OpenWrt Forum Archive

Topic: mwan3; multi-wan policy routing (general topic)

The content of this topic has been archived between 22 May 2013 and 6 May 2018. Unfortunately there are posts – most likely complete pages – missing.

Hi, I setup the mwan with 4 pppoe wan on a physical wan port.
I created two rules and one is dedicated for my lan computer 192.168.1.5 accessing https 443 port and the another for default loadbalancing.

config rule 'wan1_web'
    option proto 'tcp'
    option use_policy 'wan1_only'
    option src_ip '192.168.1.5/24'
    option dest_port '443'

config rule 'default_rule'
    option dest_ip '0.0.0.0/0'
    option use_policy 'load_balance'
    option proto 'all'




Active rules:
source             destination        proto  src-port      dest-port     policy          hits     
---------------------------------------------------------------------------------------------------
192.168.1.0/24     0.0.0.0/0          tcp    0:65535       443           wan1_only       62       
0.0.0.0/0          0.0.0.0/0          all                                load_balance    317



Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   93  9352 mwan3_policy_wan1_only  tcp  --  *      *       192.168.1.0/24       0.0.0.0/0           multiport sports 0:65535 multiport dports 443 mark match 0x0/0xff00 /* wan1_web */ 
  968 62408 mwan3_policy_load_balance  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 /* default_rule */ 

however, I noticed that mwan generated iptable rules not for the lan computer 192.168.1.5 but for the whole network 192.168.1.0/24.
Is it by design or is it a bug?

Hi Guys. First thanks for the excelent program. I was using multiwan but i cannot "force" to use an interface tun0. Seems mwan3 have better support and features.

So i m trying to using mwan3. My config is simple, One Wan and Another interface called "VPN". I want to use EXCLUSIVE a VPN interface, to my torrent interface (192.168.1.3) using transmission, my vm-kali-linux (192.168.1.11). But i m facing a problem...

There are two main problems.

First - Mwan3 dont "detect" tun0 up. Second - Even that mwan3 dont reconize, all my traffic is "routed" to VPN. When i use myip, they show a ip from vpn.

So i was looking on logs and this message appear :  "OpenWrt user.warn mwan3: Could not find gateway for interface VPN (tun0)". So i decided to look on source code and what i find is strange...

On source code, he look for gateway using this command : ip -4 route list dev $DEVICE default | head -1.
https://github.com/Adze1502/mwan/blob/m … e/15-mwan3 line 169.

My output using : ip -4 route list

0.0.0.0/1 via 172.20.24.1 dev tun0
default via 192.168.0.1 dev eth0.2  proto static
5.9.50.241 via 192.168.0.1 dev eth0.2
128.0.0.0/1 via 172.20.24.1 dev tun0
172.20.24.0/22 dev tun0  proto kernel  scope link  src 172.20.24.129
192.168.0.0/24 dev eth0.2  proto kernel  scope link  src 192.168.0.3
192.168.1.0/24 dev br-lan  proto kernel  scope link  src 192.168.1.1


My output using : route

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.20.24.1     128.0.0.0       UG    0      0        0 tun0
default         192.168.0.1     0.0.0.0         UG    0      0        0 eth0.2
5.9.50.241      192.168.0.1     255.255.255.255 UGH   0      0        0 eth0.2
128.0.0.0       172.20.24.1     128.0.0.0       UG    0      0        0 tun0
172.20.24.0     *               255.255.252.0   U     0      0        0 tun0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0.2
192.168.1.0     *               255.255.255.0   U     0      0        0 br-lan


Why using route appear default and using ip -4 route doesnt ?

Regards,

pupie wrote:
config rule 'wan1_web'
    option proto 'tcp'
    option use_policy 'wan1_only'
    option src_ip '192.168.1.5/24'
    option dest_port '443'

however, I noticed that mwan generated iptable rules not for the lan computer 192.168.1.5 but for the whole network 192.168.1.0/24.
Is it by design or is it a bug?

Try replace this:

config rule 'wan1_web'
    option proto 'tcp'
    option use_policy 'wan1_only'
    option src_ip '192.168.1.5/32'
    option dest_port '443'

OK, I noticed my incorrect configuration..thanks. ;-)

congquynh284 wrote:
pupie wrote:
config rule 'wan1_web'
    option proto 'tcp'
    option use_policy 'wan1_only'
    option src_ip '192.168.1.5/24'
    option dest_port '443'

however, I noticed that mwan generated iptable rules not for the lan computer 192.168.1.5 but for the whole network 192.168.1.0/24.
Is it by design or is it a bug?

Try replace this:

config rule 'wan1_web'
    option proto 'tcp'
    option use_policy 'wan1_only'
    option src_ip '192.168.1.5/32'
    option dest_port '443'

Regardless of this issue you have not assigned any metrics to your WAN interfaces in /etc/config/network. Please do this and try again. I would recommend just using the luci application and in the advanced->troubleshooting tab paste the contents of this page into a forum code block for us to review.

y0dabr23 wrote:

Hi Guys. First thanks for the excelent program. I was using multiwan but i cannot "force" to use an interface tun0. Seems mwan3 have better support and features.

So i m trying to using mwan3. My config is simple, One Wan and Another interface called "VPN". I want to use EXCLUSIVE a VPN interface, to my torrent interface (192.168.1.3) using transmission, my vm-kali-linux (192.168.1.11). But i m facing a problem...

There are two main problems.

First - Mwan3 dont "detect" tun0 up. Second - Even that mwan3 dont reconize, all my traffic is "routed" to VPN. When i use myip, they show a ip from vpn.

So i was looking on logs and this message appear :  "OpenWrt user.warn mwan3: Could not find gateway for interface VPN (tun0)". So i decided to look on source code and what i find is strange...

On source code, he look for gateway using this command : ip -4 route list dev $DEVICE default | head -1.
https://github.com/Adze1502/mwan/blob/m … e/15-mwan3 line 169.

