WANFailover Dual WAN Failover ***v2 Release***

[tarzan2000]

I would need debug logs to diagnose this further, I'd recommend opening up an issue in GitHub.

ok, done

 

[dane]

I have an ax86u on latest merlin firmware running Dual WAN failover. My 1G port fails over to my 2.5G port no problem. No other addons. So thank you.

I am interested in restricting access to the internet during failover to a subset of IPs and I'm not sure how to accomplish this. One kink perhaps is that I'm leveraging the vlans created by the router and the ip range I'd like to allow access is on the 501 vlan (192.168.101.0/24) while the 'main' network and most devices are on vlan 1 (192.168.50.0/24).

I tried doing something like this in my ssh session on router (read: not in startup script):

iptables -I OUTPUT 1 -s 192.168.50.0/24 -o eth5 -j DROP
iptables -I FORWARD 1 -s 192.168.50.0/24 -o eth5 -j DROP

The idea was to only allow traffic from the 192.168.101.0/24 network through the 2.5G port, but that did not seem have any effect.

Any thoughts on how to approach this?

 

[Ranger802004]

I have an ax86u on latest merlin firmware running Dual WAN failover. My 1G port fails over to my 2.5G port no problem. No other addons. So thank you.

I am interested in restricting access to the internet during failover to a subset of IPs and I'm not sure how to accomplish this. One kink perhaps is that I'm leveraging the vlans created by the router and the ip range I'd like to allow access is on the 501 vlan (192.168.101.0/24) while the 'main' network and most devices are on vlan 1 (192.168.50.0/24).

I tried doing something like this in my ssh session on router (read: not in startup script):


The idea was to only allow traffic from the 192.168.101.0/24 network through the 2.5G port, but that did not seem have any effect.

Any thoughts on how to approach this?

You would create ip rules to block the traffic, not ip table rules.

 

[dane]

You would create ip rules to block the traffic, not ip table rules.

why ?

 

[dane]

I tried to create separate thread inquiring about this but it was removed I guess because it is similar to my previous post. I'm not sure why iptable rules wouldn't work nor how to go about creating ip rules.

 

[oOMrYairOo]

Thanks for your work, after i installed in ssh amtm it said status: failover disabled, my main connection is fiber 100/1000 whit PPPOE the second wan is Cisco 881 4g whit sim card behind CGNAT of the cellular provider, why in the dual wan main menu says status: failover disabled after I enabled via asus webui?

 

[Ranger802004]

Thanks for your work, after i installed in ssh amtm it said status: failover disabled, my main connection is fiber 100/1000 whit PPPOE the second wan is Cisco 881 4g whit sim card behind CGNAT of the cellular provider, why in the dual wan main menu says status: failover disabled after I enabled via asus webui?

I’d recommend opening up an issue on GitHub for this.

 

[bmac.to]

Hi, I have recently setup a dual WAN on my Merlined AX68U. I have this setup as fail over and failback with the default Asus setup. It appears to check both DNS and a ping to determine WAN status. I believe it works fine but the only test I have is pulling the enet cable out for each connection.
What does this script offer over the default Asus setup? Are there bugs in the default setup that I have not seen yet? It looks as though this script only check ping for WAN status - is that true?

FYI, my WAN0 is a PPPoE connection which requires a specific VLAN connected to the WAN port, and WAN1 is connected to a cable modem through one of the enet ports. Strangely, if I setup the dual WAN with the cable modem on the WAN port, there is no way to get the PPPoE WAN to work as the VLAN setting only seems to apply to the WAN port.

 

[Ranger802004]

***v2.1.2-beta1 Released***

Release Notes:
Enhancements:
- General optimization
- Added 388.7 to supported firmware list
- Cron Job will now dynamically be created / removed to prevent continous attempts at running WAN Failover while it is active. When WAN Failover is killed and SCHEDULECRONJOB is set to Enabled it will be recreated on exit.

Fixes:
- General bug fixes

 

[Ranger802004]

***v2.1.2-beta1 Released***

Release Notes:
Enhancements:
- General optimization
- Added 388.7 to supported firmware list
- Cron Job will now dynamically be created / removed to prevent continous attempts at running WAN Failover while it is active. When WAN Failover is killed and SCHEDULECRONJOB is set to Enabled it will be recreated on exit.

Fixes:
- General bug fixes

Minor update released to fix a bug in beta1, released as v2.1.2-beta2, no new patch notes for this release.

 

[JuanGF]

what exactly does it do? what's the purpose of it?

I have eth0 for primary and ppp1 for secondary, I was testing 14 switchwan and it seems not to work, each traffic goes thru primary

I've scanned the readme file three times to try to look for an answer, if anyone is kind to explain what this config is about I'd appreciate.

