What's new

WANFailover Dual WAN Failover Script

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

v1.5.5-beta5 Release:
Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***
Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.5-beta5.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh kill

To revert back to Production Release:
Code:
/jffs/scripts/wan-failover.sh update

***Highlight: While in Load Balancing Mode, OpenVPN Split Tunneling can be Disabled defaulting to WAN0 and failover to WAN1 if WAN0 fails***

Release Notes:
v1.5.5-beta5
- General optimization of script logic
- If AdGuard is running or AdGuard Local is enabled, Switch WAN function will not update the resolv.conf file. (Collaboration with SomeWhereOverTheRainbow)
- Optimized the way script loads configuration variables.
- Service restarts will dynamically check which services need to be restarted.
- Optimized Boot Delay Timer functionality and changed logging messages to clarify how the Boot Delay Timer effects the script startup.
- WAN Status will now check if a cable is unplugged.
- Resolved issues with Load Balancing Mode introduced in v1.5.4
- Enhancements to Load Balancing Mode
- When in Load Balancing Mode, OpenVPN Split Tunneling can be disabled where remote addresses will default to WAN0 and failover to WAN1 if WAN0 fails and back to WAN0 when it is restored. This can be changed in Configuration file using the Setting: OVPNSPLITTUNNEL (1 = Enabled / 0 = Disabled)
- Corrected issue with Cron Job creation.
- Corrected issues with IP Rules creation for Target IP Addresses.
- When in Load Balance Mode, script will create IPTables Mangle rules for marking packets if they are missing. This is to correct an issue with the firmware.
- Increased email skip delay to 180 seconds additional to Boot Delay Timer.
- Script will be Disabled with Entware ip-full package installed due to it deploying IP v4.4.0-10 while ASUS Merlin v386.7 firmware uses IP v5.11.0. Remediation is to remove Entware ip-full package.
In my scenario with the AdGuardHome service, it works fine.
 
v1.5.5-beta6 Release:
Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***
Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.5-beta6.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh kill

To revert back to Production Release:
Code:
/jffs/scripts/wan-failover.sh update

***Highlight: While in Load Balancing Mode, OpenVPN Split Tunneling can be Disabled defaulting to WAN0 and failover to WAN1 if WAN0 fails***

***Highlight: Email Notifications will be sent for Load Balancing Mode if a WAN failure occurs.***


Release Notes:
v1.5.5-beta6
- General optimization of script logic
- If AdGuard is running or AdGuard Local is enabled, Switch WAN function will not update the resolv.conf file. (Collaboration with SomeWhereOverTheRainbow)
- Optimized the way script loads configuration variables.
- Service restarts will dynamically check which services need to be restarted.
- Optimized Boot Delay Timer functionality and changed logging messages to clarify how the Boot Delay Timer effects the script startup.
- WAN Status will now check if a cable is unplugged.
- Resolved issues with Load Balancing Mode introduced in v1.5.4
- Enhancements to Load Balancing Mode
- When in Load Balancing Mode, OpenVPN Split Tunneling can be disabled where remote addresses will default to WAN0 and failover to WAN1 if WAN0 fails and back to WAN0 when it is restored. This can be changed in Configuration file using the Setting: OVPNSPLITTUNNEL (1 = Enabled / 0 = Disabled).
- Corrected issue with Cron Job creation.
- Corrected issues with IP Rules creation for Target IP Addresses.
- When in Load Balance Mode, script will create IPTables Mangle rules for marking packets if they are missing. This is to correct an issue with the firmware.
- Increased email skip delay to 180 seconds additional to Boot Delay Timer. Adjustabled in configuration file using Setting: SKIPEMAILSYSTEMUPTIME (Value is in seconds).
- Script will check for supported ASUS Merlin Firmware Versions
- Script will verify System Binaries are used over Optional Binaries
- Added email functionality for Load Balancing Mode. If a WAN Interface fails, an email notification will be sent if enabled.
 
I am still running 386.5_2, will this break the script on my system?
v1.5.5-beta6 should be clear for you to run. Give it a try and report back please.
 