My output using : ip -4 route list

0.0.0.0/1 via 172.20.24.1 dev tun0
default via 192.168.0.1 dev eth0.2  proto static
5.9.50.241 via 192.168.0.1 dev eth0.2
128.0.0.0/1 via 172.20.24.1 dev tun0
172.20.24.0/22 dev tun0  proto kernel  scope link  src 172.20.24.129
192.168.0.0/24 dev eth0.2  proto kernel  scope link  src 192.168.0.3
192.168.1.0/24 dev br-lan  proto kernel  scope link  src 192.168.1.1


My output using : route

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.20.24.1     128.0.0.0       UG    0      0        0 tun0
default         192.168.0.1     0.0.0.0         UG    0      0        0 eth0.2
5.9.50.241      192.168.0.1     255.255.255.255 UGH   0      0        0 eth0.2
128.0.0.0       172.20.24.1     128.0.0.0       UG    0      0        0 tun0
172.20.24.0     *               255.255.252.0   U     0      0        0 tun0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0.2
192.168.1.0     *               255.255.255.0   U     0      0        0 br-lan


Why using route appear default and using ip -4 route doesnt ?

Regards,

(Last edited by arfett on 22 Apr 2014, 22:30)

Hi arfett, first thanks for your help. I m planning to write a wiki on portuguese to help other peoples to use this feature. Mwan3 + VPN.

So, i did as you told. Set metric on interface wan. The error mensages on luci stoped but the problem persists.
What changed ?
* Now VPN appear to be "online" (green).
What doesnt change ?
* And all my traffic is going trought VPN.
* This mensage persist :  OpenWrt user.warn mwan3: Could not find gateway for interface VPN (tun0). If i type ip route list dev tun0

Troubleshooting

Software versions : 

OpenWrt - OpenWrt Attitude Adjustment 12.09
LuCI - 0.11.1

mwan3 - 1.4-14
luci-app-mwan3 - 1.2-13

Firewall default output policy (must be ACCEPT) : 

ACCEPT

Output of "ip route show" : 

0.0.0.0/1 via 172.20.24.1 dev tun0 
default via 192.168.0.1 dev eth0.2  proto static  metric 10 
5.9.50.241 via 192.168.0.1 dev eth0.2 
128.0.0.0/1 via 172.20.24.1 dev tun0 
172.20.24.0/22 dev tun0  proto kernel  scope link  src 172.20.24.129 
192.168.0.0/24 dev eth0.2  proto static  scope link  metric 10 
192.168.1.0/24 dev br-lan  proto kernel  scope link  src 192.168.1.1

Output of "cat /etc/config/mwan3" : 

config rule 'sticky_odd'
    option src_ip '0.0.0.1/0.0.0.1'
    option dest_port '443'
    option proto 'tcp'
    option use_policy 'wan2_wan'

config rule 'sticky_even'
    option src_ip '0.0.0.0/0.0.0.1'
    option dest_port '443'
    option proto 'tcp'
    option use_policy 'wan_wan2'

config rule 'vpn_test'
    option src_ip '192.168.1.11'
    option proto 'all'
    option use_policy 'wan2_only'

config rule 'default_rule'
    option dest_ip '0.0.0.0/0'
    option proto 'all'
    option use_policy 'wan_only'
    option src_ip '0.0.0.0/0'

config interface 'wan'
    option enabled '1'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option reliability '2'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config interface 'VPN'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'
    option enabled '1'

config member 'wan_m1_w3'
    option interface 'wan'
    option metric '1'
    option weight '3'

config member 'wan_m2_w3'
    option interface 'wan'
    option metric '2'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'VPN'
    option metric '1'
    option weight '2'

config member 'wan2_m2_w2'
    option interface 'wan2'
    option metric '2'
    option weight '2'

config policy 'wan_only'
    list use_member 'wan_m1_w3'

config policy 'wan2_only'
    list use_member 'wan2_m1_w2'

config policy 'balanced'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m1_w2'

config policy 'wan_wan2'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m2_w2'

config policy 'wan2_wan'
    list use_member 'wan_m2_w3'
    list use_member 'wan2_m1_w2'

Output of "cat /etc/config/network" : 

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option _orig_ifname 'eth0.1 wlan0 radio1.network1'
    option _orig_bridge 'true'
    option ifname 'eth0.1'

config interface 'wan'
    option _orig_ifname 'eth0.2'
    option _orig_bridge 'false'
    option proto 'static'
    option gateway '192.168.0.1'
    option netmask '255.255.255.0'
    option ipaddr '192.168.0.3'
    option dns '189.6.0.137 189.6.0.138 201.6.4.116 8.8.8.8'
    option macaddr 'A0:F3:C1:CE:4B:3C'
    option ifname 'eth0.2'
    option metric '10'

config switch
    option name 'eth0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'eth0'
    option vlan '1'
    option ports '0t 2 3 4 5'

config switch_vlan
    option device 'eth0'
    option vlan '2'
    option ports '0t 1'

config interface 'VPN'
    option ifname 'tun0'
    option defaultroute '0'
    option peerdns '0'
    option proto 'none'
    option metric '20'

config interface 'torrent'
    option proto 'static'
    option ifname 'eth0.1'
    option ipaddr '192.168.1.3'
    option netmask '255.255.255.255'

