Topic: mwan3; multi-wan policy routing (general topic)

The content of this topic has been archived between 22 May 2013 and 6 May 2018. Unfortunately there are posts – most likely complete pages – missing.

Page 55 of 65

Post #1351

Vahe91

22 Aug 2015, 14:03

OpenWrt Chaos Calmer r46693 / LuCI (git-15.231.29322-8597b86) , Kernel Version 4.1.5
This message show for all interfaces
WARNING: some interfaces have no default route in the main routing table!

Software versions : 

OpenWrt - OpenWrt Chaos Calmer r46693
LuCI - git-15.231.29322-8597b86

mwan3 - 1.6-2
mwan3-luci - 1.4-3

Output of "cat /etc/config/mwan3" : 

config rule 'dns'
    option dest_ip '92.43.137.17'
    option proto 'all'
    option sticky '0'
    option use_policy 'dnsucom'

config rule 'dns1'
    option dest_ip '92.43.138.17'
    option proto 'all'
    option sticky '0'
    option use_policy 'dnsucom'

config rule 'dns2'
    option dest_ip '92.43.138.1'
    option proto 'all'
    option sticky '0'
    option use_policy 'dnsucom'

config rule 'dns3'
    option dest_ip '92.43.137.1'
    option proto 'all'
    option sticky '0'
    option use_policy 'dnsucom'

config rule 'dns4'
    option dest_ip '188.115.192.34'
    option proto 'all'
    option sticky '0'
    option use_policy 'dnsorange'

config rule 'dns5'
    option dest_ip '188.115.193.34'
    option proto 'all'
    option sticky '0'
    option use_policy 'dnsorange'

config rule 'default_rule'
    option dest_ip '0.0.0.0/0'
    option use_policy 'balanced'

config policy 'wan_only'
    option last_resort 'default'
    list use_member 'wan_m1_w3'
    list use_member 'wan3g_m2_w4'

config policy 'wan2_only'
    option last_resort 'default'
    list use_member 'wan2_m1_w2'
    list use_member 'wan3g_m2_w4'

config policy 'wan3g_only'
    list use_member 'wan3g_m1_w4'
    option last_resort 'default'

config policy 'dnsucom'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m2_w2'
    option last_resort 'unreachable'

config policy 'dnsorange'
    list use_member 'wan3g_m1_w4'
    option last_resort 'unreachable'

config policy 'balanced'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m1_w2'
    list use_member 'wan3g_m2_w4'
    option last_resort 'unreachable'

config member 'wan_m1_w3'
    option interface 'wan'
    option metric '1'
    option weight '3'

config member 'wan_m2_w3'
    option interface 'wan'
    option metric '2'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'wan2'
    option metric '1'
    option weight '2'

config member 'wan2_m2_w2'
    option interface 'wan2'
    option metric '2'
    option weight '2'

config member 'wan3g_m1_w4'
    option interface 'wan3g'
    option metric '1'
    option weight '4'

config member 'wan3g_m2_w4'
    option interface 'wan3g'
    option weight '4'
    option metric '2'

config interface 'wan'
    option enabled '1'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option reliability '2'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config interface 'wan2'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'
    option enabled '1'

config interface 'wan3g'
    option enabled '1'
    list track_ip '8.8.8.8'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '5'
    option up '5'

Output of "cat /etc/config/network" : 

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fddc:e4d3:ab15::/48'

config interface 'lan'
    option ifname 'eth1'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config interface 'wan'
    option proto 'dhcp'
    option _orig_ifname 'eth0'
    option _orig_bridge 'false'
    option ifname 'eth0.2'
    option metric '10'
    option macaddr '46:C7:E1:8B:16:F9'

config interface 'wan6'
    option proto 'dhcpv6'
    option _orig_ifname 'eth0'
    option _orig_bridge 'false'
    option ifname 'eth0.2'
    option reqaddress 'try'
    option reqprefix 'auto'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'
    option mirror_source_port '0'
    option mirror_monitor_port '0'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '0 2 3 4'
    option vid '1'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option vid '2'
    option ports '5 6t'

config switch_vlan
    option device 'switch0'
    option vlan '3'
    option vid '3'
    option ports '1 6t'

config interface 'wan2'
    option proto 'dhcp'
    option ifname 'eth0.3'
    option metric '20'
    option macaddr '8E:75:8D:C7:7E:5E'

config interface 'wan3g'
    option proto '3g'
    option device '/dev/ttyUSB2'
    option service 'umts_only'
    option apn 'internet'
    option pincode '1111'
    option dialnumber '*99***1#'
    option ipv6 'auto'
    option metric '30'

Output of "ifconfig" : 

