MWAN3 failover corner cases

mfullerca · March 21, 2020, 3:51pm

I setup mwan3 to failover to a tethered LTE device (using my COVID-19 downtime to try and increase the reliability of my network). This mostly works fine, but there are 2 "corner cases" that I'm curious if anyone knows how to address:

Q1. If I hard-code my primary ISPs DNS servers as forwarders in dnsmasq (my previous configuration), I have no DNS when I failover to LTE since that ISP doesn't allow external DNS requests (understandably), which these now are. OtoH if I remove my list of forwarders, everything works fine but dnsmasq sends requests to all DNS servers (2 for my primary ISP and 1 for the LTE connection), burning my LTE bandwidth (I pay by the byte).

I know there's an option to make dnsmasq query serially rather than in parallel, but I rather like the parallel feature, just not on the backup interface. I also know I could use a public DNS server, but I'm in a rural area so my ISP's are actually faster, plus getting accurate geolocation is critical for streaming here.

I think what I need is a script that mwan3 runs when interfaces go up/down to tweak the DNS settings. I recall there's a way to run scripts, but I don't know how to safely tweak dnsmasq settings on the fly.
Ideas?

Q2. If I failover to LTE and the primary interface comes back, connections that were active over the backup stay active and routed over the backup interface. This is also understandable (state kept), but I'd actually like to flush them and force a reconnections over the primary interface (again, I pay by the byte, but also LTE is still painfully slow here). Suggestions?

trendy · March 21, 2020, 8:28pm

Why not make a rule for the nameservers to use only a specific policy, which uses only one interface?

I'd use the script /etc/mwan3.user to flush and force a reconnection.

mfullerca · March 24, 2020, 2:37am

So IIRC there is an issue w/ mwan3 on OpenWRT whereby the rules don't apply to traffic sourced from the router itself (and these are because I use the router's dnsmasq as my LAN's DNS). I tried, anyway, hoping it has been fixed since I last used mwan3 and it has not.

Thanks, but how exactly? I searched around for how to flush the NAT table state and didn't find anything obvious, which is surprising. I must be using the wrong term to search for this since I can't be the first person to want to do this, but most posts I find remove all the NAT and iptable rules, which is not what I want -- I just want to flush all the state.

trendy · March 24, 2020, 9:50am

mwan3_hook is used both in PREROUTING chain as well as in OUTPUT.
I just tried it and it worked fine for me.

Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   19   874 mwan3_policy_lte_only  all  --  *      *       0.0.0.0/0            1.0.0.1              mark match 0x0/0x3f00 /* test1 */
   24  1104 mwan3_policy_wan_only  all  --  *      *       0.0.0.0/0            1.1.1.1              mark match 0x0/0x3f00 /* test2 */

config rule 'test1'
        option dest_ip '1.0.0.1'
        option proto 'all'
        option sticky '0'
        option use_policy 'lte_only'

config rule 'test2'
        option dest_ip '1.1.1.1'
        option proto 'all'
        option sticky '0'
        option use_policy 'wan_only'

I am not sure if this is possible, or at least I have never come across it.
Have you enabled Sticky timeout?