WANFailover Dual WAN Failover Script

[JohnSmith]

Testing V1.5.5-Beta11 Dual WAN Script in a Dual WAN Failover mode:

1. I have smart electric plugs and other IOT devices connected to Guest Network 2 that I have my ISP #01 plugged into one of them
2. On my app on my IPhone, I shutoff the smart plug to simulate ISP #01 going down
3. When the failover happens, ISP #02 kicks in pretty quickly, and YazFi & OpenVPN Server have Cron Jobs running as well.

ASUSWRT-Merlin RT-AX88U 386.7_0 Wed Jun 22 18:49:23 UTC 2022
admin@XXAX88U:/tmp/home/root# crontab -l
*/10 * * * * /jffs/scripts/YazFi check #YazFi#
*/1 * * * * /jffs/scripts/wan-failover.sh run #setup_wan_failover_run#
*/2 * * * * /etc/openvpn/server1/vpn-watchdog1.sh #CheckVPNServer1#

4. The problem is still on the Failover I don't have access to my IOT devices in a small timeframe (like on the Failback), as it appears YazFi and FlexQOS kick off much earlier than your script anticipates on the Failover to ISP#02, and never invoked again until their Cron Jobs kick in again.

Jul 12 02:22:00 kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link DOWN.
Jul 12 02:22:05 ovpn-server1[5683]: event_wait : Interrupted system call (code=4)
Jul 12 02:22:05 ovpn-server1[5683]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Jul 12 02:22:07 YazFi: Firewall restarted - sleeping 10s before running YazFi
Jul 12 02:22:07 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=27305) called in unattended mode with 1 args: -start
Jul 12 02:22:07 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 02:22:07 wan-failover.sh: WAN Status - Restarting wan0
Jul 12 02:22:07 FlexQoS: Applying iptables static rules
Jul 12 02:22:07 FlexQoS: Applying iptables custom rules
Jul 12 02:22:07 FlexQoS: Flushing conntrack table
Jul 12 02:22:08 FlexQoS: No TC modifications necessary
Jul 12 02:22:08 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 02:22:08 wan-failover.sh: WAN Status - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:22:09 ovpn-server1[28734]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 12 02:22:13 wan-failover.sh: WAN Switch - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:22:13 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 02:22:13 wan-failover.sh: WAN Status - Restarting wan0
Jul 12 02:22:13 kernel: SHN Release Version: 2.0.2 36f59aa
Jul 12 02:22:13 kernel: UDB Core Version: 0.2.20
Jul 12 02:22:13 kernel: sizeof forward pkt param = 280
Jul 12 02:22:14 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 02:22:14 wan-failover.sh: WAN Status - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:22:17 YazFi: YazFi v4.4.2 starting up
Jul 12 02:22:18 YazFi: wl0.1 (SSID: XXXXXXX) - sending all interface internet traffic over WAN interface
Jul 12 02:22:18 YazFi: Lock file found (age: 11 seconds) - stopping to prevent duplicate runs
Jul 12 02:22:18 wan-failover.sh: WAN Switch - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:22:18 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=30535) called in unattended mode with 1 args: -start
Jul 12 02:22:18 wan-failover.sh: WAN Status - Restarting wan0
Jul 12 02:22:18 ovpn-server1[28734]: event_wait : Interrupted system call (code=4)
Jul 12 02:22:18 ovpn-server1[28734]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Jul 12 02:22:19 wan-failover.sh: WAN Status - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:22:20 FlexQoS: Applying iptables static rules
Jul 12 02:22:20 FlexQoS: Applying iptables custom rules
Jul 12 02:22:20 FlexQoS: Flushing conntrack table
Jul 12 02:22:20 FlexQoS: TC Modification Delayed Start
Jul 12 02:22:21 YazFi: wl0.2 (SSID: XXXXX) - sending all interface internet traffic over WAN interface
Jul 12 02:22:24 wan-failover.sh: WAN Switch - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:22:24 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 02:22:24 wan-failover.sh: WAN Status - Restarting wan0
Jul 12 02:22:25 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul 12 02:22:25 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 02:22:25 wan-failover.sh: WAN Status - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:22:29 wan-failover.sh: WAN Switch - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:22:29 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 02:22:29 wan-failover.sh: WAN Status - Restarting wan0
Jul 12 02:22:30 FlexQoS: TC Modification delayed for 10 seconds
Jul 12 02:22:30 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 02:22:30 wan-failover.sh: WAN Status - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:22:31 FlexQoS: Applying AppDB rules and TC rates
Jul 12 02:22:35 wan-failover.sh: WAN Switch - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:22:35 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 02:22:35 wan-failover.sh: WAN Status - Restarting wan0
Jul 12 02:22:36 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 02:22:36 wan-failover.sh: WAN Status - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:22:40 wan-failover.sh: WAN Switch - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:22:40 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 02:22:40 wan-failover.sh: WAN Status - Restarting wan0
Jul 12 02:22:40 YazFi: YazFi v4.4.2 completed successfully
Jul 12 02:22:41 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 02:22:41 wan-failover.sh: WAN Status - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:22:46 wan-failover.sh: WAN Switch - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0

5. Also your script in Failover mode will now fill the System General Log File with wan0 information only, never showing you that it flipped to wan1 and its info (and this is on Default Message Log Level of "notice" and Log only messages more urgent than "notice".

