WANFailover Dual WAN Failover Script

[Ranger802004]

v1.5.6-beta7 Release: ***Disclaimer: This is a beta release and has been untested***

Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta7.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh restart

To revert back to Production Release:

/jffs/scripts/wan-failover.sh update

Beta Readme

***HIGHLIGHT*** Script will now create an alias as "wan-failover", once script is updated and restarted. Consoles can now use the new alias instead of the full script path "/jffs/scripts/wan-failover.sh". Consoles open while the script is updated may need to be restarted or the following command executed.

source /jffs/configs/profile.add

Release Notes:
v1.5.6-beta7
- General optimization
- Added a confirmation prompt to Restart Mode.
- Fixed visual bugs when running Restart Mode.
- Load Balance Monitor now triggers Service Restart function during failover events.
- YazFi trigger during service restart will no longer run process in the background to prevent issues with script execution of YazFi.
- IP Rules should no longer create conflict with other scripts such as VPNMON.
- Target IPs for both interfaces can now be the same the Target IP.
- Added Recursive Ping Check feature. If packet loss is not 0% during a check, the Target IP Addresses will be checked again based on the number of iterations specified by this setting before determing a failure or packet loss. RECURSIVEPINGCHECK (Value is in # of iterations). Default: 1
- Resolved issues that prevented 4G USB Devices from properly working in Failover Mode.
- Moved WAN0_QOS_OVERHEAD, WAN1_QOS_OVERHEAD, WAN0_QOS_ATM, WAN1_QOS_ATM, BOOTDELAYTIMER, PACKETLOSSLOGGING and WANDISABLEDSLEEPTIMER to Optional Configuration and no longer are required to be set during Config or Installation. They will be given Default values that can be modified in the Configuration file.
- Created new Optional Configured Option to specify the ping packet size. PACKETSIZE specifes the packet size in Bytes, Default: 56 Bytes.
- Resolve issue where script would loop from WAN Status to Load Balance Monitor when an interface was disabled.
- Load Balance Mode will now dynamically update resolv.conf (DNS) for Disconnected WAN Interfaces.
- Fixed Cron Job deletion during Uninstallation.
- Corrected issue with Failure Detected log not logging if a device was unplugged or powered off from the Router while in Failover Mode.
- Modified Restart Mode logic to better detect PIDs of running instances of the script.
- Created Alias for script as wan-failover to shorten length of commands used in console.
- Fixed issue where if the USB Device is unplugged and plugged back in, script will now leave Disabled State to go back to WAN Status.

 

[Ranger802004]

v1.5.6-beta7 Release: ***Disclaimer: This is a beta release and has been untested***

Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta7.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh restart

To revert back to Production Release:

/jffs/scripts/wan-failover.sh update

Beta Readme

***HIGHLIGHT*** Script will now create an alias as "wan-failover", once script is updated and restarted. Consoles can now use the new alias instead of the full script path "/jffs/scripts/wan-failover.sh". Consoles open while the script is updated may need to be restarted or the following command executed.

source /jffs/configs/profile.add

Release Notes:
v1.5.6-beta7
- General optimization
- Added a confirmation prompt to Restart Mode.
- Fixed visual bugs when running Restart Mode.
- Load Balance Monitor now triggers Service Restart function during failover events.
- YazFi trigger during service restart will no longer run process in the background to prevent issues with script execution of YazFi.
- IP Rules should no longer create conflict with other scripts such as VPNMON.
- Target IPs for both interfaces can now be the same the Target IP.
- Added Recursive Ping Check feature. If packet loss is not 0% during a check, the Target IP Addresses will be checked again based on the number of iterations specified by this setting before determing a failure or packet loss. RECURSIVEPINGCHECK (Value is in # of iterations). Default: 1
- Resolved issues that prevented 4G USB Devices from properly working in Failover Mode.
- Moved WAN0_QOS_OVERHEAD, WAN1_QOS_OVERHEAD, WAN0_QOS_ATM, WAN1_QOS_ATM, BOOTDELAYTIMER, PACKETLOSSLOGGING and WANDISABLEDSLEEPTIMER to Optional Configuration and no longer are required to be set during Config or Installation. They will be given Default values that can be modified in the Configuration file.
- Created new Optional Configured Option to specify the ping packet size. PACKETSIZE specifes the packet size in Bytes, Default: 56 Bytes.
- Resolve issue where script would loop from WAN Status to Load Balance Monitor when an interface was disabled.
- Load Balance Mode will now dynamically update resolv.conf (DNS) for Disconnected WAN Interfaces.
- Fixed Cron Job deletion during Uninstallation.
- Corrected issue with Failure Detected log not logging if a device was unplugged or powered off from the Router while in Failover Mode.
- Modified Restart Mode logic to better detect PIDs of running instances of the script.
- Created Alias for script as wan-failover to shorten length of commands used in console.
- Fixed issue where if the USB Device is unplugged and plugged back in, script will now leave Disabled State to go back to WAN Status.

Published a minor update to v1.5.6-beta7 regarding USB Device Status. Just reinstall using the install command above if you have already installed.

 

[Ubimo]

Can someone please tell me a command, to see which version of this script I'm running?

