OpenWRT and L2TP tunnel as WAN

Good day OpenWRT Community
I have a box (Qotom O1077GE (i7-10710u x86_64).
My provider uses L2TP for access to internet.
So, i setup this feature.
Plus, to this i added LTE module to the box.
Separately all ISP wan interfaces work very well.
So, i decide to implement WAN Failover

There is no alternative for this instead MWAN3.
I installed MWAN3 as described in article - https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3

But I’ve got a little problem:
All interfaces use DHCP for addressing (ETH7, L2TP and WWAN).
As i use L2TP i need separate interface in WAN zone for access to L2TP Auth Server. On my box this is a ETH7 interface.
This interface is setting use default gateway. Without these settings i do not get L2TP up.
With those setting connection L2TP established, but not traffic goes outside (I guess this cause ETH7 set own default route).

After all WAN interfaces goes up, I uncheck “Use default gateway” and packets start to go outside, and clients get internet access.

My Question does anybody implement same use case and if yes – how to solve default gateway on the ETH7 (back interface for L2TP)?

Here info and some settings of my box:

root@gw:~# grep VERSION_ID /etc/os-release 
VERSION_ID="23.05.0"
root@gw:~# /etc/config network

#in docs says this section on my version is not necessary, but I’ve added them
config interface 'self'
	option proto 'static'
	option ipaddr '192.168.20.1'
	option netmask '255.255.255.255'
	option gateway '192.168.20.1'
	option device 'lo'

#back interface for l2tp
config interface 'lanBeeline'
	option proto 'dhcp'
	option device 'eth7'
	option hostname '*'
	option delegate '0'
	option defaultroute '0'

#l2tp settings
config interface 'wanBeeline'
	option proto 'l2tp'
	option server 'l2tp.internet.beeline.kz'
	option username 'my Account'
	option password 'My password'
	option ipv6 'auto'
	option delegate '0'
	option metric '10'

#LTE settings
config interface 'wanTele2'
	option proto 'qmi'
	option device '/dev/cdc-wdm0'
	option apn ‘Tele2 APN’
	option auth 'none'
	option pdptype 'ipv4'
	option delegate '0'
	option metric '20'
root@gw:~# cat /etc/config/mwan3

config globals 'globals'
	option mmx_mask '0x3F00'

config rule 'all'
	option proto 'all'
	option sticky '0'
	option use_policy 'Failover'
	option src_ip '192.168.20.0/24'
	option dest_ip '0.0.0.0/0'

config interface 'wanBeeline'
	option enabled '1'
	option initial_state 'online'
	option family 'ipv4'
	list track_ip '1.1.1.1'
	option track_method 'ping'
	option reliability '1'
	option count '1'
	option size '56'
	option max_ttl '60'
	option timeout '4'
	option interval '10'
	option failure_interval '5'
	option recovery_interval '5'
	option down '5'
	option up '5'

config interface 'wanTele2'
	option enabled '1'
	option initial_state 'online'
	option family 'ipv4'
	list track_ip '1.1.1.1'
	option track_method 'ping'
	option reliability '1'
	option count '1'
	option size '56'
	option max_ttl '60'
	option timeout '4'
	option interval '10'
	option failure_interval '5'
	option recovery_interval '5'
	option down '5'
	option up '5'

config member 'mmbrWanBeeline'
	option interface 'wanBeeline'
	option metric '1'
	option weight '1'

config member 'mmbrWanTele2'
	option interface 'wanTele2'
	option metric '2'
	option weight '2'

config policy 'Failover'
	list use_member 'mmbrWanBeeline'
	list use_member 'mmbrWanTele2'
	option last_resort 'unreachable'

This is the routes after I remove ‘Use default gateway’ on the ETH7

root@gw:~# ip route list
default via 80.241.35.30 dev l2tp-wanBeeline proto static metric 10 
default via 100.85.238.113 dev wwan0 proto static src 100.85.238.112 metric 20 
5.34.34.5 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
10.0.0.0/8 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
10.22.197.0/24 dev eth7 proto kernel scope link src 10.22.197.113 
37.99.99.37 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
77.74.64.0/21 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
77.74.65.239 via 10.22.197.1 dev eth7 proto static 
77.74.65.241 via 10.22.197.1 dev eth7 proto static 
80.241.35.10 via 10.22.197.1 dev eth7 proto static 
80.241.35.16 via 10.22.197.1 dev eth7 proto static 
80.241.35.25 via 10.22.197.1 dev eth7 proto static 
80.241.35.30 via 10.22.197.1 dev eth7 proto static 
80.241.35.86 via 10.22.197.1 dev eth7 proto static 
80.241.35.115 via 10.22.197.1 dev eth7 proto static 
80.241.35.118 via 10.22.197.1 dev eth7 proto static 
87.247.0.130 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
87.247.0.133 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
100.85.238.96/27 dev wwan0 proto static scope link metric 20 
176.222.190.144/28 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
192.168.20.0/24 dev br-lan proto kernel scope link src 192.168.20.1