6. After waiting the 5 minutes for FlexQOS to initiate its check, and after 10 minutes for YazFi to initiate its check, to where IOT devices are accessible again, I use my app on my IPhone to talk to the smart plug and IOT devices, I turn the smart plug back on to simulate ISP #01 coming back up. This time the IOT devices reconnected right away with the logs showing the "WAN Switch" & "Service Restart" in logs below.

Jul 12 02:31:31 kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link UP at 1000 mbps full duplex
Jul 12 02:31:34 
Jul 12 02:31:34 wan-failover.sh: WAN Status - Restarting wan0
Jul 12 02:31:35 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 02:31:35 wan-failover.sh: WAN Status - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:31:40 wan-failover.sh: WAN Switch - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 02:31:40 <REPEATS>

Jul 12 02:32:18 YazFi: Firewall restarted - sleeping 10s before running YazFi
Jul 12 02:32:18 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=11117) called in unattended mode with 1 args: -start
Jul 12 02:32:18 ovpn-server1[11291]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 12 02:32:18 FlexQoS: iptables rules already present
Jul 12 02:32:19 wan-failover.sh: WAN Status - Restarted wan0
Jul 12 02:32:19 FlexQoS: No TC modifications necessary
Jul 12 02:32:19 wan-failover.sh: WAN Switch - Switching wan0 to Primary WAN
Jul 12 02:32:19 wan-failover.sh: WAN Switch - DNS1 Server: X.X.X.X
Jul 12 02:32:19 wan-failover.sh: WAN Switch - DNS2 Server: X.X.X.X
Jul 12 02:32:19 wan-failover.sh: WAN Switch - Deleting default route via X.X.X.X dev eth4
Jul 12 02:32:19 wan-failover.sh: WAN Switch - Adding default route via X.X.X.X dev eth0
Jul 12 02:32:19 wan-failover.sh: WAN Switch - Applying Manual QoS Bandwidth Settings
Jul 12 02:32:20 wan-failover.sh: WAN Switch - Switched wan0 to Primary WAN
Jul 12 02:32:20 wan-failover.sh: Service Restart - Restarting dnsmasq service
Jul 12 02:32:20 wan-failover.sh: Service Restart - Restarted dnsmasq service
Jul 12 02:32:20 wan-failover.sh: Service Restart - Restarting firewall service
Jul 12 02:32:21 wan-failover.sh: Service Restart - Restarted firewall service
Jul 12 02:32:21 wan-failover.sh: Service Restart - Restarting leds service
Jul 12 02:32:22 YazFi: Lock file found (age: 4 seconds) - stopping to prevent duplicate runs
Jul 12 02:32:22 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=12335) called in unattended mode with 1 args: -start
Jul 12 02:32:22 FlexQoS: Applying iptables static rules
Jul 12 02:32:22 FlexQoS: Applying iptables custom rules
Jul 12 02:32:22 wan-failover.sh: Service Restart - Restarted leds service
Jul 12 02:32:22 wan-failover.sh: Service Restart - Restarting qos service
Jul 12 02:32:22 FlexQoS: Flushing conntrack table
Jul 12 02:32:23 FlexQoS: No TC modifications necessary
Jul 12 02:32:23 wan-failover.sh: Service Restart - Restarted qos service
Jul 12 02:32:23 wan-failover.sh: Service Restart - Triggering YazFi to update
Jul 12 02:32:23 YazFi: Lock file found (age: 5 seconds) - stopping to prevent duplicate runs
Jul 12 02:32:24 wan-failover.sh: Email Notification - Email Notification Failed
Jul 12 02:32:24 kernel: Cpuidle Host Clock divider is enabled
Jul 12 02:32:28 YazFi: YazFi v4.4.2 starting up
Jul 12 02:32:30 YazFi: wl0.1 (SSID: XXXXXXX) - sending all interface internet traffic over WAN interface
Jul 12 02:32:31 YazFi: wl0.2 (SSID: XXXXX) - sending all interface internet traffic over WAN interface
Jul 12 02:32:33 wan-failover.sh: WAN0 Failover Monitor - Monitoring wan0 via 1.1.1.1 for Failure
Jul 12 02:32:35 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul 12 02:32:51 YazFi: YazFi v4.4.2 completed successfully

 

[Ranger802004]

Looks like it is stuck looping on restarting the interface so that may be the issue, enable debug logging and test again. It is suppose to timeout and continue but I may have to add a || continue behind the command so errors won’t hold up the script.