 

[Ranger802004]

Run the update command

 

[Ubimo]

I'm not able to update to the latest beta7:

ASUSWRT-Merlin RT-AC86U 386.7_2 Sun Jul 24 21:39:14 UTC 2022
admin@RT-AC86U-9AD0:/tmp/home/root# wan-failover update
wan-failover.sh - Update Mode
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  116k  100  116k    0     0    98k      0  0:00:01  0:00:01 --:--:--  120k
wan-failover.sh: Script is up to date - Version: v1.5.5
admin@RT-AC86U-9AD0:/tmp/home/root# /usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta7.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs
/scripts/wan-failover.sh restart
Are you sure you want to restart WAN Failover? ***Enter Y for Yes or N for No***y
wan-failover.sh: Restart - Restarting wan-failover.sh ***This can take up to approximately 1 minute***
wan-failover.sh: Restart - Killing wan-failover.sh Process ID: 25268
wan-failover.sh: Restart - Killed wan-failover.sh Process ID: 25268
wan-failover.sh: Restart - Killing wan-failover.sh Process ID: 25269
wan-failover.sh: Restart - Killed wan-failover.sh Process ID: 25269
wan-failover.sh: Restart - Waiting for wan-failover.sh to restart from Cron Job
wan-failover.sh: Restart - Failed to restart wan-failover.sh ***Check Logs***

Shouldn't the correct command to update to latest beta be:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta7.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh install

 

[Ranger802004]

I'm not able to update to the latest beta7:

ASUSWRT-Merlin RT-AC86U 386.7_2 Sun Jul 24 21:39:14 UTC 2022
admin@RT-AC86U-9AD0:/tmp/home/root# wan-failover update
wan-failover.sh - Update Mode
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  116k  100  116k    0     0    98k      0  0:00:01  0:00:01 --:--:--  120k
wan-failover.sh: Script is up to date - Version: v1.5.5
admin@RT-AC86U-9AD0:/tmp/home/root# /usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta7.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs
/scripts/wan-failover.sh restart
Are you sure you want to restart WAN Failover? ***Enter Y for Yes or N for No***y
wan-failover.sh: Restart - Restarting wan-failover.sh ***This can take up to approximately 1 minute***
wan-failover.sh: Restart - Killing wan-failover.sh Process ID: 25268
wan-failover.sh: Restart - Killed wan-failover.sh Process ID: 25268
wan-failover.sh: Restart - Killing wan-failover.sh Process ID: 25269
wan-failover.sh: Restart - Killed wan-failover.sh Process ID: 25269
wan-failover.sh: Restart - Waiting for wan-failover.sh to restart from Cron Job
wan-failover.sh: Restart - Failed to restart wan-failover.sh ***Check Logs***

Shouldn't the correct command to update to latest beta be:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta7.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh install

Ah yes, using the beta releases requires the special command string I provide however it's not officially built into the update stream for the script. At that point, when the script launches, it logs which version it is running and you can use that. Change the install at the end to restart if you already have the script installed with a config file. Install would be used for a fresh install of the script. I have already thought about simplifying this in a later release.

See example below:

Aug  1 12:22:49 wan-failover.sh: System Check - Version: v1.5.6-beta7

 

[JohnSmith]

For version V1.5.6_beta7, this is still the case:

So my Iface for ISP01 is eth0, and for ISP02 is eth4, and when ISP01 is Primary WAN(Connected), and ISP02 is Secondary WAN (Hot-Standby), you can ping 8.8.8.8 via eth0, but NOT eth4.

After using

//jffs/scripts/wan-failover.sh switchwan

ISP01 is Primary WAN(Hot-Standby), and ISP02 is Secondary WAN(Connected), you can ping 8.8.8.8 via eth4, but NOT eth0.

ip rule list | grep -e "8.8.8.8"
produces
100:    from all to 8.8.8.8 iif lo oif eth0 lookup wan0

ip route show default table 100
produces
default via X.X.X.X dev eth0

Where X.X.X.X is my Primary WAN(Hot-Standby) Gateway IP Address (these two lines were blank in beta6)

I haven't tried my tests of shutting the ISP01 WAN off like tests before hand (just using you "switchwan" command so far), but wanted to know if this helps in determining why failovers work, but failbacks do not, unless you shut off ISP02.

 

[Ranger802004]

For version V1.5.6_beta7, this is still the case:

So my Iface for ISP01 is eth0, and for ISP02 is eth4, and when ISP01 is Primary WAN(Connected), and ISP02 is Secondary WAN (Hot-Standby), you can ping 8.8.8.8 via eth0, but NOT eth4.

After using

//jffs/scripts/wan-failover.sh switchwan

ISP01 is Primary WAN(Hot-Standby), and ISP02 is Secondary WAN(Connected), you can ping 8.8.8.8 via eth4, but NOT eth0.

ip rule list | grep -e "8.8.8.8"
produces
100:    from all to 8.8.8.8 iif lo oif eth0 lookup wan0

ip route show default table 100
produces
default via X.X.X.X dev eth0

Where X.X.X.X is my Primary WAN(Hot-Standby) Gateway IP Address (these two lines were blank in beta6)

I haven't tried my tests of shutting the ISP01 WAN off like tests before hand (just using you "switchwan" command so far), but wanted to know if this helps in determining why failovers work, but failbacks do not, unless you shut off ISP02.

For some reason your WAN1 is missing the IP rule for it and possibly the IP Route for table 200.

EDIT: If you're having issues with Failback still, I need logs. So far in most cases that doesn't seem to a problem so I have to see what issue is going on with yours to determine what is going on.

 

[JohnSmith]

ip route show default table 200
produces
default via X.X.X.X dev eth4

Where X.X.X.X is my Secondary WAN Gateway IP Address

ip rule list | grep -e "8.8.4.4"
produces
100:      from all to 8.8.4.4 iif lo oif eth4 lookup wan1

 

[Ranger802004]

ip route show default table 200
produces
default via X.X.X.X dev eth4

Where X.X.X.X is my Secondary WAN Gateway IP Address

ip rule list | grep -e "8.8.4.4"
produces
100:      from all to 8.8.4.4 iif lo oif eth4 lookup wan1

Wait, I see what you have going on, that is definitely strange. The IP Rules / Routes look right so not being able to ping out of your WAN0 interface appears to be another issue going on. Do you have any firewall rules set up to block outgoing ICMP? Is there a bridge router in front of it that may be doing this? Is 8.8.8.8 routed to anything else like a VPN Tunnel?

