WANFailover Dual WAN Failover Script

[ttgapers]

@Ranger802004 - thank you kindly for this script. I am running the latest Beta, and use Cake as my QoS engine of choice.

Does this script play nicely with Cake, or does it (as it appears), assume it's Traditional QoS? Reason I ask is that I see the following in the logs now.

Aug 5 14:03:18 BWDPI: TrendMicro function can't use under load-balance mode!
Aug 5 14:03:18 BWDPI: TrendMicro function can't use under load-balance mode!
Aug 5 14:03:20 BWDPI: TrendMicro function can't use under load-balance mode!
Aug 5 14:03:20 BWDPI: TrendMicro function can't use under load-balance mode!
Aug 5 14:03:22 BWDPI: TrendMicro function can't use under load-balance mode!
Aug 5 14:03:22 BWDPI: TrendMicro function can't use under load-balance mode!
Aug 5 14:03:24 BWDPI: TrendMicro function can't use under load-balance mode!
Aug 5 14:03:24 BWDPI: TrendMicro function can't use under load-balance mode!
Aug 5 14:03:27 BWDPI: TrendMicro function can't use under load-balance mode!
Aug 5 14:03:27 BWDPI: TrendMicro function can't use under load-balance mode!

Trend is completely disabled for me via the Privacy tab, so just wondering. I really appreciate this script as the Asus GUI is quite clunky and non-functional for incoming web services...

Big thanks again!

 

[Ranger802004]

@Ranger802004 - thank you kindly for this script. I am running the latest Beta, and use Cake as my QoS engine of choice.

Does this script play nicely with Cake, or does it (as it appears), assume it's Traditional QoS? Reason I ask is that I see the following in the logs now.



Trend is completely disabled for me via the Privacy tab, so just wondering. I really appreciate this script as the Asus GUI is quite clunky and non-functional for incoming web services...

Big thanks again!

QoS and as far as I know most other Trend Micro features are not available in Load Balance Mode, this is firmware enforced so above my script.

 

[Stephen Harrington]

Fixed issue where if the USB Device is unplugged and plugged back in, script will now leave Disabled State to go back to WAN Status.

- Service Restarts now include restarting enabled OpenVPN Server Instances.

Thanks @Ranger802004 for all your hard work.

For those wondering and/or contemplating, with Beta 9 this wan-failover script now makes using a cheapo 4G/5G USB stick (with data plan of some kind) as backup broadband a very viable and seamless strategy, even for my mildly complicated setup which includes an OpenVPN server. I recommend combining it with the @Viktor Jaep VPNMON-R2 script if you also have OpenVPN clients, as the two scripts co-operate with each other if needed.

 

[mlamlam]

After a period of time , don't know why the script is not working and it seems the process is stuck

the shell script killall does not kill the process at all, suggest to use killall -9 as well

also the lock file is still there after killall, have to add rm -rf /var/lock/wan-failover.lock to remove the lock file.

 

[VIper_Rus]

@JohnSmith in the meantime you can use these commands to force them into Hot Standby while you wait on my update.
WAN0:

service "restart_wan_if 0"

WAN1:

service "restart_wan_if 1"

If I restart my wan1 device, then it disconnects from the router

Aug 6 09:32:08 kernel: eth2 (Ext switch port: 1) (Logical Port: 9) (phyId: 9) Link DOWN.
Aug 6 09:32:13 kernel: eth2 (Ext switch port: 1) (Logical Port: 9) (phyId: 9) Link UP at 100 mbps full duplex
Aug 6 09:32:33 kernel: eth2 (Ext switch port: 1) (Logical Port: 9) (phyId: 9) Link DOWN.
Aug 6 09:32:40 kernel: eth2 (Ext switch port: 1) (Logical Port: 9) (phyId: 9) Link UP at 100 mbps full duplex

And the WAN1 state of the interface becomes "Secondary WAN mode: Cold-Standby". nvram get wan1_state_t: 3
But at the same time, the interface continues to ping normally.

service "restart_wan_if 1" switches to hot standby. Maybe for state 3 to do the same thing that you are currently doing for state 5?

 

[Ranger802004]

After a period of time , don't know why the script is not working and it seems the process is stuck

the shell script killall does not kill the process at all, suggest to use killall -9 as well

also the lock file is still there after killall, have to add rm -rf /var/lock/wan-failover.lock to remove the lock file.

What model router do you have and what firmware version are you on?