3g-wan3g  Link encap:Point-to-Point Protocol  
          inet addr:5.77.237.90  P-t-P:10.64.64.64  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:17079 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15397 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:14241563 (13.5 MiB)  TX bytes:1866023 (1.7 MiB)

br-lan    Link encap:Ethernet  HWaddr E8:94:F6:69:07:CA  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fddc:e4d3:ab15::1/60 Scope:Global
          inet6 addr: fe80::ea94:f6ff:fe69:7ca/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:306842 errors:0 dropped:0 overruns:0 frame:0
          TX packets:438620 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:162416626 (154.8 MiB)  TX bytes:404287929 (385.5 MiB)

eth0      Link encap:Ethernet  HWaddr E8:94:F6:69:07:CB  
          inet6 addr: fe80::ea94:f6ff:fe69:7cb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:397538 errors:0 dropped:0 overruns:0 frame:0
          TX packets:288245 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:374398624 (357.0 MiB)  TX bytes:163823901 (156.2 MiB)
          Interrupt:4 

eth0.2    Link encap:Ethernet  HWaddr 46:C7:E1:8B:16:F9  
          inet addr:46.162.218.193  Bcast:46.162.219.255  Mask:255.255.252.0
          inet6 addr: fe80::44c7:e1ff:fe8b:16f9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:227488 errors:0 dropped:0 overruns:0 frame:0
          TX packets:174546 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:180050586 (171.7 MiB)  TX bytes:86104293 (82.1 MiB)

eth0.3    Link encap:Ethernet  HWaddr 8E:75:8D:C7:7E:5E  
          inet addr:46.162.218.197  Bcast:46.162.219.255  Mask:255.255.252.0
          inet6 addr: fe80::8c75:8dff:fec7:7e5e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:170050 errors:0 dropped:0 overruns:0 frame:0
          TX packets:113691 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:187192354 (178.5 MiB)  TX bytes:76565772 (73.0 MiB)

eth1      Link encap:Ethernet  HWaddr E8:94:F6:69:07:CA  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:291329 errors:0 dropped:35 overruns:0 frame:0
          TX packets:406475 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:151878912 (144.8 MiB)  TX bytes:380814017 (363.1 MiB)
          Interrupt:5 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:7989 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7989 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:694571 (678.2 KiB)  TX bytes:694571 (678.2 KiB)

Output of "route -n" : 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 3g-wan3g
46.162.216.0    0.0.0.0         255.255.252.0   U     10     0        0 eth0.2
46.162.216.0    0.0.0.0         255.255.252.0   U     20     0        0 eth0.3
46.162.216.1    0.0.0.0         255.255.255.255 UH    10     0        0 eth0.2
46.162.216.1    0.0.0.0         255.255.255.255 UH    20     0        0 eth0.3
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan

Output of "ip rule show" : 

0:    from all lookup 128 
1:    from all lookup local 
1001:    from all iif eth0.2 lookup main 
1002:    from all iif eth0.3 lookup main 
1003:    from all iif 3g-wan3g lookup main 
2001:    from all fwmark 0x100/0xff00 lookup 1 
2002:    from all fwmark 0x200/0xff00 lookup 2 
2003:    from all fwmark 0x300/0xff00 lookup 3 
2253:    from all fwmark 0xfd00/0xff00 blackhole
2254:    from all fwmark 0xfe00/0xff00 unreachable
32766:    from all lookup main 
32767:    from all lookup default

Output of "ip route list table 1-250" : 

1
default via 46.162.216.1 dev eth0.2 
2
default via 46.162.216.1 dev eth0.3 
3
default via 10.64.64.64 dev 3g-wan3g

Post #1352

arfett

22 Aug 2015, 18:14

Vahe91 wrote:

OpenWrt Chaos Calmer r46693 / LuCI (git-15.231.29322-8597b86) , Kernel Version 4.1.5
This message show for all interfaces
WARNING: some interfaces have no default route in the main routing table!

Is mwan3 still working correctly even with the LuCI message?

I'll need to try the new CC and see what's going on.

Post #1353

Vahe91

22 Aug 2015, 18:22

arfett wrote:

Vahe91 wrote:
OpenWrt Chaos Calmer r46693 / LuCI (git-15.231.29322-8597b86) , Kernel Version 4.1.5
This message show for all interfaces
WARNING: some interfaces have no default route in the main routing table!
Is mwan3 still working correctly even with the LuCI message?
I'll need to try the new CC and see what's going on.

yes, mwan3 working correctly

Post #1354

braveheartleo

25 Aug 2015, 12:46

Hi Adze,

I just wonder, is there any reason why mwan3 can't use the nth mode for the statistic iptables module, instead of the random mode?