 

[JohnSmith]

Wait, I see what you have going on, that is definitely strange. The IP Rules / Routes look right so not being able to ping out of your WAN0 interface appears to be another issue going on. Do you have any firewall rules set up to block outgoing ICMP? Is there a bridge router in front of it that may be doing this? Is 8.8.8.8 routed to anything else like a VPN Tunnel?

Not as far as I know, I run basic OpenVPN server with OpenVPN clients to connect to it, nothing special

Just ran Failover Test and Failback test from ISP01 to ISP02 (Failover works), and then power up ISP01, and Failback fails.

When I run the "switchwan" command, ISP01 takes over again, and ISP02 goes back to being Secondary WAN(Hot-Standby).

If there are any commands you need me to run to test, let me know.


Failover and Failback used to work in V1.5.5 Final release, but I am not sure if your script used the same logic as these current beta releases.

 

[Ranger802004]

v1.5.6-beta8 Release: ***Disclaimer: This is a beta release and has been untested***

Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***
Clean installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta8.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh install

Upgrade from previous installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta8.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh restart

To revert back to Production Release:

/jffs/scripts/wan-failover.sh update

Beta Readme

***HIGHLIGHT*** Script will now create an alias as "wan-failover", once script is updated and restarted. Consoles can now use the new alias instead of the full script path "/jffs/scripts/wan-failover.sh". Consoles open while the script is updated may need to be restarted or the following command executed.

source /jffs/configs/profile.add

Release Notes:
v1.5.6-beta8
- General optimization
- Added a confirmation prompt to Restart Mode.
- Fixed visual bugs when running Restart Mode.
- Load Balance Monitor now triggers Service Restart function during failover events.
- YazFi trigger during service restart will no longer run process in the background to prevent issues with script execution of YazFi.
- IP Rules should no longer create conflict with other scripts such as VPNMON.
- Target IPs for both interfaces can now be the same the Target IP.
- Added Recursive Ping Check feature. If packet loss is not 0% during a check, the Target IP Addresses will be checked again based on the number of iterations specified by this setting before determing a failure or packet loss. RECURSIVEPINGCHECK (Value is in # of iterations). Default: 1
- Resolved issues that prevented 4G USB Devices from properly working in Failover Mode.
- Moved WAN0_QOS_OVERHEAD, WAN1_QOS_OVERHEAD, WAN0_QOS_ATM, WAN1_QOS_ATM, BOOTDELAYTIMER, PACKETLOSSLOGGING and WANDISABLEDSLEEPTIMER to Optional Configuration and no longer are required to be set during Config or Installation. They will be given Default values that can be modified in the Configuration file.
- Created new Optional Configured Option to specify the ping packet size. PACKETSIZE specifes the packet size in Bytes, Default: 56 Bytes.
- Resolve issue where script would loop from WAN Status to Load Balance Monitor when an interface was disabled.
- Load Balance Mode will now dynamically update resolv.conf (DNS) for Disconnected WAN Interfaces.
- Fixed Cron Job deletion during Uninstallation.
- Corrected issue with Failure Detected log not logging if a device was unplugged or powered off from the Router while in Failover Mode.
- Modified Restart Mode logic to better detect PIDs of running instances of the script.
- Created Alias for script as wan-failover to shorten length of commands used in console.
- Fixed issue where if the USB Device is unplugged and plugged back in, script will now leave Disabled State to go back to WAN Status.
- Enhanced WAN Disabled Logging, will relog every 5 minutes the condition causing the script to be in the Disabled State.
- Added additional logging throughout script.
- Email function will check if DDNS is enabled before attempting to use saved DDNS Hostname

 

[Ranger802004]

Not as far as I know, I run basic OpenVPN server with OpenVPN clients to connect to it, nothing special

Just ran Failover Test and Failback test from ISP01 to ISP02 (Failover works), and then power up ISP01, and Failback fails.

When I run the "switchwan" command, ISP01 takes over again, and ISP02 goes back to being Secondary WAN(Hot-Standby).

If there are any commands you need me to run to test, let me know.


Failover and Failback used to work in V1.5.5 Final release, but I am not sure if your script used the same logic as these current beta releases.

Work with the beta8 release I just published, it probably doesn't have your issue resolved but I need you to collect debug logging for me to see what is going on. The failback loop should escape and return to WAN Status if the IP Rule or Routes are missing so if it is just staying there I need the logs to determine why.

 

[JohnSmith]

Work with the beta8 release I just published, it probably doesn't have your issue resolved but I need you to collect debug logging for me to see what is going on. The failback loop should escape and return to WAN Status if the IP Rule or Routes are missing so if it is just staying there I need the logs to determine why.

Does this help as part of the debug logs from beta7 on Failback Failure?