v1.5.5-beta6 should be clear for you to run. Give it a try and report back please.
Code:
@router:/tmp/home/root# /jffs/scripts/wan-failover.sh monitor
wan-failover.sh - Monitor Mode
Jul 6 10:34:41 router wan-failover.sh: Kill - Killing wan-failover.sh
Jul 6 10:34:49 router wan-failover.sh: WAN Status - wan0 enabled
Jul 6 10:34:53 router wan-failover.sh: WAN Status - wan0 has 0% packet loss
Jul 6 10:34:53 router wan-failover.sh: WAN Status - wan1 enabled
Jul 6 10:34:57 router wan-failover.sh: WAN Status - wan1 has 0% packet loss
Jul 6 10:34:57 router wan-failover.sh: WAN0 Active - Verifying WAN0
Jul 6 10:34:57 router wan-failover.sh: WAN0 Failover Monitor - Monitoring wan0 via 119.29.29.29 for Failure
Jul 6 10:36:00 router wan-failover.sh: WAN Status - wan0 disabled
Jul 6 10:36:00 router wan-failover.sh: WAN Status - wan1 enabled
Jul 6 10:36:04 router wan-failover.sh: WAN Status - wan1 has 0% packet loss
Jul 6 10:36:04 router wan-failover.sh: WAN1 Active - Verifying WAN1
Jul 6 10:36:04 router wan-failover.sh: WAN Switch - Switching wan1 to Primary WAN
Jul 6 10:36:04 router wan-failover.sh: WAN Switch - WAN IP Address: 192.168.199.100
Jul 6 10:36:04 router wan-failover.sh: WAN Switch - WAN Gateway: 192.168.199.1
Jul 6 10:36:04 router wan-failover.sh: WAN Switch - WAN Interface: eth2
Jul 6 10:36:04 router wan-failover.sh: WAN Switch - DNS is being managed by AdGuard
Jul 6 10:36:04 router wan-failover.sh: WAN Switch - Adding default route via 192.168.199.1 dev eth2
Jul 6 10:36:04 router wan-failover.sh: WAN Switch - QoS is Enabled
Jul 6 10:36:04 router wan-failover.sh: WAN Switch - Applying Manual QoS Bandwidth Settings
Jul 6 10:36:04 router wan-failover.sh: WAN Switch - QoS Settings: Download Bandwidth: 20Mbps Upload Bandwidth: 20Mbps
Jul 6 10:36:05 router wan-failover.sh: WAN Switch - Switched wan1 to Primary WAN
Jul 6 10:36:05 router wan-failover.sh: Service Restart - Restarting dnsmasq service
Jul 6 10:36:05 router wan-failover.sh: Service Restart - Restarted dnsmasq service
Jul 6 10:36:05 router wan-failover.sh: Service Restart - Restarting firewall service
Jul 6 10:36:06 router wan-failover.sh: Service Restart - Restarted firewall service
Jul 6 10:36:06 router wan-failover.sh: Service Restart - Restarting leds service
Jul 6 10:36:07 router wan-failover.sh: Service Restart - Restarted leds service
Jul 6 10:36:07 router wan-failover.sh: Service Restart - Restarting qos service
Jul 6 10:36:08 router wan-failover.sh: Service Restart - Restarted qos service
Jul 6 10:36:08 router wan-failover.sh: Email Notification - AMTM Email Configuration Detected
Jul 6 10:36:11 router wan-failover.sh: Email Notification - Email Notification Sent
Jul 6 10:36:11 router wan-failover.sh: WAN Status - wan0 disabled
Jul 6 10:36:11 router wan-failover.sh: WAN Status - wan1 enabled
Jul 6 10:36:15 router wan-failover.sh: WAN Status - wan1 has 0% packet loss
Jul 6 10:36:15 router wan-failover.sh: WAN1 Active - Verifying WAN1
Jul 6 10:36:15 router wan-failover.sh: WAN Failover Disabled - wan0 is disabled
Jul 6 10:36:15 router wan-failover.sh: WAN Failover Disabled - WAN Failover is currently disabled. ***Review Logs***
Jul 6 10:38:29 router wan-failover.sh: WAN Failover Disabled - wan0 and wan1 are enabled and connected
Jul 6 10:38:29 router wan-failover.sh: WAN Failover Disabled - Returning to check WAN Status
Jul 6 10:38:29 router wan-failover.sh: WAN Status - wan0 enabled
Jul 6 10:38:29 router wan-failover.sh: WAN Status - Adding default route for wan0 Routing Table via 178.249.55.254 dev eth0
Jul 6 10:38:29 router wan-failover.sh: WAN Status - Added default route for wan0 Routing Table via 178.249.55.254 dev eth0
Jul 6 10:38:29 router wan-failover.sh: WAN Status - Adding IP Rule for 119.29.29.29
Jul 6 10:38:29 router wan-failover.sh: WAN Status - Added IP Rule for 119.29.29.29
Jul 6 10:38:33 router wan-failover.sh: WAN Status - wan0 has 0% packet loss
Jul 6 10:38:33 router wan-failover.sh: WAN Status - wan1 enabled
Jul 6 10:38:33 router wan-failover.sh: WAN Status - Adding default route for wan1 Routing Table via 192.168.199.1 dev eth2
Jul 6 10:38:33 router wan-failover.sh: WAN Status - Added default route for wan1 Routing Table via 192.168.199.1 dev eth2
Jul 6 10:38:33 router wan-failover.sh: WAN Status - Adding IP Rule for 119.28.28.28
Jul 6 10:38:33 router wan-failover.sh: WAN Status - Added IP Rule for 119.28.28.28
Jul 6 10:38:37 router wan-failover.sh: WAN Status - wan1 has 0% packet loss
Jul 6 10:38:37 router wan-failover.sh: WAN0 Active - Verifying WAN0
Jul 6 10:38:37 router wan-failover.sh: WAN Switch - Switching wan0 to Primary WAN
Jul 6 10:38:37 router wan-failover.sh: WAN Switch - WAN IP Address: 178.249.55.33
Jul 6 10:38:37 router wan-failover.sh: WAN Switch - WAN Gateway: 178.249.55.254
Jul 6 10:38:38 router wan-failover.sh: WAN Switch - WAN Interface: eth0
Jul 6 10:38:38 router wan-failover.sh: WAN Switch - DNS is being managed by AdGuard
Jul 6 10:38:38 router wan-failover.sh: WAN Switch - Deleting default route via 192.168.199.1 dev eth2
Jul 6 10:38:38 router wan-failover.sh: WAN Switch - Adding default route via 178.249.55.254 dev eth0
Jul 6 10:38:38 router wan-failover.sh: WAN Switch - QoS is Enabled
Jul 6 10:38:38 router wan-failover.sh: WAN Switch - Applying Manual QoS Bandwidth Settings
Jul 6 10:38:38 router wan-failover.sh: WAN Switch - QoS Settings: Download Bandwidth: 94Mbps Upload Bandwidth: 94Mbps
Jul 6 10:38:39 router wan-failover.sh: WAN Switch - Switched wan0 to Primary WAN
Jul 6 10:38:39 router wan-failover.sh: Service Restart - Restarting dnsmasq service
Jul 6 10:38:39 router wan-failover.sh: Service Restart - Restarted dnsmasq service
Jul 6 10:38:39 router wan-failover.sh: Service Restart - Restarting firewall service
Jul 6 10:38:40 router wan-failover.sh: Service Restart - Restarted firewall service
Jul 6 10:38:40 router wan-failover.sh: Service Restart - Restarting leds service
Jul 6 10:38:41 router wan-failover.sh: Service Restart - Restarted leds service
Jul 6 10:38:41 router wan-failover.sh: Service Restart - Restarting qos service
Jul 6 10:38:42 router wan-failover.sh: Service Restart - Restarted qos service
Jul 6 10:38:42 router wan-failover.sh: Email Notification - AMTM Email Configuration Detected
Jul 6 10:38:43 router wan-failover.sh: Email Notification - Email Notification Sent
Jul 6 10:38:43 router wan-failover.sh: WAN Status - wan0 enabled
Jul 6 10:38:47 router wan-failover.sh: WAN Status - wan0 has 0% packet loss
Jul 6 10:38:47 router wan-failover.sh: WAN Status - wan1 enabled
Jul 6 10:38:52 router wan-failover.sh: WAN Status - wan1 has 0% packet loss
Jul 6 10:38:52 router wan-failover.sh: WAN0 Active - Verifying WAN0
Jul 6 10:38:52 router wan-failover.sh: WAN0 Failover Monitor - Monitoring wan0 via 119.29.29.29 for Failure
 