Suppose the following examples taken from [1]:

iptables -t nat -N OUTPUT_LB
iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 5 --packet 0 -j SNAT --to x1
iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 4 --packet 0 -j SNAT --to x2
iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 3 --packet 0 -j SNAT --to x3
iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 2 --packet 0 -j SNAT --to x4
iptables -t nat -A OUTPUT_LB -j SNAT --to x5
iptables -t nat -A OUTPUT -m state --state NEW -j OUTPUT_LB

iptables -t nat -N OUTPUT_LB
iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.20000  -j SNAT --to x1
iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.25000  -j SNAT --to x2
iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.33333  -j SNAT --to x3
iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.50000  -j SNAT --to x4
iptables -t nat -A OUTPUT_LB -j SNAT --to x5
iptables -t nat -A OUTPUT -m state --state NEW -j OUTPUT_LB

You can see that the nth mode properly does load balancing by matching every nth packet and distributing to each configured WANs.

Unlike the random mode that does "random" balancing, you really can't rely on probablity to properly load balance each time. The problem with "random" balancing is that there can exist corner cases where the probabilistic matching algorithm assigns all packets to a single WAN interface, and I have encountered such corner cases occasionally in my dual-WAN setup even at 0.5 probability. I had to restart the bandwidth tests (bufferbloat measurements using betterspeedtest.sh from [2]) when I noticed that only a single WAN is having any activity (from the physical port indicator located on the router, on a quiet network) and thus I wasn't getting the combined bandwidth (and bufferbloat effects if any) of my two WANs.

The uninitiated might be lead into thinking that mwan3 really does load balancing, when it actually does "random" balancing and expect proper distribution of traffic depending upon the user-defined rules.

[1] https://bbs.archlinux.org/viewtopic.php … 6#p1480716
[2] https://github.com/richb-hanover/CeroWrtScripts/

(Last edited by braveheartleo on 25 Aug 2015, 13:01)

Post #1355

gamba47

2 Sep 2015, 13:26

Hi guys. This post is so huge! sorry for ask here.

Is there any maintainer of this great scripts ?

I have a problem an the possible solution but i can't see how can i contribute.
There is a github mwan3 but it say is no longer maintained.

Best regards.

gamba47

Post #1356

Adze

2 Sep 2015, 13:34

I'm the maintainer.. What is your problem?

The maintained current version is available at https://github.com/openwrt/packages/tre … /net/mwan3

Post #1357

Adze

2 Sep 2015, 13:45

braveheartleo wrote:

I just wonder, is there any reason why mwan3 can't use the nth mode for the statistic iptables module, instead of the random mode?

Sorry for late reply, i did not see any update on this thread until just now.

There is no specific reason why i used random instead of nth. I was familiar with random and not with nth. As you already mentioned, the distrubution over the load-balanced wan interfaces gets better with higher loads. Deviation gets higher with fewer samples.

At first glance i think random is more easy to implement than nth. Let me explain why. Lets take for example a load-balanced setup with three interfaces with a 40-40-20 distribution. With random random i can do this with just three lines. With nth (if not mistaken) i need at least 5 lines. That's why i like to keep it at random, unless you can tell me a way to do above example also in three lines.

(Last edited by Adze on 2 Sep 2015, 13:45)

Post #1358

gamba47

2 Sep 2015, 16:13

Adze wrote:

I'm the maintainer.. What is your problem?
The maintained current version is available at https://github.com/openwrt/packages/tre … /net/mwan3

Hi Adze!

My problem is here https://forum.openwrt.org/viewtopic.php?id=59285

I can't ping to any IP using eth0.2 but this is a ISP problem. They don't wan't solve this.

This works.

statusCode=$(curl --write-out %{http_code} --silent --output ip.txt http://ifconfig.me/ip)
if [ ${statusCode} -eq 200 ]
then
   echo OK
else
   echo NOOOO
fi

How can i help to put this inside /usr/sbin/mwan3track ?

Best regards.

gamba47

Post #1359

Dook

9 Sep 2015, 20:29

last_resort is available in version 1.4?

Post #1360

Adze

10 Sep 2015, 08:51

Dook wrote:

last_resort is available in version 1.4?

No, last_resort is introduced in 1.5-6

Post #1361

Adze

10 Sep 2015, 08:58

gamba47 wrote:

How can i help to put this inside /usr/sbin/mwan3track ?

You could try and manually edit /usr/sbin/mwan3track. If the ping command in this script exit with anything other then 0, it is considered unsuccessful. If you were to replace the ping rule with someting like:

local statuscode

statuscode=$(curl --write-out %{http_code} --silent --output ip.txt http://ifconfig.me/ip)

if [ ${statuscode} -eq 200 ]; then
   return 0
else
   return 1
fi

it might work. Keep in mind though that using a check relying on DNS names could introduce unwanted effects. I would strongly advice to use checks based on ip addresses only.