Aug  2 14:40:43 wan-failover.sh: Debug - ***WAN0 Failback Monitor Loop Ended***
Aug  2 14:40:43 wan-failover.sh: Debug - Function: debuglog
Aug  2 14:40:43 wan-failover.sh: Debug - Function: nvramcheck
Aug  2 14:40:43 wan-failover.sh: Debug - ***NVRAM Check Passed***
Aug  2 14:40:43 wan-failover.sh: Debug - Dual WAN Mode: fo
Aug  2 14:40:43 wan-failover.sh: Debug - Dual WAN Interfaces: wan lan
Aug  2 14:40:43 wan-failover.sh: Debug - ASUS Factory Watchdog: 0
Aug  2 14:40:43 wan-failover.sh: Debug - JFFS custom scripts and configs: 1
Aug  2 14:40:43 wan-failover.sh: Debug - Firewall Enabled: 1
Aug  2 14:40:43 wan-failover.sh: Debug - IPv6 Firewall Enabled: 1
Aug  2 14:40:43 wan-failover.sh: Debug - LEDs Disabled: 0
Aug  2 14:40:43 wan-failover.sh: Debug - QoS Enabled: 1
Aug  2 14:40:43 wan-failover.sh: Debug - DDNS Hostname: all.dnsomatic.com
Aug  2 14:40:43 wan-failover.sh: Debug - LAN Hostname: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN IPv6 Service: disabled
Aug  2 14:40:43 wan-failover.sh: Debug - WAN IPv6 Address:
Aug  2 14:40:43 wan-failover.sh: Debug - Default Route: default via REDACTED dev eth4
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Enabled: 1
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Routing Table Default Route:
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Target IP Rule:
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 IP Address: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Real IP Address:
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Real IP Address State: 0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Gateway IP: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Gateway Interface: eth0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Interface: eth0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Automatic ISP DNS Enabled: 0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Automatic ISP DNS Servers: REDACTED REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Manual DNS Server 1: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Manual DNS Server 2: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 State: 2
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Primary Status: 0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 USB Modem Status: 0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Target IP Address: 8.8.8.8
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Routing Table: 100
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 IP Rule Priority: 100
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Mark: 0x80000000
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Mask: 0xf0000000
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 From WAN Priority: 200
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 To WAN Priority: 400
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Enabled: 1
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Routing Table Default Route:
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Target IP Rule:
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 IP Address: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Real IP Address: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Real IP Address State: 2
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Gateway IP: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Gateway Interface: eth4
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Interface: eth4
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Automatic ISP DNS Enabled: 0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Automatic ISP DNS Servers: REDACTED REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Manual DNS Server 1: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Manual DNS Server 2: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 State: 2
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Primary Status: 1
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 USB Modem Status: 0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Target IP Address: 8.8.4.4
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Routing Table: 200
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 IP Rule Priority: 100
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Mark: 0x90000000
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Mask: 0xf0000000
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 From WAN Priority: 200
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 To WAN Priority: 400
Aug  2 14:40:43 wan-failover.sh: Debug - Function: wanstatus
Aug  2 14:40:43 wan-failover.sh: Debug - Function: nvramcheck
Aug  2 14:40:43 wan-failover.sh: Debug - ***NVRAM Check Passed***
Aug  2 14:40:43 wan-failover.sh: Debug - System Uptime: 424871 Seconds
Aug  2 14:40:43 wan-failover.sh: Debug - Boot Delay Timer: 60 Seconds
Aug  2 14:40:43 wan-failover.sh: WAN Status - wan0 enabled
Aug  2 14:40:43 wan-failover.sh: WAN Status - Adding default route for wan0 Routing Table via REDACTED dev eth0
Aug  2 14:40:43 wan-failover.sh: WAN Status - Added default route for wan0 Routing Table via REDACTED dev eth0
Aug  2 14:40:43 wan-failover.sh: WAN Status - Adding IP Rule for 8.8.8.8 to monitor wan0
Aug  2 14:40:43 wan-failover.sh: WAN Status - Added IP Rule for 8.8.8.8 to monitor wan0
Aug  2 14:40:43 wan-failover.sh: Debug - Recursive Ping Check: 1
Aug  2 14:40:43 wan-failover.sh: Debug - Checking wan0 for packet loss via 8.8.8.8 - Attempt: 1
Aug  2 14:40:50 wan-failover.sh: Debug - wan0 Packet Loss: 100%%
Aug  2 14:40:50 wan-failover.sh: WAN Status - wan0 has 100% packet loss ***Verify 8.8.8.8 is a valid server for ICMP Echo Requests***
Aug  2 14:40:50 wan-failover.sh: Debug - wan0 Status: DISCONNECTED
Aug  2 14:40:50 wan-failover.sh: Debug - Function: setwanstatus
Aug  2 14:40:50 wan-failover.sh: WAN Status - wan1 enabled
Aug  2 14:40:50 wan-failover.sh: WAN Status - Adding default route for wan1 Routing Table via REDACTED dev eth4
Aug  2 14:40:50 wan-failover.sh: WAN Status - Added default route for wan1 Routing Table via REDACTED dev eth4
Aug  2 14:40:50 wan-failover.sh: WAN Status - Adding IP Rule for 8.8.4.4 to monitor wan1
Aug  2 14:40:50 wan-failover.sh: WAN Status - Added IP Rule for 8.8.4.4 to monitor wan1
Aug  2 14:40:50 wan-failover.sh: Debug - Recursive Ping Check: 1
Aug  2 14:40:50 wan-failover.sh: Debug - Checking wan1 for packet loss via 8.8.4.4 - Attempt: 1
Aug  2 14:40:50 YazFi: YazFi v4.4.2 starting up
Aug  2 14:40:51 YazFi: wl0.1 (SSID: REDACTED) - sending all interface internet traffic over WAN interface
REDACTED
Aug  2 14:40:53 YazFi: wl0.2 (SSID: REDACTED) - sending all interface internet traffic over WAN interface
Aug  2 14:40:54 wan-failover.sh: Debug - wan1 Packet Loss: 0%%
Aug  2 14:40:54 wan-failover.sh: WAN Status - wan1 has 0% packet loss
Aug  2 14:40:54 wan-failover.sh: Debug - wan1 Status: CONNECTED
Aug  2 14:40:54 wan-failover.sh: Debug - Function: setwanstatus
Aug  2 14:40:54 wan-failover.sh: Debug - Function: checkiprules
Aug  2 14:40:54 wan-failover.sh: Debug - Function: nvramcheck
Aug  2 14:40:54 wan-failover.sh: Debug - ***NVRAM Check Passed***
Aug  2 14:40:54 wan-failover.sh: Debug - wan1 UPNP Enabled: 1
Aug  2 14:40:54 wan-failover.sh: Debug - wan1 NAT Enabled: 1
Aug  2 14:40:54 wan-failover.sh: Debug - WAN0STATUS: DISCONNECTED
Aug  2 14:40:54 wan-failover.sh: Debug - WAN1STATUS: CONNECTED
Aug  2 14:40:54 wan-failover.sh: Debug - Function: wan0failbackmonitor
Aug  2 14:40:54 wan-failover.sh: Debug - Function: nvramcheck
Aug  2 14:40:54 wan-failover.sh: Debug - ***NVRAM Check Passed***
Aug  2 14:40:54 wan-failover.sh: WAN0 Failback Monitor - Verifying WAN1
Aug  2 14:40:54 wan-failover.sh: WAN0 Failback Monitor - Monitoring wan1 via 8.8.4.4 for Failure
Aug  2 14:40:54 wan-failover.sh: WAN0 Failback Monitor - Monitoring wan0 via 8.8.8.8 for Restoration

