Tutorial Asus Dual WAN Router Load Balancing and Failover Router Problems and Fix

[garycnew]

on asus thats the only thing working.... 1 vpn over dual connection. As you noticed normal surfing is imposible. so i need the loadbalancer

How do you have your Asuswrt VPN configured (i.e., interface, ip, etc)? It sounds like what you want is a Split Tunnel VPN configuration, which is a separate topic. If so, search this forum for related Split Tunnel VPN posts and ask your VPN questions there.

 

[Ranger802004]

WANFailover - Dual WAN Failover Script

WAN Failover is designed to replace the factory ASUS WAN Failover functionality, this script will monitor the WAN Interfaces using a Target IP Address and pinging these targets to determine when a failure occurs. When a failure is detected in Failover Mode, the script will switch to the...

www.snbforums.com

 

[kulgan]

Hi,

I followed this discussion and ended with a solution similar to OpenSteepTest one

load balancing and failover works pretty well.
My Asus(ether3) is a RT-AX88U
ISP1(ether1) is ADSL
ISP2(ether2) is 4G with carrier-grade NAT

I then setup a VPN server on ASUS and needed FW rules so that I can connect to VPN using ISP1.
when ISP1 only is up then no issue, I can connect and use VPN as expected
but when both ISP1 and ISP2 are up then I can't connect tp VPN (serveur is not reponding)

I temporary allowed Asus GUI access from WAN and I see same issue.
Accessing mikrotik GUI from WAN (with both ISP1 and ISP2 active) is ok

issue seems to be that we are using ISP2 to reply.
In ok case :

In KO case:

but IP attached to ether2 is 192.168.2.2 not 192.168.1.2

can someone help me here?

 

[garycnew]

Hi,

I followed this discussion and ended with a solution similar to OpenSteepTest one
View attachment 42374

load balancing and failover works pretty well.
My Asus(ether3) is a RT-AX88U
ISP1(ether1) is ADSL
ISP2(ether2) is 4G with carrier-grade NAT

I then setup a VPN server on ASUS and needed FW rules so that I can connect to VPN using ISP1.
when ISP1 only is up then no issue, I can connect and use VPN as expected
but when both ISP1 and ISP2 are up then I can't connect tp VPN (serveur is not reponding)

I temporary allowed Asus GUI access from WAN and I see same issue.
Accessing mikrotik GUI from WAN (with both ISP1 and ISP2 active) is ok

issue seems to be that we are using ISP2 to reply.
In ok case :
View attachment 42377
In KO case:
View attachment 42376
but IP attached to ether2 is 192.168.2.2 not 192.168.1.2

can someone help me here?

@kulgan

Consider configuring the OpenVPN Server directly on your Mikrotik rather than your Asus router. There are Mikrotik tutorials on the subject with assistance in the Mikrotik forum.

Good Luck!


Gary

 

[Darkje]

@kulgan

Consider configuring the OpenVPN Server directly on your Mikrotik rather than your Asus router. There are Mikrotik tutorials on the subject with assistance in the Mikrotik forum.

Good Luck!


Gary

Mikrotik slows down VPN due the lack of hw encryption right?

 

[kulgan]

@kulgan

Consider configuring the OpenVPN Server directly on your Mikrotik rather than your Asus router. There are Mikrotik tutorials on the subject with assistance in the Mikrotik forum.

Good Luck!


Gary

Thank,
maybe moving VPN server to mikrotik will help for VPN issue.
but as I said, I'm facing similar issue with web server, and as far as I know, mikrotik is not design to host webserver

any other idea?

 

[garycnew]

@kulgan

You'll likely need to create iptables MANGLE rules to ensure the return traffic is routed back over the originating interface (eth1 or eth2).

Dual WAN load balancer + port forwarding from both ISP

I had to implement similar iptables MANGLE rules for a Split-Tunnel VPN I implemented. Search this forum using my username @garycnew to find the related Split-Tunnel VPN tutorial to use as a basic reference.

As this is a Mikrotik related issue, you'll likely find better assistance in the Mikrotik forum.

Best Wishes.


Gary

 

[Tech9]

Something else Dual WAN related to try:

WANFailover - Dual WAN Failover Script

WAN Failover is designed to replace the factory ASUS WAN Failover functionality, this script will monitor the WAN Interfaces using a Target IP Address and pinging these targets to determine when a failure occurs. When a failure is detected in Failover Mode, the script will switch to the...

www.snbforums.com

 

[Ranger802004]

Something else Dual WAN related to try:

WANFailover - Dual WAN Failover Script

WAN Failover is designed to replace the factory ASUS WAN Failover functionality, this script will monitor the WAN Interfaces using a Target IP Address and pinging these targets to determine when a failure occurs. When a failure is detected in Failover Mode, the script will switch to the...

www.snbforums.com

@Tech9 thanks for tagging my script here, I just released a beta with a huge overhaul for Load Balancing Mode Failover and enhancements for OpenVPN Clients on the router.