(Last edited by Adze on 10 Sep 2015, 08:59)

Post #1362

gamba47

10 Sep 2015, 14:46

Adze wrote:

gamba47 wrote:
How can i help to put this inside /usr/sbin/mwan3track ?
You could try and manually edit /usr/sbin/mwan3track. If the ping command in this script exit with anything other then 0, it is considered unsuccessful. If you were to replace the ping rule with someting like:
local statuscode

statuscode=$(curl --write-out %{http_code} --silent --output ip.txt http://ifconfig.me/ip)

if [ ${statuscode} -eq 200 ]; then
   return 0
else
   return 1
fi
it might work. Keep in mind though that using a check relying on DNS names could introduce unwanted effects. I would strongly advice to use checks based on ip addresses only.

OK! i will make a try.
It's true about DNS names. I will search another way to do the same without use DNS.

Thanks for your time.

gamba47

Post #1363

Adze

10 Sep 2015, 16:32

You also have to tell curl which interface to use:

local statuscode

statuscode=$(curl --ipv4 --interface $2 --write-out %{http_code} --silent --output ip.txt http://$track_ip/test.html)

if [ ${statuscode} -eq 200 ]; then
   return 0
else
   return 1
fi

Post #1364

Dook

10 Sep 2015, 21:25

In 1.4 if all members for that policy are down, what strategy mwan uses? blackhole, unreachable or default?

(Last edited by Dook on 10 Sep 2015, 21:31)

Post #1365

gamba47

10 Sep 2015, 23:30

Adze wrote:

You also have to tell curl which interface to use:

local statuscode

statuscode=$(curl --ipv4 --interface $2 --write-out %{http_code} --silent --output ip.txt http://$track_ip/test.html)

if [ ${statuscode} -eq 200 ]; then
   return 0
else
   return 1
fi

First step OK!

I change this lines of /usr/sbin/mwan3track from this

for track_ip in $track_ips; do
    ping -I $2 -c $4 -W $5 -s 4 -q $track_ip &> /dev/null
    if [ $? -eq 0 ]; then
        let host_up_count++
    else
        let lost++
    fi
done

to this:

for track_ip in $track_ips; do
         local statuscode
         statuscode=$(curl --ipv4 --interface $2 --write-out %{http_code} --silent --output /tmp/ip.txt http://ifconfig.me)
     if [ $statuscode -eq 200 ]; then
            let host_up_count++
        else
            let lost++
        fi
    done

This works and mark both wan's online. When i force a shutdown on wan1 the scripts detects this and put wan1 in "offline mode". When i power on again wan1 the script never get this new state.

Thanks for your time.

gamba47

Post #1366

dnahc

11 Sep 2015, 15:24

Hello,

Interfaces status in Luci "MWAN Interface Live Status" seems broken in Chaos Calmer. It always shows "offline" status despite online interfaces, confirmed by detailed status and cli. Each time Overwiew is reloaded I get some uhttpd errors :
daemon.err uhttpd[20388]: ip: invalid argument '1' to 'table'
daemon.err uhttpd[20388]: ip: invalid argument '2' to 'table'

Thank you for this great package.

Post #1367

Adze

11 Sep 2015, 16:06

gamba47 wrote:

When i power on again wan1 the script never get this new state.
Thanks for your time.
gamba47

Could you try and create a mwan3 rule for the host(s) you are polling with policy default? Make sure that you place the rule on top of other rules. If this helps, i think i know why it fails.

Post #1368

gamba47

11 Sep 2015, 22:43

Adze wrote:

Could you try and create a mwan3 rule for the host(s) you are polling with policy default? Make sure that you place the rule on top of other rules. If this helps, i think i know why it fails.

I don't understand you Adze :S

The problem is when i run

mwan3 status | grep Interface

this is a good result:

Interface status:
Interface wan is online (tracking active)
Interface wan2 is online (tracking active)

this is the actual result:

Interface status:
Interface wan is offline (tracking active)
Interface wan2 is online (tracking active)

In the last result the WAN interface is OK but not yet reflects the propper status. If i restart mwan3 everything goes up again.

Best regards.

gamba47

Post #1369

1wheler1

21 Sep 2015, 09:04

I have wdr4300, wan - GSM, wan2 - lan
I have a problem with running a VPN (PPTP)
In the first configuration, PPTP is working and not mwan3
In the second configuration, network with wan and wan2 I add a metric option '10' and the metric option '20'
Here it mwan3 work, and switches very smoothly in case of power wan, but stopped working pptp, in the gui as if you can see that it is connected but the traffic does not go through the VPN.

