Arfett. Can you please email me at  sploit@sploitworks.com

I need help on a very old post you wrote.

This is for the Netgear WNDR3800

I need a configuration file for  uboot-envtools   to read it. The Wiki is lacking info and I am trying to read the uboot. Also did you ever have success writing to it???

I have direct serial access but want to modify the uboot environment environment from openwrt and the info is limited on  uboot-envtools.

I need:
1) The configuration file for  uboot-envtools.
2) Whatever info you can help with for making the Uboot Environment Writeable

If you can help I'd be most appreciative.

I have a ton of these things and I currently modify them using the serial cable and I need to make it easy with openwrt.

Eventually I'll find it but you will put me a day or two ahead if you can help out. Thank you!

(Last edited by sploit on 24 Sep 2016, 05:57)

Hi,
I have OpenWrt Chaos Calmer 15.05.1 r49398 on a TP-Link842N/v.3.1/. I have two inet providers - one comming via cable on wan port and a second comming via wi-fi on wwan. I have OpenVpn and mwan3 installed.
I need your help in solving two questions:
1. I would like to use only the wan connection as  a gateway for the openvpn tunnel. Is there a way to do it?
2. I would like to use the OpenVpn connection only for reaching some specific addresses/ e.g. gmail.com or speedtest.net/. Otherwise I would like to keep my working wan_wwan policy for normal use.
Problem now is that, when the OpenVpn connection is started an runing the mwan3 dosn`t seems to work as expected, or doesn`t work at all, i.e. e.g. when I disconnect the wan interface the connections doesn`t failover to the wwan connection as it should be. When I disconnect the OpenVpn tunnel the failover works as usual. I saw also that, when OpenVpn connection is open the mwan3 doesn`t follow the specified mwan3 rules. In my case regarding the reaching of "checkip.dyndns.org"
Please help me solve these problems.

Here my configs:

/etc/config/openvpn

config openvpn 'IPredator'
    option client '1'
    option dev 'tun1337'
    option proto 'udp'
    list auth_user_pass '/etc/openvpn/IPredator.auth'
    option resolv_retry 'infinite'
    option float '1'
    option nobind '1'
    option persist_key '1'
    option persist_tun '1'
    option ca '/etc/openvpn/IPredator.se.ca.crt'
    option ns_cert_type 'server'
    list tls_auth '/etc/openvpn/IPredator.se.ta.key'
    option cipher 'AES-256-CBC'
    option comp_lzo 'yes'
    option passtos '1'
    option tls_version_min '1.2'
    option remote 'ipv6.openvpn.ipredator.se 1194'
    option tls_client '1'
    option verb '3'
    option route_client '1'
    option route_metric '30'
    option route '0.0.0.0 0.0.0.0 vpn_gateway 30'
    option enabled '1'

etc/config/firewall

config defaults
    option syn_flood '1'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'lan'
    option network 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'wan'
    option output 'ACCEPT'
    option forward 'REJECT'
    option input 'ACCEPT'
    option masq '1'
    option mtu_fix '1'
    option network 'wan wwan'

config zone
    option name 'ipr'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
    option network 'IPREDATOR'

config rule
    option name 'Allow-DHCP-Renew'
    option src 'wan'
    option proto 'udp'
    option dest_port '68'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-DHCPv6'
    option src 'wan'
    option proto 'udp'
    option src_ip 'fe80::/10'
    option src_port '547'
    option dest_ip 'fe80::/10'
    option dest_port '546'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Input'
    option src 'wan'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'router-solicitation'
    list icmp_type 'neighbour-solicitation'
    list icmp_type 'router-advertisement'
    list icmp_type 'neighbour-advertisement'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Forward'
    option src 'wan'
    option dest '*'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config include
    option path '/etc/firewall.user'

config forwarding
    option dest 'ipr'
    option src 'lan'

config forwarding
    option dest 'wan'
    option src 'lan'

etc/config/mwan3

config rule 'checkip'
    option sticky '0'
    option dest_ip 'checkip.dyndns.org'
    option src_ip '192.168.2.2'
    option proto 'tcp'
    option use_policy 'wwan_only'

config rule 'openvpn'
    option src_port '0:65535'
    option dest_port '1194'
    option proto 'udp'
    option sticky '0'
    option use_policy 'wan_wwan'

config rule 'default_rule'
    option proto 'all'
    option sticky '0'
    option use_policy 'wan_wwan'
    option dest_ip '0.0.0.0/0'

config interface 'wan'
    option enabled '1'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option reliability '2'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config interface 'wan2'
    option enabled '0'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config member 'wan_m1_w3'
    option interface 'wan'
    option metric '1'
    option weight '3'

