PPTP VPN connection failover over two internet connections

Hello to all! A pleasure to write here. I happen to have a problem with my private PPtP network setup that I need to make it work by connecting through a setup of two internet connections, using only one of them and changing if the first one goes down.

TL;DR: I want my PPtP VPN interface to connect correctly using two internet connections in a failover setup. I cannot achieve this. I am using Openwrt 19.07.4 on a TP LINK Archer C7 v5 and have tried with MWAN3 and configuring the appropriate metrics.

I have actually tried to use mwan3 for this, creating rules and routing policies but they have no effect.
I'm using an Archer C7 TP LINK router, configuring VLANs to separate Wan1, Wan2 and LAN ports. It happens that when one of them is cut off, the PPtP interface keeps trying to connect through the downed network, instead of switching to another network.
This VPN I am talking about is only used for some services, it is not a VPN to connect to the Internet. Rather it is used to connect to some IPs, which I have configured using static routes.

I am not near the router at the moment to post the settings as I have done, I will probably do it tomorrow if I have time after work to go to the location where it is installed.

I read this bug tracker: VPN Policy-Based Routing + Web UI -- Discussion
Perhaps my mind is somewhat blocked, but I don't understand what I should do or if there is a solution, or if even this applies to my case.

Thank you very much for your attention! I hope someone can give me a hand.

Greetings

Check the output:

opkg list-installed kmod-nf-nathelper-extra
sysctl net.netfilter.nf_conntrack_helper

Thanks for replying! Will do, no problem. I'm 100% sure that kmod-nf-nathelper-extra is installed, because I compiled the setup bin by myself.

1 Like

I've installed the same bin in my router and got this from the second command:
net.netfilter.nf_conntrack_helper = 1

Thanks!

1 Like

Perhaps, something like this:

cat << "EOF" >> /etc/mwan3.user
if [ "${ACTION}" = "ifup" -o "${ACTION}" = "ifupdate" ] \
&& [ "${INTERFACE}" = "wan1" -o "${INTERFACE}" = "wan2" ]
then ifup vpn
fi
EOF

I get it, but thing is that when WAN1 (eth0.2) goes down, then VPN interface keeps trying to connect through WAN1 instead of going through WAN2 (eth0.3). I tryed to do that also, not so elegantly as your code but with the same results.

Again thank you!

1 Like

There should be a logical explanation why this is happening in terms of routing.
Probably you need to dynamically toggle routes based on hotplug events.

I agree, maybe someone knows how to do that, I would have to read about it to learn.

Analyze persistent and runtime configurations.
Collect the runtime configs separately for default and failover WANs.

uci show network
ip address show; ip route show table all; ip rule show

There have been some issues with pptp devices and fwmark. This is a result of a very old kernel bug that @zx2c4 recently fixed.

You may need to backport this patch to get it to work:

1 Like