How do configure it to work mwan3 and PPTP???

root@Gargoyle:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.1xx.xxx.254  0.0.0.0         UG    0      0        0 pptp-vpn                   pptp
10.1xx.xxx.254  *               255.255.255.255 UH    0      0        0 pptp-vpn                   pptp
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0.2
192.168.3.0     *               255.255.255.0   U     0      0        0 br-lan
192.168.178.0   *               255.255.255.0   U     0      0        0 eth1
2xx.xx.xx.186   192.168.178.1   255.255.255.255 UGH   0      0        0 eth1
root@Gargoyle:~# mwan3 status
Interface status:
Interface wan is offline (tracking down)
Interface wan2 is offline (tracking down)

root@Gargoyle:~#



/etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config interface 'lan'
    option ifname 'eth0.1'
    option type 'bridge'
    option proto 'static'
    option netmask '255.255.255.0'
    option ipaddr '192.168.3.1'
    option dns '192.168.3.1'

config interface 'wan'
    option proto 'dhcp'
    option ifname 'eth1'
    
config interface 'wan2'
    option proto 'dhcp'
    option ifname 'eth0.2'

config switch
    option name 'eth0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'eth0'
    option vlan '1'
    option ports '0t 2 3 4 5'

config switch_vlan
    option device 'eth0'
    option vlan '2'
    option ports '0t 1'

config interface 'vpnpptp'
    option proto 'pptp'
    option server 'xsrv.eux'
    option username 'xloginx'
    option password 'xpassx'




/etc/config/firewall


config defaults
    option syn_flood '1'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'lan'
    list network 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'wan'
    list network 'wan'
    list network 'wan2'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'

config forwarding
    option src 'lan'
    option dest 'wan'

config rule
    option name 'Allow-DHCP-Renew'
    option src 'wan'
    option proto 'udp'
    option dest_port '68'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-DHCPv6'
    option src 'wan'
    option proto 'udp'
    option src_ip 'fe80::/10'
    option src_port '547'
    option dest_ip 'fe80::/10'
    option dest_port '546'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Input'
    option src 'wan'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'router-solicitation'
    list icmp_type 'neighbour-solicitation'
    list icmp_type 'router-advertisement'
    list icmp_type 'neighbour-advertisement'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Forward'
    option src 'wan'
    option dest '*'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config include
    option path '/etc/firewall.user'
    option reload '1'

config include
    option type 'script'
    option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
    option family 'IPv4'
    option reload '1'

config include 'miniupnpd'
    option type 'script'
    option path '/usr/share/miniupnpd/firewall.include'
    option family 'IPv4'
    option reload '1'

config include 'openvpn_include_file'
    option path '/etc/openvpn.firewall'
    option reload '1'

config zone 'vpnpptp_zone'
    option name 'vpnpptp'
    option network 'vpnpptp'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'
    option mtu_fix '1'
    option masq '1'

config forwarding 'vpnpptp_lan_forwarding'
    option src 'lan'
    option dest 'vpnpptp'

root@Gargoyle:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.1xx.xxx.254  0.0.0.0         UG    0      0        0 pptp-vpn         pptp
default         192.168.178.1   0.0.0.0         UG    10     0        0 eth1
default         192.168.1.1     0.0.0.0         UG    20     0        0 eth0.2
10.1xx.xxx.254  *               255.255.255.255 UH    0      0        0 pptp-vpn         pptp
192.168.1.0     *               255.255.255.0   U     20     0        0 eth0.2
192.168.3.0     *               255.255.255.0   U     0      0        0 br-lan
192.168.178.0   *               255.255.255.0   U     10     0        0 eth1
2xx.xx.xx.186   192.168.178.1   255.255.255.255 UGH   10     0        0 eth1
root@Gargoyle:~# mwan3 status
Interface status:
Interface wan is online (tracking active)
Interface wan2 is online (tracking active)

Policy balanced:
 wan2 (40%)
 wan (60%)

Policy wan2_only:
 wan2 (100%)

Policy wan2_wan:
 wan2 (100%)

Policy wan_only:
 wan (100%)

Policy wan_wan2:
 wan (100%)

Known networks:
destination        policy             hits
------------------------------------------------
127.0.0.0/8        default            24
224.0.0.0/3        default            44
10.100.201.254     default            0
192.168.1.0/24     default            48
192.168.3.0/24     default            108
192.168.178.0/24   default            387
2xx.xx.xx.186      default            6
10.100.200.184     default            1
127.0.0.0          default            0
127.0.0.0/8        default            24
127.0.0.1          default            24
127.255.255.255    default            0
192.168.1.0        default            0
192.168.1.122      default            45
192.168.1.255      default            0
192.168.3.0        default            0
192.168.3.1        default            57
192.168.3.255      default            0
192.168.178.0      default            0
192.168.178.100    default            381
192.168.178.255    default            0

Active rules:
source             destination        proto  src-port      dest-port     policy        hits
---------------------------------------------------------------------------------------------------
0.0.0.0/0          0.0.0.0/0          all                                wan_wan2       159

root@Gargoyle:~#

Post #1370

dnahc

29 Sep 2015, 15:36

dnahc wrote:

Hello,
Interfaces status in Luci "MWAN Interface Live Status" seems broken in Chaos Calmer. It always shows "offline" status despite online interfaces, confirmed by detailed status and cli. Each time Overwiew is reloaded I get some uhttpd errors :
daemon.err uhttpd[20388]: ip: invalid argument '1' to 'table'
daemon.err uhttpd[20388]: ip: invalid argument '2' to 'table'
Thank you for this great package.

