1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato MultiWAN

Discussion in 'Tomato Firmware' started by shibby20, Dec 8, 2015.

  1. joksi

    joksi Reformed Router Member

    When I tested wired WAN together with secondary WAN as WLAN client, I had the same issue (connected but not working). Presumably some kind of bug.

    You cannot set priority 0 and use policy routing, cause there is no routes in standby. I have personally requested this mode in an earlier post. However, what you can do is for example set priority 255 on WAN1 and 1 on WAN2, which should result in WAN2 not beeing used (load balanced), but still being able to route specific traffic out WAN2 by policy routing because it's no longe in standby. I'm doing it that way.
     
    jsantosv likes this.
  2. jsantosv

    jsantosv Network Newbie Member

    Thanks! Well, what I did was use an old DIR-300 with DD-WRT I had lying around. Set it up as client for the hotspot, connect through LAN to the RT-N66U. Everything worked first try.

    Followed your recommendation about routing with load balancing and yes, it works perfectly. Only annoyance is that I have to log in in the router and disconnect WAN2 every time I turn off the hotspot, because WAN2 still gets DHCP from the other router and tomato thinks it's still connected to the internet. But other than that, everything runs smoothly.
     
  3. joksi

    joksi Reformed Router Member

    Happy to hear it works for you too!
    That should'nt be a problem, if you set up the watchdog under Basic network. Put one or two IP/domains as targets and Tomato will remove WAN2 from the routing table when you turn off the hotspot and restore it again when you turn it on. If you are already using the watchdog, maybe try changing default traceroute to ping on WAN2.
     
  4. Lorenceo

    Lorenceo Networkin' Nut Member

    I've been testing two WANs on an R7000. Both are PPPoE based VDSL connections.
    Have run into some issues with it:

    1. The VLAN settings refuse to save correctly. It won't let me remove the LAN from the ports. I apply the settings, the router reboots, however when it comes back on the WAN2 ports are set, but LAN is still apparently active on them:

    upload_2016-11-21_13-12-30.png

    2. The router appears to only be using WAN1's DNS. WAN1 and 2 are with different ISPs, and some traffic being directed out of WAN2 is pulling from CDN nodes on WAN1's ISP's network, which seems to result in poorer performance. It'd be nice if the DNS queries from each WAN used their respective DNS servers.
    3. The connection balancing is not as aggressive as expected, when compared to PFsense. The only things which seem to take advantage of the extra WAN to combine throughput are torrents and Steam downloads. Other multi threaded applications such as speedtest.net end up only using one WAN connection. It'd be nice if we could change how aggressive the router pushes connections from the various WAN connections.
     
  5. remlei

    remlei Networkin' Nut Member

    1. you can fix the vlan issue in v138 by setting up the vlan setting on v137 and upgrade to v138 without clearing the nvram.

    2. it can be done via firewall script I think but that's too hassle for me to do. although I can easily solve this by using openwrt's mwan3 with ipset and sticky connection. One thing that I know is Google hates multi-wan (multiple ip addresses) accessing their services, one thing that I noticed is the perfomance when loading gmail webpage under multiwan config vs a standalone wan config, standalone wan config can outrun the webpage load times far more greater than multiwan setup, were talking about 5 second load time vs 40sec load time.
     
  6. Lorenceo

    Lorenceo Networkin' Nut Member

    I've gotten around the VLAN config issue. Both VDSL lines use VLAN 10 tagging. I now have both modems connected together, with one modem set to do the VLAN 10 tagging for the DSL, and the other set to just bridge mode.

    Set up as below:
    upload_2016-11-21_18-28-15.png

    WAN port on router to LAN1 on modem 1. LAN2 on modem 1 to LAN1 on modem 2. The router sends out both untagged PPPoE packets and VLAN 10 tagged PPPoE packets. They each find their way to their respective modem and authenticate.

    Are there any plans for MLPPP to be implemented on the MultiWAN builds? It'd be cool to get the second VDSL line changed over to my main ISP, and combine the throughput of both without the need for the router to do any load balancing at all.
     
    Last edited: Nov 21, 2016
  7. joksi

    joksi Reformed Router Member

    2. Same issue here, already reported earlier in this thread but to no avail. DNSmaqs config is always using WAN1 DNS-servers in load balancing mode, until WAN1 is unavailable then it changes to another active WAN connections DNS-servers.