config member 'wan_m2_w3'
    option interface 'wan'
    option metric '2'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'wan2'
    option metric '1'
    option weight '2'

config member 'wan2_m2_w2'
    option interface 'wan2'
    option metric '2'
    option weight '2'

config policy 'wan_only'
    list use_member 'wan_m1_w3'

config policy 'wan2_only'
    list use_member 'wan2_m1_w2'

config policy 'balanced'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m1_w2'

config policy 'wan_wan2'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m2_w2'

config policy 'wan2_wan'
    list use_member 'wan_m2_w3'
    list use_member 'wan2_m1_w2'

config interface 'wwan'
    option enabled '1'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '3'

config member 'wwan_m1_w2'
    option interface 'wwan'
    option metric '1'
    option weight '2'

config member 'wwan_m2_w2'
    option interface 'wwan'
    option metric '2'
    option weight '2'

config policy 'wwan_wan'
    list use_member 'wwan_m1_w2'
    list use_member 'wan_m2_w3'
    option last_resort 'unreachable'

config policy 'wan_wwan'
    list use_member 'wan_m1_w3'
    list use_member 'wwan_m2_w2'
    option last_resort 'unreachable'

config member 'ipredator_m1_w2'
    option interface 'IPREDATOR'
    option metric '1'
    option weight '2'

config policy 'ipredator_only'
    list use_member 'ipredator_m1_w2'
    option last_resort 'unreachable'

config policy 'wwan_only'
    list use_member 'wwan_m1_w2'
    option last_resort 'unreachable'

config interface 'IPREDATOR'
    option enabled '1'
    list track_ip '208.67.222.222'
    list track_ip '8.8.8.8'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '3'

etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd30:65d1:3ce7::/48'

config interface 'lan'
    option ifname 'eth0'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option ipaddr '192.168.2.1'

config interface 'wan'
    option ifname 'eth1'
    option proto 'dhcp'
    option metric '10'

config interface 'wan6'
    option ifname 'eth1'
    option proto 'dhcpv6'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '0 1 2 3 4'

config interface 'IPREDATOR'
    option proto 'none'
    option ifname 'tun1337'
    option 'metric' '30'

config interface 'wwan'
    option proto 'dhcp'
    option metric '20'

10x

(Last edited by momchetoi on 25 Sep 2016, 19:08)

Hi,all
I want to use mwan3-2.0 with ipset to get a lot of websites go through vpn connection.
It was work ok with mwan3-1.6,but the mwan3-2.0 dosn't support the ipset option,how to creat the ipset rule myself to work with mwan3-2.0?Could anyone help me?Thanks!

Hi,
I am using mwan3 version 1.6-3.
I am facing a basic problem.
Every 5-10 mins I see that mwan3track pings are getting dropped and it triggers fail-over.
After a few minutes ping starts working, IP rules are added back by mwan3 and like this it repeats.
Tracking IP I am using is 8.8.8.8 and 8.8.4.4; however I have tried other IPs and the behaviour is same.
When i dump IP rules and routes at the time when ping fails, they look to be ok.

ping command: ping -I <interface> -c 1 -W 4 -s 4 -q <tracking_ip>

mwan3 config:
        option enabled '1'
        list track_ip '8.8.8.8'
        list track_ip '8.8.4.4'
        option reliability '2'
        option count '1'
        option timeout '4'
        option interval '10'
        option down '5'
        option up '3'

Any pointers?

Hello all, they are two days that I'm trying to understand why wan2 goes offline. I followed several forum posts, but nothing to fare. I hope someone can help me to understod where I'm wrong. Post my configuration:

Interface status:
interface wan is online (tracking active)
interface wan2 is offline (tracking active)

Policy balanced:
wan (100%)

Policy wan2_only:
unreachable

Policy wan2_wan:
wan (100%)

Policy wan_only:
wan (100%)

Policy wan_wan2:
wan (100%)

Known networks:
192.168.1.0
224.0.0.0/3
127.0.0.0/8
10.96.255.255
10.1.0.0/23
192.168.1.1
192.168.1.255
192.168.1.25
10.1.0.0
10.96.0.0/16
127.0.0.0
127.255.255.255
10.1.0.1
127.0.0.1
192.168.1.164
192.168.1.0/24
10.96.0.0
10.1.1.255
10.96.81.123