My mistake, it is on Luci from trunk, interfaces status work fine in Chaos Calmer version.

Post #1371

Philipp11

30 Sep 2015, 21:47

At first i want to thank you so much Adze for one of the best plugins i couldn't live without!

So I've been using mwan3 for the past 2 years now at numerous locations. I always managed to figure out eventually occuring problems by mself, but I can't seem to perfectly configure my own setup.

What I have and want to achieve :
1 x wired WAN
1 x radiolink with 2 gateways and 2 static ipadresses over 1 physical ethernet port

I want to achieve beeing able to load balance my traffic over 2 different gateways only using 1 physical ethernet port (which is connected to my radio-link antenna)
Balancing between the wired connection and one of the radiolink gateways works without a hassle, the problem is that the 2nd interface of the vlan 1.3 uses the same gateway as the first one. Both virtual interfaces appear to be up and running since the ping of the 2nd virtual interface simply passes through the gateway from the first virtual interface.

my /etc/config/network

cconfig interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd30:0c4a:0bba::/48'

config interface 'lan'
    option ifname 'eth1.1'
    option proto 'static'
    option netmask '255.255.255.0'
    option type 'bridge'
    option dns '8.8.8.8'
    option ipaddr '192.168.0.1'
    option gateway '192.168.0.250'

config interface 'wan2'
    option proto 'static'
    option netmask '255.255.255.0'
    option macaddr 'B0:48:7A:FF:36:95'
    option metric '20'
    option ifname 'eth1.3'
    option ipaddr '192.168.20.38'
    option dns '213.73.91.35 8.8.8.8'
    option gateway '192.168.20.4'

config interface 'wan2_2'
    option proto 'static'
    option netmask '255.255.255.0'
    option metric '30'
    option ifname 'eth1.3'
    option macaddr 'B0:48:7A:FF:36:96'
    option ipaddr '192.168.20.37'
    option gateway '192.168.20.1'
    option dns '213.73.91.35 8.8.8.8'

config interface 'wan'
    option proto 'pppoe'
    USERNAME HIDDEN
    PASSWORD HIDDEN
    option metric '10'
    option _orig_ifname 'eth0'
    option _orig_bridge 'false'
    option ifname 'eth0'

config interface 'wan6'
    option ifname '@wan'
    option proto 'dhcpv6'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option vid '1'
    option ports '0t 1 2 3'

config switch_vlan
    option device 'switch0'
    option vlan '3'
    option ports '0t 4'
    option vid '3'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '5 6'
    option vid '2'

mwan3 status :

Interface status:
 interface wan is online (tracking active)
 interface wan2 is online (tracking active)
 interface wan2_2 is online (tracking active)

Policy balanced:
 wan2 (50%)
 wan2_2 (50%)

Policy balancedg2g3:
 unreachable

Policy express:
 wan2_2 (33%)
 wan2 (33%)
 wan (33%)

Policy wan2_only:
 wan2 (100%)

Policy wan2_wan:
 wan2 (100%)

Policy wan_only:
 wan (100%)

Policy wan_wan2:
 wan (100%)

Known networks:
 192.168.0.0/24
 192.168.0.0
 127.0.0.0/8
 192.168.20.38
 224.0.0.0/3
 62.218.4.126
 192.168.20.0
 192.168.20.37
 86.33.124.2
 127.0.0.1
 0.0.0.0
 127.255.255.255
 192.168.20.255
 192.168.0.1
 127.0.0.0
 192.168.20.0/24
 192.168.0.255

Active rules:
15442 1413K - balanced  all  --  *      *       192.168.0.101        0.0.0.0/0  
    0     0 - balanced  all  --  *      *       192.168.0.111        0.0.0.0/0  
   22  1320 - balanced  all  --  *      *       192.168.0.112        0.0.0.0/0  
    0     0 - balanced  all  --  *      *       192.168.0.113        0.0.0.0/0  
    0     0 - wan_only  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport sports 0:65535 multiport dports 6112
   35  1930 - wan_only  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport sports 0:65535 multiport dports 27000:29000,25162,9899,20006,9989,13000
    0     0 - wan_only  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport sports 0:65535 multiport dports 9987,1337
 4919  417K - balanced  all  --  *      *       0.0.0.0/0            0.0.0.0/0  
    0     0 - wan_only  tcp  --  *      *       0.0.0.0/0.0.0.1      0.0.0.0/0            multiport sports 0:65535 multiport dports 443
    0     0 - wan2_wan  tcp  --  *      *       0.0.0.1/0.0.0.1      0.0.0.0/0            multiport sports 0:65535 multiport dports 443
    0     0 - wan_only  udp  --  *      *       192.168.0.123        0.0.0.0/0            multiport sports 0:65535 multiport dports 3659,9565,9570,9000:9999
/etc/config/mwan3