 

[Ranger802004]

Looks like it is stuck looping on restarting the interface so that may be the issue, enable debug logging and test again. It is suppose to timeout and continue but I may have to add a || continue behind the command so errors won’t hold up the script.

I've replicated the issue you are experiencing and have identified the problem, working on it now.

 

[Ranger802004]

I've replicated the issue you are experiencing and have identified the problem, working on it now.

Published the fix to beta11, reinstall please.

 

[JohnSmith]

Published the fix to beta11, reinstall please.

Same issue on the Failover from ISP#01 to ISP#02, appeared to be no change, and IOT devices still not accessible for 10 mins via YazFi.

Also received this:

Jul 12 11:54:19 kernel: CPU: 3 PID: 10066 Comm: wan-failover.sh Tainted: P           O    4.1.51 #2
Jul 12 11:54:19 kernel: Hardware name: Broadcom-v8A (DT)
Jul 12 11:54:19 kernel: task: ffffffc02d5440c0 ti: ffffffc02e87c000 task.ti: ffffffc02e87c000
Jul 12 11:54:19 kernel: PC is at 0xf6fcec74
Jul 12 11:54:19 kernel: LR is at 0xf71c24d0
Jul 12 11:54:19 kernel: pc : [<00000000f6fcec74>] lr : [<00000000f71c24d0>] pstate: 60070010
Jul 12 11:54:19 kernel: sp : 00000000ffaf8f58
Jul 12 11:54:19 kernel: x12: 00000000000973dc
Jul 12 11:54:19 kernel: x11: 00000000ffaf984c x10: 0000000000000000
Jul 12 11:54:19 kernel: x9 : 000000000022d4e2 x8 : 000000000022d4df
Jul 12 11:54:19 kernel: x7 : 000000000022d4bd x6 : 000000000022d4ff
Jul 12 11:54:19 kernel: x5 : 0000000000000000 x4 : 0000000000000000
Jul 12 11:54:19 kernel: x3 : 0000000000000000 x2 : 000000000022d4ff
Jul 12 11:54:19 kernel: x1 : 000000000022d4e2 x0 : 000000000022d4df
Jul 12 11:55:00 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 11:55:00 wan-failover.sh: WAN Status - Restarting wan0
Jul 12 11:55:01 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 11:55:05 wan-failover.sh: WAN Failover Disabled - WAN Failover is currently disabled.  ***Review Logs***

 

[Ranger802004]

View attachment 42709

Same issue on the Failover from ISP#01 to ISP#02, appeared to be no change, and IOT devices still not accessible for 10 mins via YazFi.

Also received this:

Jul 12 11:54:19 kernel: CPU: 3 PID: 10066 Comm: wan-failover.sh Tainted: P           O    4.1.51 #2
Jul 12 11:54:19 kernel: Hardware name: Broadcom-v8A (DT)
Jul 12 11:54:19 kernel: task: ffffffc02d5440c0 ti: ffffffc02e87c000 task.ti: ffffffc02e87c000
Jul 12 11:54:19 kernel: PC is at 0xf6fcec74
Jul 12 11:54:19 kernel: LR is at 0xf71c24d0
Jul 12 11:54:19 kernel: pc : [<00000000f6fcec74>] lr : [<00000000f71c24d0>] pstate: 60070010
Jul 12 11:54:19 kernel: sp : 00000000ffaf8f58
Jul 12 11:54:19 kernel: x12: 00000000000973dc
Jul 12 11:54:19 kernel: x11: 00000000ffaf984c x10: 0000000000000000
Jul 12 11:54:19 kernel: x9 : 000000000022d4e2 x8 : 000000000022d4df
Jul 12 11:54:19 kernel: x7 : 000000000022d4bd x6 : 000000000022d4ff
Jul 12 11:54:19 kernel: x5 : 0000000000000000 x4 : 0000000000000000
Jul 12 11:54:19 kernel: x3 : 0000000000000000 x2 : 000000000022d4ff
Jul 12 11:54:19 kernel: x1 : 000000000022d4e2 x0 : 000000000022d4df
Jul 12 11:55:00 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 11:55:00 wan-failover.sh: WAN Status - Restarting wan0
Jul 12 11:55:01 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 11:55:05 wan-failover.sh: WAN Failover Disabled - WAN Failover is currently disabled.  ***Review Logs***

Yea that is correct because you don't have a valid Gateway or IP (0.0.0.0) for failback monitoring so once it sees your WAN Interface go back into state 2 (Connected) or Get an IP it should come out of disabled state to actively monitor for failback. I need to add a log message in there that shows that though, debug logging would show it.

Let me check my YazFi logic and FlexQoS I'll have to look into triggering that in a later revision but my script does restart the QoS service.

 

[Ranger802004]

Yea that is correct because you don't have a valid Gateway or IP (0.0.0.0) for failback monitoring so once it sees your WAN Interface go back into state 2 (Connected) or Get an IP it should come out of disabled state to actively monitor for failback. I need to add a log message in there that shows that though, debug logging would show it.