 

[Ranger802004]

If I restart my wan1 device, then it disconnects from the router

Aug 6 09:32:08 kernel: eth2 (Ext switch port: 1) (Logical Port: 9) (phyId: 9) Link DOWN.
Aug 6 09:32:13 kernel: eth2 (Ext switch port: 1) (Logical Port: 9) (phyId: 9) Link UP at 100 mbps full duplex
Aug 6 09:32:33 kernel: eth2 (Ext switch port: 1) (Logical Port: 9) (phyId: 9) Link DOWN.
Aug 6 09:32:40 kernel: eth2 (Ext switch port: 1) (Logical Port: 9) (phyId: 9) Link UP at 100 mbps full duplex

And the WAN1 state of the interface becomes "Secondary WAN mode: Cold-Standby". nvram get wan1_state_t: 3
But at the same time, the interface continues to ping normally.

service "restart_wan_if 1" switches to hot standby. Maybe for state 3 to do the same thing that you are currently doing for state 5?

It is already doing a restart for State 3 in Status checks, I think what I need to do is have the failover loop force it back to state 2 by setting the NVRAM value if it pings and isn't State 2 already.

 

[Ranger802004]

v1.5.6-beta10 Release: ***Disclaimer: This is a beta release and has been untested***

Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***
Clean installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta10.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh install

Upgrade from previous installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta10.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh restart

To revert back to Production Release:

/jffs/scripts/wan-failover.sh update

Beta Readme

***WARNING*** There are some major changes from v1.5.6-beta9 so if you experience issues please collect debug logs and forward to me via DM!

***WARNING*** If you are using an RT-AX88U, read release notes!

***HIGHLIGHT*** Script will now create an alias as "wan-failover", once script is updated and restarted. Consoles can now use the new alias instead of the full script path "/jffs/scripts/wan-failover.sh". Consoles open while the script is updated may need to be restarted or the following command executed.

source /jffs/configs/profile.add

Release Notes:
v1.5.6-beta10
- General optimization
- Added a confirmation prompt to Restart Mode.
- Fixed visual bugs when running Restart Mode.
- Load Balance Monitor now triggers Service Restart function during failover events.
- YazFi trigger during service restart will no longer run process in the background to prevent issues with script execution of YazFi.
- IP Rules should no longer create conflict with other scripts such as VPNMON.
- Target IPs for both interfaces can now be the same the Target IP.
- Added Recursive Ping Check feature. If packet loss is not 0% during a check, the Target IP Addresses will be checked again based on the number of iterations specified by this setting before determing a failure or packet loss. RECURSIVEPINGCHECK (Value is in # of iterations). Default: 1
- Resolved issues that prevented 4G USB Devices from properly working in Failover Mode.
- Moved WAN0_QOS_OVERHEAD, WAN1_QOS_OVERHEAD, WAN0_QOS_ATM, WAN1_QOS_ATM, BOOTDELAYTIMER, PACKETLOSSLOGGING and WANDISABLEDSLEEPTIMER to Optional Configuration and no longer are required to be set during Config or Installation. They will be given Default values that can be modified in the Configuration file.
- Created new Optional Configured Option to specify the ping packet size. PACKETSIZE specifes the packet size in Bytes, Default: 56 Bytes.
- Resolve issue where script would loop from WAN Status to Load Balance Monitor when an interface was disabled.
- Load Balance Mode will now dynamically update resolv.conf (DNS) for Disconnected WAN Interfaces.
- Fixed Cron Job deletion during Uninstallation.
- Corrected issue with Failure Detected log not logging if a device was unplugged or powered off from the Router while in Failover Mode.
- Modified Restart Mode logic to better detect PIDs of running instances of the script.
- Created Alias for script as wan-failover to shorten length of commands used in console.
- Fixed issue where if the USB Device is unplugged and plugged back in, script will now leave Disabled State to go back to WAN Status.
- Enhanced WAN Disabled Logging, will relog every 5 minutes the condition causing the script to be in the Disabled State.
- Added additional logging throughout script.
- Email function will check if DDNS is enabled before attempting to use saved DDNS Hostname
- Added cleanup function for when script exits to perform cleanup tasks.
- Service Restarts now include restarting enabled OpenVPN Server Instances.
- Target IP Rules will now compensate for the RT-AX88U however this can create conflicts if the Target IPs are the same or are used for other services/scripts.
- Fixed issue in DNS Switch in Load Balance Mode where WAN1 was using the Status of WAN0.
- Switch WAN Mode will now prompt for confirmation before switching.
- Fixed issue where Switch WAN Mode would fail due to missing Status parameters acquired in Run or Manual Mode.
- Fixed issue where WAN Interface would not come out of Cold Standby if in State 5.
- Script will now reset VPNMON-R2 if it is installed and running during Failover
- Enhanced Ping Monitoring to improve failure/packet loss detection time.