This is the routes before I remove ‘Use default gateway’ on the ETH7

root@gw:~# ip route list
default via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
default via 80.241.35.30 dev l2tp-wanBeeline proto static metric 10 
default via 100.85.238.113 dev wwan0 proto static src 100.85.238.112 metric 20 
5.34.34.5 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
10.0.0.0/8 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
10.22.197.0/24 dev eth7 proto kernel scope link src 10.22.197.113 
37.99.99.37 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
77.74.64.0/21 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
77.74.65.239 via 10.22.197.1 dev eth7 proto static 
77.74.65.241 via 10.22.197.1 dev eth7 proto static 
80.241.35.10 via 10.22.197.1 dev eth7 proto static 
80.241.35.16 via 10.22.197.1 dev eth7 proto static 
80.241.35.25 via 10.22.197.1 dev eth7 proto static 
80.241.35.30 via 10.22.197.1 dev eth7 proto static 
80.241.35.86 via 10.22.197.1 dev eth7 proto static 
80.241.35.115 via 10.22.197.1 dev eth7 proto static 
80.241.35.118 via 10.22.197.1 dev eth7 proto static 
87.247.0.130 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
87.247.0.133 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
100.85.238.96/27 dev wwan0 proto static scope link metric 20 
176.222.190.144/28 via 10.22.197.1 dev eth7 proto static src 10.22.197.113 
192.168.20.0/24 dev br-lan proto kernel scope link src 192.168.20.1

Now try to add a new member (eth7 - L2TP Backend) and found that MWAN3 is not using networks in the Rules at all.

For example:

/etc/config/networks

...
config interface 'lanBeeline'
	option proto 'dhcp'
	option device 'eth7'
	option hostname '*'
	option delegate '0'
	option defaultroute '0'
	option metric '30'
...

/etc/config/mwan3 (pay attention on the option 'dest_ip' in the config rule 'beelineNetwork')

config interface 'lanBeeline'
	option enabled '1'
	option initial_state 'online'
	option family 'ipv4'
	list track_ip '80.241.35.30'
	option track_method 'ping'
	option reliability '1'
	option count '1'
	option size '56'
	option max_ttl '60'
	option timeout '4'
	option interval '10'
	option failure_interval '5'
	option recovery_interval '5'
	option down '5'
	option up '5'
...
config member 'mmbrLanBeeline'
	option interface 'lanBeeline'
	option metric '3'
	option weight '3'
...
config rule 'beelineNetwork'
	option proto 'all'
	**option dest_ip '82.241.32.0/20'**
	option sticky '0'
	option use_policy 'lanBeelineOnly'

mwan3 status output looks like this

root@gw:~# mwan3 status
Interface status:
 interface wanBeeline is error (16) and tracking is active
 interface wanTele2 is online 00h:00m:37s, uptime 00h:07m:27s and tracking is active
 interface lanBeeline is error (16) and tracking is active

Current ipv4 policies:
Failover:
 wanBeeline (100%)
labBeelineOnly:
 lanBeeline (100%)

Current ipv6 policies:
Failover:
 unreachable
lanBeelineOnly:
 unreachable

Directly connected ipv4 networks:
10.22.197.113
10.0.0.0/8
5.34.34.5
224.0.0.0/3
77.74.65.239
80.241.35.25
77.74.65.241
87.247.0.130
192.168.20.255
10.199.193.152
77.74.64.0/21
80.241.35.30
80.241.35.10
100.85.238.96/27
80.241.35.118
192.168.20.0/24
192.168.20.1
176.222.190.144/28
87.247.0.133
127.0.0.0/8
80.241.35.16
10.22.197.255
127.255.255.255
100.85.238.112
37.99.99.37
127.0.0.1
100.85.238.127
80.241.35.86
10.22.197.0/24
80.241.35.115

Directly connected ipv6 networks:
fe80::/64
fd21:d54d:68d2::/64

Active ipv4 user rules:
    **0     0 - lanBeelineOnly  all  --  *      *       0.0.0.0/0            0.0.0.0**              
   66 17544 - Failover  all  --  *      *       0.0.0.0/0            0.0.0.0/0            

Active ipv6 user rules:

The same behaviour if i point in policy source - 192.168.20.0/24 (my local network). MWAN3 output like - 0.0.0.0/24 (why /24 or not for example 32). This is kind of magic.

Seems that MWAN3 is not usable app at all. Sadly. For now i will destroy all configs MWAN3 and will switch WAN manually. This will be more reliable