I'm using an old laptop as my Owrt router, with 2 ports, one usb 2.5GbE and the internal 1GbE. The 2.5GbE is my wan port, and my ISP allows me to have multiple IPs (to a certain extent), however I do not have any more USB ports to plug a 2nd ethernet adapter.
My questions are:
How can I setup multiple PPPoE wan connections on a single WAN port? SOLVED (just use macvlan or bridge device with the wan port as member + 2 virtual Ethernet devices with different MAC addresses)
I have some VLANs to separate my security system from my home system, and I would like to dedicate a separate WAN IP to them, how can I proceed with that?
What I tried:
I tried using macvlan (as shown in mwan3 guide), I do get 2 IPs and all, but only one of them has internet access on the LAN side (it still pings fine to google if I try to do so inside OWrt, while specifying either interface with -I)
I tried bridging 2 virtual ethernets and the wan port and dedicate each virtual ethernet to 2 WAN interfaces, connects, but same as before, only one of them gets internet access
I am using 4 different Zones: LAN/WAN for home (and they're configured properly), SLAN/SWAN for my security system network, I set them the same way the default LAN/WAN Zones are.
Both WAN interfaces get different IPs, but only the last one to connect gets to route its internet traffic to its dedicated Zone: if WAN connects last, SLAN will not have internet access, same if SWAN connects last, LAN will not have internet access
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
I tried both, both give me the same result, however i tried with 2 virt eths as I need 2 different MAC addresses. I think i need to update my post since i found out that both pppoe connections have internet access within openwrt (i can ssh to the router, ping google through each pppoe separately and it would successfully resolve and ping).
My main issue now is to isolate wansec to be exclusive to SEC lan.
I did, check the bottom part of my firewall rules, however i cannot get internet on the slan side. If I restart swan interface, i would get internet on slan, but ill lose internet on lan side. However if I try ping google from within openwrt, both wan/swan have internet access.
The macvlan interfaces for the pppoe are proper though calling them veth is a bit confusing since linux has a type of interface called veth already
I think you're probably better off making separate vlan interfaces off eth1 rather than trying to use the bridge filtering with one port. I'm sure it probably works fine it just looks kinda messy, and to clean it up you'd probably end up putting a bridge under a bridge, for one port.
Thanks, I'll see what I can do about it. however, I still can't figure out how to properly route each pppoe interface to a specific one. Setting up firewall zones and the routing doesn't seem to help.
Steps to setup two WAN connections and set one as a gateway to specific VLAN:
Setup a second WAN
Create new WAN connection, set it up with whatever your ISP requires (PPPoE/DHCP...) and remember the name of the new connection, we will need it later.
Go to Advanced Settings > Use gateway metric > Put any value higher than 1 (I used 10, this would put the gateway from this WAN connection lower than your WAN1 connection, making WAN1 your default gateway)
Go to Firewall Settings > Create/Assign > --custom-- > Put a new firewall zone name (will be configured later) > Enter
Save > Save and Apply
Check if your WAN is connected and has its own IP
Note: Depending on your ISP, you might not be able to create multiple sessions, check with your ISP. Some ISPs might require a specific mac address or other requirements, surprisingly my ISP doesn't care at all. If you have a second ISP, set it up as usual with the gateway metric and firewall zones as above.
Once your setup your WAN:
Setup PBR
Go to System > Software > Update lists... > search for pbr > install luci-app-pbr package
once install, press Ctrl Shift R (or Shift F5 or log out and relogin to the GUI) to refresh the GUI
Go to Services > Policy routing > Delete any setup in Policies, DNS Policies and DSCP Tagging (you might also remove custom user file include entries)
Go to Advanced Configuration > Supported Interfaces > add the WAN interface to the list (note that it's case sensitive, write it as you did in step 1 of the previous section above.
Save and apply
You should be able to see your newly added Interface at the top of the page listed under "Service Gateways"
Go to Basic Configuration > Policies > Add
Name: [pick a name] / Local addresses [put your VLAN's subnet, eg: 10.0.0.0/24] / Protocol [All] / Interface [your second WAN]
Save
Save and apply
Setup the firewall
We assume your VLAN is in its own firewall zone, if not, make a new firewall zone with your own sets of rules or copy the default LAN rules for Input/Output/IntraZone FW.
Go to Network > Firewall > Edit the WAN2 zone: Input Reject, Output Accept, Intra Zone Forward Reject, Check Masquerading (this way it would be setup as your WAN firewall zone)
Save
Edit your VLAN FW Zone > Allow forward to destination zones: your second wan zone
Save and apply
This should be it. You can try connecting to your VLAN zone and check for your public IP address, and check it against the IP shown in WAN2 in Network Interfaces.