config interface 'wan'
    option enabled '1'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option reliability '2'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config interface 'wan2'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option down '3'
    option enabled '1'
    option timeout '4'
    option interval '10'
    option up '1'

config interface 'wan2_2'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option down '3'
    option enabled '1'
    option timeout '4'
    option interval '10'
    option up '1'

Traceroute Virtual Interface 1.3 Gate 1 : 

root@OpenWrt:~# traceroute -s 192.168.20.38 cwtech.at
traceroute to cwtech.at (89.185.96.2) from 192.168.20.38, 30 hops max, 38 byte packets
 1  192.168.20.4 (192.168.20.4)  29.748 ms  15.921 ms  20.541 ms
 2  *  *  *

Traceroute Virtual Interface 1.3 Gate 2 : 
root@OpenWrt:~# traceroute -s 192.168.20.37 cwtech.at
traceroute to cwtech.at (89.185.96.2) from 192.168.20.37, 30 hops max, 38 byte packets
 1  192.168.20.4 (192.168.20.4)  10.060 ms  20.289 ms  17.060 ms
 2  *  *

relevant output of ifconfig... here i notice that i can't find the IP of the vlans 2nd interface :

eth1.3    Link encap:Ethernet  HWaddr B0:48:7A:FF:36:96  
          inet addr:192.168.20.38  Bcast:192.168.20.255  Mask:255.255.255.0
          inet6 addr: fe80::b248:7aff:feff:3696/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:66463281 errors:0 dropped:3 overruns:0 frame:0
          TX packets:5771977 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:13234323480 (12.3 GiB)  TX bytes:633502959 (604.1 MiB)

Software versions : 

OpenWrt - OpenWrt Chaos Calmer 15.05
LuCI - git-15.248.30277-3836b45

mwan3 - 1.6-2
mwan3-luci - 1.4-3

Full output of "ifconfig" :

br-lan    Link encap:Ethernet  HWaddr 14:CC:20:A9:2E:36  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::16cc:20ff:fea9:2e36/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:25878124 errors:0 dropped:159 overruns:0 frame:0
          TX packets:37408486 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3076950846 (2.8 GiB)  TX bytes:35435790822 (33.0 GiB)

eth0      Link encap:Ethernet  HWaddr 14:CC:20:A9:2E:37  
          inet6 addr: fe80::16cc:20ff:fea9:2e37/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:25127539 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18068972 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2696865450 (2.5 GiB)  TX bytes:2623394287 (2.4 GiB)
          Interrupt:4 

eth1      Link encap:Ethernet  HWaddr 14:CC:20:A9:2E:36  
          inet6 addr: fe80::16cc:20ff:fea9:2e36/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:117736341 errors:0 dropped:4 overruns:3 frame:0
          TX packets:44669911 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2972906647 (2.7 GiB)  TX bytes:1291448577 (1.2 GiB)
          Interrupt:5 

eth1.1    Link encap:Ethernet  HWaddr 14:CC:20:A9:2E:36  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:25374189 errors:0 dropped:333 overruns:0 frame:0
          TX packets:36654204 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3057028219 (2.8 GiB)  TX bytes:34604726424 (32.2 GiB)

eth1.3    Link encap:Ethernet  HWaddr B0:48:7A:FF:36:96  
          inet addr:192.168.20.38  Bcast:192.168.20.255  Mask:255.255.255.0
          inet6 addr: fe80::b248:7aff:feff:3696/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:66465463 errors:0 dropped:3 overruns:0 frame:0
          TX packets:5774042 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:13235248775 (12.3 GiB)  TX bytes:633756892 (604.3 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:2364 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2364 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:177010 (172.8 KiB)  TX bytes:177010 (172.8 KiB)

pppoe-wan Link encap:Point-to-Point Protocol  
          inet addr:xxx P-t-P:62.218.4.126  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:24757788 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17699176 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:19308106145 (17.9 GiB)  TX bytes:2222873720 (2.0 GiB)

wlan0     Link encap:Ethernet  HWaddr 14:CC:20:A9:2E:36  
          inet6 addr: fe80::16cc:20ff:fea9:2e36/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:877591 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1505391 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:127880983 (121.9 MiB)  TX bytes:1010147471 (963.3 MiB)

