Multi wan - mwan3 configuration advice

Hi folks, I'd like to ask you for advice on how to configure multi wan on my primary router that is somehow customized.

My current internet connection goes through router1 (mobile network router with customized openwrt from vendor with lan in bridge mode) -> router2 (linksys wrt1900acs - on primary WAN it gets IP from ISP). My ISP is limiting/hijacking DNS traffic, therefore I needed to set up DNS over TLS using unbound (that is freaking slow). I've got new internet connection that I'd like to use through my main router - router2 - just for some cases/devices - 1 lan port (from router3 connection + of course another 1lan port used as wan) + separate wifi ssid (either only 2,4ghz or both 2,4ghz and 5ghz). I'm running openwrt 21.x on my main router2.

My question are:

  1. Is it even possible to do it how I imagine?
  2. Will devices connected to "different networks" see each other?
  3. Do I need separate subnets for this or could it be all in 1?
  4. How can I NOT use DNS over TLS for connections that goes trough router2->router3? Currently I've got redirected all DNS requests to go through unbound on router2
  5. When my NAS with 2 ports will be connected to 2 different network, will it cause any issue? I'd like to go out to internet through router1 connection, but go in through router2 connection.
  6. Some configuration tips please
  7. Can I use it like 1 device will always goes through router2->router3 unless there's a connection issue and then it'll utilize router2->router1 path? And of course for another device or devices connected via differed wifi use router1->router2 unless there's a connection problem and then use router3->router2 path?
  8. Will port forwarding be working via router3->router2>device?
  9. Will this work with watchcat that I have set up for wan interface restart once there's no ping for couple of seconds?
    Thank you.
  1. I lost you with the router numbering. If I understand properly you'll connect all lan devices on router 2 and then balance between the two uplinks.
  2. What do different networks mean? Maybe you can draw a diagram?
  3. You can create rules based on the source IP, so it is not necessary to have separate subnets.
  4. I guess you can configure unbound to use a regular nameserver, for which there can be a rule to be routed over the second line.
  5. You cannot have asymmetric routing.
  6. Very vague.
  7. Yes, there are wan_wanb and wanb_wan policies in the example config doing that.
  8. Yes, just make sure that return traffic is using the same uplink.
  9. mwan3 has its own failure detection and restoration mechanism.

@trendy Hi, I'll try to explain it better.
router1 - existing router to use mobile internet connection
router3 - new router to use cable internet connection

router2 (main router) ports:
wan <- router1
lan1 (wanb)<- router3
lan2 - to use for 1 device and traffic to go through router3
lan3/lan4 - for all other devices and traffic to go through router1

Now wifi: I'd like to have existing 2,4/5GHz networks (internet via router1) and utilize new internet connection (via router3) new SSIDs (internet via router3).

But, the the same time, in case of failure of router1 OR router3, I need to have ALL devices using the only active connection at the time being.

"You can create rules based on the source IP, so it is not necessary to have separate subnets." -> This is interesting, in that case all devices in local network could see each other, on the other hand I'd rather not configure static IPs on devices. Or could it be done some way that e.g. each devices connected via "WIFI_B" will primarily go out to internet via router3 connection and each device connected viac "WIFI_A" will primarily go out to internet via router1 connection?

Also, I'm trying to figure out how to manage this on interface level. I can do it with 2 VLANs or I can remove lan1 from br-lan device and create WANB interface. What's the best way? And how to deal with lan2 port?

Thank you.

Ok, long story short, I somehow managed to configure it. All connections use unbound (dns over tls). Default rule is wan_wanb. For 1 IP, I set it the other way wanb_wan. All tested and working, failover and failback.

The only thing I'm not sure if that's correct is that I removed lan1 from br-lan in order to create interface from it wanb. Is there any other better way to do it, or is it correct?

This way, everything is transparent and each device sees each other. WONDERFUL! :slight_smile: Now I just need to adjust a little things.

That's quite alright.

1 Like