Testing V1.5.5_Beta6 Dual WAN Script in a Dual WAN Failover mode, and the "switchwan" argument works flawlessly with my config, when flipping from one wan connection to the other for testing.

Next tests were to see how disconnecting the main ISP connection works with my addons (especially FlexQOS and YazFi).

Testing Failover and Failback worked great except for one thing that @Jack Yaz or @Ranger802004 might have to look into, (which seems more a timing issue) which in my testing I have the following:

1. I have smart electric plugs connected to Guest Network 2 that I have my ISP #01 plugged into one of them
2. On my app on my IPhone, I shutoff the smart plug to simulate ISP #01 going down, which with Dual WAN script I have the following setup in the "wan-failover.conf" file

Code:
WAN0TARGET=1.1.1.1
WAN1TARGET=1.0.0.1
PINGCOUNT=10
PINGTIMEOUT=5
WANDISABLEDSLEEPTIMER=60
BOOTDELAYTIMER=60
WAN0_QOS_IBW=0
WAN1_QOS_IBW=0
WAN0_QOS_OBW=0
WAN1_QOS_OBW=0
WAN0_QOS_OVERHEAD=0
WAN1_QOS_OVERHEAD=0
WAN0_QOS_ATM=0
WAN1_QOS_ATM=0
PACKETLOSSLOGGING=0
SENDEMAIL=1
SKIPEMAILSYSTEMUPTIME=180
OVPNSPLITTUNNEL=1

3. When the failover happens, ISP #02 kicks in pretty quickly, but FlexQOS and YazFi both notice changes, and restart their services as well, which YazFi appears to not allow Guest Network 2 access for a while, but eventually restarts its services and provides access (it just takes a while - over 7 minutes at the bottom of the system log).

(System log next message as maximum characters exceeded)

Please let me know if you see any config I can change to test with, or if you need anything else to review
 
Last edited:
Testing V1.5.5_Beta6 Dual WAN Script in a Dual WAN Failover mode, and the "switchwan" argument works flawlessly with my config, when flipping from one wan connection to the other for testing.

