific machine to a particular WAN interface

Reading above I think above could do the magic but I lack enough knowledge on ip tables
Even routing a traffic from thought WAN1 and through WAN2 where DHCP only assigns address till 150 would be ideal for me

Trying to recreate the solution from here , I have setup 2 WAN pppoe and 2 LAN with DHCP each but lost on how to map each to seperate WAN

config interface 'lan'
        option type 'bridge'
        option ifname 'eth1.1'
        option proto 'static'
        option ipaddr ''
        option netmask ''
        option ip6assign '60'
        option metric '10'

config interface 'wan'
        option ifname 'eth0'
        option proto 'pppoe'
        option username 'wan0user'
        option password '123456'
        option ipv6 'auto'
        option keepalive '5 5'
        option peerdns '0'
        option dns ''

config interface 'WAN1'
        option proto 'pppoe'
        option ifname 'eth1'
        option username 'wan1user'
        option password '123456'
        option keepalive '0'
        option delegate '0'
        option ipv6 '0'

config interface 'LAN1'
        option type 'bridge'
        option proto 'static'
        option ifname 'eth1.1'
        option delegate '0'
        option ipaddr ''
        option netmask ''
        option metric '20'

The first example looks promising.

You'll need firewall rules too, these can be set in Luci. Try a bit of experimentation.

Tried different rules with lookup and iptables but couldnt get it working, my config is a mess now will reset and try again later

Before you add the extra config for wan1/lan1, does lan wan work?

Check your /etc/config/firewall and clone that for the second wan / lan.

In LAN and LAN1 you're using the same interface name? eth1.1. Is that for vlan1?

Do you have luci installed? Might be easier to visualise.

Yup , lan wan is working
Already assigned firewall rules
eth1.1 is wifi interface, yea it's vlan1
Got Luci but the routes page is barebones

Will be trying PBR setup again next weekend
Thnx for all the help tho

Tried a very basic setup to pass my lan traffic over wan
Disabled Default gateway checkbox on wan
Added below route and rule

config route
        option table '10'
        option target ''
        option interface 'wan'

config rule
        option in 'lan'
        option lookup '10'

Got a weird outcome where only my laptop was able to access internet but no other device could

You'd need a new vlan and then assign the new vlan to the second lan. The second WiFi should be on the new vlan too

Well I am trying to get routes and rules working on 1 lan and 1 wan , did a reset and added rules

Was hoping this would work and I could replicate it for wan1 and lan1

In this case, you may also need to specify the next hop address in the route.

config route
        option table '10'
        option target ''
        option interface 'wan'
        option gateway ''

Use these commands to check if the ip rule and route are created.

ip rule
ip route list table 10

Some comments on your previous posts:

The metric should be set for wan, not lan interfaces.
It is enough to set metric 10 on WAN1.
Check that both pppoe interfaces are up and the default gateways are set.

ip -4 route list 0/0

The result should be something like this:

default via ... dev pppoe-wan ...
default via ... dev pppoe-WAN1 ... metric 10

As mentioned above, you use ifname eth1.1 in the lan and LAN1 interface sections. Remove it from LAN1.

When you get LAN1 working (clients obtain IP settings via DHCP), run the following commands:

ip rule add from table 100 prio 1
ip route add default dev pppoe-WAN1 table 100

Check if LAN1 clients access the Internet only through WAN1.
If it works, you can try the uci syntax.

1 Like

Where can I get the gateway address from ?
Both wan are pppoe , I disabled default gateway option of each wan assuming I need to do so to avoid lan1 traffic possibly going through wan0

The gateway is set dynamically via DHCP. Even if you retrieve it, it may change after the next pppoe negotiation.

So don't disable the gateways, set metric 10 for wan1 and make both pppoe interfaces active.

By default the lan clients will use wan, because it will have higher priority.
To make them use wan1, for testing purposes create these rules manually:

ip rule add from table 100 prio 1
ip route add default dev pppoe-WAN1 table 100

Pay attention to the interface name - lowercase or uppercase as defined in /etc/config/network.

The uci syntax should look like this, but I can't test it with this old version:

uci add network rule
uci set network.@rule[-1].src=''
uci set network.@rule[-1].lookup='100'

uci add network route
uci set network.@route[-1].target=''
uci set network.@route[-1].netmask=''
uci set network.@route[-1].interface='WAN1'
uci set network.@route[-1].table='100'
uci commit network
/etc/init.d/network restart

Here is a link with a good explanation:


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.