Using Tenda 4G05 4G router as second WAN?

Hi,

I got OpenWRT 23.05.5 installed on a Luxul ABR-4500 and connected via the WAN Ethernet port to an Australian NBN modem with WAN running over PPPoE.

I also bought a Tenda 4G05 N300 Wi-Fi 4G LTE router and put a 4G SIM card on it. It's connected to the ABR via ethernet to one of the LAN/WAN ports (currently specifically the one labelled "WAN/LAN 3/3", but I can move it anywhere if required).

For completeness - the dedicated LAN port (shown as "lan1" on OpenWRT) connects over Ethernet to a 24-port switch.

The intention: configure the Tenda router as a backup uplink for when the primary WAN goes down, using mwan3

The problem I (think that I) have: the Tenda works fine on its own, I configured it with my mobile provider's APN and can connect through it if I connect my laptop directly to it using Ethernet or over its WiFi interface.

The initial intention was to configure a point-to-point link network (I hope I'm using the right terminology) between the Tenda and the ABR using, e.g. 10.1.0.0/30 network, with the Tenda side being 10.1.0.1/30 and the ABR side being 10.1.0.2/30.
This kind of static configuration worked when I connected it directly to my laptop over Ethernet.
But it doesn't work when I try to connect the Tenda to the ABR.
I think the root problem is that I didn't find a way to tell Tenda what is my LAN CIDR - I couldn't find a way to inject additional entries to the Tenda's routing table.

To work around this, in a bit of desperation because I'm not sure it's supposed to work, I tried to configure the Tenda with one of the LAN CIDR addresses (e.g. 192.168.1.2) and follow the instructions in the mwan3 page on how to move the OpenWRT ethernet port from the LAN bridge VLAN to a new VLAN 3, but all I got is to disconnect parts of the wired LAN from accessing the internet.

I since reverted the changes to get the rest of my home network back online.

Can anyone help me get this to work?

1. Get the Tenda configured as a WAN interface on OpenWRT which can be used as an optional "uplink route" and knows how to route incoming traffic from its 4G interface to the LAN CIDR.
2. (hopefully trivial once (1) is done) - configure mwan3 to use it as a fallback WAN link.

Thanks.

The Tenda doesn't need to know the LAN subnet. You will masquerade the packets on the firewall zone that includes the wanb interface, which connects to Tenda. Then the Tenda will only see the packets coming from its local subnet.

Thank you.

I'll try to combine your input with a re-try to follow the mwan3

EDIT: Just one question - do the ABR-4500 need an IP address assigned to its ethernet port which talks to the Tenda?

Yes, you can do it as you where thinking.

Although any subnet, even a /24, will work just fine.

I went ahead and managed to follow the instructions in mwan3 but the ping tests fail.
I think that I give it the wrong interface names.
I removed lan3 from the LAN vlan and put it in its own VLAN 3
The interface gets a DHCP assignment from the Tanda 4G modem 10.1.0.2/24 (I reserved this address by MAC address)

root@OpenWrt:~# ip route show
default via 203.134.4.196 dev pppoe-wan proto static metric 10
default via 10.0.1.1 dev lan3 proto static src 10.0.1.2 metric 20
10.0.1.0/24 dev lan3 proto static scope link metric 20
172.16.69.0/24 dev br-lan proto kernel scope link src 172.16.69.1
203.134.4.196 dev pppoe-wan proto kernel scope link src 100.71.154.118

I notice that the via for the Tenda is the Tenda's side of the link (10.0.1.1) not the Tenda's public IP 10.176.63.146 which is visible through its web interface. In contrast, see how the WAN interface's via value is the IP address of the other size of the PPPoE link.

ping test via the main WAN:

root@OpenWrt:/etc/config# ping -4 -c 1 -I pppoe-wan www.google.com
PING www.google.com (142.251.221.68): 56 data bytes
64 bytes from 142.251.221.68: seq=0 ttl=120 time=10.556 ms