Let me check my YazFi logic and FlexQoS I'll have to look into triggering that in a later revision but my script does restart the QoS service.

My logic for triggering YazFi looks correct, it will happen in the Service Restart phase so force a failover and wait for the service restarts to occur and then see if YazFi is triggered.

If your logging is set to messages Notice or below, you should get the message it is triggering YazFi to update.

 

[JohnSmith]

My logic for triggering YazFi looks correct, it will happen in the Service Rerestart phase so force a failover and wait for the service restarts to occur and then see if YazFi is triggered.

If your logging is set to messages Notice or below, you should get the message it is triggering YazFi to update.

I have uninstalled and reinstalled the script, and it appears it might be working now. I have tested Failover and Failback once only during lunch hour, so will need to test a few times after network is quiet.

 

[Ranger802004]

I have uninstalled and reinstalled the script, and it appears it might be working now. I have tested Failover and Failback once only during lunch hour, so will need to test a few times after network is quiet.

Does that include triggering YazFi?

 

[JohnSmith]

Does that include triggering YazFi?

I believe it did but I cleared the logs for now, to see if any messages come up in the next few hours before I can clear, and retest again.

 

[Ranger802004]

I believe it did but I cleared the logs for now, to see if any messages come up in the new few hours before I can clear, and retest again.

So looking at FlexQoS, it just appends a run command when firewall-start script is ran, WAN Failover already restarts firewall service if it is enabled so verify FlexQoS is refreshing properly as well. This shouldn't require any additions to my script to trigger a refresh.

 

[JohnSmith]

(Logging is on Notice Level currently for this test, as redacting would be difficult)


Failover from ISP#01 to ISP#02 - IOT Guest Network #02(wl0.2) does not come up until YazFi Line at 16:10:00 (This time appears to take 6 mins to come back up):

Jul 12 16:04:09 kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link DOWN.
Jul 12 16:04:17 ovpn-server1[26416]: event_wait : Interrupted system call (code=4)
Jul 12 16:04:17 ovpn-server1[26416]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Jul 12 16:04:18 wan-failover.sh: WAN0 Failover Monitor - Failure Detected - WAN0 Packet Loss: 100%
Jul 12 16:04:18 wan-failover.sh: WAN Switch - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 16:04:18 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 16:04:18 wan-failover.sh: WAN Status - Restarting wan0
Jul 12 16:04:19 YazFi: Firewall restarted - sleeping 10s before running YazFi
Jul 12 16:04:19 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=2045) called in unattended mode with 1 args: -start
Jul 12 16:04:19 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 16:04:20 ovpn-server1[2432]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 12 16:04:20 FlexQoS: Applying iptables static rules
Jul 12 16:04:20 FlexQoS: Applying iptables custom rules
Jul 12 16:04:20 FlexQoS: Flushing conntrack table
Jul 12 16:04:20 FlexQoS: TC Modification Delayed Start
Jul 12 16:04:22 wan-failover.sh: WAN Failover Disabled - WAN Failover is currently disabled.  ***Review Logs***
Jul 12 16:04:24 kernel: SHN Release Version: 2.0.2 36f59aa
Jul 12 16:04:24 kernel: UDB Core Version: 0.2.20
Jul 12 16:04:24 kernel: sizeof forward pkt param = 280
Jul 12 16:04:29 YazFi: YazFi v4.4.2 starting up
Jul 12 16:04:31 YazFi: wl0.1 (SSID: XXXXXXX) - sending all interface internet traffic over WAN interface
Jul 12 16:04:31 YazFi: Lock file found (age: 12 seconds) - stopping to prevent duplicate runs
Jul 12 16:04:31 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=5434) called in unattended mode with 1 args: -start
Jul 12 16:04:31 FlexQoS: [*] Killing Delayed Process (pid=2045)
Jul 12 16:04:31 FlexQoS: [*]  2045 admin     3556 S    sh /jffs/addons/flexqos/flexqos.sh -start
Jul 12 16:04:32 FlexQoS: Applying iptables static rules
Jul 12 16:04:32 FlexQoS: Applying iptables custom rules
Jul 12 16:04:32 FlexQoS: Flushing conntrack table
Jul 12 16:04:33 YazFi: wl0.2 (SSID: XXXXX) - sending all interface internet traffic over WAN interface
Jul 12 16:04:33 FlexQoS: Applying AppDB rules and TC rates
Jul 12 16:04:37 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul 12 16:04:52 YazFi: YazFi v4.4.2 completed successfully
Jul 12 16:07:40 kernel: br0: received packet on eth7 with own address as source address
Jul 12 16:09:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=18815) called in unattended mode with 1 args: -check
Jul 12 16:09:00 FlexQoS: iptables rules already present
Jul 12 16:09:01 FlexQoS: Applying AppDB rules and TC rates
Jul 12 16:10:00 YazFi: YazFi firewall rules not detected during persistence check, re-applying rules
Jul 12 16:10:00 YazFi: YazFi v4.4.2 starting up
Jul 12 16:10:01 YazFi: wl0.1 (SSID: XXXXXXX) - sending all interface internet traffic over WAN interface
Jul 12 16:10:03 YazFi: wl0.2 (SSID: XXXXX) - sending all interface internet traffic over WAN interface
Jul 12 16:10:06 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul 12 16:10:22 YazFi: YazFi v4.4.2 completed successfully
Jul 12 16:14:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=26614) called in unattended mode with 1 args: -check
Jul 12 16:14:00 FlexQoS: iptables rules already present
Jul 12 16:14:00 FlexQoS: No TC modifications necessary