 

[hajbgr]

I can confirm that RB750Gr3 works flawlessly for dual wan (ethernet/usb lte) failover.
At first, I tried to make it work with Ranger802004's script, but in my setting it was no better than the build-in implementation.
The quality of Mikrotik's software is just on the whole new level, compared to ASUS. It can get pretty technical though, so understanding of networking is needed. But if you have enough skills to toy with asuswrt and custom scripts, you'll have no problem tweaking RouterOS to your liking.

One issue I had with RB750Gr3 was that my USB modem (ERGO W02-CRC9) was not supported out of the box, so I had to manually update its firmware.

 

[onix]

@kulgan

Consider configuring the OpenVPN Server directly on your Mikrotik rather than your Asus router. There are Mikrotik tutorials on the subject with assistance in the Mikrotik forum.

Good Luck!


Gary

I recall RouterOS 6.x has a poor encryption implementation of OpenVPN. Did the newer versions in 7.x take care of that.

Also, how does Asus’ OpenVPN compare to Mikrotik’s… has anyone benched the throughput?

 

[Tech9]

I would be very surprised if this specific entry-level RB750Gr3 model with MT7621A dual-core 880MHz CPU can do >40Mbps on OpenVPN. What it does right is Dual WAN and this is the purpose it can serve well - cheap and permanent low cost fix of broken Asuswrt built-in Dual WAN function.

 

[Ranger802004]

I can confirm that RB750Gr3 works flawlessly for dual wan (ethernet/usb lte) failover.
At first, I tried to make it work with Ranger802004's script, but in my setting it was no better than the build-in implementation.
The quality of Mikrotik's software is just on the whole new level, compared to ASUS. It can get pretty technical though, so understanding of networking is needed. But if you have enough skills to toy with asuswrt and custom scripts, you'll have no problem tweaking RouterOS to your liking.

One issue I had with RB750Gr3 was that my USB modem (ERGO W02-CRC9) was not supported out of the box, so I had to manually update its firmware.

Care to elaborate?

 

[Aiadi]

I can confirm that RB750Gr3 works flawlessly for dual wan (ethernet/usb lte) failover.
At first, I tried to make it work with Ranger802004's script, but in my setting it was no better than the build-in implementation.
The quality of Mikrotik's software is just on the whole new level, compared to ASUS. It can get pretty technical though, so understanding of networking is needed. But if you have enough skills to toy with asuswrt and custom scripts, you'll have no problem tweaking RouterOS to your liking.

One issue I had with RB750Gr3 was that my USB modem (ERGO W02-CRC9) was not supported out of the box, so I had to manually update its firmware.

Are you able to kindly point me towards a fairly easy guide for us mere mortals to understand as to how to set the RB750Gr3 to work with dual WAN ? I have just got one to try and play with but this thing is so overwhelming for someone like me with only basic understanding of networking that I cannot seem to get anywhere with wan bonding and other settings at this stage and any guidance would be gratefully received.

 

[onix]

Are you able to kindly point me towards a fairly easy guide for us mere mortals to understand as to how to set the RB750Gr3 to work with dual WAN ? I have just got one to try and play with but this thing is so overwhelming for someone like me with only basic understanding of networking that I cannot seem to get anywhere with wan bonding and other settings at this stage and any guidance would be gratefully received.

TKSJa’s videos have been most helpful —

 

[Jumpstarter]

TKSJa’s videos have been most helpful —

I do something similar...., but instead of load balancing over gateways, I load balance between them.

Load Balancing and Failover with Gateway Groups | pfSense Documentation

docs.netgate.com

 

[Jumpstarter]

Something else Dual WAN related to try:

WANFailover - Dual WAN Failover Script

WAN Failover is designed to replace the factory ASUS WAN Failover functionality, this script will monitor the WAN Interfaces using a Target IP Address and pinging these targets to determine when a failure occurs. When a failure is detected in Failover Mode, the script will switch to the...

www.snbforums.com

I tried this back when I only had two WAN to contend with. It did a great job for a simple home setup. It definitely gave new life to the Asus dual wan schematics. If I had to rate it, it is definitely close second to having Asus actually fix the issues themselves. @Ranger802004 should be proud of the work because he has come close to fixing whatever Asus hasn't. It is sad the "user" has to work for Asus without even getting paid by them. I feel the same for @RMerlin for the efforts he does. Putting all that time into rectifying what Asus cannot. Sadly not getting paid for it, but some how up selling Asus products for them in the process.

 

[Aiadi]

TKSJa’s videos have been most helpful —

Very helpful indeed but after 3 days of trying and tweaking after following these and other tutorials to the letter, I have found load balance on the RB750Gr3 to be absolutely terrible and even worse than the one on the Asus system itself which I never thought could be beaten on how terrible it is. Latency was awful and disconnections were just unbearable. The Omada worked a hundred times better and is also a hundred time easier (life is really too short for Mikrotik, I have discovered).

 

[DocUmibozu]

Very helpful indeed but after 3 days of trying and tweaking after following these and other tutorials to the letter, I have found load balance on the RB750Gr3 to be absolutely terrible..

Ubiquity ER-X is AN option to consider...

 

[Tech9]

TP-Link ER605 is the easiest to configure and often available for about $60.