Dual dynamic IP Wan for Tomato

Discussion in 'Tomato Firmware' started by mstombs, Sep 19, 2007.

  1. mstombs

    mstombs Network Guru Member

    Its been mentioned in a number of threads some time ago, but I just got around to trying on my wrt54gs 1.1 running Tomato 1.07.

    There are lots of posts/wiki entries for dual WAN with dd-wrt,


    but all as far as I can see assume static IP addresses, I currently have (while changing over) dynamic cable and adsl dhcp connections. OpenWrt seems to be able to handle this http://wiki.openwrt.org/multipleWan (No Web GUI to break!)

    Here's one way of attempting this in Tomato

    Before dabbling the following nvram variables define port 0 of the 5 port switch WAN = vlan1, and the 1-4 LAN ports vlan0. [seems 5 is internal CPU side]

    vlan0ports=1 2 3 4 5*
    vlan1ports=0 5

    The following 'once off' commands separate off LAN port 4 as a separate vlan2.

    nvram set vlan0ports="1 2 3 5*"
    nvram set vlan2hwname=et0
    nvram set vlan2ports="4 5"
    nvram commit
    reboot to take effect - the vlan code must be in the kernel somewhere... the variables then can be checked to

    vlan0ports=1 2 3 5*
    vlan1ports=0 5
    vlan2ports=4 5
    Then create an executable udhpc action script in /jffs/wan2up.sh

    # udhcpc simple.script for Tomato dual dynamic wan
    [ -z "$1" ] && echo "Error: should be called with parameter from udhcpc" && exit 1
    if [ "$interface" = "vlan2" ]; then # only handle vlan2 here
     case "$1" in
       logger vlan2 udhcpc bound request to IP "$ip" NM "$subnet" received
       /sbin/ifconfig $interface $ip netmask "$subnet"
       /sbin/route add -host "$router" dev "$interface"
       nvram set wan2_ipaddr="$ip"
       nvram set wan2_netmask="$subnet"
       nvram set wan2_gateway="$router"
       nvram set wan2_get_dns="$dns"
       nvram set wan2_server="$serverid"
    #      nvram commit
       logger vlan2 udhcpc RENEW request to IP "$ip" NM "$subnet" received
       logger vlan2 udhcpc deconfigure request receieved
       /sbin/ifconfig $interface
       /sbin/route del -host "$(nvram get wan2_gateway)" dev "$interface"
       nvram set wan2_ipaddr=""
       nvram set wan2_gateway=""
    #      nvram commit
        logger vlan2 udhcpc unknown "$@" request received
    exit 0
    and invoke a second copy of udhcpc with

    udhcpc -i vlan2 -s /jffs/wan2up.sh -H wrt54gs
    which seems to work, vlan2 appears in the device list, gets the right IP address,and adds entries to the route table and creates the right variables. Haven't yet tried to activate the internet through this connection, but it doesn't break the vlan1 connection, or web interface!
    neroanelli likes this.
  2. u3gyxap

    u3gyxap Network Guru Member

    Good work :)
  3. GeeTek

    GeeTek Guest

    When you get a compliment like that from a guy like that, you can be sure that you are doing pretty damned good !
  4. mstombs

    mstombs Network Guru Member

    Update: [not helped by dd-wrt wiki being unavailable, while I have exclusive access to router!] I can use script commands to switch WAN connection BUT the examples I am copying assume both connections are static - doesn't look to be easy to not break web configured interface... (and if I wanted to bypass and reproduce all the core functionality I should have started with OpenWrt!)

    Also while it is working, the second udhcpc is struggling to renew the vlan2 IP from my half-bridge adsl modem (60 second lease 30 second renewals), going to investigate Wireshark to see which end router or modem (which is also running udhcpd) is not happy example:-

    Sep 21 00:56:14 wrt54gs local0.info udhcpc[2069]: Lease of A.B.C.D obtained, lease time 60
    Sep 21 00:56:15 wrt54gs user.notice root: vlan2 udhcpc RENEW request to IP A.B.C.D NM received
    Sep 21 00:56:45 wrt54gs local0.debug udhcpc[2069]: Sending renew...
    Sep 21 00:56:56 wrt54gs local0.debug udhcpc[2069]: Sending renew...
    Sep 21 00:57:01 wrt54gs local0.debug udhcpc[2069]: Sending renew...
    Sep 21 00:57:04 wrt54gs local0.debug udhcpc[2069]: Sending renew...
    Sep 21 00:57:05 wrt54gs local0.debug udhcpc[2069]: Sending renew...
    Sep 21 00:57:06 wrt54gs local0.info udhcpc[2069]: Entering rebinding state
    Sep 21 00:57:07 wrt54gs local0.debug udhcpc[2069]: Sending renew...
    Sep 21 00:57:07 wrt54gs local0.info udhcpc[2069]: Lease of A.B.C.D obtained, lease time 60
    Sep 21 00:57:07 wrt54gs user.notice root: vlan2 udhcpc RENEW request to IP A.B.C.D NM received
    using "-m" to reduce packet size doesn't help

    I've also noticed that if the modem not plugged in udhcpc eventually gives up trying, needs to be killed and restarted - I'm pretty sure the main one also does this causing occasional problems.
  5. mstombs

    mstombs Network Guru Member

    OK I'm not going to solve the above problem and try to set up simultaneous dual WANs - that's too complicated and not appropriate for Tomato (IMHO). But I have found a simple way to switch the WAN connection cleanly which seems to work really well, sorting out the ISP DNS server changeover etc:-