Failback from ISP#02 to ISP#01 - IOT Guest Network #02(wl0.2) is available at YazFi Line at 16:18:55 (2 mins max from Link Up, appears to be about 30 seconds):

Jul 12 16:17:17 kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link UP at 1000 mbps full duplex
Jul 12 16:18:23 YazFi: Firewall restarted - sleeping 10s before running YazFi
Jul 12 16:18:23 ovpn-server1[2432]: event_wait : Interrupted system call (code=4)
Jul 12 16:18:23 ovpn-server1[2432]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Jul 12 16:18:23 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=28716) called in unattended mode with 1 args: -start
Jul 12 16:18:23 FlexQoS: iptables rules already present
Jul 12 16:18:23 FlexQoS: No TC modifications necessary
Jul 12 16:18:24 wan-failover.sh: WAN Failover Disabled - wan0 and wan1 are enabled and connected
Jul 12 16:18:24 wan-failover.sh: WAN Failover Disabled - Returning to check WAN Status
Jul 12 16:18:25 ovpn-server1[29488]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 12 16:18:29 wan-failover.sh: WAN Switch - Switching wan0 to Primary WAN
Jul 12 16:18:29 wan-failover.sh: WAN Switch - WAN IP Address: X.X.X.X
Jul 12 16:18:29 wan-failover.sh: WAN Switch - WAN Gateway IP: X.X.X.X
Jul 12 16:18:29 wan-failover.sh: WAN Switch - DNS1 Server: X.X.X.X
Jul 12 16:18:29 wan-failover.sh: WAN Switch - DNS2 Server: X.X.X.X
Jul 12 16:18:29 wan-failover.sh: WAN Switch - Deleting default route via X.X.X.X dev eth4
Jul 12 16:18:29 wan-failover.sh: WAN Switch - Adding default route via X.X.X.X dev eth0
Jul 12 16:18:29 wan-failover.sh: WAN Switch - Applying Manual QoS Bandwidth Settings
Jul 12 16:18:30 wan-failover.sh: WAN Switch - Switched wan0 to Primary WAN
Jul 12 16:18:30 wan-failover.sh: Service Restart - Restarting dnsmasq service
Jul 12 16:18:30 wan-failover.sh: Service Restart - Restarted dnsmasq service
Jul 12 16:18:30 wan-failover.sh: Service Restart - Restarting firewall service
Jul 12 16:18:31 wan-failover.sh: Service Restart - Restarted firewall service
Jul 12 16:18:31 wan-failover.sh: Service Restart - Restarting leds service
Jul 12 16:18:31 YazFi: Lock file found (age: 8 seconds) - stopping to prevent duplicate runs
Jul 12 16:18:31 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=30184) called in unattended mode with 1 args: -start
Jul 12 16:18:32 FlexQoS: Applying iptables static rules
Jul 12 16:18:32 FlexQoS: Applying iptables custom rules
Jul 12 16:18:32 FlexQoS: Flushing conntrack table
Jul 12 16:18:32 wan-failover.sh: Service Restart - Restarted leds service
Jul 12 16:18:32 wan-failover.sh: Service Restart - Restarting qos service
Jul 12 16:18:32 FlexQoS: No TC modifications necessary
Jul 12 16:18:33 YazFi: YazFi v4.4.2 starting up
Jul 12 16:18:33 wan-failover.sh: Service Restart - Restarted qos service
Jul 12 16:18:33 wan-failover.sh: Service Restart - Triggering YazFi to update
Jul 12 16:18:33 YazFi: Lock file found (age: 10 seconds) - stopping to prevent duplicate runs
Jul 12 16:18:34 kernel: Cpuidle Host Clock divider is enabled
Jul 12 16:18:34 YazFi: wl0.1 (SSID: XXXXXXX) - sending all interface internet traffic over WAN interface
Jul 12 16:18:36 YazFi: wl0.2 (SSID: XXXXX) - sending all interface internet traffic over WAN interface
Jul 12 16:18:40 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul 12 16:18:55 YazFi: YazFi v4.4.2 completed successfully

 

[Ranger802004]

(Logging is on Notice Level currently for this test, as redacting would be difficult)


Failover from ISP#01 to ISP#02 - IOT Guest Network #02(wl0.2) does not come up until YazFi Line at 16:10:00 (This time appears to take 6 mins to come back up):

