So I've got mwan3 working as I wanted. I even tweaked to to prefer the ISP that is slightly faster. The problem I'm running into now is that the slower ISP is the only one that has IPv6.
As a result using a PC makes nearly all traffic go over that wan leaving the faster one getting significantly less traffic.
I saw this in the guide:
You can prevent mwan3 from routing IPv6 traffic by declaring option family 'ipv4'on all rules and removing the default IPv6 rule. This will prevent any mwan3 IPv6 routing rules being created by mwan3. You should also add option last_resort 'default' on your policies to fall back to the main routing table to allow IPv6 traffic (if present). However, doing this means your IPv6 traffic cannot be balanced or fail over if not handled by mwan3.
Wouldn't that still make all IPv6 traffic go over the same ISP?
Is there a way for traffic to be down-graded to IPv4 and thrown over to the other ISP to keep the balance? Is there something I can use to upgrade the IPv4 only ISP so it gets used as well?
Not on this level. When you do a DNS lookup for domain.com, and you get an IPv6 and an IPv4 address, you (the client which tries to reach to domain.com) is free to choose the IPv4 address. But when it chooses the IPv6 address, there is no way a router in between could map that back on IPv4.
So OpenWrt/mwan3 does a DNS lookup, then does the load balance. If the address returned is IPv6 it uses the IPv6 rule to balance (which in this case is 100% the same ISP)?
Couldn't they fix this, and the use of the wrong DNS server with the wrong WAN by having the load balance come first and be frozen?
That way if the non-IPv6 ISP was chosen by the balance rules, it would then always use its own DNS server, which likely wouldn't return an IPv6 address, and then the same wan would be the one that would contact the IP returned. The other ISP could just be failover if the result was IPv6.
Would the ISP/DNS rule that fixes the DNS server/mail issue also fix this (same link as above)?
I think it would only marginally fix the problem since (I believe) there are two separate balances, the first chooses the DNS lookup and the second for the actual connection to the IP address.
Finally, is Hurricane Electric Free IPv6 Tunnel Broker really free without weird limitations or anything?
Not exactly. If DNS returns an IPv6 address and the client process chooses to use it instead of v4, the client will originate an IPv6 connection. Then the router will route it to the one ISP, since that is the only one that ever has a route for IPv6.
In other words, there's no linkage between DNS and mwan. mwan processes the connections that clients make, regardless of how they obtained the IP address.
I'm not sure that's entirely true. When using mwan3, a client can pass through one wan attempting to contact the DNS server from the other wan.
The only way that should be happening is if mwan3 load balances the dns lookup and then balances again once the client tries to contact the IP address.
Sure, in my case that means all IPv6 will go through the same wan, but otherwise it would use the IPv6 rule you have.
Of course, I don't understand how a client decides whether to contact the IPv4 or IPv6 dns server in the first place.
If it's sent to a wan that doesn't have an IPv6 server, but wants an IPv6 address, does it fail over to the other wan or does it fail over to the IPv4 server on the same wan?
An external DNS lookup is just another UDP or TCP connection, so it is going to get load balanced.
and this can be a problem since ISP operated DNS servers are almost always firewalled from the general Internet. They can only be accessed by a customer from an IP address that is inside the ISP.
Most DNS servers can be reached by either IPv4 or IPv6. The results seldom change based on the address family used by the requestor. The DNS server operated by a v4 only ISP may even still provide AAAA (IPv6) records. This can be tested with nslookup FQDNDNS_server_IP
When I first set this up, I was getting lags when loading web pages. Changing to Cloudflare's open DNS servers fixed that.
I changed back to the IPs' servers and did nslookups; WANb's IPv4 server returned IPv6 results anyway.
There's almost nothing I can tweak via rules or changing DNS servers to fix or soften this issue.
So my options are to use a questionable 6to4 tunnel on WANb, disable IPv6 on WANa, or disable mwan3 from routing IPv6 traffic
You can prevent mwan3 from routing IPv6 traffic by declaring option family 'ipv4' [on all rules] and removing the default IPv6 rule. This will prevent any mwan3 IPv6 routing rules being created by mwan3. You should also add option last_resort 'default' on your policies to fall back to the main routing table to allow IPv6 traffic (if present). However, doing this means your IPv6 traffic cannot be balanced or fail over if not handled by mwan3.
The last option seems both the best and worst. On the bright side, it should reduce IPv6 use and only fall (fail?) over to it when all else fails (falls?) ((Sorry about the Hudsucker Proxy joke there.))
On the down side, there would probably be a lot less IPv6 use. I suppose mwan3 not balancing IPv6 isn't an issue considering there's nothing to balance.
I dunno.
This is the best solution I found to the problem as well. Neither of my two ISPs has ipv6, so I have setup a l2tpv3 tunnel (there's a specific technical reason for this choice over 6in4, but this isn't the place to explain it) to a server I have in a data centre and all my ipv6 traffic is routed over this link. Fortunately it's fast, but obviously not as fast as a non-tunnelled connection, so I don't want it to be used by default.
The prefix policy solution works nicely: ipv6-only sites are accessible, while those with an ipv4 address are the default.
All my Windows machines use prefix policies to ensure they favour ipv4 over ipv6 and things work nicely. My Linux machines have a similar precedence setting in /etc/gai.conf
#
# For sites which prefer IPv4 connections change the last line to
#
precedence ::ffff:0:0/96 100
I don't know why, but after rebooting, testing IPv6 failed. Restored the original settings, rebooted and now they're back. I'm not sure why. I'll try again some other time.
So. Tunnel Broker gives you free IPv6 tunnel... as long as you give them all of your personal information and then send your internet through their servers.
And people are doing this? LOL.
So, the question is, is there a way to set up a MWAN3 rule based on a MAC address instead of an IP address?
Of course it needs to overrule a device asking for an IPv6 address, which would still cause fail over.
