Hi all,
I have made a multiwan script called mwan2, which should resolve some issues i had with multiwan. I'd really like it if you could give it a go and let me know what you think of it.
edit: mwan2 has had an update, so it's now compatible with netifd.
edit2: mwan2 now support session-based load sharing. Please read the mwan2 config file for more information. Also the config has changed a little. You now NEED to define at least one rule to make mwan2 work.
edit3: mwan3 is now available: https://forum.openwrt.org/viewtopic.php?id=39052
edit4: mwan svn repository is up: svn://213.136.13.52/var/svn/mwan, it is now much easier to add mwan to the openwrt trunk. Just add the line "src-svn mwan svn://213.136.13.52/var/svn/mwan" to the file "feeds.conf.default".
The package:
http://213.136.13.52/mwan2_1.4-5.ipk
And the source:
http://213.136.13.52/mwan2_1.4-5.tar.gz
svn://213.136.13.52/var/svn/mwan
What is mwan2:
Mwan2 is a couple of lines of code that simplifies the usage of more (up to 7) WAN interfaces in OpenWRT. It is hotplug driven and it allows for any combination of primary, secondary or more failover interfaces, load balanced or not, for any combination of traffic. Mwan2 can monitor the state of interfaces by sending pings to a configured tracking host and failover if necessary.
Why should i use mwan2 instead of multi-wan ?:
- It is faster; mwan2 uses less iptables-rules.
- It is more configurable; mwan2 can handle multiple levels of backup interfaces, load-balanced or not.
- It is compatible; mwan2 uses flowmask to be compatible with other packages (such as OpenVPN, PPTP VPN, QoS-script, Tunnels, etc) and you can configure destinations to fall-back to the default routing table.
Requirements:
Mwan2 is successfully tested on OpenWRT trunk r28731 and up. You need the following packages (which should be installed automatically if missing): ip, iptables, iptables-mod-conntrack, iptables-mod-conntrack-extra, iptables-mod-ipopt.
How does it work:
Mwan2 is triggered by hotplug-events. When an interface comes up it creates new routing tables and new iptables rules. A new routing table is created for each possible combination of wan interfaces. So if you have 4 WAN interfaces, 2^4-1 routing tables are created.
It then sets up iptables rules and uses iptables MARK to mark certain traffic. Traffic that is allowed over WAN interface 1 gets the first mark bit set. Traffic that is allowed over WAN interface 2 gets the second mark bit set. And so forth. Eventually you get a flow with certain 'wan' marks set. The kernel then uses that mark to determine which routing table to use.
When an interface goes down, mwan2 deletes all routes to that interface in all created routing tables.
How to install and configure:
I'll assume here you have a clean install of OpenWRT. [s]Due to a bug in OpenWRT (https://dev.openwrt.org/ticket/10423) you have to edit the file "/usr/share/udhcpc/default.script" and replace line 72 from[/s]
eval $(route -n | awk '
[s]to[/s]
eval $(route -n | awk '$5 == ('${user_metric:-0}')' | awk '
You then configure your network according to your setup. Place a different metric on each WAN interface. This metric has only effect on the default routing table, not on the mwan2 routing tables. If it is configured correctly you should have a default gateway with a different metric set for each WAN interface. Something will look like this:
root@openwrt:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 31.151.171.1 0.0.0.0 UG 10 0 0 eth0.1
0.0.0.0 195.240.99.254 0.0.0.0 UG 20 0 0 eth0.2
31.151.171.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.1
192.168.33.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
195.240.96.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0.2
Check if above configuration works by trying to ping www.google.com form each interface:
root@openwrt:~# ping -c 1 -I eth0.1 www.google.com
PING www.google.com (209.85.148.103): 56 data bytes
64 bytes from 209.85.148.103: seq=0 ttl=54 time=19.637 ms
--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 19.637/19.637/19.637 ms
root@openwrt:~# ping -c 1 -I eth0.2 www.google.com
PING www.google.com (209.85.148.99): 56 data bytes
64 bytes from 209.85.148.99: seq=0 ttl=56 time=25.552 ms
--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 25.552/25.552/25.552 ms
If above ping tests are successful, you can then continue installing mwan2. If you cannot ping www.google.com from all WAN interfaces, there is a problem with your config and installing mwan2 won't fix that!
After installing mwan2, configure it by editting /etc/config/mwan2. For each WAN interface create an interface with a name that matches the one used in /etc/config/network. Configure weight and metric. Interface with a low metric have precedence over higher metric interfaces. Interfaces with the same metric will load-balance. Load balancing interfaces (with same metric) will distribute load based on those weights values. All other options are for tracking and are optional.
After that, configure mwan2 rules. With the mwan2 rules you can direct traffic to certain WAN interfaces, or use the default routing table by choosing default. The order of the rules is important, as they are loaded in iptables in that order. If a rule is matched, but all listed WAN interfaces are down, traffic is handled by the default routing table.
Troubleshooting (if necessary):
root@openwrt:~# ip rule list
0: from all lookup local
256: from all fwmark 0x100/0xff00 lookup 1
257: from all fwmark 0x200/0xff00 lookup 2
258: from all fwmark 0x300/0xff00 lookup 3
512: from 31.151.171.0/24 lookup 1
513: from 195.240.96.0/22 lookup 2
32766: from all lookup main
32767: from all lookup default
root@openwrt:~# ip route list table 3
default metric 1
nexthop via 195.240.99.254 dev eth0.2 weight 1
nexthop via 31.151.171.1 dev eth0.1 weight 1
root@openwrt:~# iptables -L mwan2_pre -t mangle -v
Chain mwan2_pre (2 references)
pkts bytes target prot opt in out source destination
1341K 939M CONNMARK all -- any any anywhere anywhere CONNMARK restore mask 0xff00
1887 194K MARK all -- eth0.2 any anywhere anywhere MARK xset 0x8200/0xff00
89251 41M MARK all -- eth0.1 any anywhere anywhere MARK xset 0x8100/0xff00
176K 11M mwan2_rules all -- any any anywhere anywhere ctstate NEW mark match 0x0/0xff00
root@openwrt:~# iptables -L mwan2_post -t mangle -v
Chain mwan2_post (1 references)
pkts bytes target prot opt in out source destination
1853 187K MARK all -- any eth0.2 anywhere anywhere MARK xset 0x200/0xff00
36520 4106K MARK all -- any eth0.1 anywhere anywhere MARK xset 0x100/0xff00
670K 870M MARK all -- any any anywhere anywhere mark match 0x8000/0x8000 MARK and 0xffff7fff
1098K 905M CONNMARK all -- any any anywhere anywhere CONNMARK save mask 0xff00
root@openwrt:~# iptables -L mwan2_rules -t mangle -v
Chain mwan2_rules (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- any any anywhere 10.0.0.0/8 mark match 0x0/0xff00 MARK xset 0x8000/0xff00
13634 827K MARK all -- any any anywhere 127.0.0.0/8 mark match 0x0/0xff00 MARK xset 0x8000/0xff00
0 0 MARK all -- any any anywhere 172.16.0.0/12 mark match 0x0/0xff00 MARK xset 0x8000/0xff00
105 15694 MARK all -- any any anywhere 192.168.0.0/16 mark match 0x0/0xff00 MARK xset 0x8000/0xff00
423 28080 MARK all -- any any anywhere base-address.mcast.net/3 mark match 0x0/0xff00 MARK xset 0x8000/0xff00
2461 204K MARK all -- any any anywhere anywhere mark match 0x0/0xff00 MARK xset 0x300/0xff00
(Last edited by Adze on 10 Sep 2012, 10:29)