Jul 12 16:04:09 kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link DOWN.
Jul 12 16:04:17 ovpn-server1[26416]: event_wait : Interrupted system call (code=4)
Jul 12 16:04:17 ovpn-server1[26416]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Jul 12 16:04:18 wan-failover.sh: WAN0 Failover Monitor - Failure Detected - WAN0 Packet Loss: 100%
Jul 12 16:04:18 wan-failover.sh: WAN Switch - wan0 is disconnected.  IP Address: 0.0.0.0 Gateway: 0.0.0.0
Jul 12 16:04:18 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 16:04:18 wan-failover.sh: WAN Status - Restarting wan0
Jul 12 16:04:19 YazFi: Firewall restarted - sleeping 10s before running YazFi
Jul 12 16:04:19 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=2045) called in unattended mode with 1 args: -start
Jul 12 16:04:19 wan-failover.sh: WAN Status - wan0: Disconnected
Jul 12 16:04:20 ovpn-server1[2432]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 12 16:04:20 FlexQoS: Applying iptables static rules
Jul 12 16:04:20 FlexQoS: Applying iptables custom rules
Jul 12 16:04:20 FlexQoS: Flushing conntrack table
Jul 12 16:04:20 FlexQoS: TC Modification Delayed Start
Jul 12 16:04:22 wan-failover.sh: WAN Failover Disabled - WAN Failover is currently disabled.  ***Review Logs***
Jul 12 16:04:24 kernel: SHN Release Version: 2.0.2 36f59aa
Jul 12 16:04:24 kernel: UDB Core Version: 0.2.20
Jul 12 16:04:24 kernel: sizeof forward pkt param = 280
Jul 12 16:04:29 YazFi: YazFi v4.4.2 starting up
Jul 12 16:04:31 YazFi: wl0.1 (SSID: XXXXXXX) - sending all interface internet traffic over WAN interface
Jul 12 16:04:31 YazFi: Lock file found (age: 12 seconds) - stopping to prevent duplicate runs
Jul 12 16:04:31 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=5434) called in unattended mode with 1 args: -start
Jul 12 16:04:31 FlexQoS: [*] Killing Delayed Process (pid=2045)
Jul 12 16:04:31 FlexQoS: [*]  2045 admin     3556 S    sh /jffs/addons/flexqos/flexqos.sh -start
Jul 12 16:04:32 FlexQoS: Applying iptables static rules
Jul 12 16:04:32 FlexQoS: Applying iptables custom rules
Jul 12 16:04:32 FlexQoS: Flushing conntrack table
Jul 12 16:04:33 YazFi: wl0.2 (SSID: XXXXX) - sending all interface internet traffic over WAN interface
Jul 12 16:04:33 FlexQoS: Applying AppDB rules and TC rates
Jul 12 16:04:37 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul 12 16:04:52 YazFi: YazFi v4.4.2 completed successfully
Jul 12 16:07:40 kernel: br0: received packet on eth7 with own address as source address
Jul 12 16:09:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=18815) called in unattended mode with 1 args: -check
Jul 12 16:09:00 FlexQoS: iptables rules already present
Jul 12 16:09:01 FlexQoS: Applying AppDB rules and TC rates
Jul 12 16:10:00 YazFi: YazFi firewall rules not detected during persistence check, re-applying rules
Jul 12 16:10:00 YazFi: YazFi v4.4.2 starting up
Jul 12 16:10:01 YazFi: wl0.1 (SSID: XXXXXXX) - sending all interface internet traffic over WAN interface
Jul 12 16:10:03 YazFi: wl0.2 (SSID: XXXXX) - sending all interface internet traffic over WAN interface
Jul 12 16:10:06 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul 12 16:10:22 YazFi: YazFi v4.4.2 completed successfully
Jul 12 16:14:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=26614) called in unattended mode with 1 args: -check
Jul 12 16:14:00 FlexQoS: iptables rules already present
Jul 12 16:14:00 FlexQoS: No TC modifications necessary

Failback from ISP#02 to ISP#01 - IOT Guest Network #02(wl0.2) is available at YazFi Line at 16:18:55 (2 mins max from Link Up, appears to be about 30 seconds):