    3. I don't think you can change the"aggressivenes", Tomato is using Linux built-in ip route multihop.
     
  8. charsi

    charsi New Member Member

    Although I am facing the same issue I think the bug is gui only and the lan port is working as WAN correctly for me.

    I can report a separate bug however. I am using DNScrypt because my ISP on WAN1 hijacks the DNS requests and sends them to its own server. When using multiwan (with second WAN configured as fallback) when the first ISP goes down the DNS stops working. This is probably because DNScrypt is still trying to connect through WAN1 instead of WAN2 as it should. I have to manually turn off DNScrypt each time internet connection on WAN 1 fails.

    Another possible bug (or I might be understanding this incorrectly) -
    I want my NAS to only connect via WAN1 as it downloads torrents and only the ISP on WAN1 allows unlimited downloads. I have created rules for the same (based on ip) in advanced multiwan options. However when WAN1 goes down the NAS is still able to connect to the internet via WAN 2.
     
    Last edited: Dec 6, 2016
  9. joksi

    joksi Reformed Router Member

    This is probably not a bug, just the way it was designed. Maybe there should be like a checkbox beside each rule that is strictly enforcing it.
    However, in the meantime you can easily achieve the same by saving an IP-table rule in the firewall script that drops traffic from said IP on WAN2, which effectively results in that host not being able to access the internet at all when WAN1 goes down.
     
    charsi likes this.
  10. stormy

    stormy Networkin' Nut Member

    MultiWAN with VPN Client - constantly disconnecting

    Got a 1.28 MIPSR1-138 K26 IPv6-VPN firmware running on a linksys router with 2 ISPs, multiWAN is configured and working nicely!

    EXCEPT... it seems to be incompatible with VPN Clients.....

    Took a CISCO VOIP phone, that is building a VPN tunnel to the provider, and that thing now constantly disconnect/reconnects (it does manage to get a secure vpn/IP, but shortly after drops and reconnects).

    I suspect b/c the VPN tunnel is thought to be "hacked" once the ISP changes underneath it (due to MultiWAN :)

    Setup the MAC address in the Advanced/MultiWAN Routing of SOURCE to map to WAN1 or WAN2, also tried to add the (internal IP) of the voip phone to map to wan1 or wan2, but no matter what, the phone constantly reconnects after few minutes...

    Did another simple test, connecting using a smartphone and activating any VPN app, fails to work.. constantly reconnects...

    Is there any hack to let the MultiWAN code somehow know this VPN traffic (from MAC or [internal] IP) should always go to specific ISP (if it is UP)?

    Thanks.
     
  11. joksi

    joksi Reformed Router Member

    You seem to have configured it right, however Im sorry to have to say it but the MULTIWAN releases are unfortunately pretty buggy in several setups. Also last version is like half a year old, development seems to have been stopped or something...
     
  12. stormy

    stormy Networkin' Nut Member

    EDIT: In summary, reading above, folks already report: "already reported earlier in this thread but to no avail. DNSmaqs config is always using WAN1 DNS-servers in load balancing mode", I've played with DNS IPs and got it a bit better than described below.


    I'm just wondering how/if anyone tried a VPN client over MultiWAN.. it might not be a "bug" but "intended behavior", although the MAC/IP should still be visible even with VPN, so it should stay on same ISP.

    Another question different question (not sure if to open a new thread or not), on diff setup, I got ISP1 & ISP2, each provides fixed IP (FIP1) & FIP2.

    set up MultiWAN with Static IPs for wan1/wan2. Set the watchdog timeout (since it's static IP - tried both traceroute & ping), to 1 minute, and tested two simple cases of "no internet" to one of the two isps, although in both cases the tomato router is seeing lines always "connected" (since static IPs are assigned), so watchdog is used.

    1) pull DSL wire from ISP2 (WAN2), so no internet on WAN2 (but WAN1 has internet). In this case, service is interrupted shortly, then things work on ISP1.