Output of "ifconfig" : 

br-lan    Link encap:Ethernet  HWaddr A0:F3:C1:CE:4B:3C  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:184770 errors:0 dropped:78 overruns:0 frame:0
          TX packets:146385 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:17703801 (16.8 MiB)  TX bytes:145309824 (138.5 MiB)

eth0      Link encap:Ethernet  HWaddr A0:F3:C1:CE:4B:3C  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:231593 errors:0 dropped:39 overruns:0 frame:0
          TX packets:193285 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:77214899 (73.6 MiB)  TX bytes:148345116 (141.4 MiB)
          Interrupt:4 

eth0.1    Link encap:Ethernet  HWaddr A0:F3:C1:CE:4B:3C  
          inet addr:192.168.1.3  Bcast:255.255.255.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:183144 errors:0 dropped:0 overruns:0 frame:0
          TX packets:144211 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:17654223 (16.8 MiB)  TX bytes:142513791 (135.9 MiB)

eth0.2    Link encap:Ethernet  HWaddr A0:F3:C1:CE:4B:3C  
          inet addr:192.168.0.3  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:48151 errors:0 dropped:0 overruns:0 frame:0
          TX packets:49028 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:55353616 (52.7 MiB)  TX bytes:5054506 (4.8 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:205 errors:0 dropped:0 overruns:0 frame:0
          TX packets:205 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:17761 (17.3 KiB)  TX bytes:17761 (17.3 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:172.20.24.129  P-t-P:172.20.24.129  Mask:255.255.252.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:3772 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4880 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:2086973 (1.9 MiB)  TX bytes:465163 (454.2 KiB)

wlan0     Link encap:Ethernet  HWaddr A0:F3:C1:CE:4B:3D  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2442 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9251 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:268304 (262.0 KiB)  TX bytes:4014684 (3.8 MiB)

Output of "ip rule show" : 

0:    from all lookup local 
1001:    from all iif eth0.2 lookup main 
1002:    from all iif tun0 lookup main 
2001:    from all fwmark 0x100/0xff00 lookup 1 
2002:    from all fwmark 0x200/0xff00 lookup 2 
2254:    from all fwmark 0xfe00/0xff00 unreachable
32766:    from all lookup main 
32767:    from all lookup default

Output of main routing table and "ip route list table 1-250" : 

main
0.0.0.0/1 via 172.20.24.1 dev tun0 
default via 192.168.0.1 dev eth0.2  proto static  metric 10 
5.9.50.241 via 192.168.0.1 dev eth0.2 
128.0.0.0/1 via 172.20.24.1 dev tun0 
172.20.24.0/22 dev tun0  proto kernel  scope link  src 172.20.24.129 
192.168.0.0/24 dev eth0.2  proto static  scope link  metric 10 
192.168.1.0/24 dev br-lan  proto kernel  scope link  src 192.168.1.1 
1
default via 192.168.0.1 dev eth0.2 
2
default dev tun0

Output of "iptables -L -t mangle -v -n" : 

Chain PREROUTING (policy ACCEPT 15329 packets, 5693K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 232K   74M mwan3_hook  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 7642 packets, 3171K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 7687 packets, 2523K bytes)
 pkts bytes target     prot opt in     out     source               destination         
94234   58M zone_wan_MSSFIX  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 5092 packets, 1419K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 109K   90M mwan3_hook  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 12693 packets, 3937K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain mwan3_connected (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   19  1328 MARK       all  --  *      *       0.0.0.0/0            127.0.0.0/8         mark match 0x0/0xff00 MARK or 0xff00 
   10  2336 MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3         mark match 0x0/0xff00 MARK or 0xff00 
  447 29609 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/1           mark match 0x0/0xff00 MARK or 0xff00 
    0     0 MARK       all  --  *      *       0.0.0.0/0            5.9.50.241          mark match 0x0/0xff00 MARK or 0xff00 
  700 43686 MARK       all  --  *      *       0.0.0.0/0            128.0.0.0/1         mark match 0x0/0xff00 MARK or 0xff00 
    0     0 MARK       all  --  *      *       0.0.0.0/0            172.20.24.0/22      mark match 0x0/0xff00 MARK or 0xff00 
    0     0 MARK       all  --  *      *       0.0.0.0/0            192.168.0.0/24      mark match 0x0/0xff00 MARK or 0xff00 
    0     0 MARK       all  --  *      *       0.0.0.0/0            192.168.1.0/24      mark match 0x0/0xff00 MARK or 0xff00 

Chain mwan3_hook (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 341K  164M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore mask 0xff00 
14118  956K mwan3_ifaces  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 
14024  950K mwan3_connected  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 
 8000  554K mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 
 341K  164M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0xff00 

Chain mwan3_iface_VPN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       172.20.24.0/22       0.0.0.0/0           mark match 0x0/0xff00 /* VPN */ MARK or 0xff00 
    2    80 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 /* VPN */ MARK xset 0x200/0xff00 

Chain mwan3_iface_wan (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       192.168.0.0/24       0.0.0.0/0           mark match 0x0/0xff00 /* wan */ MARK or 0xff00 
   76  4175 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 /* wan */ MARK xset 0x100/0xff00 

Chain mwan3_ifaces (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   76  4175 mwan3_iface_wan  all  --  eth0.2 *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 
    2    80 mwan3_iface_VPN  all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 

Chain mwan3_policy_balanced (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 statistic mode random probability 0.400000 /* VPN 2 5 */ MARK xset 0x200/0xff00 
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 /* wan 3 3 */ MARK xset 0x100/0xff00 

Chain mwan3_policy_wan2_only (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 /* VPN 2 2 */ MARK xset 0x200/0xff00 

Chain mwan3_policy_wan2_wan (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 /* VPN 2 2 */ MARK xset 0x200/0xff00 

Chain mwan3_policy_wan_only (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    3   164 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 /* wan 3 3 */ MARK xset 0x100/0xff00 

Chain mwan3_policy_wan_wan2 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    1    48 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 /* wan 3 3 */ MARK xset 0x100/0xff00 

Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 mwan3_policy_wan2_wan  tcp  --  *      *       0.0.0.1/0.0.0.1      0.0.0.0/0           multiport sports 0:65535 multiport dports 443 mark match 0x0/0xff00 /* sticky_odd */ 
    1    48 mwan3_policy_wan_wan2  tcp  --  *      *       0.0.0.0/0.0.0.1      0.0.0.0/0           multiport sports 0:65535 multiport dports 443 mark match 0x0/0xff00 /* sticky_even */ 
    0     0 mwan3_policy_wan2_only  all  --  *      *       192.168.1.11         0.0.0.0/0           mark match 0x0/0xff00 /* vpn_test */ 
    3   164 mwan3_policy_wan_only  all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff00 /* default_rule */ 

