WANFailover Dual WAN Failover Script

[Ranger802004]

What are your recommendations as starting points for these setting?

- Ping Count:
- Ping Timeout:
- WAN Disabled Timer:

Personally I do 3 on ping count, the higher the longer it will take the failure to be detected because it has to fail that many pings in a row to fail, ping timeout also goes into consideration. I do 1 second (1000ms) but if you have a high latency link that may not be optimal and you can get false positives such as Satellite services. WAN Disabled Timer is just a sleep timer in the script to check all of the conditions again to see if the script can activate so you can do 10,20,30,60 seconds or even higher but the higher the timer, the longer it takes the script to activate after it checks conditions for being disabled again.

 

[Smokey613]

I finally gave this a go. Install seemed to go okay, but….. I got locked out of the gui nor could I ping anything on my LAN. I could surf the web, but I could not log into my plex server locally. I uninstalled the script, power cycled the router and eveything went back to normal. I attempted the install 3 times but got the same results each gime. I guess it doesn’t like my setup. Of course since I could not log in to the gui, I had no way to view the logs. Oh well, I had high hopes. I guess my “dinosaur” just does not like it.

 

[Ranger802004]

I finally gave this a go. Install seemed to go okay, but….. I got locked out of the gui nor could I ping anything on my LAN. I could surf the web, but I could not log into my plex server locally. I uninstalled the script, power cycled the router and eveything went back to normal. I attempted the install 3 times but got the same results each gime. I guess it doesn’t like my setup. Of course since I could not log in to the gui, I had no way to view the logs. Oh well, I had high hopes. I guess my “dinosaur” just does not like it.

Did you collect any of the logs by any chance? Try having a second console open and going to monitor mode and seeing what logging you are getting. It sounds like something on started using all of the CPU and/or memory on the router and made it "crash".

Send me output of the below command as well. I'm sure we can figure out what's going on.

nvram show | grep -e "wan"

 

[Smokey613]

I will try it again later this morning. Just FYI, I was installing the script while logged in from my wifi connected iPad. I will use my ethernet connected laptop and give this another try. Also, I have a VPN server and a VPN client connection going too. I also have a port forward to my Plex server. I have two AC86U in mesh with ethernet backhaul.

 

[Ranger802004]

I will try it again later this morning. Just FYI, I was installing the script while logged in from my wifi connected iPad. I will use my ethernet connected laptop and give this another try. Also, I have a VPN server and a VPN client connection going too. I also have a port forward to my Plex server. I have two AC86U in mesh with ethernet backhaul.

When I try and type code from my iPad or iPhone, it does not work and causes errors, yea do it from your laptop and see if you get better results.

 

[Smokey613]

So, I tried it again this morning from my laptop and so far it seems to be working. I am going to do more testing on the failover settings to tweak it for my needs. A big thanks to @Ranger802004 for all the hard work!

 

[Smokey613]

I have "beat" on this script doing multiple failover/fallback tests and so far it has held up!

This is a game changer for anyone wanting Dual-WAN functionality for an Asus router.

Big thanks again to @Ranger802004 for all the hard work.

These are the settings I am using at the moment:

- Ping Count: 3
- Ping Timeout: 1
- WAN Disabled Timer: 20
( I tried 10 but for some reason, it seemed not to work for fallback function. Maybe there is a correlation with the first two settings )

I am using the following IPs for the detection pings:

WAN0 - 209.244.0.4
WAN1 - 209.244.0.3

These are DNS servers for the Level 3 network

 

[Smokey613]

Notes on my deployment:

I am running the two ISP "modems" provided by my ISP.

CenturyLink Fiber is a C400XG

Local ISP is an Arris cable modem

Double NAT setup on both devices ( have test devices hung off each modem for other projects )

Both units are in router mode, DHCP reservations on each for my main AC86U

Each modem has a DMZ set for the two WAN interfaces on my main AC86U

I also have a GUEST wifi network configured with deployment to both AC86U units

I run a Plex server on a non standard port using a port forwarding on the main AC86U

 

[Ranger802004]

I have "beat" on this script doing multiple failover/fallback tests and so far it has held up!

Man, this is a game changer for anyone wanting Dual-WAN functionality for an Asus router.

Big thanks again to @Ranger802004 for all the hard work.

These are the settings I am using at the moment:

- Ping Count: 3
- Ping Timeout: 1
- WAN Disabled Timer: 20
( I tried 10 but for some reason, it seemed not to work for fallback function. Maybe there is a correlation with the first two settings )

I am using the following IPs for the detection pings:

WAN0 - 209.244.0.4
WAN1 - 209.244.0.3

These are DNS servers for the Level 3 network

Please do! I’m sure at some point some weird quirky bug will show up and more people testing this script the better to help resolve those issues as they come up.

