In a scenario of one lan with two routers each one with different connection to the internet, how can I achieve redundancy if mwan3 and keepalived can not be used?
Router 1 is turris omnia (TO) with Lte connection to the internet and connected to Router 2 through lan. I tried macvlan in order to use mwan3 but didn't work on TO.
Router 2 has a satellite connection and can not be touched (nor using openwrt). So keepalived not an option if I understand this correctly.
Ideally, all traffic from the lan will normally use Router 2 connection and if this internet connection is down turris omnia (TO) Lte connection should be used. I use static addresses in the lan devices.
In order for the mwan3 to direct clients to a particular ISP, all the clients must be routed through the router that runs mwan3. Treat the satellite router as a simple ISP connection that OpenWrt uses by Ethernet. Turn off the wifi in the satellite unit and do not wire any clients directly to it either. Mwan3 will send pings out over the satellite to determine if that ISP is working.
Does this mean that I need to hook the ethernet cable to the wan port of TO? This is not an option.
If this is not the case, how do you propose to setup this (satellite) interface for mwan3?
Configure one of the Ethernet ports to be in its own network as your wan1 or satwan or whatever you want to call it. It does not need to be any specific physical port.
Hm, I can't, both lan clients and the satellite connection are connected to a switch. One Ethernet cable from the switch is used to connect TO. That is why I tried with macvlan.
Current lan ip's
TO: Lan 10.0.10.1
Satellite router: 10.0.10.53 lan & 88.xx.xx.xx wan
Managed switches and clients: 10.0.10.0/24
I could use the managed switches to assign all the clients to VLAN ID 1.
I could use the managed switch1 to assign the incoming satellite port to VLAN ID 1 & 2.
How should I configure TO in order to accept lan traffic from VLAN ID 1 and also create an interface (with VLAN ID 2) to be used with mwan3 that routes traffic to the satellite router?
VLAN ID 1 is set as default for all swtich ports, which are in untagged state - just run bridge v on the ssh cli to check/see.
The lan port on the TO that connects to the external switch should preferably not be enslaved in a bridge device. On that lan port, say lan4, change the VLAN ID to 2 with
bridge v a dev lan4 vid 2 pvid untagged
suppose the external swtich been configured accordingly.
If it does not work however try on TO instead
bridge v a dev lan4 vid 1 pvid untagged && bridge v a dev lan4 vid 2
root@Turris:~# bridge v
-ash: bridge: not found
root@Turris:~# opkg install bridge
Installing bridge (1.5-6) to root...
Downloading http://downloads.openwrt.org/releases/18.06.2/packages/arm_cortex-a9_vfpv3/packages/bridge_1.5-6_arm_cortex-a9_vfpv3.ipk
Configuring bridge.
root@Turris:~# bridge v
-ash: bridge: not found
The last port (wan) was "fried" by a lightening!!!!
root@Turris:~# ip l | grep lan
5: lan0@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
6: lan1@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
7: lan2@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
8: lan3@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
9: lan4@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
12: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
14: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
Right then, now it gets a bit complicated - because
I am not familiar with mwan3 and how it relates (WAN) firewall zones and whether it can distinguish VLAN traffic on a single TO lan port as WAN and LAN
your network layout
TO's Multi-CPU-DSA and bridge vlan_filtering
Supposedly all WAN facing ports should be in the TO's WAN firewall zone, least that would be my understanding.
Since the SAT modem-router connects to a swtich, that also hosts various LAN clients, it would not make sense to be assigned to the TO's WAN firewall zone however and likely cause firewall related issues, not sure whether/how mwan3 relates to firewall zones.
If however the SAT modem-router is not firewalled somewhere else but plugged into LAN firewall zone at the TO it would create a security risk.
From that perspective it would be sensible to run 2 wires between the external switch and the TO - one for the LAN traffic and one for the traffic with the SAT modem-router. Does that make sense and is feasible to setup?
Running a second wire is feasible but complicated for the moment as I will need to dig the ground. I assume that installing a third managed switch after the satellite router would be easier for now. Please note that only the managed switches are connected to the un-managed switch ports of the satellite router.
Though, maybe what you proposed is also doable. From what I understand from this explanation, I might be able to tag the traffic from clients using the managed switches. Then all the untagged traffic will be from the satellite router which could be assigned a PVID before reaching TO.
I will need to read a bit about VLAN configuration on my switches (TL-SG108PE) and return here.
scrap that one, it is unusable then?