Chain zone_wan_MSSFIX (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  757 39960 TCPMSS     tcp  --  *      eth0.2  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU

My vpn config :

client
dev tun
proto tcp
remote drs-c01.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.ipvanish.com.crt
tls-remote drs-c01.ipvanish.com
auth-user-pass /etc/openvpn/auth.txt
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA

I can traceroute the two interfaces.
Tun0:

 traceroute -i tun0 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
 1  172.20.24.1 (172.20.24.1)  233.357 ms  269.615 ms  233.628 ms
 2  static.225.50.9.5.clients.your-server.de (5.9.50.225)  238.065 ms  714.086 ms  461.870 ms
 3  hos-tr4-juniper4.rz16.hetzner.de (213.239.233.97)  469.053 ms^C

Wan:

traceroute -i eth0.2 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
 1  bd0602XX.virtua.com.br (189.6.X.X)  3735.259 ms  27.813 ms  62.588 ms
 2  bd060001.virtua.com.br (189.6.0.1)  12.785 ms  13.132 ms  12.672 ms
 3  200.246.210.157 (200.246.210.157)  32.175 ms  embratel-G0-5-3-7-tacc01.rjo.embratel.net.br (200.167.43.13) 

Again thanks for all support smile I´m learning alot with this.

Hi, the mwan3 wiki page has been updated reflect the latest mwan3 releases. Thanks to Arfett and Adze for updates there!

If you are setting up or upgrading mwan3, please read through this page as it will save you time and help get things working the first time.

http://wiki.openwrt.org/doc/howto/mwan3

thdyck wrote:

Hi, the mwan3 wiki page has been updated reflect the latest mwan3 releases. Thanks to Arfett and Adze for updates there!

If you are setting up or upgrading mwan3, please read through this page as it will save you time and help get things working the first time.

http://wiki.openwrt.org/doc/howto/mwan3

Thanks for the tip. But i already read many times smile

Hi y0dabr23, my post was a general announcement to the thread. It wasn't addressing your specific issue. But I hope you can get it working. Tim

Hi y0dabr23,


Thank you for trying mwan3. I will try and help you get up and running.

To be sure we are on the same page, in all of your output i don't see a default-route to your vpn tun0 interface. With a default route i mean a 0.0.0.0/0 route (not 0.0.0.0/1)! So what i advise you to try is to configure openvpn in a way that is does not set the 2 static routes (0.0.0.0/1 and 128.0.0.0/1). After that try to configure a default route for tun0 in network config. If succesful try to start mwan3.

Good luck!

edit

I did some research. Maybe you could try the following:

1. Add "route-nopull" to your openvpn client config. This will ignore routes that are pushed from the server.
2. Add a static default gateway for your vpn in network config:

config interface 'VPN'
    option ifname 'tun0'
    option defaultroute '1'

Or if that doe not work, try:

config 'route' 'default_VPN'
        option 'interface' 'VPN'
        option 'target' '0.0.0.0'
        option 'netmask' '0.0.0.0'
        option 'gateway' '172.20.24.1'
        option 'metric' '20'

(Last edited by Adze on 23 Apr 2014, 20:30)

Hi !
Could you advice me concerning a good router which will be ok for 2 WAN ? Must I take one wich supports it, or will OpenWRT work anyway, using LAN ports for WAN ? I don't need Wireless.
Thanks a LOT !
Calexo

calexo wrote:

Hi !
Could you advice me concerning a good router which will be ok for 2 WAN ? Must I take one wich supports it, or will OpenWRT work anyway, using LAN ports for WAN ? I don't need Wireless.
Thanks a LOT !
Calexo


Could you please create a new topic for this as it has nothing to do with mwan3...

Hi, there are two listed on the mwan3 wiki page that have been working well for me.

New luci app version 1.2-15 released. It has a new diagnostics tab for running tests on the WAN interfaces and visual enhancements.

arfett wrote:

New luci app version 1.2-15 released. It has a new diagnostics tab for running tests on the WAN interfaces and visual enhancements.

I suggest you change the file name with pkg version for easy identification.

Ex: "http://213.136.13.52/luci-app-mwan3_latest_all.ipk" to "luci-app-mwan3-1.2-15.ipk"

congquynh284 wrote:

I suggest you change the file name with pkg version for easy identification.

This has been done on purpose, as we then don't have to change all the links on the web if a newer version is available. You can also use the absolute version, instead of the relative version:

http://213.136.13.52/luci-app-mwan3_1.2-15_all.ipk

congquynh284 wrote:
arfett wrote:

New luci app version 1.2-15 released. It has a new diagnostics tab for running tests on the WAN interfaces and visual enhancements.

I suggest you change the file name with pkg version for easy identification.

Ex: "http://213.136.13.52/luci-app-mwan3_latest_all.ipk" to "luci-app-mwan3-1.2-15.ipk"

Check the mwan3 wiki page for the latest version number. I update the wiki when I upload a new version.

I seem to have a problem with a test setup of mwan3, where both WANs receive an IP from same subnet and have the same gateway IP.

While testing it today, after some time of seemingly normal operation, the mwan3 system reported both WANs as down. And it wouldn't come back up on its own (despite uplinks being OK), until I did a "mwan3 restart" at which point it started working OK again.

It's a bare-bones OpenWRT system (BB trunk r40572) on a TP-Link 4300. Only two OpenWRT packages were installed, mwan3 and qos-scripts, both with their standard settings.