 

[Stephen Harrington]

@Ranger802004 - Feature request for a future version?

It would be useful to have the option to also get notification emails when Secondary WAN goes offline for some reason, along the lines of:-

Warning - Secondary WAN is currently Offline and unavailable for Failover!

and then when it comes back Online …

Notice - Secondary WAN is Online and available for Failover

In my case backup WAN is a 4G USB stick not in general view so if it dies for some reason or gets unplugged accidentally this wouldn’t necessarily be noticed - this would be an alert that corrective action needs to be taken?

Thanks for your consideration!

 

[VIper_Rus]

v1.5.6-beta9 Release: ***Disclaimer: This is a beta release and has been untested***

Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***
Clean installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta10.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh install

Upgrade from previous installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta10.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh restart

To revert back to Production Release:

/jffs/scripts/wan-failover.sh update

Beta Readme

***WARNING*** There are some major changes from v1.5.6-beta9 so if you experience issues please collect debug logs and forward to me via DM!

***WARNING*** If you are using an RT-AX88U, read release notes!

***HIGHLIGHT*** Script will now create an alias as "wan-failover", once script is updated and restarted. Consoles can now use the new alias instead of the full script path "/jffs/scripts/wan-failover.sh". Consoles open while the script is updated may need to be restarted or the following command executed.

source /jffs/configs/profile.add

Release Notes:
v1.5.6-beta10
- General optimization
- Added a confirmation prompt to Restart Mode.
- Fixed visual bugs when running Restart Mode.
- Load Balance Monitor now triggers Service Restart function during failover events.
- YazFi trigger during service restart will no longer run process in the background to prevent issues with script execution of YazFi.
- IP Rules should no longer create conflict with other scripts such as VPNMON.
- Target IPs for both interfaces can now be the same the Target IP.
- Added Recursive Ping Check feature. If packet loss is not 0% during a check, the Target IP Addresses will be checked again based on the number of iterations specified by this setting before determing a failure or packet loss. RECURSIVEPINGCHECK (Value is in # of iterations). Default: 1
- Resolved issues that prevented 4G USB Devices from properly working in Failover Mode.
- Moved WAN0_QOS_OVERHEAD, WAN1_QOS_OVERHEAD, WAN0_QOS_ATM, WAN1_QOS_ATM, BOOTDELAYTIMER, PACKETLOSSLOGGING and WANDISABLEDSLEEPTIMER to Optional Configuration and no longer are required to be set during Config or Installation. They will be given Default values that can be modified in the Configuration file.
- Created new Optional Configured Option to specify the ping packet size. PACKETSIZE specifes the packet size in Bytes, Default: 56 Bytes.
- Resolve issue where script would loop from WAN Status to Load Balance Monitor when an interface was disabled.
- Load Balance Mode will now dynamically update resolv.conf (DNS) for Disconnected WAN Interfaces.
- Fixed Cron Job deletion during Uninstallation.
- Corrected issue with Failure Detected log not logging if a device was unplugged or powered off from the Router while in Failover Mode.
- Modified Restart Mode logic to better detect PIDs of running instances of the script.
- Created Alias for script as wan-failover to shorten length of commands used in console.
- Fixed issue where if the USB Device is unplugged and plugged back in, script will now leave Disabled State to go back to WAN Status.
- Enhanced WAN Disabled Logging, will relog every 5 minutes the condition causing the script to be in the Disabled State.
- Added additional logging throughout script.
- Email function will check if DDNS is enabled before attempting to use saved DDNS Hostname
- Added cleanup function for when script exits to perform cleanup tasks.
- Service Restarts now include restarting enabled OpenVPN Server Instances.
- Target IP Rules will now compensate for the RT-AX88U however this can create conflicts if the Target IPs are the same or are used for other services/scripts.
- Fixed issue in DNS Switch in Load Balance Mode where WAN1 was using the Status of WAN0.
- Switch WAN Mode will now prompt for confirmation before switching.
- Fixed issue where Switch WAN Mode would fail due to missing Status parameters acquired in Run or Manual Mode.
- Fixed issue where WAN Interface would not come out of Cold Standby if in State 5.
- Script will now reset VPNMON-R2 if it is installed and running during Failover
- Enhanced Ping Monitoring to improve failure/packet loss detection time.