---------------------------------------------------------------------
/etc/config/mwan3

config interface 'wan'
    option enabled '1'
    option reliability '2'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'
    list track_ip '8.8.8.8'
    list track_ip '8.8.4.4'

config interface 'wan2'
    option enabled '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'
    option reliability '2'
    list track_ip '8.8.8.8'
    list track_ip '8.8.4.4'

config member 'wan_m1_w3'
    option interface 'wan'
    option metric '1'
    option weight '3'

config member 'wan_m2_w3'
    option interface 'wan'
    option metric '2'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'wan2'
    option metric '1'
    option weight '2'

config member 'wan2_m2_w2'
    option interface 'wan2'
    option metric '2'
    option weight '2'

config policy 'wan_only'
    list use_member 'wan_m1_w3'

config policy 'wan2_only'
    list use_member 'wan2_m1_w2'
        option last_resort 'unreachable'

config policy 'balanced'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m1_w2'
        option last_resort 'unreachable'

config policy 'wan_wan2'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m2_w2'

config policy 'wan2_wan'
    list use_member 'wan_m2_w3'
    list use_member 'wan2_m1_w2'

config rule 'youtube'
    option sticky '1'
    option ipset 'youtube'
    option dest_port '80,443'
    option proto 'tcp'
    option use_policy 'balanced'

config rule 'h t t p s'
    option sticky '1'
    option dest_port '443'
    option proto 'tcp'
    option use_policy 'balanced'

config rule 'default_rule'
    option dest_ip '0.0.0.0/0'
    option use_policy 'balanced'

----------------------------------------------------------------
/etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd8f:e9b4:fc09::/48'

config interface 'wan'
    option ifname 'eth1'
    option proto 'dhcp'
    option peerdns '0'
    option dns '8.8.8.8 8.8.4.4'
    option metric '10'

config interface 'wan2'
    option ifname 'eth2'
    option proto 'dhcp'
    option peerdns '0'
    option dns '8.8.8.8 8.8.4.4'
    option metric '20'

config interface 'lan'
    option ifname 'eth0'
    option force_link '1'
    option type 'bridge'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option proto 'none'
    option ipaddr '0.0.0.0'

config interface 'chilli'
    option ifname 'tun1'
    option proto 'none'

config interface 'vpn'
    option ifname 'tun0'
    option proto 'none'

I used the mwan3 version 1.6-2
Chaos Calmer 15.05.01,r48532 on ubiquity erlite3

(Last edited by harley77 on 15 Oct 2016, 09:45)

in reference to my previous post, I leave some elements that might help someone figure out which may moreover be my problem. I add saying that before even touching mwan3 I realized that only by eth1 I can ping to the wan:

From eth2

root@AP:~# ping -I eth2 w w w google com
PING w w w google com (172.217.16.3): 56 data bytes

Froma eth1

root@AP:~# ping -I eth1 w w w google com
PING w w w google com (172.217.16.3): 56 data bytes
64 bytes from 172.217.16.3: seq=0 ttl=53 time=35.344 ms
64 bytes from 172.217.16.3: seq=1 ttl=53 time=35.677 ms
64 bytes from 172.217.16.3: seq=2 ttl=53 time=35.189 ms
64 bytes from 172.217.16.3: seq=3 ttl=53 time=40.234 ms
64 bytes from 172.217.16.3: seq=4 ttl=53 time=35.286 ms

The following is my routing table:

root@AP:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         my.firewall     0.0.0.0         UG    10     0        0 eth1
default         my.firewall     0.0.0.0         UG    20     0        0 eth2
10.1.0.0        *               255.255.254.0   U     0      0        0 tun1
10.96.0.0       *               255.255.0.0     U     0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     10     0        0 eth1
192.168.1.0     *               255.255.255.0   U     20     0        0 eth2
192.168.1.1     *               255.255.255.255 UH    10     0        0 eth1
192.168.1.1     *               255.255.255.255 UH    20     0        0 eth2

I hope someone can help me. Thank you

(Last edited by harley77 on 15 Oct 2016, 09:36)

same problem of harley77
Adze, can you help me?

Hi, in my setup I have two OpenWrt routers.
One running mwan3 and connected to two USB 4G modems upstairs, the second connected to an ADSL line downstairs.
The two devices are connected to the LAN via a switch (only one router runs DHCP), how would I go about adding the ADSL connected OpenWrt box as another wan interface to the mwan3 router?

@Wacke, succussfully deployed ipset for mwan 2.0.x (on Trunk, kernel 4.x) here. I should have Dnsmasq-full instead of Dnsmasq first to support ipset. Then define ipset by yourself e.g. in /etc/firewall.user or /etc/dnsmasq.conf.

(Last edited by muronghan on 5 Nov 2016, 01:22)

Upgraded my router this weekend, and for some reason I have been unable to get mwan3 to recognize the fact that my external VPN service is connected and the tun interface is up.  I am able to ping through the vpn to it's default gateway and to it's tracking ip.

