Netgear wndr3700v2, vlan + mwan3 (wanb - No tracking)

Tarmgass · May 27, 2022, 8:09pm

Hello
I am trying to get a second wan port in my router with OpenWrt 21.02.3.
LAN ip static 192.168.2.1 with dhcp server.

I have two diffrent isp connected to WAN and LAN1 (wanb) port.

VLAN settings:

When i do test in Load balancing status - diagnostic wan gets ping reply from 192.168.1.1, and when i select wanb i get reply from 192.168.30.1 as expected.

If i swap cables and restart interfaces its same, correct addresses but still only wan that gets status "online". wanb - no tracking. If i disconnect wan, with only wanb connected to internet, i get offline. Can someone please have a look at my settings and see whats wrong?

Mwan details: 
Interface status:
 interface wan is online 00h:05m:00s, uptime 00h:05m:21s and tracking is active
 interface wanb is disabled and tracking is down

Current ipv4 policies:
wan_to_wanb:
 wan (100%)

Current ipv6 policies:
balanced:
 
wan_to_wanb:
 unreachable

Directly connected ipv4 networks:
192.168.1.0/24
192.168.2.0/24
127.0.0.0/8
224.0.0.0/3
192.168.30.0/24

Directly connected ipv6 networks:
fd51:dc1f:8d72::/64
fe80::/64

Active ipv4 user rules:
  842 88113 S https  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 443 
 1169  668K - wan_to_wanb  all  --  *      *       0.0.0.0/0            0.0.0.0/0            

Active ipv6 user rules:
    0     0 S https  tcp      *      *       ::/0                 ::/0                 multiport dports 443 
 2821  430K - balanced  all

## MWAN Status - Troubleshooting
Software-Version
-------------------------------------------------
OpenWrt - OpenWrt 21.02.3 r16554-1d4dea6d4f
LuCI - git-22.083.69138-0a0ce2a


Output of "ip a show"
-------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000
    link/ether c6:3d:c7:90:eb:7b brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether c4:3d:c7:90:eb:7c brd ff:ff:ff:ff:ff:ff
    inet 192.168.30.101/24 brd 192.168.30.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::c63d:c7ff:fe90:eb7c/64 scope link 
       valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether c6:3d:c7:90:eb:7b brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/24 brd 192.168.2.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fd51:dc1f:8d72::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::c43d:c7ff:fe90:eb7b/64 scope link 
       valid_lft forever preferred_lft forever
8: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether c4:3d:c7:90:eb:7d brd ff:ff:ff:ff:ff:ff
    inet6 fe80::c63d:c7ff:fe90:eb7d/64 scope link 
       valid_lft forever preferred_lft forever
9: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether c4:3d:c7:90:eb:7b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::c63d:c7ff:fe90:eb7b/64 scope link 
       valid_lft forever preferred_lft forever
11: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether c6:3d:c7:90:eb:7b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.233/24 brd 192.168.1.255 scope global eth0.2
       valid_lft forever preferred_lft forever
    inet6 fe80::c43d:c7ff:fe90:eb7b/64 scope link 
       valid_lft forever preferred_lft forever


Output of "ip route show"
-------------------------------------------------
default via 192.168.30.1 dev eth1 proto static src 192.168.30.101 metric 10 
default via 192.168.1.1 dev eth0.2 proto static src 192.168.1.233 metric 20 
192.168.1.0/24 dev eth0.2 proto static scope link metric 20 
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1 
192.168.30.0/24 dev eth1 proto static scope link metric 10


Output of "ip rule show"
-------------------------------------------------
0:	from all lookup local
1001:	from all iif eth1 lookup 1
2001:	from all fwmark 0x100/0x3f00 lookup 1
2061:	from all fwmark 0x3d00/0x3f00 blackhole
2062:	from all fwmark 0x3e00/0x3f00 unreachable
3001:	from all fwmark 0x100/0x3f00 unreachable
32766:	from all lookup main
32767:	from all lookup default


Output of "ip route list table 1-250"
-------------------------------------------------
Table 1: default via 192.168.30.1 dev eth1 proto static src 192.168.30.101 metric 10 
192.168.1.0/24 dev eth0.2 proto static scope link metric 20 
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1 
192.168.30.0/24 dev eth1 proto static scope link metric 10