Output of "route -n" :

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.20.1    255.255.255.255 UGH   0      0        0 eth1.3
0.0.0.0         192.168.0.250   0.0.0.0         UG    0      0        0 br-lan
0.0.0.0         62.218.4.126    0.0.0.0         UG    10     0        0 pppoe-wan
0.0.0.0         192.168.20.4    0.0.0.0         UG    20     0        0 eth1.3
0.0.0.0         192.168.20.1    0.0.0.0         UG    30     0        0 eth1.3
62.218.4.126    0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.20.0    0.0.0.0         255.255.255.0   U     20     0        0 eth1.3
192.168.20.0    0.0.0.0         255.255.255.0   U     30     0        0 eth1.3

Output of "ip rule show" :

0:    from all lookup 128 
1:    from all lookup local 
1001:    from all iif pppoe-wan lookup main 
1002:    from all iif eth1.3 lookup main 
1003:    from all iif eth1.3 lookup main 
2001:    from all fwmark 0x100/0xff00 lookup 1 
2002:    from all fwmark 0x200/0xff00 lookup 2 
2003:    from all fwmark 0x300/0xff00 lookup 3 
2253:    from all fwmark 0xfd00/0xff00 blackhole
2254:    from all fwmark 0xfe00/0xff00 unreachable
32766:    from all lookup main 
32767:    from all lookup default

Output of "ip route list table 1-250" :

1
default via 62.218.4.126 dev pppoe-wan 
2
default via 192.168.20.4 dev eth1.3 
3
default via 192.168.20.4 dev eth1.3

I would really really appreciate hints on what mistake(s) i made.

regards Philipp

(Last edited by Philipp11 on 30 Sep 2015, 22:02)

Post #1372

arfett

3 Oct 2015, 18:51

dnahc wrote:

dnahc wrote:
Hello,
Interfaces status in Luci "MWAN Interface Live Status" seems broken in Chaos Calmer. It always shows "offline" status despite online interfaces, confirmed by detailed status and cli. Each time Overwiew is reloaded I get some uhttpd errors :
daemon.err uhttpd[20388]: ip: invalid argument '1' to 'table'
daemon.err uhttpd[20388]: ip: invalid argument '2' to 'table'
Thank you for this great package.
My mistake, it is on Luci from trunk, interfaces status work fine in Chaos Calmer version.

I will investigate and see if I need to fix anything for the trunk branch.

Post #1373

inquba

4 Oct 2015, 21:04

HI. I was wondering if it is possible in mwan3 1.6 that a ipset rule instead of a domain name or several domains... it could be put any domain ? or any ip.....? this is what I want to do

source IP =192.168.10.165 destination address=0.0.0.0/0 destination port= 80,443 protocol=tcp sticky=yes ipset=kodi pollcy=balanced

so I should put the ipset rule in /etc/dnsmasq.conf.......but it is correct to put this way ? " ipset=/0.0.0.0/0/kodi " ??? it is correct to allow all ips that the source ip 192.168.10.165 wants ? with port 80 and 443

thanks so much

Post #1374

inquba

4 Oct 2015, 23:38

by the way.... I just install CC 15.05 in tl-mr3420 ..... i first install mwan3 since I wanted to use the ipset in version 1.6
I install and fine..... then I install dnsCrypt.... in two days I have to change a lot and sometimes reset.... the problem is that it works fine but when reboot.. sometimes i can not navigate in internet I dont have ouside internet. even when my 4 wans shown connected and working even in tests they have 0 loss in test... but in my PC I can go outside..... other times when reboot openwrt does not give DHCP registration... so I need to set fix IP in my pc in order to access...... I dont know if something brake with dnsCrypt.... then i did test from fresh install and wihout set or install DnsCrypt...... i thought dnscrypt was guilt.. when I set ignore resolv list.. as it said that should be...... so I didnt install anymore .....but have random problems with internet even without dnscrypt... maybe and maybe is when I put in /etc/dnsmasq.conf the ipset..... if I put ipset rule inside... sometimes I have no internet..... and when dont put ipset in fresh install.... i have internet fine...... it is possible that ipset in /etc/dnsmasq.conf break something ? thanks so much

NOTE: I have 4 more router that are installed with AA 12.09 with mwan3 and dnscrypt... wshaper and working excelent without any problem the router are wr740n, wr740nd and wr841ndv8.... my actual MR3420v2.2 is not compatible with AA 12.9 by the way

Post #1375

inquba

5 Oct 2015, 05:06

last question. is SQM package in 15.05 now compatible with mwan3 ? wshaper take more ram than SQM and I was wondering if SQM would NO Hurt my mwan3

thanks in advance
inquba

Sorry, posts 1376 to 1375 are missing from our archive.

Page 55 of 65