Below are some diags I ran on the router, while it was in a non-working state:

    root@OpenWrt:~# route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         xxx.yy.zz.31    0.0.0.0         UG    10     0        0 eth0.2
    0.0.0.0         xxx.yy.zz.31    0.0.0.0         UG    20     0        0 eth0.3
    192.168.100.0   0.0.0.0         255.255.252.0   U     0      0        0 br-lan
    xxx.yy.zz.0     0.0.0.0         255.255.255.0   U     10     0        0 eth0.2
    xxx.yy.zz.0     0.0.0.0         255.255.255.0   U     20     0        0 eth0.3

    root@OpenWrt:~# ip rule show
    0:      from all lookup local
    2254:   from all fwmark 0xfe00/0xff00 unreachable
    32766:  from all lookup main
    32767:  from all lookup default

    root@OpenWrt:~# mwan3 status
    Interface status:
    Interface wan is offline (tracking active)
    Interface wan2 is offline (tracking active)

    Policy balanced:
     unreachable

    Policy wan2_only:
     unreachable

    Policy wan2_wan:
     unreachable

    Policy wan_only:
     unreachable

    Policy wan_wan2:
     unreachable

    Local connected networks:
    destination        policy             hits
    ------------------------------------------------
    127.0.0.0/8        default            37
    224.0.0.0/3        default            0
    192.168.100.0/22   default            16
    xxx.yy.zz.0/24     default            34
    xxx.yy.zz.0/24     default            0

    Active rules:
    source             destination        proto  src-port      dest-port     policy          hits
    ---------------------------------------------------------------------------------------------------
    0.0.0.0/0.0.0.1    0.0.0.0/0          tcp    0:65535       443           wan_wan2        0
    0.0.0.1/0.0.0.1    0.0.0.0/0          tcp    0:65535       443           wan2_wan        0
    0.0.0.0/0          0.0.0.0/0          all                                balanced        1422

    root@OpenWrt:~#

    root@OpenWrt:~# ifconfig
    br-lan    Link encap:Ethernet  HWaddr 64:70:02:AB:15:15
              inet addr:192.168.100.2  Bcast:192.168.103.255  Mask:255.255.252.0
              inet6 addr: fe80::6670:2ff:feba:12bc/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:17854 errors:0 dropped:0 overruns:0 frame:0
              TX packets:13118 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:1219837 (1.1 MiB)  TX bytes:4801225 (4.5 MiB)

    eth0      Link encap:Ethernet  HWaddr 64:70:02:AB:15:15
              inet6 addr: fe80::6670:2ff:feba:12bc/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:49304 errors:0 dropped:0 overruns:0 frame:0
              TX packets:27294 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:7686719 (7.3 MiB)  TX bytes:6220892 (5.9 MiB)
              Interrupt:4

    eth0.1    Link encap:Ethernet  HWaddr 64:70:02:AB:15:15
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:17861 errors:0 dropped:0 overruns:0 frame:0
              TX packets:13118 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:1220321 (1.1 MiB)  TX bytes:4801225 (4.5 MiB)

    eth0.2    Link encap:Ethernet  HWaddr 00:0C:42:C2:12:11
              inet addr:xxx.yy.zz.202  Bcast:xxx.yy.zz.255  Mask:255.255.255.0
              inet6 addr: fe80::20c:42ff:fec2:1211/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:21859 errors:0 dropped:0 overruns:0 frame:0
              TX packets:11334 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:5
              RX bytes:5003475 (4.7 MiB)  TX bytes:1074596 (1.0 MiB)

    eth0.3    Link encap:Ethernet  HWaddr 00:0C:42:C2:12:12
              inet addr:xxx.yy.zz.206  Bcast:xxx.yy.zz.255  Mask:255.255.255.0
              inet6 addr: fe80::20c:42ff:fec2:1212/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:9569 errors:0 dropped:0 overruns:0 frame:0
              TX packets:2836 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:5
              RX bytes:574758 (561.2 KiB)  TX bytes:235451 (229.9 KiB)

    ifb0      Link encap:Ethernet  HWaddr A2:66:60:F2:AF:D5
              inet6 addr: fe80::a066:60ff:fef2:afd5/64 Scope:Link
              UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
              RX packets:14185 errors:0 dropped:3 overruns:0 frame:0
              TX packets:14182 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:5
              RX bytes:4898446 (4.6 MiB)  TX bytes:4898236 (4.6 MiB)

    ifb1      Link encap:Ethernet  HWaddr 9A:2F:19:F0:C7:A9
              inet6 addr: fe80::982f:19ff:fef0:c7a9/64 Scope:Link
              UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
              RX packets:2061 errors:0 dropped:3 overruns:0 frame:0
              TX packets:2058 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:5
              RX bytes:259133 (253.0 KiB)  TX bytes:258923 (252.8 KiB)

    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:644 errors:0 dropped:0 overruns:0 frame:0
              TX packets:644 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:67872 (66.2 KiB)  TX bytes:67872 (66.2 KiB)

    root@OpenWrt:~#


    root@OpenWrt:~# logread |tail
    Mon Apr 28 08:45:03 2014 user.info mwan3track: Lost 2 ping(s) on interface wan (eth0.2)
    Mon Apr 28 08:55:42 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
    Mon Apr 28 08:57:22 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
    Mon Apr 28 09:03:04 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
    Mon Apr 28 09:04:31 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
    Mon Apr 28 09:17:56 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
    Mon Apr 28 09:20:53 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
    Mon Apr 28 09:21:57 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
    Mon Apr 28 09:38:29 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
    Mon Apr 28 09:41:51 2014 user.notice mwan3track: Interface wan (eth0.2) is offline
    Mon Apr 28 09:41:51 2014 user.notice mwan3: ifdown interface wan (eth0.2)
    Mon Apr 28 09:41:53 2014 user.notice mwan3track: Interface wan2 (eth0.3) is offline
    Mon Apr 28 09:41:54 2014 user.notice mwan3: ifdown interface wan2 (eth0.3)
    root@OpenWrt:~#