 

[Ranger802004]

I am about finished with another v1.0 script for domain based routing with OpenVPN, could use a few beta testers, I just have to write out all of the instructions / readme and that's pretty much left before initial release.

 

[Ranger802004]

I have posted the other script for domain vpn routing here.

Domain-based VPN Routing Script

Domain VPN Routing is a tool used to route specific website domains to specific VPN tunnels or override all traffic being routed to a VPN tunnel to directly route through a WAN interface. ***v2.1.0 Release**** This is the release information regarding v2.1.0, please read the notes carefully...

www.snbforums.com

 

[Ubimo]

Does this script work on latest Merlin beta?
Edit: I'll try.
Edit2: The script just stops working after a few hours for me. AC86U, latest Merlin beta. Diversion, Skynet, unbound, connmon.

 

[Ranger802004]

Does this script work on latest Merlin beta?
Edit: I'll try.
Edit2: The script just stops working after a few hours for me. AC86U, latest Merlin beta. Diversion, Skynet, unbound, connmon.

I haven’t tested on beta but If you send me some logs and the output of the below command I can try and diagnose the issue. I will begin testing on 386.7 beta 1 today.

nvram show | grep “wan”

 

[Smokey613]

I finally had to abandon the script. I did work very good at first, but once I enabled AiProtection, FlexQoS and Traffic Analyzer things became iffy. I finally redployed my pfSense mini pc unit doing nothing but dual WAN failover duty and it works perfectly. I think I am finally at a point to stop all my equipment trials and stay with what I have. I know my wife will appreciate it.

 

[Ranger802004]

I finally had to abandon the script. I did work very good at first, but once I enabled AiProtection, FlexQoS and Traffic Analyzer things became iffy. I finally redployed my pfSense mini pc unit doing nothing but dual WAN failover duty and it works perfectly. I think I am finally at a point to stop all my equipment trials and stay with what I have. I know my wife will appreciate it.

I use all of these things as well with zero issues, can you elaborate a little more with what issues you are experiencing? I literally use all of the things you mention with the script as well.

 

[Smokey613]

The failover worked good, but the failback was not as reliable as it was when I first got it working. Also, it created static routes for the monitoring IPs which caused the failover WAN monitor IP to become unreachable from the LAN devices unless it had failed over to the the secondary WAN. I had to use “non popular DNS server IPs for both interface monitoring IPs so the more popular ones, Cloudflare, Google, Quad 9, etc. would still be reachable regardless of which WAN interface was online.

I got my pfSense mini pc unit off the shelf, reset it to base config and setup Dual WAN failover. That thing does Dual WAN failover perfectly. If I did not already have the mini pc I would have kept playing with your script.

I do think your script is a great solution but decided to go another direction even if it does mean having another nat device in the chain, which is what I was trying to avoid.

I really can’t percieve any performance degredation though with the pfSense unit inline.

 

[Ranger802004]

The failover worked good, but the failback was not as reliable as it was when I first got it working. Also, it created static routes for the monitoring IPs which caused the failover WAN monitor IP to become unreachable from the LAN devices unless it had failed over to the the secondary WAN. I had to use “non popular DNS server IPs for both interface monitoring IPs so the more popular ones, Cloudflare, Google, Quad 9, etc. would still be reachable regardless of which WAN interface was online.

I got my pfSense mini pc unit off the shelf, reset it to base config and setup Dual WAN failover. That thing does Dual WAN failover perfectly. If I did not already have the mini pc I would have kept playing with your script.

I do think your script is a great solution but decided to go another direction even if it does mean having another nat device in the chain, which is what I was trying to avoid.

I really can’t percieve any performance degredation though with the pfSense unit inline.

Yea I’m not sure why you were having failback issues because it works pretty good, the static routes are necessary so it can detect when the link is back up, you can use the ISP Gateway if it is pingable instead of DNS Servers. Probably the only issue you have adding the pfsense is an extra failure point and adding another hop perhaps double NAT maybe.

EDIT: Sorry was on a boat earlier, if you were having a significant issue with the tool I'd like to diagnose it and explore what's going on for further enhancement.

 

[Ranger802004]

I haven’t tested on beta but If you send me some logs and the output of the below command I can try and diagnose the issue. I will begin testing on 386.7 beta 1 today.

nvram show | grep “wan”

Status update: I’ve been running the script on 386.7 beta1 and have had zero issues. Anyone experiencing any issues and if so provide logs?

 

[Ubimo]

The script randomly stops working after some hours. Here is the output of

nvram show | grep “wan”

before and after it stopped working.

 

[Viktor Jaep]

The script randomly stops working after some hours. Here is the output of

before and after it stopped working.

Are you running an AC86U by chance?