Jul 12 16:17:17 kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link UP at 1000 mbps full duplex
Jul 12 16:18:23 YazFi: Firewall restarted - sleeping 10s before running YazFi
Jul 12 16:18:23 ovpn-server1[2432]: event_wait : Interrupted system call (code=4)
Jul 12 16:18:23 ovpn-server1[2432]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Jul 12 16:18:23 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=28716) called in unattended mode with 1 args: -start
Jul 12 16:18:23 FlexQoS: iptables rules already present
Jul 12 16:18:23 FlexQoS: No TC modifications necessary
Jul 12 16:18:24 wan-failover.sh: WAN Failover Disabled - wan0 and wan1 are enabled and connected
Jul 12 16:18:24 wan-failover.sh: WAN Failover Disabled - Returning to check WAN Status
Jul 12 16:18:25 ovpn-server1[29488]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 12 16:18:29 wan-failover.sh: WAN Switch - Switching wan0 to Primary WAN
Jul 12 16:18:29 wan-failover.sh: WAN Switch - WAN IP Address: X.X.X.X
Jul 12 16:18:29 wan-failover.sh: WAN Switch - WAN Gateway IP: X.X.X.X
Jul 12 16:18:29 wan-failover.sh: WAN Switch - DNS1 Server: X.X.X.X
Jul 12 16:18:29 wan-failover.sh: WAN Switch - DNS2 Server: X.X.X.X
Jul 12 16:18:29 wan-failover.sh: WAN Switch - Deleting default route via X.X.X.X dev eth4
Jul 12 16:18:29 wan-failover.sh: WAN Switch - Adding default route via X.X.X.X dev eth0
Jul 12 16:18:29 wan-failover.sh: WAN Switch - Applying Manual QoS Bandwidth Settings
Jul 12 16:18:30 wan-failover.sh: WAN Switch - Switched wan0 to Primary WAN
Jul 12 16:18:30 wan-failover.sh: Service Restart - Restarting dnsmasq service
Jul 12 16:18:30 wan-failover.sh: Service Restart - Restarted dnsmasq service
Jul 12 16:18:30 wan-failover.sh: Service Restart - Restarting firewall service
Jul 12 16:18:31 wan-failover.sh: Service Restart - Restarted firewall service
Jul 12 16:18:31 wan-failover.sh: Service Restart - Restarting leds service
Jul 12 16:18:31 YazFi: Lock file found (age: 8 seconds) - stopping to prevent duplicate runs
Jul 12 16:18:31 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=30184) called in unattended mode with 1 args: -start
Jul 12 16:18:32 FlexQoS: Applying iptables static rules
Jul 12 16:18:32 FlexQoS: Applying iptables custom rules
Jul 12 16:18:32 FlexQoS: Flushing conntrack table
Jul 12 16:18:32 wan-failover.sh: Service Restart - Restarted leds service
Jul 12 16:18:32 wan-failover.sh: Service Restart - Restarting qos service
Jul 12 16:18:32 FlexQoS: No TC modifications necessary
Jul 12 16:18:33 YazFi: YazFi v4.4.2 starting up
Jul 12 16:18:33 wan-failover.sh: Service Restart - Restarted qos service
Jul 12 16:18:33 wan-failover.sh: Service Restart - Triggering YazFi to update
Jul 12 16:18:33 YazFi: Lock file found (age: 10 seconds) - stopping to prevent duplicate runs
Jul 12 16:18:34 kernel: Cpuidle Host Clock divider is enabled
Jul 12 16:18:34 YazFi: wl0.1 (SSID: XXXXXXX) - sending all interface internet traffic over WAN interface
Jul 12 16:18:36 YazFi: wl0.2 (SSID: XXXXX) - sending all interface internet traffic over WAN interface
Jul 12 16:18:40 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul 12 16:18:55 YazFi: YazFi v4.4.2 completed successfully

1. What is your WAN Disabled Timer set to? That is the frequency in which it checks to see if it can return to WAN Status.
2. You need to Turn on debug logs so you can see the exact time WAN Failover checks for YazFi being installed and then attempts to call it

 

[JohnSmith]

1. What is your WAN Disabled Timer set to? That is the frequency in which it checks to see if it can return to WAN Status.
2. You need to York on debug logs so you can see the exact time WAN Failover checks for YazFi being installed and then attempts to call it

wan-failover.conf: (WAN Disabled Sleep Timer is 10)

WAN0TARGET=8.8.8.8
WAN0TARGET=8.8.8.8
PINGCOUNT=3
PINGTIMEOUT=1
WANDISABLEDSLEEPTIMER=10
WAN0_QOS_IBW=0
WAN1_QOS_IBW=0
WAN0_QOS_OBW=0
WAN1_QOS_OBW=0
WAN0_QOS_OVERHEAD=0
WAN1_QOS_OVERHEAD=18
WAN0_QOS_ATM=0
WAN1_QOS_ATM=0
PACKETLOSSLOGGING=0
SENDEMAIL=1
SKIPEMAILSYSTEMUPTIME=180
EMAILTIMEOUT=30
BOOTDELAYTIMER=10
OVPNSPLITTUNNEL=1
WAN0ROUTETABLE=100
WAN1ROUTETABLE=200
WAN0TARGETRULEPRIORITY=100
WAN1TARGETRULEPRIORITY=100
WAN0MARK=0x80000000
WAN1MARK=0x90000000
WAN0MASK=0xf0000000
WAN1MASK=0xf0000000
LBRULEPRIORITY=150
FROMWAN0PRIORITY=200
TOWAN0PRIORITY=400
FROMWAN1PRIORITY=200
TOWAN1PRIORITY=400
OVPNWAN0PRIORITY=100
OVPNWAN1PRIORITY=200
WAN1TARGET=8.8.4.4

Will set Debug up in System Logs, once you have determined if 10 is too small or too big, and what I should try.

