MWAN not working

quen · September 24, 2022, 5:25pm

Hi,

I recently migrated from OpenWRT 19.07 to 22.03 and MWAN is not working anymore. I had to reinstall and reconfigure manually because of the DSA change.

I have two wan interfaces wan (cable internet) and wan2 (LTE backup) and two openvpn interfaces tun0 (through wan) and tun1 (through wan2). A month ago I also created a wireguard interface which has worked well under 19.07.

First I got error 15 for some interfaces, after some fiddling around the errors are gone. But none of the interfaces are tracking, and the policies are not shown either.

Any help is appreciated!

Interface status:
 interface wan is offline and tracking is down
 interface wan2 is offline and tracking is down
 interface tun0 is offline and tracking is down
 interface tun1 is offline and tracking is down
 interface wireguard is offline and tracking is down
Current ipv4 policies:
Current ipv6 policies:
Directly connected ipv4 networks:
Directly connected ipv6 networks:
Active ipv4 user rules:
Active ipv6 user rules:

Here is the troubleshooting output:

Software-Version
-------------------------------------------------
OpenWrt - 22.03.0

Output of "ip -4 a show"
-------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
6: lan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.1.20/24 brd 192.168.1.255 scope global lan1
       valid_lft forever preferred_lft forever
7: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 213.47.14.155/24 brd 213.47.14.255 scope global wan
       valid_lft forever preferred_lft forever
10: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.123.1/24 brd 192.168.123.255 scope global br-lan
       valid_lft forever preferred_lft forever
14: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
    inet 10.18.0.6/16 scope global tun1
       valid_lft forever preferred_lft forever
16: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
    inet 10.36.0.7/16 scope global tun0
       valid_lft forever preferred_lft forever
18: wireguard: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 10.2.0.2/32 brd 255.255.255.255 scope global wireguard
       valid_lft forever preferred_lft forever

Output of "ip -4 route show"
-------------------------------------------------
default via 213.47.14.1 dev wan proto static src 213.47.14.55 metric 10 
default via 192.168.1.1 dev lan1 proto static metric 20 
default dev wireguard proto static scope link metric 25 
default via 10.36.0.1 dev tun0 metric 55 
default via 10.18.0.1 dev tun1 metric 65 
10.2.0.2 dev wireguard proto static scope link metric 25 
10.18.0.0/16 dev tun1 proto kernel scope link src 10.18.0.6 
10.36.0.0/16 dev tun0 proto kernel scope link src 10.36.0.7 
185.159.158.56 via 192.168.1.1 dev lan1 proto static metric 20 
185.159.158.106 via 192.168.1.1 dev lan1 proto static metric 20 
185.159.158.139 via 192.168.1.1 dev lan1 proto static metric 20 
192.168.1.0/24 dev lan1 proto static scope link metric 20 
192.168.123.0/24 dev br-lan proto kernel scope link src 192.168.123.1 
213.47.14.0/24 dev wan proto static scope link metric 10 

Output of "ip -4 rule show"
-------------------------------------------------
0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default

Output of "ip -4 route list table 1-250"
-------------------------------------------------
No data found

Output of "iptables -t mangle -w -L -v -n"
-------------------------------------------------
Chain PREROUTING (policy ACCEPT 101K packets, 87M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 18470 packets, 4636K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 82526 packets, 83M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 16913 packets, 17M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 99430 packets, 100M bytes)
 pkts bytes target     prot opt in     out     source               destination

trendy · September 24, 2022, 6:27pm

22.03 is not working with iptables any longer. I don't see any rule nor routing table created, so most likely it is not yet migrated to 22.03.

quen · September 24, 2022, 6:57pm

OK, thanks for the info. This is important, though disappointing, information.

But apparently there was some porting work done: https://github.com/openwrt/packages/pull/17940

And the wiki says mwan 2.11.1, I have 2.11.1-1 installed, should work with 22.03: https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3

trendy · September 24, 2022, 7:01pm

Alright, but the troubleshooting part is using iptables so not too useful.

bluewavenet · September 24, 2022, 10:07pm

I think if you use opkg to force remove iptables-zz-legacy (if installed), then install iptables-nft, it will work. A reboot is probably sensible after doing this.

quen · September 24, 2022, 11:31pm

Thank you, that was it.

I have two quirks left:

I get error 16 for the openvpn interfaces.

Interface status:
 interface wan is online 00h:01m:05s, uptime 00h:01m:15s and tracking is active
 interface wan2 is online 00h:02m:32s, uptime 00h:02m:34s and tracking is active
 interface tun0 is error (16) and tracking is active
 interface tun1 is error (16) and tracking is active
 interface wireguard is online 00h:02m:07s, uptime 00h:02m:34s and tracking is active

I have added static routes for the VPN gateways, e.g. 89.36.76.130 (wireguard) through wan. For some reason there is a second route for 89.36.76.130 through lan1 which I did not add. And the routes for tun0 gateways through wan are missing as well.

root@openwrt:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         213-47-14-1.cab 0.0.0.0         UG    10     0        0 wan
default         192.168.1.1     0.0.0.0         UG    20     0        0 lan1
default         *               0.0.0.0         U     25     0        0 wireguard
default         10.34.0.1       0.0.0.0         UG    55     0        0 tun0
default         10.22.0.1       0.0.0.0         UG    65     0        0 tun1
10.2.0.2        *               255.255.255.255 UH    25     0        0 wireguard
10.22.0.0       *               255.255.0.0     U     0      0        0 tun1
10.34.0.0       *               255.255.0.0     U     0      0        0 tun0
89.36.76.130    213-47-14-1.cab 255.255.255.255 UGH   10     0        0 wan
89.36.76.130    192.168.1.1     255.255.255.255 UGH   20     0        0 lan1
185.159.158.56  192.168.1.1     255.255.255.255 UGH   16     0        0 lan1
185.159.158.106 192.168.1.1     255.255.255.255 UGH   15     0        0 lan1
185.159.158.139 192.168.1.1     255.255.255.255 UGH   17     0        0 lan1
192.168.1.0     *               255.255.255.0   U     20     0        0 lan1
192.168.123.0   *               255.255.255.0   U     0      0        0 br-lan
213.47.14.0     *               255.255.255.0   U     10     0        0 wan

system · October 4, 2022, 11:32pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.