    root@OpenWrt:~# ip route list table 0
    default via xxx.yy.zz.31 dev eth0.2  proto static  metric 10
    default via xxx.yy.zz.31 dev eth0.3  proto static  metric 20
    192.168.100.0/22 dev br-lan  proto kernel  scope link  src 192.168.100.2
    xxx.yy.zz.0/24 dev eth0.2  proto static  scope link  metric 10
    xxx.yy.zz.0/24 dev eth0.3  proto static  scope link  metric 20
    broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 127.0.0.1
    local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1
    local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1
    broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1
    broadcast 192.168.100.0 dev br-lan  table local  proto kernel  scope link  src 192.168.100.2
    local 192.168.100.2 dev br-lan  table local  proto kernel  scope host  src 192.168.100.2
    broadcast 192.168.103.255 dev br-lan  table local  proto kernel  scope link  src 192.168.100.2
    broadcast xxx.yy.zz.0 dev eth0.2  table local  proto kernel  scope link  src xxx.yy.zz.202
    broadcast xxx.yy.zz.0 dev eth0.3  table local  proto kernel  scope link  src xxx.yy.zz.206
    local xxx.yy.zz.202 dev eth0.2  table local  proto kernel  scope host  src xxx.yy.zz.202
    local xxx.yy.zz.206 dev eth0.3  table local  proto kernel  scope host  src xxx.yy.zz.206
    broadcast xxx.yy.zz.255 dev eth0.2  table local  proto kernel  scope link  src xxx.yy.zz.202
    broadcast xxx.yy.zz.255 dev eth0.3  table local  proto kernel  scope link  src xxx.yy.zz.206
    fe80::/64 dev eth0  proto kernel  metric 256
    fe80::/64 dev eth0.2  proto kernel  metric 256
    fe80::/64 dev eth0.3  proto kernel  metric 256
    fe80::/64 dev br-lan  proto kernel  metric 256
    fe80::/64 dev ifb0  proto kernel  metric 256
    fe80::/64 dev ifb1  proto kernel  metric 256
    unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -128
    local ::1 dev lo  table local  proto none  metric 0
    local fe80::20c:42ff:fec2:1211 dev lo  table local  proto none  metric 0
    local fe80::20c:42ff:fec2:1212 dev lo  table local  proto none  metric 0
    local fe80::6670:2ff:feba:12bc dev lo  table local  proto none  metric 0
    local fe80::6670:2ff:feba:12bc dev lo  table local  proto none  metric 0
    local fe80::982f:19ff:fef0:c7a9 dev lo  table local  proto none  metric 0
    local fe80::a066:60ff:fef2:afd5 dev lo  table local  proto none  metric 0
    ff00::/8 dev eth0  table local  metric 256
    ff00::/8 dev eth0.2  table local  metric 256
    ff00::/8 dev eth0.3  table local  metric 256
    ff00::/8 dev br-lan  table local  metric 256
    ff00::/8 dev ifb0  table local  metric 256
    ff00::/8 dev ifb1  table local  metric 256
    unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -128
    root@OpenWrt:~#

    root@OpenWrt:~# cat /etc/config/network

    ...
    config interface 'wan'
            option ifname 'eth0.2'
            option proto 'dhcp'
            option macaddr '00:0C:42:C2:12:11'
            option defaultroute '1'
            option metric '10'

    config interface 'wan2'
            option ifname 'eth0.3'
            option proto 'dhcp'
            option macaddr '00:0C:42:C2:12:12'
            option defaultroute '1'
            option metric '20'
    ...

What puzzles me is that it seemed to run fine for some time, then bombed for no apparent reason.

Following up my previous, it happened again, and here's some more info:

logread | grep mwan3
iptables -L -v -n -t mangle
ip rule
ip route
ip route list table 1
ip route list table 2


Mon Apr 28 08:45:03 2014 user.info mwan3track: Lost 2 ping(s) on interface wan (eth0.2)
Mon Apr 28 08:55:42 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 08:57:22 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 09:03:04 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 09:04:31 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 09:17:56 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 09:20:53 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 09:21:57 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 09:38:29 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 09:41:51 2014 user.notice mwan3track: Interface wan (eth0.2) is offline
Mon Apr 28 09:41:51 2014 user.notice mwan3: ifdown interface wan (eth0.2)
Mon Apr 28 09:41:53 2014 user.notice mwan3track: Interface wan2 (eth0.3) is offline
Mon Apr 28 09:41:54 2014 user.notice mwan3: ifdown interface wan2 (eth0.3)
<-- here I did "mwan3 restart"
Mon Apr 28 10:04:02 2014 user.notice mwan3: ifup interface wan (eth0.2)
Mon Apr 28 10:04:05 2014 user.notice mwan3: ifup interface wan2 (eth0.3)
Mon Apr 28 10:13:01 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 10:13:54 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 10:18:42 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 10:18:58 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 10:20:36 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 10:20:38 2014 user.info mwan3track: Lost 2 ping(s) on interface wan2 (eth0.3)
Mon Apr 28 10:25:25 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 10:30:31 2014 user.info mwan3track: Lost 2 ping(s) on interface wan2 (eth0.3)
Mon Apr 28 10:30:32 2014 user.info mwan3track: Lost 2 ping(s) on interface wan (eth0.2)
Mon Apr 28 10:31:16 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 10:39:31 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 10:49:05 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 10:55:10 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 10:58:22 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 11:00:41 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 11:01:33 2014 user.info mwan3track: Lost 2 ping(s) on interface wan (eth0.2)
Mon Apr 28 11:02:24 2014 user.info mwan3track: Lost 2 ping(s) on interface wan2 (eth0.3)
Mon Apr 28 11:02:25 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 11:03:27 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 11:06:31 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 11:16:04 2014 user.info mwan3track: Lost 2 ping(s) on interface wan2 (eth0.3)
Mon Apr 28 11:20:19 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 11:21:02 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 11:21:04 2014 user.info mwan3track: Lost 2 ping(s) on interface wan2 (eth0.3)
Mon Apr 28 11:22:42 2014 user.info mwan3track: Lost 1 ping(s) on interface wan (eth0.2)
Mon Apr 28 11:23:07 2014 user.info mwan3track: Lost 2 ping(s) on interface wan (eth0.2)
Mon Apr 28 11:34:54 2014 user.info mwan3track: Lost 2 ping(s) on interface wan (eth0.2)
Mon Apr 28 11:35:07 2014 user.notice mwan3track: Interface wan2 (eth0.3) is offline
Mon Apr 28 11:35:07 2014 user.notice mwan3: ifdown interface wan2 (eth0.3)
Mon Apr 28 11:35:22 2014 user.notice mwan3track: Interface wan (eth0.2) is offline
Mon Apr 28 11:35:22 2014 user.notice mwan3: ifdown interface wan (eth0.2)
root@OpenWrt:~#