Next tests will be to see how disconnecting the main ISP connection works with my addons (especially FlexQOS and YazFi)
I have beta7 almost ready for testing for v1.5.5. I use FlexQoS during my testing, it will restart QoS Service if QoS is enabled. There was another use who used one of the Yaz scripts who had issues and it was due to the Yaz script hardcoding to wan0 interface instead of dynamic between the 2. I'm not sure if that was resolved.
 
v1.5.5-beta7 Release:
Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***
Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.5-beta7.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh kill

To revert back to Production Release:
Code:
/jffs/scripts/wan-failover.sh update

***Highlight: While in Load Balancing Mode, OpenVPN Split Tunneling can be Disabled defaulting to WAN0 and failover to WAN1 if WAN0 fails***

***Highlight: Email Notifications will be sent for Load Balancing Mode if a WAN failure occurs.***


Release Notes:
v1.5.5-beta7
- General optimization of script logic
- If AdGuard is running or AdGuard Local is enabled, Switch WAN function will not update the resolv.conf file. (Collaboration with SomeWhereOverTheRainbow)
- Optimized the way script loads configuration variables.
- Service restarts will dynamically check which services need to be restarted.
- Optimized Boot Delay Timer functionality and changed logging messages to clarify how the Boot Delay Timer effects the script startup.
- WAN Status will now check if a cable is unplugged.
- Resolved issues with Load Balancing Mode introduced in v1.5.4
- Enhancements to Load Balancing Mode
- When in Load Balancing Mode, OpenVPN Split Tunneling can be disabled where remote addresses will default to WAN0 and failover to WAN1 if WAN0 fails and back to WAN0 when it is restored. This can be changed in Configuration file using the Setting: OVPNSPLITTUNNEL (1 = Enabled / 0 = Disabled).
- Corrected issue with Cron Job creation.
- Corrected issues with IP Rules creation for Target IP Addresses.
- When in Load Balance Mode, script will create IPTables Mangle rules for marking packets if they are missing. This is to correct an issue with the firmware.
- Increased email skip default delay to 180 seconds additional to Boot Delay Timer. Adjustable in configuration file using Setting: SKIPEMAILSYSTEMUPTIME (Value is in seconds).
- Script will check for supported ASUS Merlin Firmware Versions
- Script will verify System Binaries are used over Optional Binaries
- Added email functionality for Load Balancing Mode. If a WAN Interface fails, an email notification will be sent if enabled.
- Corrected issue where temporary file for mail would not have correct write permissions to create email for notification.
- Script will now create NAT Rules for services that are enabled.
- Load Balancing Rule Priority, WAN0/WAN1 Route Tables, FW Marks/Masks, IP Rule Priorities, and OpenVPN WAN Priority (Split Tunneling Disabled) are now all customizable using the configuration file. Recommended to leave default unless necessary to change.
- WAN Interface restarts during WAN Status checks will only wait 30 seconds maximum to check status again.
 
Testing V1.5.5_Beta6 Dual WAN Script in a Dual WAN Failover mode, and the "switchwan" argument works flawlessly with my config, when flipping from one wan connection to the other for testing.

Next tests were to see how disconnecting the main ISP connection works with my addons (especially FlexQOS and YazFi).

Testing Failover and Failback worked great except for one thing that @Jack Yaz or @Ranger802004 might have to look into, (which seems more a timing issue) which in my testing I have the following:

1. I have smart electric plugs connected to Guest Network 2 that I have my ISP #01 plugged into one of them
2. On my app on my IPhone, I shutoff the smart plug to simulate ISP #01 going down, which with Dual WAN script I have the following setup in the "wan-failover.conf" file

Code:
WAN0TARGET=1.1.1.1
WAN1TARGET=1.0.0.1
PINGCOUNT=10
PINGTIMEOUT=5
WANDISABLEDSLEEPTIMER=60
BOOTDELAYTIMER=60
WAN0_QOS_IBW=0
WAN1_QOS_IBW=0
WAN0_QOS_OBW=0
WAN1_QOS_OBW=0
WAN0_QOS_OVERHEAD=0
WAN1_QOS_OVERHEAD=0
WAN0_QOS_ATM=0
WAN1_QOS_ATM=0
PACKETLOSSLOGGING=0
SENDEMAIL=1
SKIPEMAILSYSTEMUPTIME=180
OVPNSPLITTUNNEL=1

3. When the failover happens, ISP #02 kicks in pretty quickly, but FlexQOS and YazFi both notice changes, and restart their services as well, which YazFi appears to not allow Guest Network 2 access for a while, but eventually restarts its services and provides access (it just takes a while - over 7 minutes at the bottom of the system log).

(System log next message as maximum characters exceeded)

Please let me know if you see any config I can change to test with, or if you need anything else to review
I would review the iptables rules created by YazFi and verify they are generating correctly for the proper WAN Interfaces or there could be a cron job that does this for the script and that could possibly be why there is a delay?
 