 

[Ranger802004]

Does this help as part of the debug logs from beta7 on Failback Failure?

Aug  2 14:40:43 wan-failover.sh: Debug - ***WAN0 Failback Monitor Loop Ended***
Aug  2 14:40:43 wan-failover.sh: Debug - Function: debuglog
Aug  2 14:40:43 wan-failover.sh: Debug - Function: nvramcheck
Aug  2 14:40:43 wan-failover.sh: Debug - ***NVRAM Check Passed***
Aug  2 14:40:43 wan-failover.sh: Debug - Dual WAN Mode: fo
Aug  2 14:40:43 wan-failover.sh: Debug - Dual WAN Interfaces: wan lan
Aug  2 14:40:43 wan-failover.sh: Debug - ASUS Factory Watchdog: 0
Aug  2 14:40:43 wan-failover.sh: Debug - JFFS custom scripts and configs: 1
Aug  2 14:40:43 wan-failover.sh: Debug - Firewall Enabled: 1
Aug  2 14:40:43 wan-failover.sh: Debug - IPv6 Firewall Enabled: 1
Aug  2 14:40:43 wan-failover.sh: Debug - LEDs Disabled: 0
Aug  2 14:40:43 wan-failover.sh: Debug - QoS Enabled: 1
Aug  2 14:40:43 wan-failover.sh: Debug - DDNS Hostname: all.dnsomatic.com
Aug  2 14:40:43 wan-failover.sh: Debug - LAN Hostname: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN IPv6 Service: disabled
Aug  2 14:40:43 wan-failover.sh: Debug - WAN IPv6 Address:
Aug  2 14:40:43 wan-failover.sh: Debug - Default Route: default via REDACTED dev eth4
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Enabled: 1
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Routing Table Default Route:
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Target IP Rule:
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 IP Address: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Real IP Address:
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Real IP Address State: 0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Gateway IP: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Gateway Interface: eth0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Interface: eth0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Automatic ISP DNS Enabled: 0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Automatic ISP DNS Servers: REDACTED REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Manual DNS Server 1: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Manual DNS Server 2: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 State: 2
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Primary Status: 0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 USB Modem Status: 0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Target IP Address: 8.8.8.8
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Routing Table: 100
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 IP Rule Priority: 100
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Mark: 0x80000000
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 Mask: 0xf0000000
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 From WAN Priority: 200
Aug  2 14:40:43 wan-failover.sh: Debug - WAN0 To WAN Priority: 400
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Enabled: 1
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Routing Table Default Route:
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Target IP Rule:
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 IP Address: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Real IP Address: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Real IP Address State: 2
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Gateway IP: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Gateway Interface: eth4
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Interface: eth4
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Automatic ISP DNS Enabled: 0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Automatic ISP DNS Servers: REDACTED REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Manual DNS Server 1: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Manual DNS Server 2: REDACTED
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 State: 2
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Primary Status: 1
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 USB Modem Status: 0
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Target IP Address: 8.8.4.4
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Routing Table: 200
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 IP Rule Priority: 100
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Mark: 0x90000000
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 Mask: 0xf0000000
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 From WAN Priority: 200
Aug  2 14:40:43 wan-failover.sh: Debug - WAN1 To WAN Priority: 400
Aug  2 14:40:43 wan-failover.sh: Debug - Function: wanstatus
Aug  2 14:40:43 wan-failover.sh: Debug - Function: nvramcheck
Aug  2 14:40:43 wan-failover.sh: Debug - ***NVRAM Check Passed***
Aug  2 14:40:43 wan-failover.sh: Debug - System Uptime: 424871 Seconds
Aug  2 14:40:43 wan-failover.sh: Debug - Boot Delay Timer: 60 Seconds
Aug  2 14:40:43 wan-failover.sh: WAN Status - wan0 enabled
Aug  2 14:40:43 wan-failover.sh: WAN Status - Adding default route for wan0 Routing Table via REDACTED dev eth0
Aug  2 14:40:43 wan-failover.sh: WAN Status - Added default route for wan0 Routing Table via REDACTED dev eth0
Aug  2 14:40:43 wan-failover.sh: WAN Status - Adding IP Rule for 8.8.8.8 to monitor wan0
Aug  2 14:40:43 wan-failover.sh: WAN Status - Added IP Rule for 8.8.8.8 to monitor wan0
Aug  2 14:40:43 wan-failover.sh: Debug - Recursive Ping Check: 1
Aug  2 14:40:43 wan-failover.sh: Debug - Checking wan0 for packet loss via 8.8.8.8 - Attempt: 1
Aug  2 14:40:50 wan-failover.sh: Debug - wan0 Packet Loss: 100%%
Aug  2 14:40:50 wan-failover.sh: WAN Status - wan0 has 100% packet loss ***Verify 8.8.8.8 is a valid server for ICMP Echo Requests***
Aug  2 14:40:50 wan-failover.sh: Debug - wan0 Status: DISCONNECTED
Aug  2 14:40:50 wan-failover.sh: Debug - Function: setwanstatus
Aug  2 14:40:50 wan-failover.sh: WAN Status - wan1 enabled
Aug  2 14:40:50 wan-failover.sh: WAN Status - Adding default route for wan1 Routing Table via REDACTED dev eth4
Aug  2 14:40:50 wan-failover.sh: WAN Status - Added default route for wan1 Routing Table via REDACTED dev eth4
Aug  2 14:40:50 wan-failover.sh: WAN Status - Adding IP Rule for 8.8.4.4 to monitor wan1
Aug  2 14:40:50 wan-failover.sh: WAN Status - Added IP Rule for 8.8.4.4 to monitor wan1
Aug  2 14:40:50 wan-failover.sh: Debug - Recursive Ping Check: 1
Aug  2 14:40:50 wan-failover.sh: Debug - Checking wan1 for packet loss via 8.8.4.4 - Attempt: 1
Aug  2 14:40:50 YazFi: YazFi v4.4.2 starting up
Aug  2 14:40:51 YazFi: wl0.1 (SSID: REDACTED) - sending all interface internet traffic over WAN interface
REDACTED
Aug  2 14:40:53 YazFi: wl0.2 (SSID: REDACTED) - sending all interface internet traffic over WAN interface
Aug  2 14:40:54 wan-failover.sh: Debug - wan1 Packet Loss: 0%%
Aug  2 14:40:54 wan-failover.sh: WAN Status - wan1 has 0% packet loss
Aug  2 14:40:54 wan-failover.sh: Debug - wan1 Status: CONNECTED
Aug  2 14:40:54 wan-failover.sh: Debug - Function: setwanstatus
Aug  2 14:40:54 wan-failover.sh: Debug - Function: checkiprules
Aug  2 14:40:54 wan-failover.sh: Debug - Function: nvramcheck
Aug  2 14:40:54 wan-failover.sh: Debug - ***NVRAM Check Passed***
Aug  2 14:40:54 wan-failover.sh: Debug - wan1 UPNP Enabled: 1
Aug  2 14:40:54 wan-failover.sh: Debug - wan1 NAT Enabled: 1
Aug  2 14:40:54 wan-failover.sh: Debug - WAN0STATUS: DISCONNECTED
Aug  2 14:40:54 wan-failover.sh: Debug - WAN1STATUS: CONNECTED
Aug  2 14:40:54 wan-failover.sh: Debug - Function: wan0failbackmonitor
Aug  2 14:40:54 wan-failover.sh: Debug - Function: nvramcheck
Aug  2 14:40:54 wan-failover.sh: Debug - ***NVRAM Check Passed***
Aug  2 14:40:54 wan-failover.sh: WAN0 Failback Monitor - Verifying WAN1
Aug  2 14:40:54 wan-failover.sh: WAN0 Failback Monitor - Monitoring wan1 via 8.8.4.4 for Failure
Aug  2 14:40:54 wan-failover.sh: WAN0 Failback Monitor - Monitoring wan0 via 8.8.8.8 for Restoration