Since beta9 and newer broken access to my wan1 device. I can not enter the web interface of this device, which was very convenient.
But Now (since beta10) it began to automatically transfer the rebooted device from COLD-State to hot standby

 

[Ranger802004]

Since beta9 broken access to my wan1 device. Now it began to automatically transfer the rebooted device from COLD-State to hot standby, but now I can not enter the web interface of this device, which was very convenient.

Do you have a custom rule set up to add access to it? If so which start up script is it in?

 

[VIper_Rus]

Do you have a custom rule set up to add access to it? If so which start up script is it in?

No.
Access appeared thanks to your script (I don’t remember in which version you added it)

Aug 6 20:33:19 wan-failover.sh: Check IP Rules - Adding iptables MASQUERADE rule for excluding 10.100.0.2 via eth2
Aug 6 20:33:19 wan-failover.sh: Check IP Rules - Added iptables MASQUERADE rule for excluding 10.100.0.2 via eth2

But since beta9 and beta10 it doesn't.

Rolled back to beta 8, everything is ok, updated to beta 10, there is access, restarted the router, no access.

 

[Ranger802004]

No.
Access appeared thanks to your script (I don’t remember in which version you added it)

Aug 6 20:33:19 wan-failover.sh: Check IP Rules - Adding iptables MASQUERADE rule for excluding 10.100.0.2 via eth2
Aug 6 20:33:19 wan-failover.sh: Check IP Rules - Added iptables MASQUERADE rule for excluding 10.100.0.2 via eth2

But since beta9 and beta10 it doesn't.

Rolled back to beta 8, everything is ok, updated to beta 10, there is access, restarted the router, no access.

That was an unintended consequence but I see why that is happening, I'll make an adjustment for it.

EDIT: This will be resolved in next release.

 

[Ranger802004]

I will have an unplanned additional beta release for v1.5.6 to iron out some of the last issues being discovered. Standby for the bonus Beta11 everyone and in the meantime please continue testing Beta10 for additional issues, thank you.

 

[Stephen Harrington]

Since beta9 and newer broken access to my wan1 device. I can not enter the web interface of this device, which was very convenient.

@Ranger802004 can see you are onto it but providing confirmation and another data point.
Just checked my setup and confirmed this is also a "new" issue for me as well, on my USB stick I can no longer reach its web interface since Beta 8 or so.

 

[Ranger802004]

@Ranger802004 can see you are onto it but providing confirmation and another data point.
Just checked my setup and confirmed this is also a "new" issue for me as well, on my USB stick I can no longer reach its web interface since Beta 8 or so.

See my response to @VIper_Rus

 

[Ranger802004]

@Ranger802004 - Feature request for a future version?

It would be useful to have the option to also get notification emails when Secondary WAN goes offline for some reason, along the lines of:-

Warning - Secondary WAN is currently Offline and unavailable for Failover!

and then when it comes back Online …

Notice - Secondary WAN is Online and available for Failover

In my case backup WAN is a 4G USB stick not in general view so if it dies for some reason or gets unplugged accidentally this wouldn’t necessarily be noticed - this would be an alert that corrective action needs to be taken?

Thanks for your consideration!

I have this functionality in emailing when in load balance mode so I’ll have to look into how to incorporate this for Failover Mode.

 

[Ranger802004]

v1.5.6-beta11 Release: ***Disclaimer: This is a beta release and has been untested***

Manually upgrade to this beta by running the following command" ***Allow for cronjob to relaunch the script***
Clean installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta11.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh install

Upgrade from previous installation:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/wan-failover_v1.5.6-beta11.sh" -o "/jffs/scripts/wan-failover.sh" && chmod 755 /jffs/scripts/wan-failover.sh && sh /jffs/scripts/wan-failover.sh restart

To revert back to Production Release:

/jffs/scripts/wan-failover.sh update

Beta Readme

***WARNING*** There are some major changes from v1.5.6-beta9 so if you experience issues please collect debug logs and forward to me via DM!

***WARNING*** If you are using an RT-AX88U, read release notes!

***HIGHLIGHT*** Script will now send emails in Failover Mode if the Secondary WAN fails and when the script first starts if both interfaces are Connected.