 

[Ranger802004]

wan-failover.conf: (WAN Disabled Sleep Timer is 10)

WAN0TARGET=8.8.8.8
WAN0TARGET=8.8.8.8
PINGCOUNT=3
PINGTIMEOUT=1
WANDISABLEDSLEEPTIMER=10
WAN0_QOS_IBW=0
WAN1_QOS_IBW=0
WAN0_QOS_OBW=0
WAN1_QOS_OBW=0
WAN0_QOS_OVERHEAD=0
WAN1_QOS_OVERHEAD=18
WAN0_QOS_ATM=0
WAN1_QOS_ATM=0
PACKETLOSSLOGGING=0
SENDEMAIL=1
SKIPEMAILSYSTEMUPTIME=180
EMAILTIMEOUT=30
BOOTDELAYTIMER=10
OVPNSPLITTUNNEL=1
WAN0ROUTETABLE=100
WAN1ROUTETABLE=200
WAN0TARGETRULEPRIORITY=100
WAN1TARGETRULEPRIORITY=100
WAN0MARK=0x80000000
WAN1MARK=0x90000000
WAN0MASK=0xf0000000
WAN1MASK=0xf0000000
LBRULEPRIORITY=150
FROMWAN0PRIORITY=200
TOWAN0PRIORITY=400
FROMWAN1PRIORITY=200
TOWAN1PRIORITY=400
OVPNWAN0PRIORITY=100
OVPNWAN1PRIORITY=200
WAN1TARGET=8.8.4.4

Will set Debug up in System Logs, once you have determined if 10 is too small or too big, and what I should try.

10 should be fine but the lower you go the more CPU you will use so something like 1 would be constantly running the loop to check conditions of coming out of disabled state. Need the debug logging to determine when all values are being returned as valid, if there is a delay because of NVRAM access (issue with some routers), and etc. If the debug log shows that parameters are all good to leave the disabled loop and you have a WAN status check occur within 10 seconds, then by design that is working.

 

[JohnSmith]

10 should be fine but the lower you go the more CPU you will use so something like 1 would be constantly running the loop to check conditions of coming out of disabled state. Need the debug logging to determine when all values are being returned as valid, if there is a delay because of NVRAM access (issue with some routers), and etc. If the debug log shows that parameters are all good to leave the disabled loop and you have a WAN status check occur within 10 seconds, then by design that is working.

Ran the tests with debug logs on, and this time, no issues with YazFi on Failover or Failback for wl0.2 providing access back quickly with IOT devices. Will test a couple more times when the network is quiet.

 

[Ranger802004]

Ran the tests with debug logs on, and this time, no issues with YazFi on Failover or Failback for wl0.2 providing access back quickly with IOT devices. Will test a couple more times when the network is quiet.

Excellent, keep me posted.

 

[Stephen Harrington]

ASUS Factory Failover Disabled (Network Monitoring Options, Allow Failback Option under WAN > Dual WAN)

@Ranger802004

Working up to having a proper play with this script when I get some more downtime and just reading the prerequisites ...

Can I just confirm that the above means I have to:-
- Activate Dual WAN, select my Secondary WAN, set it to Failover, and then have "Allow Fallback" box unticked?
- Also that I need to have the "DNS Query" and "Ping" boxes below that in Network Monitoring Options both unticked as well?

Also, is there a list of "sensible" defaults for the various config items anywhere or does it default to those anyway?
In my case my Primary is a fixed line (via Arris HFC "modem") into my WAN port, and secondary would be a 4G USB Dongle (into one of the USB ports) as a backup if that fails.

 

[Ranger802004]

@Ranger802004

Working up to having a proper play with this script when I get some more downtime and just reading the prerequisites ...

Can I just confirm that the above means I have to:-
- Activate Dual WAN, select my Secondary WAN, set it to Failover, and then have "Allow Fallback" box unticked?
- Also that I need to have the "DNS Query" and "Ping" boxes below that in Network Monitoring Options both unticked as well?

Also, is there a list of "sensible" defaults for the various config items anywhere or does it default to those anyway?
In my case my Primary is a fixed line (via Arris HFC "modem") into my WAN port, and secondary would be a 4G USB Dongle (into one of the USB ports) as a backup if that fails.

That is correct, I require you to turn off the Factory Failover so it doesn't conflict with my script. The script will prompt for basic configuration items when you install but most of the config items will install with a default setting that is recommended. Mostly you will need to pick IP Targets, ping count, ping timeout, QoS Settings, and a couple other items.

 

[Stephen Harrington]

Mostly you will need to pick IP Targets, ping count, ping timeout, QoS Settings, and a couple other items.

Thanks, makes sense, what are good values to start with for Ping Count and Ping Timeout?
Or do those default to something reasonable/sensible as well?
Just trying to pre-plan and minimise downtime when I finally get a "window" to play ...