However, when I check IP rules, I receive the error "Missing both of the required interface IP rules".  Also the check routing table gives the error "Missing required interface routing table 2".  Is this normal for a tun interface?

Any help would be appreciated.

/etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd09:0063:0971::/48'

config interface 'lan'
    option type 'bridge'
    option ifname 'eth0.1'
    option proto 'static'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option ipaddr '192.168.13.252'
#    option metric '10'

config device 'lan_dev'
    option name 'eth0.1'
    option macaddr '04:a1:51:a7:65:6d'

config interface 'wan'
    option ifname 'eth0.2'
    option proto 'dhcp'
    option metric '13'

config device 'wan_dev'
    option name 'eth0.2'
    option macaddr '04:a1:51:a7:65:6e'

config interface 'wan6'
    option ifname 'eth0.2'
    option proto 'dhcpv6'
    option metric '18'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '1 2 3 4 0t'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '5 0t'

config interface 'air'
    option proto 'none'
    option ifname 'tun2'
    option metric '30'
    option delegate '0'

/etc/config/mwan3

config interface 'wan'
    option reliability '2'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '3'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    option enabled '1'

config interface 'air'
    option enabled '1'
    list track_ip '8.8.8.8'
    list track_ip '8.8.4.4'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '3'

config member 'wan_m1_w3'
    option interface 'wan'
    option metric '1'
    option weight '3'

config member 'wan_m2_w3'
    option interface 'wan'
    option metric '2'
    option weight '3'

config member 'air_m1_w2'
    option metric '1'
    option weight '2'
    option interface 'air'

config member 'air_m2_w2'
    option interface 'air'
    option weight '2'
    option metric '2'

config policy 'wan_only'
    list use_member 'wan_m1_w3'

config policy 'air_only'
    list use_member 'air_m1_w2'

config policy 'balanced'
    list use_member 'wan_m1_w3'
    list use_member 'air_m1_w2'

config policy 'wan_air'
    list use_member 'wan_m1_w3'
    list use_member 'air_m2_w2'
    option last_resort 'unreachable'

config policy 'air_wan'
    list use_member 'wan_m2_w3'
    list use_member 'air_m1_w2'
    option last_resort 'unreachable'

config rule 'default_rule'
    option dest_ip '0.0.0.0/0'
    option use_policy 'balanced'

client.ovpn

dev tun2
proto udp
remote VPN.Server.Address 1194
resolv-retry infinite
client
auth-user-pass /etc/config/user-pass.txt
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
reneg-sec 0
verb 3
mute 5
log /etc/config/client.log

route-metric 30
route-nopull
route 0.0.0.0 0.0.0.0 vpn_gateway 30

#
# I have also tried adding the redirect-gateway def1 option, with the same results

I think you are seeing the same problem of me. I have mwan3 2.0-3 on lede current master. It is seen that in the hotplug.d script 15-mwan3 it uses a function from lib/functions/network.sh to obtain the gateway of the network interfaces when they comes up.

Unfortunately, the ubus return a quite empty result for it. and the 15-mwan3 exit with code 9.

I found even an old bug in dev.openwrt.org, ticket 14724. It is seen like a regression...

I really wonder where I should write all this.

Thanks for your reply,I just want to know how to define the ipset,can you list some examples for me.thank you very much.

e.g. if you know only the domain names, you can define ipset in /etc/dnsmasq.conf, say ipset=gfwlist:

   server=/.falun-ny.net/127.0.0.1#5300
   ipset=/.falun-ny.net/gfwlist
   server=/.falunpilipinas.net/127.0.0.1#5300
   ipset=/.falunpilipinas.net/gfwlist
   server=/.falunworld.net/127.0.0.1#5300
   ipset=/.falunworld.net/gfwlist
   ...

Or, you know the IP sets, you could define it thru /etc/firewall.user, say this time ipset=chinaip:

   ipset create chinaip hash:net hashsize 8192
   ipset add chinaip 1.0.1.0/24
   ipset add chinaip 1.0.2.0/23
   ipset add chinaip 1.0.8.0/21
   ipset add chinaip 1.0.32.0/19
   ipset add chinaip 1.1.0.0/24
   ...

Thanks for your reply,are you chinese too?
I have create the ipset in /etc/dnsmasq.conf called gfwlist,then how can i get these ipsets working with mwan3 2.0.x?
I'm using mwan3 1.6.3,it can create the ip mark itself,and then send the gfwlist thru vpn;but mwan3 2.0.x must create the ip mark my self...
how to create the ip mark to get gfwlist thru vpn?