Here is my System Log - General Log (IP's & SSID's redacted): (Part 1)

Code:
Jul  6 13:07:57 kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link DOWN.
Jul  6 13:08:05 ovpn-server1[30033]: event_wait : Interrupted system call (code=4)
Jul  6 13:08:05 ovpn-server1[30033]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Jul  6 13:08:07 YazFi: Firewall restarted - sleeping 10s before running YazFi
Jul  6 13:08:07 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=19414) called in unattended mode with 1 args: -start
Jul  6 13:08:08 FlexQoS: Applying iptables static rules
Jul  6 13:08:08 FlexQoS: Applying iptables custom rules
Jul  6 13:08:08 FlexQoS: Flushing conntrack table
Jul  6 13:08:08 ovpn-server1[20857]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul  6 13:08:09 FlexQoS: Applying AppDB rules and TC rates
Jul  6 13:08:12 kernel: SHN Release Version: 2.0.2 36f59aa
Jul  6 13:08:12 kernel: UDB Core Version: 0.2.20
Jul  6 13:08:12 kernel: sizeof forward pkt param = 280
Jul  6 13:08:17 wan-failover.sh: WAN0 Failover Monitor - Failure Detected - WAN0 Packet Loss: 100%
Jul  6 13:08:17 wan-failover.sh: WAN Status - wan1 is disconnected.  IP Address: X.X.X.X Gateway: X.X.X.X
Jul  6 13:08:17 wan-failover.sh: WAN Status - wan0 enabled
Jul  6 13:08:17 wan-failover.sh: WAN Status - wan0: Disconnected
Jul  6 13:08:17 wan-failover.sh: WAN Status - Restarting wan0: eth0
Jul  6 13:08:17 YazFi: YazFi v4.4.2 starting up
Jul  6 13:08:18 wan-failover.sh: WAN Status - Restarted wan0: eth0
Jul  6 13:08:18 wan-failover.sh: WAN Status - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul  6 13:08:18 wan-failover.sh: WAN Status - Adding default route for wan0 Routing Table via 0.0.0.0 dev eth0
Jul  6 13:08:18 wan-failover.sh: WAN Status - Added default route for wan0 Routing Table via 0.0.0.0 dev eth0
Jul  6 13:08:18 wan-failover.sh: WAN Status - Adding IP Rule for 1.1.1.1
Jul  6 13:08:18 wan-failover.sh: WAN Status - Added IP Rule for 1.1.1.1
Jul  6 13:08:18 YazFi: wl0.1 (SSID: xxxxxx) - sending all interface internet traffic over WAN interface
Jul  6 13:08:20 YazFi: Lock file found (age: 13 seconds) - stopping to prevent duplicate runs
Jul  6 13:08:20 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=23389) called in unattended mode with 1 args: -start
Jul  6 13:08:20 ovpn-server1[20857]: event_wait : Interrupted system call (code=4)
Jul  6 13:08:20 ovpn-server1[20857]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Jul  6 13:08:20 YazFi: wl0.2 (SSID: xxxxx) - sending all interface internet traffic over WAN interface
Jul  6 13:08:21 FlexQoS: Applying iptables static rules
Jul  6 13:08:21 FlexQoS: Applying iptables custom rules
Jul  6 13:08:21 FlexQoS: Flushing conntrack table
Jul  6 13:08:22 FlexQoS: Applying AppDB rules and TC rates
Jul  6 13:08:25 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul  6 13:08:32 wan-failover.sh: WAN Status - wan0 has 100% packet loss
Jul  6 13:08:32 wan-failover.sh: WAN Status - wan1 enabled
Jul  6 13:08:32 wan-failover.sh: WAN Status - Adding default route for wan1 Routing Table via x.x.x.x dev eth4
Jul  6 13:08:32 wan-failover.sh: WAN Status - Added default route for wan1 Routing Table via x.x.x.x dev eth4
Jul  6 13:08:32 wan-failover.sh: WAN Status - Adding IP Rule for 1.0.0.1
Jul  6 13:08:32 wan-failover.sh: WAN Status - Added IP Rule for 1.0.0.1
Jul  6 13:08:40 YazFi: YazFi v4.4.2 completed successfully
Jul  6 13:08:41 wan-failover.sh: WAN Status - wan1 has 0% packet loss
Jul  6 13:08:41 wan-failover.sh: WAN1 Active - Verifying WAN1
Jul  6 13:08:41 wan-failover.sh: WAN0 Failback Monitor - Monitoring wan0 via 1.1.1.1 for Failback
Jul  6 13:08:41 wan-failover.sh: WAN Status - wan0 enabled
Jul  6 13:08:41 wan-failover.sh: WAN Status - wan0: Disconnected
Jul  6 13:08:41 wan-failover.sh: WAN Status - Restarting wan0: eth0
Jul  6 13:08:42 wan-failover.sh: WAN Status - Restarted wan0: eth0
Jul  6 13:08:42 wan-failover.sh: WAN Status - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul  6 13:08:56 wan-failover.sh: WAN Status - wan0 has 100% packet loss
Jul  6 13:08:56 wan-failover.sh: WAN Status - wan1 enabled
Jul  6 13:09:05 wan-failover.sh: WAN Status - wan1 has 0% packet loss
Jul  6 13:09:05 wan-failover.sh: WAN1 Active - Verifying WAN1
Jul  6 13:09:05 wan-failover.sh: WAN0 Failback Monitor - Monitoring wan0 via 1.1.1.1 for Failback[/CODE}
 
Here is my System Log - General Log (IP's & SSID's redacted): (Part 2)