    2) pull DSL wirefrom ISP1 (WAN1), so no internet on WAN1 (but WAN2 has internet). In this case all operations STALL, b/c DNS is not-functioning!! can telneting into the router and running nslookup proves dns is broken:

    root@tomato3:/# nslookup google.com 127.0.0.1
    Server: 127.0.0.1
    Address 1: 127.0.0.1 localhost
    Name: google.com

    there, stalls indefinitely, but pinging the google.com IP works fine from inside router:

    root@tomato3:/tmp# ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8): 56 data bytes
    64 bytes from 8.8.8.8: seq=38 ttl=43 time=83.171 ms
    64 bytes from 8.8.8.8: seq=39 ttl=43 time=83.892 ms
    64 bytes from 8.8.8.8: seq=40 ttl=43 time=82.134 ms
    64 bytes from 8.8.8.8: seq=41 ttl=43 time=84.543 ms

    but ... this never returns:

    root@tomato3:/tmp# nslookup 8.8.8.8
    Server: 127.0.0.1
    Address 1: 127.0.0.1 localhost

    Name: 8.8.8.8
    Address 1: 8.8.8.8

    in both cases the tmp files reflect the correct state (0=off, 1=on) of the WANs, this is second case so, WAN1 is offline.:

    root@tomato3:/tmp# cat state_wan
    0
    root@tomato3:/tmp# cat state_wan2
    1

    It seems like a DNS issue, b/c simple queries cannot lookup, while at the same time the router can ping ANY *IP* on the net (using WAN2), just not resolve any names.

    I've not done anything fancy with regards to DNS, looking in /etc/resolv.conf it has 127.0.0.1, question how to know the REAL dns servers? why is dns stuck?

    In all places I've placed 8.8.8.8/8.8.4.4 as the DNS servers as manual setting, and that is seen in nvram show as:

    wan2_dns=8.8.8.8 8.8.4.4
    wan2_dns_auto=0
    wan2_get_dns=
    wan_dns=8.8.8.8 8.8.4.4
    wan_dns_auto=0
    wan_get_dns=

    also on the router:

    root@tomato3:/tmp/etc# cat resolv.conf
    nameserver 127.0.0.1
    root@tomato3:/tmp/etc# cat resolv.dnsmasq
    nameserver 8.8.8.8
    nameserver 8.8.4.4

    dnsmasq.conf has basic stuff:

    root@tomato3:/tmp/etc# cat dnsmasq.conf
    pid-file=/var/run/dnsmasq.pid
    resolv-file=/etc/resolv.dnsmasq
    addn-hosts=/etc/dnsmasq/hosts
    dhcp-hostsfile=/etc/dnsmasq/dhcp
    expand-hosts
    min-port=4096
    stop-dns-rebind
    rebind-localhost-ok
    interface=br0
    dhcp-range=tag:br0,192.168.1.100,192.168.1.250,255.255.255.0,1440m
    dhcp-option=tag:br0,3,192.168.1.3
    dhcp-lease-max=255
    dhcp-authoritative

    any clue? or better place to post this, why is WAN offline causes DNS "stalls" and WAN2 down does not?

    Thanks, Stormy.
     
    Last edited: Jan 4, 2017
  13. stormy

    stormy Networkin' Nut Member

    Is MAC filtering working for anyone with MultiWAN? I'm using 1.28 MIPSR1-138 K26 IPv6-VPN firmware, 2 ISPs, set 1 rule for protocol ALL, source address a PC's MAC, dest: all, to go on WAN1, but running whatis my ip from that PC keeps changing the IP.. I did press SAVE and restart the router, copy and pasted the MAC from the device list, so it must be right... what the router is actually seeing.

    Is the MultiWAN filtering rules working for anyone?

    EDIT: Personally, I don't care that IP changes, however, downloads of large ISO files, etc. stops mid-way, probably b/c the dest server is seeing requests coming from both IPs so connection drops... and downloads stall. Need a way to fix a PC/client/MAC/IP to a given WAN, if that is down, go to other, and stay there until original one is back online.
     
    Last edited: Jan 4, 2017
  14. stormy

    stormy Networkin' Nut Member

    Finally, a more fundamental question regarding MultiWAN's rule option. It seems that setting PC1's MAC/IP to go on WAN1, then if WAN1 is offline, traffic to PC1 is halted completely.. is there anyway to say, load balance, PC1 on WAN1, BUT, if wan1 is down, use any other available WAN, once WAN1 is back, reenforce the rule and put PC1 back to WAN1. Just tested, and see that if WAN1 is down, all PCs assigned to that wan are completely offline, which defeats the purpose of multiwan. Setting back backup/failover mode is a huge waste of bandwidth when there is NO failure, which is 99% of the times :)

    Thoughts?
     
  15. stormy

    stormy Networkin' Nut Member

    ok, found that there are many false detection (USING PING) of wan going down, just grep 0 /tmp/state* every 10 sec, and every few minutes it shows: state_wan:0, that is not correct, b/c constant ping -I <wan> on both wans separately shows no outages..