The script is so great is just works without even understanding it, but I would like to know what all the configs are for. Thank you.

 

[badaz]

Hello! Thanks for this great script! I've been the script for around 2 weeks I think and I solved most of the problems I had at the beginning. At first I had fake positives with network failing over from wan0 to wan1 although wan0 connection was still ok, so I increased ping count and ping timeout and I believe I managed to get rid of it. Then I ran into the "status: unresponsive" problem and found out on this forum that I had to enable NVRAM checks, which I did and it seems to have solved this problem. Now I'm getting frequent WAN Failover Notifications by email. they go by pairs : first email saying that wan0 is connected and wan1 is disconnected, the second email saying both wans are connected. (therefore it leads me to think that no failover happened)

Therefore I have this question : is the script constantly monitoring wan1 and sending emails when wan1 loses connection although wan0 is still ok?

NB: I realised reading the logs that these events are accompanied by "NVRAM Check Failure Detected"

 

[Ranger802004]

Hello! Thanks for this great script! I've been the script for around 2 weeks I think and I solved most of the problems I had at the beginning. At first I had fake positives with network failing over from wan0 to wan1 although wan0 connection was still ok, so I increased ping count and ping timeout and I believe I managed to get rid of it. Then I ran into the "status: unresponsive" problem and found out on this forum that I had to enable NVRAM checks, which I did and it seems to have solved this problem. Now I'm getting frequent WAN Failover Notifications by email. they go by pairs : first email saying that wan0 is connected and wan1 is disconnected, the second email saying both wans are connected. (therefore it leads me to think that no failover happened)

Therefore I have this question : is the script constantly monitoring wan1 and sending emails when wan1 loses connection although wan0 is still ok?

NB: I realised reading the logs that these events are accompanied by "NVRAM Check Failure Detected"

Yes it monitors both WAN connections simultaneously.

 

[badaz]

Thanks for your answer. So the script sends an email even when there is no failover / failback? I'm asking because I believe I'm getting an email every time either of my WANs get a new IP lease from their respective ISP's DHCP although there is no failover happening and no perceptible loss of connection either (one email per ISP per day, around the same time everyday, as their DHCP lease time seems to be 24 hours). In other words, what are the conditions for an email to be sent (except for the conditions we can setup manually like system uptime)?

 

[Ranger802004]

Thanks for your answer. So the script sends an email even when there is no failover / failback? I'm asking because I believe I'm getting an email every time either of my WANs get a new IP lease from their respective ISP's DHCP although there is no failover happening and no perceptible loss of connection either (one email per ISP per day, around the same time everyday, as their DHCP lease time seems to be 24 hours). In other words, what are the conditions for an email to be sent (except for the conditions we can setup manually like system uptime)?

That would disrupt the monitoring of the WAN connections and cause it to send an email even if by the time it checks the connection again and it shows as CONNECTED.

 

[badaz]

Thanks. So the answer is the script sends an email as soon as one ping fails? Then I have one last question: what is the delay between 2 pings? Is it the "detect interval" that is found in the web UI?

 

[Ranger802004]

Thanks. So the answer is the script sends an email as soon as one ping fails? Then I have one last question: what is the delay between 2 pings? Is it the "detect interval" that is found in the web UI?

No in this scenario some of the supporting configuration gets reset due to the IP change (technically the WAN interface resets) so it has to back out and recheck it for the Gateway, assigned IP, etc to recreates rules/configuration for failover monitoring.

 

[badaz]

No in this scenario some of the supporting configuration gets reset due to the IP change (technically the WAN interface resets) so it has to back out and recheck it for the Gateway, assigned IP, etc to recreates rules/configuration for failover monitoring.

Ok. However I still don't understand why it sends an email then My understanding is that the script should send an email when a failover / failback is detected, or is it interpreted as a failback maybe ? I guess I will look more closely at the logs and the script itself ! Thanks again.

 

[Ranger802004]

Ok. However I still don't understand why it sends an email then My understanding is that the script should send an email when a failover / failback is detected, or is it interpreted as a failback maybe ? I guess I will look more closely at the logs and the script itself ! Thanks again.

It will send for failures too for example if WAN0 is online and working but WAN1 goes down.

 

[Ranger802004]

***v2.1.2-beta3 Release***

Release Notes:
Enhancements:
- General optimization
- Added 388.7 to supported firmware list
- Cron Job will now dynamically be created / removed to prevent continous attempts at running WAN Failover while it is active. When WAN Failover is killed and SCHEDULECRONJOB is set to Enabled it will be recreated on exit.
- Capture mode will output the capture file created when exited.