Code:
Jul  6 13:09:06
Jul  6 13:09:06
Jul  6 13:09:06
Jul  6 13:09:07
Jul  6 13:09:07 DUPLICATE
Jul  6 13:09:21
Jul  6 13:09:21
Jul  6 13:09:30
Jul  6 13:09:30
Jul  6 13:09:30 DUPLICATE
Jul  6 13:09:30
Jul  6 13:09:30
Jul  6 13:09:30
Jul  6 13:09:31
Jul  6 13:09:31
Jul  6 13:09:45
Jul  6 13:09:45
Jul  6 13:09:54
Jul  6 13:09:54
Jul  6 13:09:54 DUPLICATE
Jul  6 13:09:54 wan-failover.sh: WAN Status - wan0 enabled
Jul  6 13:09:54 wan-failover.sh: WAN Status - wan0: Disconnected
Jul  6 13:09:54 wan-failover.sh: WAN Status - Restarting wan0: eth0
Jul  6 13:09:55 wan-failover.sh: WAN Status - Restarted wan0: eth0
Jul  6 13:09:55 wan-failover.sh: WAN Status - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul  6 13:10:00 YazFi: YazFi firewall rules not detected during persistence check, re-applying rules
Jul  6 13:10:00 YazFi: YazFi v4.4.2 starting up
Jul  6 13:10:02 YazFi: wl0.1 (SSID: xxxxxx) - sending all interface internet traffic over WAN interface
Jul  6 13:10:03 YazFi: wl0.2 (SSID: xxxxx) - sending all interface internet traffic over WAN interface
Jul  6 13:10:07 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul  6 13:10:09
Jul  6 13:10:09
Jul  6 13:10:18
Jul  6 13:10:18
Jul  6 13:10:18
Jul  6 13:10:18
Jul  6 13:10:18
Jul  6 13:10:19
Jul  6 13:10:19 DUPLICATE
Jul  6 13:10:22 YazFi: YazFi v4.4.2 completed successfully
Jul  6 13:10:33
Jul  6 13:10:34
Jul  6 13:10:43
Jul  6 13:10:43
Jul  6 13:10:43
Jul  6 13:10:43
Jul  6 13:10:43
Jul  6 13:10:43
Jul  6 13:10:44
Jul  6 13:10:44
Jul  6 13:10:58
Jul  6 13:10:58
Jul  6 13:11:07
Jul  6 13:11:07
Jul  6 13:11:07 DUPLICATE
Jul  6 13:11:07
Jul  6 13:11:07
Jul  6 13:11:07
Jul  6 13:11:08
Jul  6 13:11:08
Jul  6 13:11:09 kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link UP at 1000 mbps full duplex
Jul  6 13:11:22 wan-failover.sh: WAN Status - wan0 has 100% packet loss
Jul  6 13:11:22 wan-failover.sh: WAN Status - wan1 enabled
Jul  6 13:11:31 wan-failover.sh: WAN Status - wan1 has 0% packet loss
Jul  6 13:11:31
Jul  6 13:11:31 DUPLICATE
Jul  6 13:11:31 wan-failover.sh: WAN Status - wan0 enabled
Jul  6 13:11:31 wan-failover.sh: WAN Status - wan0: Disconnected
Jul  6 13:11:31 wan-failover.sh: WAN Status - Restarting wan0: eth0
Jul  6 13:11:32 wan-failover.sh: WAN Status - Restarted wan0: eth0
Jul  6 13:11:32 wan-failover.sh: WAN Status - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul  6 13:11:46 wan-failover.sh: WAN Status - wan0 has 100% packet loss
Jul  6 13:11:46 wan-failover.sh: WAN Status - wan1 enabled
Jul  6 13:11:55 wan-failover.sh: WAN Status - wan1 has 0% packet loss
Jul  6 13:11:55 wan-failover.sh: WAN1 Active - Verifying WAN1
Jul  6 13:11:55 wan-failover.sh: WAN0 Failback Monitor - Monitoring wan0 via 1.1.1.1 for Failback
Jul  6 13:11:56 wan-failover.sh: WAN Status - wan0 enabled
Jul  6 13:11:56 wan-failover.sh: WAN Status - wan0: Disconnected
Jul  6 13:11:56 wan-failover.sh: WAN Status - Restarting wan0: eth0
Jul  6 13:11:57 wan-failover.sh: WAN Status - Restarted wan0: eth0
Jul  6 13:11:57 wan-failover.sh: WAN Status - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul  6 13:12:11 wan-failover.sh: WAN Status - wan0 has 100% packet loss
Jul  6 13:12:11 wan-failover.sh: WAN Status - wan1 enabled
Jul  6 13:12:20 wan-failover.sh: WAN Status - wan1 has 0% packet loss
Jul  6 13:12:20 wan-failover.sh: WAN1 Active - Verifying WAN1
Jul  6 13:12:20 wan-failover.sh: WAN0 Failback Monitor - Monitoring wan0 via 1.1.1.1 for Failback
Jul  6 13:12:20 wan-failover.sh: WAN Status - wan0 enabled
Jul  6 13:12:20 wan-failover.sh: WAN Status - wan0: Disconnected
Jul  6 13:12:20 wan-failover.sh: WAN Status - Restarting wan0: eth0
Jul  6 13:12:21 YazFi: Firewall restarted - sleeping 10s before running YazFi
Jul  6 13:12:21 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=15857) called in unattended mode with 1 args: -start
Jul  6 13:12:21 ovpn-server1[16067]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul  6 13:12:21 FlexQoS: iptables rules already present
Jul  6 13:12:21 wan-failover.sh: WAN Status - Restarted wan0: eth0
Jul  6 13:12:21 wan-failover.sh: WAN1 Active - Verifying WAN1
Jul  6 13:12:21 wan-failover.sh: WAN0 Failback Monitor - Monitoring wan0 via 1.1.1.1 for Failback
Jul  6 13:12:21 wan-failover.sh: WAN Status - wan0 enabled
Jul  6 13:12:21 wan-failover.sh: WAN Status - Adding default route for wan0 Routing Table via x.x.x.x dev eth0