I'm assuming you're deleting the Rule and Routes out of the Debug logging? It looks like everything is place just your router is unable to ping outside of WAN0 while it is down, is it still working if you go back to v1.5.5? As of right now v.1.5.6-beta8 should be better at handling coming out of the Failback loop. Are you able to manually ping from the router if you specify -I eth0? Are you using the default packet size?

ping -I eth0 8.8.8.8

 

[JohnSmith]

I'm assuming you're deleting the Rule and Routes out of the Debug logging? It looks like everything is place just your router is unable to ping outside of WAN0 while it is down, is it still working if you go back to v1.5.5? As of right now v.1.5.6-beta8 should be better at handling coming out of the Failback loop. Are you able to manually ping from the router if you specify -I eth0? Are you using the default packet size?

ping -I eth0 8.8.8.8

I am REDACTING the Debug logs for Privacy, and I am still unable to "ping -I eth0 8.8.8.8" when ISP01 is down, and ISP02 is up and primary.

I am also unable to "ping -I eth4 8.8.4.4" when ISP01 is up and is primary and ISP02 is in Hot-Standby.

I will have to test rolling back to V1.5.5 in a bit, as network is getting busy...

 

[Ranger802004]

I am REDACTING the Debug logs for Privacy, and I am still unable to "ping -I eth0 8.8.8.8" when ISP01 is down, and ISP02 is up and primary.

I am also unable to "ping -I eth4 8.8.4.4" when ISP01 is up and is primary and ISP02 is in Hot-Standby.

I will have to test rolling back to V1.5.5 in a bit, as network is getting busy...

Check these when you are unable to ping and verify the Rules and Routes are in place, if they are there is something else at play here.

ip rule show
ip route show table 100
ip route show table 200

This is the Failback Monitor Loop in v1.5.6-beta8, as you see if it is missing an IP Rule it will break the loop to return to WAN Status to recreate it, also if the route(s) IP(s), Gateway(s), don't match, it will also break the loop to go recreate them.