@wacke, yes am from China. You could define ipset in /etc/firewall.user by adding one line at the end of this file as:
   
    ipset create gfwlist hash:ip hashsize 4096

Your are using ShadowVPN? It is out of maintenance I think. I found most of the VPN useless in China unless a commercial link provided by ISP. What kind of VPN you are working on?

(Last edited by muronghan on 25 Nov 2016, 03:16)

Yes,I'm using shadowvpn working in udp mode,but working in low speed(the isp limit the udp connection).
I'm keep looking for a working vpn with tcp mode(high performance,low resource comsumption and the security).

@wacke, have you tested the speed of ShadowVPN on mwan3 1.6.2 at CC.01? I guess ShadowVPN shall somehow have the same concept as the ShadowSocks project. And my Shadowsocks program can not stay with mwan 2.0.x very well. The speed is very slow while that on mwan 1.6.2 is quite good. I found the reason probably was the shadowsocks program conflicted with the new design of the routable lookback (self) that Azte introduced since mwan3 ver 2.0.0.

I have to rolled back to CC.01 and mwan 1.6.2 and now is quite happy.

(Last edited by muronghan on 26 Nov 2016, 04:11)

Why is most VPN useless in china? if you use openvpn on non-standard port, do they block it also? or they put indirect limitations (ie only allow a defined set of ports? or severely limit UDP..etc)

Just curious on how they implement it

@james04, the Chinese Great Fire Wall is smart enough to recognize most of the VPN schemes e.g. the shake-hand character of OpenVPN and can throttle it immediately. For PPTP it is even much simple because a fixed port is used.

And even worse, it was said Chinese ISP e.g. China Telecom used QoS to limit the bandwidth for home users if they want to access aboard even for those non-blocked sites e.g microsoft.com, amanzon.com etc. In other words, your subscription from China Telecom is 100Mbps however, the access to amazon.com is less than 1Mbps. Commercial users are not affected so they can still deploy VPNs.

(Last edited by muronghan on 26 Nov 2016, 16:09)

@muronghan
I see. Thanks for sharing.

@muronghan,the speed of shaowvpn(working with mwan3 1.6.3,trunk) is very fast ,but it's limited by the network status(maybe QoS?),the speed up to 3MB/s(China Mobile 50Mbps and vultr.com LA vps),down to 1KB/s...
I think shadowvpn itself works well,but still limited by the ISP and the GFW...

Hi, @Adze, I want to report that mwan 2.0.3 could not co-exist with a software so-called ShadowSocks (https://github.com/shadowsocks/openwrt-shadowsocks) very well, while having a script added into /etc/config/network to make sure mwan3 2.0.3 to work properly.

config interface 'self'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '192.168.xx.1'
    option netmask '255.255.255.255'
    option gateway '192.168.xx.1'

(xx shall not conflict with 'lan')

When I granted a metric to the above 'lo', let's say '5' which is smaller than that of ‘wan'. It looks everthing goes fine, however except that the failover scheme doesn't work.

Does fail-over not work properly on mwan3 2.0.x? The mwan3 1.6.2 currently running on CC.01 is cool.

(Last edited by muronghan on 4 Dec 2016, 03:41)

Anyone noticed that the newly updated ddns script breaks mwan3? When mwan3 tries to start, whatever operation the mwan3 is trying to do triggered the ddns upgrade hotplug script and the update script never ends. So mwan3 always thinks only the first interface is available.

Edit: Maybe it's due to my local setting. Since I used the routable loopback trick and the upstream dns server is routed through a vpn established on the router, before mwan3 finishing the start, there's no intenet connection for router itself. So the ddns script always fails to resolve the domain name. I don't know how this affected mwan3, but that seems to be the reason.

(Last edited by hato on 7 Dec 2016, 00:51)

Adze been silent for almost six months so I think we're on our own with the ipset and other minor problems?

Hello OpenWRT community

First thanks for the amazing OpenWRT and mwan3 package. Maybe someone has the time to help me with a mwan3 problem. I have a cable network connection on a TL-WDR3600 and wanted to backup this with a 4G connection delivered by a wlan-hotspot. But this does not work as intended, probably i missed something. Both connections running fine on its own. If I disconnect the cable connection the connections get not routed over the other one only new connections. But if i am on the wlan connection, reconnect cable and disable the wlan, it works as expected (nearly seamless rerouting).

Edith: I found out configuring a loopback as the wiki suggests

add to /etc/config/network

config interface 'self'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.255'
    option gateway '192.168.1.1'

solves the problem. The router now switches in about 3 seconds to wan2 and <1 second back to wan. Weird.

(Last edited by robert.fridolin on 24 Feb 2017, 22:30)