    This was with "1" minute watchdog.. so moved to 3 minutes.. no diff, just longer interval between these failures.. it only became much worse, b/c it took 3+ minutes to get OUT of this false "outage", all this time, pings are streaming on other windows via the specific interface (using ping -I)...

    default 'traceroute' detection method did not find any outages, even when physically pull cable from any ISP's box :)

    I guess this h/w is not strong enough... need to look for alternatives :)

    Thanks.. (still curious on question in post immediately above this one)
     
  16. information-house

    information-house New Member Member

    Hello!

    WHAT WORKS:
    Once I have only one wan connection it will work like a charm. Just plug and play. But when I use multiple wan connections everything stops working.

    WHAT I TRY TO DO:
    I have been trying to setup multiwan functionality for few days now and I have failed to get it to work.I have setup 2 wired WAN and WAN2. Then I have added one wireless frequency for WAN3.

    HARDWARE SETUP:
    I have 1xHuawei4G, 1xAsus4G and 1xTP-Link4G. These 3 Routers take in 3x4G connections. ISP is same for all connections.

    Huawei is in 192.168.8.1
    subnet 255.255.255.0

    Asus is in 192.168.3.1
    subnet 255.255.254.0

    TP-Link is in 192.168.12.1
    subnet 255.255.255.0

    Then I have tomato installed in RT-N66U Which is connected to all of these 3 routers.

    TOMATO SESTUP:
    First I have setup VLAN. There was bug with GUI, so I had to do it with terminal.
    VLAN 1 VID 1 PORTS 1,2,3 default* Bridge: LAN
    VLAN 2 VID 2 PORTS WAN Bridge: WAN
    VLAN 3 VID 3 PORTS 4 Bridge: WAN2
    VLAN 4 VID 4 PORTS (none since it's wireless) Bridge: WAN3

    When I use DHCP to automatically get connections it will just keep renewing connection and subnetmaks will stay as 0.0.0.0 For all WAN, WAN2 and WAN3. So it looks like it's not working.

    When I use static addresses, So I choose ip from routers
    WAN: ip range such as 192.168.3.117
    gateway is set as 192.168.3.1
    subnetmask is set as 255.255.254.0
    dns is set as 192.168.3.1

    WAN2: ip range such as 192.168.8.117
    gateway is set as 192.168.8.1
    subnetmask is set as 255.255.255.0
    dns is set as 192.168.8.1

    WAN3: ip range such as 192.168.12.117
    gateway is set as 192.168.12.1
    subnetmask is set as 255.255.255.0
    dns is set as 192.168.12.1

    With these settings I get all 3 WAN connections listed as "connected", but still I have no connection to Internet, no connection to other routers.

    Do I need to setup still something more? Is there some bugs that I should be aware? Any help is appreciated.

    If it helps, I can provide screenshots of settings too.
     
  17. ziddey

    ziddey Network Guru Member

    I'm running into an issue with an Asus RT-N66.

    I'm trying to setup WAN1 normally using the WAN port, and WAN2 as a wireless client (5ghz). Setting up either by itself works fine as expected. However, once I add the VLAN and setup WAN2, the ethernet WAN will no longer pull an IP address. Setting it statically doesn't help either. These networks are in different subnets.

    I've tested both the N and AC builds with the same results. Full NVRAM reset each time.

    Any clues? The only change I'm making each time is changing the mac address for eth2 (5ghz).
     
  18. tcsoft

    tcsoft LI Guru Member

    132 was rockstable. upgraded to 138, wiped nvram. did all config from scratch. now on wan1/pptp the keepalive setting is not respected anymore. my guess is, this is a bug related to multiwan feature.

    Gesendet von meinem Nexus 9 mit Tapatalk
     
  19. tcsoft

    tcsoft LI Guru Member

    followup: seems like there are some firewalling issues. the pptp service does successfully establish a new connection after a timeout. but no internet access though. seems like no traffic forwared through wan1.

    Gesendet von meinem Nexus 9 mit Tapatalk
     
  20. Evengard

    Evengard New Member Member

    Stumbled upon a bug in multiwan. My configuration:
    wan1 - failover provider
    wan2 - main provider
    Both wan1 and wan2 configured to receive IP + DNS from DHCP

    Even when wan2 is up and running fine, /etc/resolv.dnsmasq is still populated with DNS servers, received from wan1 DHCP, instead of wan2.
     

Share This Page