Problem setting up 2 ISPs with respective WLAN for each one


#1

Hi! I changed my router (Xiaomi Mi Router 3G - OpenWRT compatible) and decided to contract an extra ISP provider (due connectivity issues). I would like to create two separate WLAN for each one. I installed OpenWRT to the new router and managed to configured 1 ISP so far.

After reading a bunch of materials, I decided to create new VLANS in the Switch part of the settings.

The Idea is:

ISP #1 => WAN port - DHCP Client
ISP #2 => LAN port 3 - PPoE Connection

The ideia is when I connect to:

WIFI #1 => LAN #1 => ISP #1
WIFI #2 => LAN #2 => ISP #2

I'm having problems trying to create new VLANS and associate LAN/WLAN in the Switch section. It seems I'm not able to create the right setup for each one.

my /etc/config/network config:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fb0a:26ba:ca85::/48'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.99.1'
	option ifname 'eth0.1'

config interface 'lan_1'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.98.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ifname 'eth0.3'

config device 'lan_dev'
	option name 'eth0.1'
	option macaddr '45:31:3c:d0:50:dc'

config interface 'wan'
	option proto 'dhcp'
	option type 'bridge'
	option ifname 'eth0.1 eth0.2'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config interface 'wan3'
	option proto 'pppoe'
	option username 'isp@domain'
	option password 'password'
	option ipv6 'auto'
	option auto '0'
	option ifname 'eth0.4'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'
	option ports '1 6t'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option ports '6t'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '4'
	option ports '3 6t'

Could someone instruct me how to do this setup? I'm not able to use ISP #2 (ppoe) to my WLAN #2

Note: I'm using OpenWrt 18.06.2 r7676-cddd7b4c77

Thanks!


#2

You have one mess of a config there... What you need is quite easy to configure, once you know the semantics of that file.

But before we start, I need to confirm which device are you using, because the "Xiaomi Mi Router 3G" seems to have only two LAN ports and one WAN port, so I am a bit confused with your idea of two WAN connections and two LAN connections.

Once we clarify that, I can guide you with the config.


#3

According to my understanding you probably need 4 different networks. Each one for Lan 1 and 2 and then each for Wan 1 and 2.

Now if you use Lan/Wan ports to connect to the modems etc, then you will need at least 2 physical ports to connect them. First you’ll need to create your Lan networks Lan1 and Lan2. You don't really need to add any physical ports to them if you dont want to. If you want physical ports associated with them for access then you’ll need 4 VLANs also.

Create your VLANs as you need them. Create your networks for Lan1 and Lan2 and associate them with VLANs leaving two VLANs for Wan1 and Wan2. It's better to use static ip and LuCI to configure the network as it's easier.

After you are done with Lan networks, you will create two networks for Wan1 and Wan2. Again you’ll associate the remaining VLANs to them and configure them as your ISP says so.

Edit: Once you are done creating networks you'll need to add forwarding from Lan1 to Wan1 and from Lan2 to Wan2.

You'll probably be wondering if you can have only one subnet and access both ISPs but I don't think if that's possible but please correct me if I am wrong. I can't really add any config here because I don't want to spend much time on it. But you should be able to do it from wiki.


#4

I agree with you, that should be easy.

Xiaomi router only have 1 WAN port. So, I thought that using a VLAN could solve that.

In my case:

  • WAN Port => Router with ISP 1 (Static DHCP)
  • LAN Port 1 => Router with ISP 2 (PPoE)

The idea was:

  • WIFI #1 => LAN #1 => ISP #1 (WAN Port)
  • WIFI #2 => LAN #2 => ISP #2 (Lan Port 1)

Am I missing something?


#5

Could you provide a valid example?

Because I have: ISP #1 in Wan Port and ISP #2 in Lan Port 1.

I'm trying to use one of Lan Ports as WAN port too.


#6

Why not have just one wifi SSID and use mwan3 package to distribute connections across both?


#8

Well, I'm not looking for a load balancer here. I just want two separated WLANs with a respective ISP each one.

I have my own WLAN and the secondary one is for the rest of the family. Makes sense?


#9

Well i see what you're trying to do but not what problem it solves better than mwan3

Here's what I can suggest which is start over and just get the two wans up and running. They shouldn't be bridges, just single interfaces. Then, you create two LANs, which are just attached to the two wlan interfaces.

Now you use static policy routing to route one SSID to one wan and the other SSID to another wan.

But mwan3 will give you load balancing and fault tolerance...


#10

Can you provide a screenshot of your Switch page? Network -> Switch


#11

Ok, let's try this...