--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 10.556/10.556/10.556 ms

Without forcing IPv4 it defaults to IPv6 and fails:

root@OpenWrt:~# ping -c 1 -I pppoe-wan www.google.com
PING www.google.com (2404:6800:4006:80f::2004): 56 data bytes
ping: sendto: Network unreachable

Trying through the interface allocated to talk to the Tenda fails:

root@OpenWrt:~# ping -4 -c 1 -I lan3 www.google.com
PING www.google.com (142.250.66.196): 56 data bytes

--- www.google.com ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss

Descpite the failed ping, I went ahead and disconnected the default WAN from the ABR-4500 interface. The link eventually sort of worked, not completely (some websites worked, some didn't), and I had to restart main WAN modem and the router (possibly some of this was redundant) for them to finally start talking again with each other.

What am I missing?

(the IPv6 issues are secondary, for now I'm happy to stick with IPv4 first)

Thank you.

This is expected.

Can you try to ping an IP and not a hostname? I suspect issues with the DNS.

The output of the ping above already shows that it can resolve the hostname and get an IP (142.250.66.196). I think this could be working because the DNS query goes through the "default" router of the main WAN.

Nevertheless, I fetched the hostname on my laptop (again, probably through the main WAN) and tried to pass it to ping with the same results:

root@OpenWrt:~# ping -4 -c 1 -I lan3 172.217.167.100
PING 172.217.167.100 (172.217.167.100): 56 data bytes

--- 172.217.167.100 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss

This made me think that perhaps the IP address which is returned via the main WAN is not viable through the secondary WAN, so I tried a universal one like 8.8.8.8 but this too fails the same:

root@OpenWrt:~# ping -4 -c 1 -I lan3 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# ping -4 -c 1 -I pppoe-wan 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=121 time=9.537 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 9.537/9.537/9.537 ms

What else could I do?

Thank you.

I had an issue back with mwan dns. The resolution was for wan and wanb set up dns servers separately and not to use the upstream dns service.

Can you run a tcpdump while running the ping?
opkg update; opkg install tcpdump; tcpdump -i lan3 -Annv -c 100

ping -4 -c 100 -I lan3 8.8.8.8

Thanks. This has some encouraging results, but I'm not 100% sure I interpret them correctly.

Pastebin link: https://pastebin.com/YTYq4qvz

The first few packets were lost, but eventually, it started getting responses from the destination

What does that mean?

In case this makes a difference, it's now about 10-12 hours since I last touched the router and set things up.

Thank you.

EDIT: Here is the ping output. I executed it once with a count of 100 (interrupted) and once with a count of 10 (not interrupted):

root@OpenWrt:~# ping -4 -c 100 -I lan3 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=4 ttl=112 time=25.567 ms
64 bytes from 8.8.8.8: seq=5 ttl=112 time=23.361 ms
64 bytes from 8.8.8.8: seq=6 ttl=112 time=24.183 ms
64 bytes from 8.8.8.8: seq=7 ttl=112 time=23.999 ms
64 bytes from 8.8.8.8: seq=8 ttl=112 time=24.859 ms
64 bytes from 8.8.8.8: seq=9 ttl=112 time=23.717 ms
64 bytes from 8.8.8.8: seq=10 ttl=112 time=33.496 ms
64 bytes from 8.8.8.8: seq=11 ttl=112 time=23.354 ms
64 bytes from 8.8.8.8: seq=12 ttl=112 time=23.154 ms
64 bytes from 8.8.8.8: seq=13 ttl=112 time=23.078 ms
64 bytes from 8.8.8.8: seq=14 ttl=112 time=21.881 ms
64 bytes from 8.8.8.8: seq=15 ttl=112 time=21.748 ms
64 bytes from 8.8.8.8: seq=16 ttl=112 time=23.591 ms
64 bytes from 8.8.8.8: seq=17 ttl=112 time=30.402 ms
64 bytes from 8.8.8.8: seq=18 ttl=112 time=31.619 ms
64 bytes from 8.8.8.8: seq=19 ttl=112 time=21.234 ms
64 bytes from 8.8.8.8: seq=20 ttl=112 time=20.860 ms
64 bytes from 8.8.8.8: seq=21 ttl=112 time=21.737 ms
64 bytes from 8.8.8.8: seq=22 ttl=112 time=22.576 ms
^C
--- 8.8.8.8 ping statistics ---
23 packets transmitted, 19 packets received, 17% packet loss
round-trip min/avg/max = 20.860/24.442/33.496 ms
root@OpenWrt:~# ping -4 -c 10 -I lan3 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=4 ttl=112 time=34.230 ms
64 bytes from 8.8.8.8: seq=5 ttl=112 time=34.011 ms
64 bytes from 8.8.8.8: seq=6 ttl=112 time=25.913 ms
64 bytes from 8.8.8.8: seq=7 ttl=112 time=26.786 ms
64 bytes from 8.8.8.8: seq=8 ttl=112 time=33.506 ms
64 bytes from 8.8.8.8: seq=9 ttl=112 time=26.393 ms