# WAN0 Failback Monitor
wan0failbackmonitor ()
{
logger -p 6 -t "${0##*/}" "Debug - Function: wan0failbackmonitor"

# Delay if NVRAM is not accessible
nvramcheck || return

logger -p 5 -t "${0##*/}" "WAN0 Failback Monitor - Verifying WAN1"
if [[ "$(nvram get wan1_primary)" != "1" ]] >/dev/null;then
  logger -p 6 -t "${0##*/}" "Debug - WAN1 is not Primary WAN"
  switchwan
elif [[ "$(nvram get wan0_ipaddr)" == "0.0.0.0" ]] || [[ "$(nvram get wan0_gateway)" == "0.0.0.0" ]] >/dev/null;then
  logger -p 6 -t "${0##*/}" "Debug - WAN0 does not have a valid IP: $(nvram get wan0_ipaddr) or Gateway IP: $(nvram get wan0_gateway)"
  wandisabled
elif [[ "$(nvram get wan1_primary)" == "1" ]] && [[ "$(nvram get wan0_enable)" == "0" ]] >/dev/null;then
  logger -p 6 -t "${0##*/}" "Debug - WAN0 is not Enabled"
  wandisabled
fi

logger -p 4 -st "${0##*/}" "WAN0 Failback Monitor - Monitoring "$WAN1" via $WAN1TARGET for Failure"
logger -p 3 -st "${0##*/}" "WAN0 Failback Monitor - Monitoring "$WAN0" via $WAN0TARGET for Restoration"
while { { [[ "$(nvram get wan0_enable)" == "1" ]] && [[ "$(nvram get wan1_enable)" == "1" ]] ;} && [[ "$(nvram get wan1_primary)" == "1" ]] ;} \
&& { [[ "$(nvram get wan0_state_t)" != "2" ]] || { [[ "$(nvram get wan0_gateway)" == "$(ip route list default table "$WAN0ROUTETABLE" | awk '{print $3}')" ]] && [[ "$(nvram get wan0_gw_ifname)" == "$(ip route list default table "$WAN0ROUTETABLE" | awk '{print $5}')" ]] ;} ;} \
&& { [[ "$(nvram get wan1_state_t)" != "2" ]] || { [[ "$(nvram get wan1_gateway)" == "$(ip route list default table "$WAN1ROUTETABLE" | awk '{print $3}')" ]] && [[ "$(nvram get wan1_gw_ifname)" == "$(ip route list default table "$WAN1ROUTETABLE" | awk '{print $5}')" ]] ;} ;} >/dev/null;do
  pingtargets || wanstatus
  if { { [ -z "$(ip rule list from all iif lo to "$WAN0TARGET" oif "$(nvram get wan0_gw_ifname)" lookup "$WAN0ROUTETABLE")" ] && [[ "$(nvram get wan0_state_t)" == "2" ]] ;} && { [[ "$(nvram get wan0_ipaddr)" != "0.0.0.0" ]] || [[ "$(nvram get wan0_gateway)" != "0.0.0.0" ]] ;} ;} \
  || { { [ -z "$(ip rule list from all iif lo to "$WAN1TARGET" oif "$(nvram get wan1_gw_ifname)" lookup "$WAN1ROUTETABLE")" ] && [[ "$(nvram get wan1_state_t)" == "2" ]] ;} && { [[ "$(nvram get wan1_ipaddr)" != "0.0.0.0" ]] || [[ "$(nvram get wan1_gateway)" != "0.0.0.0" ]] ;} ;} >/dev/null;then
    break
  elif [[ "$WAN0PACKETLOSS" == "100%" ]] || [[ "$(nvram get wan0_state_t)" != "2" ]] >/dev/null;then
    continue
  elif [[ "$WAN0PACKETLOSS" == "0%" ]] >/dev/null;then
    WAN0STATUS=CONNECTED
    WAN1STATUS=CONNECTED
    logger -p 6 -t "${0##*/}" "Debug - WAN0: $WAN0STATUS"
    logger -p 6 -t "${0##*/}" "Debug - WAN1: $WAN1STATUS"
    switchwan
  elif [[ "$WAN0PACKETLOSS" != "0%" ]] >/dev/null;then
    continue
  fi
done

# Debug Logging
logger -p 6 -t "${0##*/}" "Debug - ***WAN0 Failback Monitor Loop Ended***"
debuglog || return

# Return to WAN Status
wanstatus
}

This is v1.5.5 WAN0 Failback Loop for comparison

# WAN0 Failback Monitor
wan0failbackmonitor ()
{
logger -p 6 -t "${0##*/}" "Debug - Function: wan0failbackmonitor"

# Delay if NVRAM is not accessible
nvramcheck || return

logger -p 3 -st "${0##*/}" "WAN0 Failback Monitor - Monitoring "$WAN0" via $WAN0TARGET for Failback"
while { [[ "$(nvram get wan0_enable)" == "1" ]] && [[ "$(nvram get wan1_enable)" == "1" ]] ;} && [[ "$(nvram get wan1_primary)" == "1" ]] \
&& [ ! -z "$(ip rule list from all iif lo to "$WAN0TARGET" lookup "$WAN0ROUTETABLE")" ] \
&& { [[ "$(nvram get wan0_gateway)" == "$(ip route list default table "$WAN0ROUTETABLE" | awk '{print $3}')" ]] && [[ "$(nvram get wan0_gw_ifname)" == "$(ip route list default table "$WAN0ROUTETABLE" | awk '{print $5}')" ]] ;} >/dev/null;do
  pingtargets || wanstatus
  if [[ "$WAN0PACKETLOSS" == "100%" ]] >/dev/null;then
    continue
  elif [[ "$WAN0PACKETLOSS" == "0%" ]] >/dev/null;then
    logger -p 1 -st "${0##*/}" "WAN0 Failback Monitor - Connection Detected - WAN0 Packet Loss: $WAN0PACKETLOSS"
    switchwan
  elif [[ "$WAN0PACKETLOSS" != "0%" ]] >/dev/null;then
    if [ -z "$PACKETLOSSLOGGING" ] || [[ "$PACKETLOSSLOGGING" == "1" ]] >/dev/null;then
      logger -p 3 -st "${0##*/}" "WAN0 Failback Monitor - Packet Loss Detected - WAN0 Packet Loss: $WAN0PACKETLOSS"
      continue
    elif [ ! -z "$PACKETLOSSLOGGING" ] && [[ "$PACKETLOSSLOGGING" == "0"]] >/dev/null;then
      continue
    fi
  fi
done

