Openwrt cannot ping any clients from both wan

hendrysetiadi · January 28, 2020, 9:51am

I've managed to setup openwrt with 2 wan.
both wan is dhcp enabled.
and i've already setup different metric on both wan and also both have different gateway.
the problem is, openwrt always know only 1 route gateway, that means i cannot ping any clients behind wan2, but i can ping all clients behind wan1. i also can ping both gateway ip address with success.

ip route show 
default via 10.1.22.1 dev eth0 proto static src 10.1.22.76 metric 10 
default via 192.168.10.1 dev wlan0 proto static src 192.168.10.3 metric 20 
root@OpenWrt:~# ping 10.1.22.1
PING 10.1.22.1 (10.1.22.1): 56 data bytes
64 bytes from 10.1.22.1: seq=0 ttl=64 time=2.372 ms
64 bytes from 10.1.22.1: seq=1 ttl=64 time=2.350 ms
64 bytes from 10.1.22.1: seq=2 ttl=64 time=2.349 ms
^C
--- 10.1.22.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 2.349/2.357/2.372 ms
root@OpenWrt:~# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from 192.168.10.1: seq=0 ttl=64 time=4.037 ms
64 bytes from 192.168.10.1: seq=1 ttl=64 time=1.294 ms
^C

how to ping on both wan in openwrt as on mikrotik it's easy to setup it to give "/ip firewall route" on each others.
i just set static ip route on openwrt but not success.. also i already installed mwan3 but also no success.
please any expert here can give me clear instructions.
thanks in advance...

eduperez · January 28, 2020, 10:55am

You told OoenWrt that everything is behind 10.1.22.1, and everything is also behind 192.168.10.1, but it should chose the first gateway whenever possible. Do you see the issue here? How can OpenWrt know when to use the second gateway?

You should define appropriate routes for each network, so the router knows when to use each one, and define only one default gateway, unless you need a backup.

hendrysetiadi · January 28, 2020, 1:10pm

Gateway 192.168.10.1 has internet access.
Gateway 10.1.22.1 no internet, only voip gateway server.
So when i ping www.yahoo.com, openwrt must know which gateway should be used, that's 192.168.10.1 gateway. If i ping 10.0.0.10, openwrt will use 10.1.22.1 gateway.
How to setup route for 2 gateway which can be used at the same time?
Does mwan3 package will solve this problem? I've setup mwan3 but still not working..

rj-45 · January 28, 2020, 1:17pm

I think,we need a diagramm/picture of the network and your configs.

eduperez · January 28, 2020, 2:42pm

Fine, this should be your "default" gateway.

In that case, 10.1.22.1 should not be configured as a "default" gateway, just as a gateway for whatever network is behind it (10.0.0.0/24, usually).

The router will first select all gateways that match the destination address, then select those with the most restricted mask, then the one with the lower path. In your case, since www.yahoo.com can be reached only through 192.168.10.1, it will use that gateway

You need two routes:

One uses gateway 10.1.22.1 with a mask of 255.0.0.0 (I guess)
The other one uses gateway 192.168.10.1 with a default mask (0.0.0.0).

No, you do not need it for this task.

tiago.duque · January 28, 2020, 2:49pm

If I got what you want, you need to reach Internet through 192.168.10.1 and the network 10.0.0.0/8 through 10.1.22.1. If this is the case, you must create the default route to 192.168.10.1 and a route for net 10.0.0.0/24 by doing:

ip r add default via 192.168.10.1 (Set default route to 192.168.10.1)
ip r add 10.0.0.0/8 via 10.1.22.1 (Set route to any 10.0.0.0/8 to 10.1.22.1)

hendrysetiadi · January 29, 2020, 12:02am

How to configure that? Can u give me the setting code?
FYI, mine has same subnet mask 255.255.255.0 for both gateway.

hendrysetiadi · January 29, 2020, 12:06am

Yes.. that's what i want.
So i can ping 10.0.0.0/8 and have internet access. But in order to ping 10.0.0.0/8 i have to set gateway 10.1.22.1 which no internet access.. please give me the config code.. thanks

eduperez · January 29, 2020, 7:13am

Post your current network config file, please.

hendrysetiadi · February 4, 2020, 2:18pm

network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd54:58c7:5b35::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth1'
	option proto 'static'
	option ipaddr '192.168.8.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option ifname 'eth0'
	option proto 'dhcp'

config interface 'wan6'
	option ifname 'eth0'
	option proto 'dhcpv6'

config interface 'wwan'
	option interface 'wlan0'
	option proto 'dhcp'

firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wwan wan6'
	#option conntrack '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

wireless


config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/ar933x_wmac'
	option htmode 'HT20'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'GL-Inet'
	option encryption 'psk2'
	option disabled '1'
	option key '*****'

config wifi-iface 'wifinet1'
	option ssid 'test'
	option device 'radio0'
	option mode 'sta'
	option key '*****'
	option network 'wwan'
	option encryption 'psk2'
	option disabled '0'

wwan dhcp get ip address 192.168.10.0/24 gateway 192.168.10.1 which can access internet
wan dhcp get ip address 10.1.22.0/24 gateway 10.1.22.1 (only voip server no internet access)
i can ping both gateway, but only 1 gateway active.. if set lower metric to wan, then i can't access internet since the active gateway is 10.1.22.1.

eduperez · February 4, 2020, 2:47pm

First add an "option defaultroute 0" line to your WAN interface, so is not configured as a default route. You should now be able to browse the internet using the WWAN interface.

If you cannot reach devices on the WAN network, add a "option customroutes '10.0.0.0/8'" line, too.

Have a look at https://openwrt.org/docs/guide-user/network/ipv4/start#protocol_dhcp for more info.

hendrysetiadi · February 5, 2020, 7:17am

if i put defaultroute '0' on WAN interface, then how do openwrt know if i ping to 10.0.0.0/8 then it will use gateway 10.1.22.1 ?
which value to be added in option customroutes ? the gateway 10.1.22.1 or the range ip address i wish to ping such as 10.0.0.0/8 ?
sorry, i'm still blur...

eduperez · February 5, 2020, 7:28am

But "defaultroute" means "everything else goes here", and you do not want to use WAN for "everything else", just "the rest of 10.0.0.0", and that is why you need a specific route.

The gateway is obtained via DHCP, so you just need (but only if the first step is not enough) to specify the network range.

hendrysetiadi · February 6, 2020, 12:15am

I tried using customroutes and it success.. now can ping 10.0.0.0/8 and also have internet access.. but why when i ping to 10.0.0.0/8 seems sometimes not quite good.. seems like less rto. But latency is less than 100ms. Previously config while using only 1 gateway for WAN, ping is very good..

eduperez · February 6, 2020, 7:26am

Use traceroute or mtr to diagnose where is the bottleneck.