--- 8.8.8.8 ping statistics ---
10 packets transmitted, 6 packets received, 40% packet loss
round-trip min/avg/max = 25.913/30.139/34.230 ms

This issue comes quite often in mwan3. Do a search in the forum as I remember coming across it many times, however I don't remember the exact answer.

Thank you. I'll keep digging the forum then.

Just to be clear - I haven't setup mwan3 yet, only got it installed but am stuck on this failing ping test before starting to configure mwan3.

But is it running? Or is the service stopped and disabled.

It's running:

root@OpenWrt:~# service mwan3 status
running
root@OpenWrt:/etc/config# ps  | grep mwan
 1611 root      1348 S    {mwan3track} /bin/sh /usr/sbin/mwan3track wan
 1612 root      1484 S    {mwan3rtmon} /bin/sh /usr/sbin/mwan3rtmon ipv4
 1613 root      1484 S    {mwan3rtmon} /bin/sh /usr/sbin/mwan3rtmon ipv6
 1685 root      1560 S    {mwan3rtmon} /bin/sh /usr/sbin/mwan3rtmon ipv6
 1700 root      1532 S    {mwan3rtmon} /bin/sh /usr/sbin/mwan3rtmon ipv4

I haven't touched its configuration, though.
Could it be already doing stuff?

I managed to get the test ping working over the secondary WAN now (aka wanb, as suggested in a few places in the docs). It loses the first 4 or so packets. I suspect that the 4G connection is sort of "suspended" if there is no traffic on it. Perhaps once mwan3 is configured it could generate a constant ping to keep it alive?

Also, I'm not sure if this is the right way to test this, but I:

1. Click "Stop" on the WAN interface to see if it'll pick up the secondary WAN and it generally seems to do, but many sites are still not accessible or flaky. Once I "Restart" the main WAN, the outside access returns to normal after a while.
2. Changed the DNS that the 4G modem provides with its DHCP server to reflect the ones it picks up from its upstream.

Is the interface "Stop" button on the WAN interface enough to simulate a link down, or should I physically disconnect the cable or power down the WAN modem to test this properly?

Thanks.

The correct way to test with the ping from each interface is before the installation of the mwan3. (it is mentioned in the wiki too).
So you should test with mwan3 stopped and disabled.

Thanks everyone for your responses.
The Tenda seems to sometimes work and pass the "ping" test but it's flaky and unreliable.
I'm thinking of switching to a ZTE MF971V 4G LTE I have lying around (closest product that I could find on the ZTE website: https://www.ztedevices.com/en/products/mobile-internet/4g-mbb/mf971r.html)
I'll ask about it separately if I need help with configuring it to connect to my Luxul router over USB.

Having tested for ZTE and Tenda routers for a project, I ended up using Teltonika TRB140. Rock solid and firmware based on OpenWrt with all its perks.

Thank you.
A quick search came up with a cost of about x3 of what I paid for the Tenda.
For that price, maybe I should future-proof the investment and look for a 5G modem.
I'll consider it.