root@OpenWrt:~# iptables -L -v -n -t mangle
Chain PREROUTING (policy ACCEPT 847 packets, 102K bytes)
 pkts bytes target     prot opt in     out     source               destination
19059 7475K mwan3_hook  all  --  *      *       0.0.0.0/0            0.0.0.0/0
19053 7475K fwmark     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT 360 packets, 37284 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 413 packets, 59306 bytes)
 pkts bytes target     prot opt in     out     source               destination
13464 1472K qos_Default  all  --  *      eth0.2  0.0.0.0/0            0.0.0.0/0
 1237  184K qos_Default  all  --  *      eth0.3  0.0.0.0/0            0.0.0.0/0
13275 6938K mssfix     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 1024 packets, 102K bytes)
 pkts bytes target     prot opt in     out     source               destination
 7147  595K qos_Default  all  --  *      eth0.2  0.0.0.0/0            0.0.0.0/0
 4045  340K qos_Default  all  --  *      eth0.3  0.0.0.0/0            0.0.0.0/0
 6537  649K mwan3_hook  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 992 packets, 126K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain fwmark (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain mssfix (1 references)
 pkts bytes target     prot opt in     out     source               destination
  139  8896 TCPMSS     tcp  --  *      eth0.2  0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 /* wan (mtu_fix) */ TCPMSS clamp to PMTU
   62  3968 TCPMSS     tcp  --  *      eth0.3  0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 /* wan (mtu_fix) */ TCPMSS clamp to PMTU

Chain mwan3_connected (1 references)
 pkts bytes target     prot opt in     out     source               destination
   13   916 MARK       all  --  *      *       0.0.0.0/0            127.0.0.0/8          mark match 0x0/0xff00 MARK or 0xff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            224.0.0.0/3          mark match 0x0/0xff00 MARK or 0xff00
    8  1521 MARK       all  --  *      *       0.0.0.0/0            192.168.100.0/22     mark match 0x0/0xff00 MARK or 0xff00
    5   304 MARK       all  --  *      *       0.0.0.0/0            xxx.yy.zz.0/24       mark match 0x0/0xff00 MARK or 0xff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            xxx.yy.zz.0/24       mark match 0x0/0xff00 MARK or 0xff00

Chain mwan3_hook (2 references)
 pkts bytes target     prot opt in     out     source               destination
25596 8124K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore mask 0xff00
 5795  476K mwan3_ifaces  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00
 5756  469K mwan3_connected  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00
 5455  443K mwan3_rules  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00
25596 8124K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK save mask 0xff00

Chain mwan3_ifaces (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain mwan3_policy_balanced (1 references)
 pkts bytes target     prot opt in     out     source               destination
  689 53220 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00 /* unreachable */ MARK xset 0xfe00/0xff00

Chain mwan3_policy_wan2_only (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00 /* unreachable */ MARK xset 0xfe00/0xff00

Chain mwan3_policy_wan2_wan (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00 /* unreachable */ MARK xset 0xfe00/0xff00

Chain mwan3_policy_wan_only (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00 /* unreachable */ MARK xset 0xfe00/0xff00

Chain mwan3_policy_wan_wan2 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00 /* unreachable */ MARK xset 0xfe00/0xff00

Chain mwan3_rules (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 mwan3_policy_wan_wan2  tcp  --  *      *       0.0.0.0/0.0.0.1      0.0.0.0/0            multiport sports 0:65535 multiport dports 443 mark match 0x0/0xff00 /* sticky_even */
    0     0 mwan3_policy_wan2_wan  tcp  --  *      *       0.0.0.1/0.0.0.1      0.0.0.0/0            multiport sports 0:65535 multiport dports 443 mark match 0x0/0xff00 /* sticky_odd */
  689 53220 mwan3_policy_balanced  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff00 /* default_rule */

Chain qos_Default (4 references)
 pkts bytes target     prot opt in     out     source               destination
25893 2591K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore mask 0xff
13255 1210K qos_Default_ct  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff
  116 69900 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x1/0xff length 400:65535 MARK and 0xffffff00
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x2/0xff length 800:65535 MARK and 0xffffff00
 2357  178K MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff length 0:500 MARK xset 0x2/0xff
 8174  713K MARK       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x1/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff tcp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff udp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
  352 22524 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            length 0:128 mark match ! 0x4/0xff tcp flags:0x3F/0x02 MARK xset 0x1/0xff
 9201  469K MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            length 0:128 mark match ! 0x4/0xff tcp flags:0x3F/0x10 MARK xset 0x1/0xff

Chain qos_Default_ct (1 references)
 pkts bytes target     prot opt in     out     source               destination
   12  2200 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff tcp multiport ports 22,53 MARK xset 0x1/0xff
  412 26937 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff udp multiport ports 22,53 MARK xset 0x1/0xff
  323 20672 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff tcp multiport ports 25,80,110,443,993,995,501 MARK xset 0x3/0xff
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff tcp multiport ports 5190 MARK xset 0x2/0xff
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff udp multiport ports 5190 MARK xset 0x2/0xff
13255 1210K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK save mask 0xff
root@OpenWrt:~#

root@OpenWrt:~# ip rule
0:      from all lookup local
2254:   from all fwmark 0xfe00/0xff00 unreachable
32766:  from all lookup main
32767:  from all lookup default
root@OpenWrt:~#


root@OpenWrt:~# ip route
default via xxx.yy.zz.31 dev eth0.2  proto static  metric 10
default via xxx.yy.zz.31 dev eth0.3  proto static  metric 20
192.168.100.0/22 dev br-lan  proto kernel  scope link  src 192.168.100.2
xxx.yy.zz.0/24 dev eth0.2  proto static  scope link  metric 10
xxx.yy.zz.0/24 dev eth0.3  proto static  scope link  metric 20
root@OpenWrt:~#

root@OpenWrt:~# ip route list table 1
root@OpenWrt:~# ip route list table 2
root@OpenWrt:~#

Please try and remove all track_ip options from mwan3 config and see if the wans stay online...