Output of "iptables -L -t mangle -v -n"
-------------------------------------------------
Chain PREROUTING (policy ACCEPT 10681 packets, 4727K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 149K  106M mwan3_hook  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 1054 packets, 111K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 8334 packets, 4386K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   76  3952 TCPMSS     tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 /* !fw3: Zone wan MTU fixing */ TCPMSS clamp to PMTU
   92  4764 TCPMSS     tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 /* !fw3: Zone wan MTU fixing */ TCPMSS clamp to PMTU

Chain OUTPUT (policy ACCEPT 827 packets, 106K bytes)
 pkts bytes target     prot opt in     out     source               destination         
11382 3768K mwan3_hook  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 8837 packets, 4473K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain mwan3_connected (2 references)
 pkts bytes target     prot opt in     out     source               destination         
91068   96M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set mwan3_connected dst MARK or 0x3f00

Chain mwan3_hook (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 158K  110M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 CONNMARK restore mask 0x3f00
22662 4083K mwan3_ifaces_in  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00
 6626 1614K mwan3_connected  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00
 2022  763K mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00
 160K  110M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK save mask 0x3f00
 114K  102M mwan3_connected  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match ! 0x3f00/0x3f00

Chain mwan3_iface_in_wan (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   80 39048 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0            match-set mwan3_connected src mark match 0x0/0x3f00 /* default */ MARK or 0x3f00
    0     0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* wan */ MARK xset 0x100/0x3f00

Chain mwan3_ifaces_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 2097  331K mwan3_iface_in_wan  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00

Chain mwan3_policy_wan_to_wanb (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  145 40967 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00 /* wan 1 1 */ MARK xset 0x100/0x3f00

Chain mwan3_rule_https (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  842 88113 mwan3_policy_wan_to_wanb  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00
  842 88113 SET        all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match ! 0xfc00/0xfc00 del-set mwan3_sticky_https src,src
  842 88113 SET        all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match ! 0xfc00/0xfc00 add-set mwan3_sticky_https src,src

Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  842 88113 mwan3_rule_https  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 443 mark match 0x0/0x3f00
 1180  675K mwan3_policy_wan_to_wanb  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0x3f00

Tarmgass · May 27, 2022, 8:11pm

Tarmgass · May 27, 2022, 8:12pm

Tarmgass · May 27, 2022, 8:17pm

root@OpenWrt:~# mwan3 status ; echo; uci export mwan
Interface status:
 interface wan is online 00h:18m:11s, uptime 00h:18m:32s and tracking is active
 interface wanb is disabled and tracking is down

Current ipv4 policies:
wan_to_wanb:
 wan (100%)

Current ipv6 policies:
balanced:

wan_to_wanb:
 unreachable

Directly connected ipv4 networks:
192.168.1.0/24
192.168.2.0/24
127.0.0.0/8
224.0.0.0/3
192.168.30.0/24

Directly connected ipv6 networks:
fd51:dc1f:8d72::/64
fe80::/64

Active ipv4 user rules:
  863 89205 S https  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                    multiport dports 443
 1248  724K - wan_to_wanb  all  --  *      *       0.0.0.0/0            0.0.0.0/                                                                                        0

Active ipv6 user rules:
    0     0 S https  tcp      *      *       ::/0                 ::/0                                                                                                         multiport dports 443
 3237  485K - balanced  all      *      *       ::/0                 ::/0                                                                                               


uci: Entry not found
root@OpenWrt:~#

kukulo · May 28, 2022, 4:44am

I met this behavior in 21.02 when swapping the wan cables. One reason for this is that kernel routing table maintains the same path, so when you swap a restart is needed to create a new path. The resolution is simple: do not swap the wan cables until this is patched out. I did not met this in 15.01 release.

Tarmgass · May 28, 2022, 10:30am

Hello again. I got managed to get both wan`s online!
Looks like the wanb was not enabled in mwan interfaces!

But, i am still not happy, because when i tried to connect it up as intended i do not get connect from the other LAN ports.

Yesterday when i was testing, i was connected with wifi all the time.
When i now connect with LAN 2-3-4 i dont even get IP.

kukulo · May 28, 2022, 2:44pm

Check the switch configuration for vlans.

Tarmgass · May 29, 2022, 7:52am

Yes.
I did a reset and started over again following the manual for mwan3.
I think i forgot the step with restart router after configuring the vlans the first time.
All ok after second round of configuring.

Now i am trying to make a vlan for a second lan.
I want to connect two separate lan`s.

I added own firewall zone for second lan, but still no connection on it. I do get ip from dhcp server on it.

I can see the first lan is lan-br and looks like it is bridged, but with what? i suppose it is the other lan ports and the wifi ?

kukulo · May 29, 2022, 9:43am

I would like to direct you to this wiki page.