Jul  6 13:12:21 wan-failover.sh: WAN Status - Added default route for wan0 Routing Table via x.x.x.x dev eth0
Jul  6 13:12:21 wan-failover.sh: WAN Status - Adding IP Rule for 1.1.1.1
Jul  6 13:12:21 wan-failover.sh: WAN Status - Added IP Rule for 1.1.1.1
Jul  6 13:12:22 FlexQoS: Applying AppDB rules and TC rates
Jul  6 13:12:30 wan-failover.sh: WAN Status - wan0 has 0% packet loss
Jul  6 13:12:30 wan-failover.sh: WAN Status - wan1 enabled
Jul  6 13:12:30 wan-failover.sh: WAN Status - Adding default route for wan1 Routing Table via x.x.x.x dev eth4
Jul  6 13:12:30 wan-failover.sh: WAN Status - Added default route for wan1 Routing Table via x.x.x.x dev eth4
Jul  6 13:12:30 wan-failover.sh: WAN Status - Adding IP Rule for 1.0.0.1
Jul  6 13:12:30 wan-failover.sh: WAN Status - Added IP Rule for 1.0.0.1
Jul  6 13:12:31 YazFi: YazFi v4.4.2 starting up
Jul  6 13:12:32 YazFi: wl0.1 (SSID: xxxxxx) - sending all interface internet traffic over WAN interface
Jul  6 13:12:34 YazFi: wl0.2 (SSID: xxxxx) - sending all interface internet traffic over WAN interface
Jul  6 13:12:37 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul  6 13:12:39 wan-failover.sh: WAN Status - wan1 has 0% packet loss
Jul  6 13:12:39 wan-failover.sh: WAN0 Active - Verifying WAN0
Jul  6 13:12:39 wan-failover.sh: WAN Switch - Switching wan0 to Primary WAN
Jul  6 13:12:39 wan-failover.sh: WAN Switch - WAN IP Address: x.x.x.x
Jul  6 13:12:39 wan-failover.sh: WAN Switch - WAN Gateway: x.x.x.x
Jul  6 13:12:39 wan-failover.sh: WAN Switch - DNS1 Server: x.x.x.x
Jul  6 13:12:39 wan-failover.sh: WAN Switch - DNS2 Server: x.x.x.x
Jul  6 13:12:39 wan-failover.sh: WAN Switch - Deleting default route via x.x.x.x dev eth4
Jul  6 13:12:39 wan-failover.sh: WAN Switch - Adding default route via x.x.x.x dev eth0
Jul  6 13:12:39 wan-failover.sh: WAN Switch - QoS is Enabled
Jul  6 13:12:39 wan-failover.sh: WAN Switch - Applying Manual QoS Bandwidth Settings
Jul  6 13:12:39 wan-failover.sh: WAN Switch - QoS Settings: Download Bandwidth: 0Mbps Upload Bandwidth: 0Mbps
Jul  6 13:12:40 wan-failover.sh: WAN Switch - Switched wan0 to Primary WAN
Jul  6 13:12:41 wan-failover.sh: Service Restart - Restarting dnsmasq service
Jul  6 13:12:41 wan-failover.sh: Service Restart - Restarted dnsmasq service
Jul  6 13:12:41 wan-failover.sh: Service Restart - Restarting firewall service
Jul  6 13:12:42 wan-failover.sh: Service Restart - Restarted firewall service
Jul  6 13:12:42 wan-failover.sh: Service Restart - Restarting leds service
Jul  6 13:12:42 YazFi: Lock file found (age: 21 seconds) - stopping to prevent duplicate runs
Jul  6 13:12:42 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=22272) called in unattended mode with 1 args: -start
Jul  6 13:12:42 FlexQoS: Applying iptables static rules
Jul  6 13:12:42 FlexQoS: Applying iptables custom rules
Jul  6 13:12:42 FlexQoS: Flushing conntrack table
Jul  6 13:12:43 wan-failover.sh: Service Restart - Restarted leds service
Jul  6 13:12:43 wan-failover.sh: Service Restart - Restarting qos service
Jul  6 13:12:43 FlexQoS: No TC modifications necessary
Jul  6 13:12:44 wan-failover.sh: Service Restart - Restarted qos service
Jul  6 13:12:44 wan-failover.sh: Email Notification - AIProtection Alerts Email Configuration Detected
Jul  6 13:12:45 kernel: Cpuidle Host Clock divider is enabled
Jul  6 13:12:52 YazFi: YazFi v4.4.2 completed successfully
Jul  6 13:13:01 wan-failover.sh: WAN Status - wan0 enabled
Jul  6 13:13:10 wan-failover.sh: WAN Status - wan0 has 0% packet loss
Jul  6 13:13:10 wan-failover.sh: WAN Status - wan1 enabled
Jul  6 13:13:19 wan-failover.sh: WAN Status - wan1 has 0% packet loss
Jul  6 13:13:19 wan-failover.sh: WAN0 Active - Verifying WAN0
Jul  6 13:13:19 wan-failover.sh: WAN0 Failover Monitor - Monitoring wan0 via 1.1.1.1 for Failure
Jul  6 13:20:00 YazFi: YazFi firewall rules not detected during persistence check, re-applying rules
Jul  6 13:20:00 YazFi: YazFi v4.4.2 starting up
Jul  6 13:20:02 YazFi: wl0.1 (SSID: xxxxxx) - sending all interface internet traffic over WAN interface
Jul  6 13:20:03 YazFi: wl0.2 (SSID: xxxxx) - sending all interface internet traffic over WAN interface
Jul  6 13:20:07 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul  6 13:20:22 YazFi: YazFi v4.4.2 completed successfully
 