Adze wrote:

Please try and remove all track_ip options from mwan3 config and see if the wans stay online...

OK, there are no more mwan3track-related processes and the WANs appear online:

root@OpenWrt:~# ps
  PID USER       VSZ STAT COMMAND
    1 root      1320 S    /sbin/procd
    2 root         0 SW   [kthreadd]
    3 root         0 SW   [ksoftirqd/0]
    5 root         0 SW<  [kworker/0:0H]
    7 root         0 SW<  [khelper]
    8 root         0 SW   [kworker/u2:1]
   61 root         0 SW<  [writeback]
   63 root         0 SW<  [bioset]
   65 root         0 SW<  [kblockd]
   92 root         0 SW   [kworker/0:1]
   97 root         0 SW   [kswapd0]
  143 root         0 SW   [fsnotify_mark]
  157 root         0 SW<  [ath79-spi]
  271 root         0 SW<  [deferwq]
  272 root         0 SW   [kworker/0:2]
  304 root         0 SW   [kworker/u2:2]
  323 root         0 SW   [khubd]
  354 root         0 SWN  [jffs2_gcd_mtd3]
  403 root       884 S    /sbin/ubusd
  404 root       772 S    /sbin/askfirst ttyS0 /bin/ash --login
  665 root         0 SW<  [cfg80211]
  778 root      1288 S    /sbin/logd -S 16
  810 root      1476 S    /sbin/netifd
  828 root      1156 S    /usr/sbin/odhcpd
  861 root      1100 S    /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300
 1017 root      1360 S    /usr/sbin/ntpd -n -p 0.europe.pool.ntp.org -p 2.europe.pool.ntp.org
 1131 root      1368 S    udhcpc -p /var/run/udhcpc-eth0.2.pid -s /lib/netifd/dhcp.script -f -t 0 -i eth0.2 -C
 1134 root      1368 S    udhcpc -p /var/run/udhcpc-eth0.3.pid -s /lib/netifd/dhcp.script -f -t 0 -i eth0.3 -C
 1190 nobody     976 S    /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -k
 2182 root      1192 R    /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300
 2188 root      1372 S    -ash
17759 root         0 SW   [kworker/0:3]
18098 root         0 SW   [kworker/0:0]
19087 root      1356 R    ps

root@OpenWrt:~# mwan3 status
Interface status:
Interface wan is online
Interface wan2 is online
...

Let's see how it goes ...

kpv wrote:

OK, there are no more mwan3track-related processes and the WANs appear online:

I therefore think that your tracking settings are a bit too tight. As you didn't post your mwan3 config i can only guess...

Adze wrote:
kpv wrote:

OK, there are no more mwan3track-related processes and the WANs appear online:

I therefore think that your tracking settings are a bit too tight. As you didn't post your mwan3 config i can only guess...

Well, here it is (before commenting out all track_ip directive). Basically the factory settings, I just put a different pair of IPs in each WAN:


root@OpenWrt:~# cat /etc/config/mwan3

config interface 'wan'
        option enabled '1'
       list track_ip '8.8.4.4'
#       list track_ip '8.8.8.8'
       list track_ip '208.67.222.222'
#       list track_ip '208.67.220.220'
        option reliability '2'
        option count '1'
        option timeout '2'
        option interval '5'
        option down '3'
        option up '8'

config interface 'wan2'
        option enabled '1'
       list track_ip '8.8.8.8'
       list track_ip '208.67.220.220'
        option reliability '1'
        option count '1'
        option timeout '2'
        option interval '5'
        option down '3'
        option up '8'

config member 'wan_m1_w3'
        option interface 'wan'
        option metric '1'
        option weight '3'

config member 'wan_m2_w3'
        option interface 'wan'
        option metric '2'
        option weight '3'

config member 'wan2_m1_w2'
        option interface 'wan2'
        option metric '1'
        option weight '2'

config member 'wan2_m2_w2'
        option interface 'wan2'
        option metric '2'
        option weight '2'

config policy 'wan_only'
        list use_member 'wan_m1_w3'

config policy 'wan2_only'
        list use_member 'wan2_m1_w2'

config policy 'balanced'
        list use_member 'wan_m1_w3'
        list use_member 'wan2_m1_w2'

config policy 'wan_wan2'
        list use_member 'wan_m1_w3'
        list use_member 'wan2_m2_w2'

config policy 'wan2_wan'
        list use_member 'wan_m2_w3'
        list use_member 'wan2_m1_w2'

config rule 'sticky_even'
        option src_ip '0.0.0.0/0.0.0.1'
        option dest_port '443'
        option proto 'tcp'
        option use_policy 'wan_wan2'

config rule 'sticky_odd'
        option src_ip '0.0.0.1/0.0.0.1'
        option dest_port '443'
        option proto 'tcp'
        option use_policy 'wan2_wan'

config rule 'default_rule'
        option dest_ip '0.0.0.0/0'
        option use_policy 'balanced'

root@OpenWrt:~#

Please try these settings:

config interface 'wan'
        option enabled '1'
        list track_ip '8.8.4.4'
        list track_ip '208.67.222.222'
        option reliability '1'
        option count '2'
        option timeout '5'
        option interval '10'
        option down '3'
        option up '8'

config interface 'wan2'
        option enabled '1'
        list track_ip '8.8.8.8'
        list track_ip '208.67.220.220'
        option reliability '1'
        option count '2'
        option timeout '5'
        option interval '10'
        option down '3'
        option up '8'

(Last edited by Adze on 28 Apr 2014, 14:08)

arfett wrote:

Check the mwan3 wiki page for the latest version number. I update the wiki when I upload a new version.

Hi. thanks for your info.