    OIF=$(nvram get wan_iface)
    if [ "$OIF" = "vlan1" ]; then
    logger wanswitch from $OIF to $NIF
    # stop WAN
    service wan stop
    # swap active interface
    nvram set wan_iface="$NIF"
    nvram set wan_ifname="$NIF"
    nvram set wan_ifnames="$NIF"
    # restart WAN
    service wan start
    Note this doesn't need the second copy of udhcpc or the custom action script - just the 'once off' commands in the first post to create vlan2, and plug modems into WAN and LAN port 4!
  6. so does this means it's currently not possible to use a tomato'd wrt54gl with dual dynamic ip wan connections?
  7. mstombs

    mstombs Network Guru Member

    To redefine the vlans on a GL you need also to set a nvram variable manual_boot_nv to 1 as per this thread


    You should be able to do the manual switching between connections as above, which worked fine the Web Gui etc all understand the change of WAN interface from vlan1 to vlan2. I never fixed the issue above with simultaneous use, although I did get a bit further with analyzing the second WAN dhcp issue using wireshark - I didn't solve it - some messages were using the wrong source IP/MAC I recall. I didn't pursue further because the whole web interface and core logic only expects one WAN connection. Bypassing the Web screen and doing everything from script seems to be against the Tomato philosophy!
  8. ng12345

    ng12345 LI Guru Member

    What do you mean by "once off" commands? Do we put these in the "init" script section or do you run those commands through telnet?

    I'm interested in having a 2nd WAN port to host a backup ISP in case of downtime. It would be nice to do some load balancing, but based on what I've read, one computer can not use two connections at once, but instead two computers could each use their own -- is this correct?

    Thanks for your input!
  9. mstombs

    mstombs Network Guru Member

    Watch out if you have a WRT54GL, GSV4 or others that redefine the vlan vars - see "nvram variable manual_boot_nv to 1" 2 posts above.

    By on-off commands I mean these from the first post, you execute from command line, ssh or telnet.

    First check what your variables are with, for example

    nvram show|grep vlan
    Then add definitions for vlan2

    nvram set vlan0ports="1 2 3 5*"
    nvram set vlan2hwname=et0
    nvram set vlan2ports="4 5"
    nvram commit
    Then reboot, and vlan2 should have been created, check it is there with

    ifconfig vlan2
    Edit: Head over to dd-wrt forums for updates on dual dynamic WAN there:-
  10. itanium

    itanium Addicted to LI Member

    Will it do load balancing?
  11. tismon

    tismon Serious Server Member

    I realize that this is old, but it's between this and skyanvi1's full load-balancing setup and this seems more appropriate for my goal. All that I'm trying to do is get fail-over functionality if the WAN goes down, switch to LAN #, then a second script to run only when using LAN # every 15-30min to see if the primary WAN is back up and switch back.

    Basically, does this still work for the first goal? I can't see any test to see if the WAN is down. Though I'm not sure if that was intended at that point. As many have tried/used, a series of pings should give at least basic testing functionality. And assuming that you still have the same IP assigned when the primary WAN comes back up, a ping to that IP (stored in nvram before the initial failover) every 15min should give a decent test. If it isn't the same IP, then your ISP has there's a good chance that it has been assigned to another relatively nearby modem and would then switch WANs, fail and then not have an IP to test; making it a manual task to switch back.
  12. mstombs

    mstombs Network Guru Member

    The manual changeover worked and has the advantage all core tomato functions work, port forwarding, dyndns traffic etc, but I never sorted out keeping both dynamic dhcp wan IPs live at the same time. Sure its not too hard, but I'm sure c-code source fixes essential. I did look at Chinese tomato dualwan which apparently has implemented this, and despite the fact its not open-source, possibly trojan filled - it just didn't work with short leases on my half-bridge router - early versions included readable scripts for loadbalancing/ ping monitoring etc.
    Asus source-code has dual wan developments, which can be enabled if you compile yourself or use certain rmerlin rebuilds. It nearly works - they have a separate binary wanduck (open source) which uses a variety of techniques (ping and kernel traffic counters) depending on the wan connection type to determine when to switch. In my tests the failure detection didn't work well, meaning load balancing broke, and in failover mode it could never recover. Again was probably my half-bridge modems the issue, both my cable isp and my own code on adsl modem fall back to a local ip when external cables removed, need to use some windoze technology to report a local connection is made but no connection to the internet! I am not sure why it seems so hard for Linux to even report media detection on the wan port, or do 'dead gateway detection' - I'm sure the kernel/drivers know!

    To do this properly you need load balancing with dynamic allocation depending on performance, with ability to mark specific routes/services down specific wans, and need failover and recovery. I like the sound of the openwrt multiwan developments, http://wiki.openwrt.org/doc/uci/multiwan but haven't tried. OpenWRT have the advantage of being able to use latest kernels, but have always had problems with Broadcom's closed source wireless and switch drivers (open source versions always WIP!).
  13. tismon

    tismon Serious Server Member

    Thanks for the quick reply and I'm sorry that I haven't done the same.
    By manual changeover, do you mean the fail over to the second WAN script? If so, then that's all that I was planning. If not, then I'm not really sure which part worked.

    If push comes to shove, I can always find a $15 router that supports DD-WRT and use it as a separate fail over monitor that would provide the WAN.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice