mwan3 enables fail over, sharing and conditional use of 2 (or more) wan interfaces. In my case wan is a pppoe fixed IP ISP interface, wan2 goes to a VPN client (openvpn external to the router) which routes through the same ISP. The objective is to be able to switch individual clients through, or not through the VPN dependent on the situation. To get media content from some US providers requires a US IP so the VPN is used. (for example the Washington Post) However I also run my own mail server. Although a mail client can happily operate from any IP and hence from a machine switched through the VPN, the mail server cannot. This is because it would be sending from an IP which is NOT listed in the DNS MX record and would most likely be considered as sending spam. Also many VPN providers will simply block SMTP traffic to avoid being responsible for spam.
Here's the problem. My mail server lives on a machine whose user also wishes to read the Washington Post.
mwan3 says you can configure it by host IP (LAN), by source, or more usefully destination port, and by protocol. My understanding is that sent mail (SMTP) actually runs over TCP to destination port 25 so I thought I could configure a rule 'use wan only' for my mail server's IP (192.168.2.3) sending to port 25 over TCP, and a default rule which would send everything else via a rule 'use wan2 only'. In other words every protocol, to every port EXCEPT TCP to port 25 coming from 192.168.2.3 will go via wan2, i.e. via the VPN. mwan3 says the rules are tested in order till one matches, so if 192.168.2.3 is sending tcp to port 25 it should go through the regular ISP on wan, any other sends will go via the VPN on wan2. if the rules are ordered that way.
But of course, I wouldn't be writing this if it worked. Mail does NOT go via the regular ISP. Has anyone any idea why?
Thanks.
I have to update this. My problem related to other special firewall rules I was using, in particular blocking scripts from https://github.com/kravietz/blacklist-scripts. mwan3 works perfectly routing my mail server direct to my ISP, and other programs, on the same machine, via a commercial VPN.
Just posted this in case future searchers should be misled about mwan3.
Please edit title [solved].