# Debug Logging
logger -p 6 -t "${0##*/}" "Debug - ***WAN0 Failback Monitor Loop Ended***"
debuglog || return

# Return to WAN Status
wanstatus
}

 

[JohnSmith]

Check these when you are unable to ping and verify the Rules and Routes are in place, if they are there is something else at play here.

ip rule show
ip route show table 100
ip route show table 200

All looks good to me

ASUSWRT-Merlin RT-AX88U 386.7_2 Sun Jul 24 21:39:14 UTC 2022
admin@XXAX88U:/tmp/home/root# ip rule show
0:      from all lookup local
100:    from all to 8.8.8.8 iif lo oif eth0 lookup wan0
100:    from all to 8.8.4.4 iif lo oif eth4 lookup wan1
32766:  from all lookup main
32767:  from all lookup default
admin@XXAX88U:/tmp/home/root# ip route show table 100
default via X.X.X.X dev eth0
admin@XXAX88U:/tmp/home/root# ip route show table 200
default via X.X.X.X dev eth4
admin@XXAX88U:/tmp/home/root#

X.X.X.X are the gateways of Primary WAN and Secondary WAN

 

[Ranger802004]

All looks good to me

ASUSWRT-Merlin RT-AX88U 386.7_2 Sun Jul 24 21:39:14 UTC 2022
admin@XXAX88U:/tmp/home/root# ip rule show
0:      from all lookup local
100:    from all to 8.8.8.8 iif lo oif eth0 lookup wan0
100:    from all to 8.8.4.4 iif lo oif eth4 lookup wan1
32766:  from all lookup main
32767:  from all lookup default
admin@XXAX88U:/tmp/home/root# ip route show table 100
default via X.X.X.X dev eth0
admin@XXAX88U:/tmp/home/root# ip route show table 200
default via X.X.X.X dev eth4
admin@XXAX88U:/tmp/home/root#

X.X.X.X are the gateways of Primary WAN and Secondary WAN

Do this for me, manually create these rules and see if it you are able to ping, if not continue to the next rules.

ip rule add from all to 8.8.8.8 oif eth0 lookup wan0 priority 100
ip rule add from all to 8.8.4.4 oif eth4 lookup wan1 priority 100

Add these if you are unable to ping with the first rules.

ip rule add from all iif lo to 8.8.8.8 lookup wan0 priority 100
ip rule add from all iif lo to 8.8.4.4 lookup wan1 priority 100

Also send me this please.

ip -V

 

[JohnSmith]

Do this for me, manually create these rules and see if it you are able to ping, if not continue to the next rules.

ip rule add from all to 8.8.8.8 oif eth0 lookup wan0 priority 100
ip rule add from all to 8.8.4.4 oif eth4 lookup wan1 priority 100

Add these if you are unable to ping with the first rules.

ip rule add from all iif lo to 8.8.8.8 lookup wan0 priority 100
ip rule add from all iif lo to 8.8.4.4 lookup wan1 priority 100

Also send me this please.

ip -V

With ISP01 Primary WAN, and ISP02 Secondary WAN Hot-Standby, the 4th ip rule allowed me to ping 8.8.4.4 from eth4, but can not ping 8.8.4.4 from eth0

ASUSWRT-Merlin RT-AX88U 386.7_2 Sun Jul 24 21:39:14 UTC 2022
admin@XXAX88U:/tmp/home/root# ip rule add from all to 8.8.8.8 oif eth0 lookup wan0 priority 100
admin@XXAX88U:/tmp/home/root# ping -I eth4 8.8.4.4
PING 8.8.4.4 (8.8.4.4): 56 data bytes
^C
--- 8.8.4.4 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

admin@XXAX88U:/tmp/home/root# ip rule add from all to 8.8.4.4 oif eth4 lookup wan1 priority 100
admin@XXAX88U:/tmp/home/root# ping -I eth4 8.8.4.4
PING 8.8.4.4 (8.8.4.4): 56 data bytes
^C
--- 8.8.4.4 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

admin@XXAX88U:/tmp/home/root# ip rule add from all iif lo to 8.8.8.8 lookup wan0 priority 100
admin@XXAX88U:/tmp/home/root# ping -I eth4 8.8.4.4
PING 8.8.4.4 (8.8.4.4): 56 data bytes
^C
--- 8.8.4.4 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

admin@XXAX88U:/tmp/home/root# ip rule add from all iif lo to 8.8.4.4 lookup wan1 priority 100
admin@XXAX88U:/tmp/home/root# ping -I eth4 8.8.4.4
PING 8.8.4.4 (8.8.4.4): 56 data bytes
64 bytes from 8.8.4.4: seq=0 ttl=120 time=31.397 ms
64 bytes from 8.8.4.4: seq=1 ttl=120 time=30.258 ms
64 bytes from 8.8.4.4: seq=2 ttl=120 time=31.275 ms
^C
--- 8.8.4.4 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 30.258/30.976/31.397 ms

admin@XXAX88U:/tmp/home/root# ip -V
ip utility, iproute2-5.11.0
admin@XXAX88U:/tmp/home/root#