I'd like to use mwan3 for setting up a WAN failover, using three routers:
Router 1: connects to WAN via ISP 1
Router 2: connects to WAN via ISP 2
Router 3: has OpenWrt and mwan3 installed, and is the LAN DHCP server + LAN default gateway
Routers 1, 2 and 3 are all part of the LAN, and are thus interconnected via LAN (not WAN) ports. Therefore, I'd basically like mwan3 to simply forward the traffic to another router instead of to a specific interface.
If I correctly understand the mwan3 documentation, I have to use the kmod-macvlan package to create two new virtual ethernet interfaces for this, and then assign the MAC addresses of router 1 and router 2 to these virtual interfaces on Router 3? And after this I can then use these virtual interfaces with mwan3? Is that correct?
Why have router 1 and 2 on the LAN and not connected to router 3 via WAN ports? Are they providing any additional services to the LAN?
It may be possible to set it up with everything on LAN ports, but based on the scenario you are describing, it would be simpler to have routers 1 & 2 connect to WAN ports on router 3.
Yes, they do. They're acting as WiFi range extenders, and are also used for multiple other wired connections to printers and file servers. So, all routers must actually be in the LAN zone. This can't be changed.
As an additional constraint, it's also not possible to connect to both ISP's using the same router, since these wired connections are in completely different physical locations.
So under the proposed set up, traffic from Router 1 would make two additional wifi hops before it goes out of WAN1. Is that correct? It seems like this might introduce some un-necessary latency.
If you are primarily interested in failover, would it be better to set up traffic on router 1 to go to WAN1 and failover to WAN2 and traffic on router 2 to failover to WAN1?
Well yes, there are also wired connections between the routers in addition to the WiFi. So latency is not a problem here.
Unfortunately not, since WAN 1 is the primary (i.e. fast) one, which should be used by the entire network as default connection. WAN 2 is much slower and should only be used (by the entire network though) in the event that WAN 1 is down for some reason.
Thanks for sharing the additional details. In that case, you should be able to use router 3 as the default gateway for clients as you proposed.
You don’t need the mac vlan package though. You can set up additional Ethernet aliases (eg eth0.3 and eth0.4) and have them use router 1 and 2 as default gateways, then you can have mwan3 manage the failover between them.
OK great, this is what I must have been missing! I didn't know I could use aliases for this purpose. Thank you!
Yes, this is exactly what I'm looking for. I unfortunately just didn't know how to configure mwan3 to use a gateway, since the default mwan3 configuration only allows to use (existing) interfaces. Using an interface alias should hopefully be a solution for this, as aaronjg has pointed out. Thank you very much for your help!
Just checked on this a bit more. Looks like aliases (eth0:2) are deprecated and the correct way to do it is vlans (eth0.2). This may have been confusing since openwrt also uses the term alias for multiple luci names for the same underlying interface. Sorry for the confusion.
When you do get this to work, please post the relevant sections of your config for future users.
Well, OpenWrt won't let me create two different VLAN's with the same LAN ports marked as "untagged", so I don't see how I could do this with VLAN's.
It actually seems that mwan3 can only forward the traffic to an interface. To forward to a gateway instead, it seems that I actually have to create an additional LAN interface for the sole purpose of using it with mwan3, so that I can then specify the gateway within the configuration of this additional interface.
I'll poke around with this and will let you know when I get it working.
Thanks. Perhaps I still have the terminology wrong. I have not done this in some time. You used to be able to create multiple virtual networks for the same NIC with a colon after the device name. It appears this is now deprecated. What’s the proper way to do this now?
It looks like the deprecated method does not work either since you can't bind to the device.
Currently mwan3 only allows you to use the main routing table for checking link status, so you somehow need to create additional interfaces that mwan3 can bind to and will have their own default routes to router 1 and router 2.
Unfortunately, I don't know the best way to do that. Perhaps the macvlan package would work for this but I'm not sure.
The one to one link between interface, WAN, tracker, and routing table is all pretty ingrained in the mwan3 source unfortunately, so it be quite difficult to allow two gateways to be managed over one device without some sort of virtual device in the mix.