I see this in the logs.

Jul 6 13:20:00 YazFi: YazFi firewall rules not detected during persistence check, re-applying rules

@Jack Yaz if you have some kind of indicator I can use for checking if YazFi is installed, I can build it into the failover script to trigger the rules to be reapplied post failover/failback? I have built in checks for AdGuard as already.
 
I see this in the logs.

Jul 6 13:20:00 YazFi: YazFi firewall rules not detected during persistence check, re-applying rules
Yes and that takes 7 minutes to reapply at that time, not the end of the world, but during that time, my IOT devices are inaccessible
 
Yes and that takes 7 minutes to reapply at that time, not the end of the world, but during that time, my IOT devices are inaccessible
See my post above, I'll work with Jack and see if we can integrate a trigger for his script in the failover script.
 
Testing V1.5.5_Beta7 Dual WAN Script in a Dual WAN Failover mode, works great so far, thanks @Ranger802004.
 
Testing V1.5.5_Beta7 Dual WAN Script in a Dual WAN Failover mode, works great so far, thanks @Ranger802004.
That’s what I like to hear. If all goes well with this beta after testing I will publish it as a production release.
 
Wish I had seen this earlier. When I recently tried load balancing with stock asus settings, the biggest issue I ran into was with HTTPS.

Most things worked fine, but a few sites had issues taking forever to load, or not loading at all. Anyone else seen that issue?

Just looked at the latest changelog and see this.
"When in Load Balance Mode, script will create IPTables Mangle rules for marking packets if they are missing. This is to correct an issue with the firmware."

Related?

edit: I've dropped the second connection since it was a bit of a hassle + the cost. But being a daily charged service, I'm happy to kick it back into gear to help test.
 
Wish I had seen this earlier. When I recently tried load balancing with stock asus settings, the biggest issue I ran into was with HTTPS.

Most things worked fine, but a few sites had issues taking forever to load, or not loading at all. Anyone else seen that issue?

Just looked at the latest changelog and see this.
"When in Load Balance Mode, script will create IPTables Mangle rules for marking packets if they are missing. This is to correct an issue with the firmware."

Related?

edit: I've dropped the second connection since it was a bit of a hassle + the cost. But being a daily charged service, I'm happy to kick it back into gear to help test.

Yes the issue you experienced was related to the mangle rules missing. This script is still in beta with this fix so keep that in mind we are still testing but it does work to resolve the https issue.
 
Yes the issue you experienced was related to the mangle rules missing. This script is still in beta with this fix so keep that in mind we are still testing but it does work to resolve the https issue.
I had a issue with https some time ago while setting up a separate br1 network.
Some https failed to load.
I solved after days of Google searches with below line in firewall-start
Code:
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Source:
Clamping the MSS via IPTABLES
 
I had a issue with https some time ago while setting up a separate br1 network.
Some https failed to load.
I solved after days of Google searches with below line in firewall-start
Code:
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Source:
Clamping the MSS via IPTABLES

I have some custom firewall rules in my script for guest networks as well, they are missing after boot and should be there.
 
I had a issue with https some time ago while setting up a separate br1 network.
Some https failed to load.
I solved after days of Google searches with below line in firewall-start
Code:
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Source:
Clamping the MSS via IPTABLES

The TCPMSS rule shows up for me automatically but I also have mssfix set in my OpenVPN config so I wonder if that triggers it to create.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top