First you configure the switch to separate the LAN and WAN ports into independent VLANS:

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '1 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'
	option ports '2 6t'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option ports '3 6t'

Now the WAN port should be at eth0.1, and the LAN ports at eth0.2 and eth0.3. I would leave the WAN port as an "emergency" port, so you can always reach the router using a wire:

config interface 'aux'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '10.10.10.10'
	option ifname 'eth0.1'

(and the corresponding at /etc/config/dhcp). Now you can use each LAN port to reach a different ISP; let's start with the DHCP client:

config interface 'wan1'
	option proto 'dhcp'
	option ifname 'eth0.2'

And that is all you need there; now the PPPoE goes on the other LAN port:

config interface 'wan2'
	option proto 'pppoe'
	option username 'isp@domain'
	option password 'password'
	option ipv6 'auto'
	option auto '0'
	option ifname 'eth0.3'

You do not need to do anything on the switch for the WLANs, just configure the interfaces:

config interface 'lan1'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.98.1'
	option netmask '255.255.255.0'

config interface 'lan2'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.99.1'
	option netmask '255.255.255.0'

(and the corresponding at /etc/config/dhcp and /etc/config/wireless).

This should give you one AUX "emergency" interface on the WAN port, two WAN interfaces on the LAN ports, and two LAN interfaces ready to be bridged to their wireless counterparts. Then you can configure the firewall and the routing to redirect the traffic from each LAN interface to a WAN interface.

Hope this helps!


#12

It's possible that one ISP filters certain traffic, or bills unevenly for certain things. Or the connection is metered and the user doesn't want YouTube traffic burning through their precious allotment.

Or a half-dozen other scenarios I can think of off the top. Instead of telling them their question is wrong, maybe we can help them solve the problem they have?

I love this community because it's supportive and inclusive. Let's not devolve into Stack Overflow.


#13

People often want something because it's the only thing they know to want, particularly people new to networking. It pays to establish that there is a good reason for wanting something unusual before setting people up with a suboptimal solution. For example it is possible to use routing rules or proxy config to send all YouTube to a given ISP and then you don't have a problem where you forgot to switch SSIDs and now you have an enormous bill... Or whatever. Understanding the underlying goal is often important.


#14

Ok, I think we are almost there

I followed your example, made necessary changes to dhcp and firewall too. But it seems I'm not able to freely switch between wlans and browse. I have to restart the respective wan interface every time, in order to make it work.

Example:

  • I'm connected to WLAN #1 (LAN #1 => WAN #1), browsing normally.
  • Then I decide to switch to WLAN #2 (LAN #2 => WAN #2)
  • When I try to access internet. Cannot resolve host error appears.
  • I go to Luci > Network > Interfaces > WAN #2 => Restart
  • I can browse normally through WAN #2
  • Switch back to WLAN #1
  • I have to restart WAN #1 to make it work properly
  • LuCi shows both WAN #1 and WAN #2 online and properly connected. Idk why I need to restart every time I try to use them.

My /etc/config/firewall config:

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6'

config zone
        option forward 'REJECT'
        option output 'ACCEPT'
        option input 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan2'
        option name 'wan2'

config zone
        option name 'lan2'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option network 'lan2'
        option forward 'ACCEPT'

config forwarding
        option src 'lan'
        option dest 'wan'

config forwarding
        option dest 'wan2'
        option src 'lan2'

It seems the router get "lost", idk what I'm missing here.


#15

You are missing policies to forward traffic from LAN1 only to WAN1 and from LAN2 only to WAN2.


#16

Thanks for the tip!

my /etc/config/vpn-policy-routing file:

config vpn-policy-routing 'config'
        option verbosity '2'
        option ipv6_enabled '0'
        option ipset_enabled '1'
        option dnsmasq_enabled '0'
        option strict_enforcement '1'
        option enabled '1'
        list supported_interface 'pppoe-wan2'
        list supported_interface 'wan'
        list wan_dscp ''
        list wan_dscp ''

config policy
        option interface 'wan'
        option name 'wan'
        option local_address '192.168.99.1/24'
        option proto 'tcp udp'
        option chain 'PREROUTING'

config policy
        option name 'wan2'
        option local_address '192.168.98.1/24'
        option proto 'tcp udp'
        option interface 'wan2'
        option chain 'PREROUTING'

Also, thanks to @eduperez that helped me with the basic config.

Sometimes it compensates to keep pushing for "something unusual", instead accepting a suboptimal solution :wink: just say'n

Lesson learned. Thanks for everything guys.


closed #17

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.