***HIGHLIGHT*** Script will now create an alias as "wan-failover", once script is updated and restarted. Consoles can now use the new alias instead of the full script path "/jffs/scripts/wan-failover.sh". Consoles open while the script is updated may need to be restarted or the following command executed.

source /jffs/configs/profile.add

Release Notes:
v1.5.6-beta11
- General optimization
- Added a confirmation prompt to Restart Mode.
- Fixed visual bugs when running Restart Mode.
- Load Balance Monitor now triggers Service Restart function during failover events.
- YazFi trigger during service restart will no longer run process in the background to prevent issues with script execution of YazFi.
- IP Rules should no longer create conflict with other scripts such as VPNMON.
- Target IPs for both interfaces can now be the same the Target IP.
- Added Recursive Ping Check feature. If packet loss is not 0% during a check, the Target IP Addresses will be checked again based on the number of iterations specified by this setting before determing a failure or packet loss. RECURSIVEPINGCHECK (Value is in # of iterations). Default: 1
- Resolved issues that prevented 4G USB Devices from properly working in Failover Mode.
- Moved WAN0_QOS_OVERHEAD, WAN1_QOS_OVERHEAD, WAN0_QOS_ATM, WAN1_QOS_ATM, BOOTDELAYTIMER, PACKETLOSSLOGGING and WANDISABLEDSLEEPTIMER to Optional Configuration and no longer are required to be set during Config or Installation. They will be given Default values that can be modified in the Configuration file.
- Created new Optional Configured Option to specify the ping packet size. PACKETSIZE specifes the packet size in Bytes, Default: 56 Bytes.
- Resolve issue where script would loop from WAN Status to Load Balance Monitor when an interface was disabled.
- Load Balance Mode will now dynamically update resolv.conf (DNS) for Disconnected WAN Interfaces.
- Fixed Cron Job deletion during Uninstallation.
- Corrected issue with Failure Detected log not logging if a device was unplugged or powered off from the Router while in Failover Mode.
- Modified Restart Mode logic to better detect PIDs of running instances of the script.
- Created Alias for script as wan-failover to shorten length of commands used in console.
- Fixed issue where if the USB Device is unplugged and plugged back in, script will now leave Disabled State to go back to WAN Status.
- Enhanced WAN Disabled Logging, will relog every 5 minutes the condition causing the script to be in the Disabled State.
- Added additional logging throughout script.
- Email function will check if DDNS is enabled before attempting to use saved DDNS Hostname
- Added cleanup function for when script exits to perform cleanup tasks.
- Service Restarts now include restarting enabled OpenVPN Server Instances.
- Target IP Rules will now compensate for the RT-AX88U however this can create conflicts if the Target IPs are the same or are used for other services/scripts.
- Fixed issue in DNS Switch in Load Balance Mode where WAN1 was using the Status of WAN0.
- Switch WAN Mode will now prompt for confirmation before switching.
- Fixed issue where Switch WAN Mode would fail due to missing Status parameters acquired in Run or Manual Mode.
- Fixed issue where WAN Interface would not come out of Cold Standby if in State 5.
- Script will now reset VPNMON-R2 if it is installed and running during Failover
- Enhanced Ping Monitoring to improve failure/packet loss detection time.
- If an amtm email alert fails to send, an email attempt will be made via AIProtection Alerts if properly configured.
- An email notification will now be sent if the Secondary WAN fails while in Failover Mode and when Failover Monitor starts.
- Fixed issue in Load Balance Mode when a Disconnected WAN Interface would cause WAN Failover to error and crash when creating OpenVPN rules when OpenVPN Split Tunneling is Disabled.

 

[Stephen Harrington]

Script will now reset VPNMON-R2 if it is installed and running during Failover

Confirmed working now for my setup - 4G LTE USB stick as Secondary.

- An email notification will now be sent if the Secondary WAN fails while in Failover Mode and when Failover Monitor starts.

Confirmed as half-working!
That is - I DON'T get an email when I disconnect the USB stick, but I DO get an email when I reconnect the USB stick!

I'll PM you the logs via the usual method ...

 

[Ranger802004]

Confirmed working now for my setup - 4G LTE USB stick as Secondary.



Confirmed as half-working!
That is - I DON'T get an email when I disconnect the USB stick, but I DO get an email when I reconnect the USB stick!

I'll PM you the logs via the usual method ...

Review my notes I DMed you based on my findings in the logs.