UDMP VLAN to WAN2 Policy Based Routing

0-vlan-to-wan2.md

Ubiquiti UDM-Pro Dual-WAN Setup Scripts

VLAN to WAN2 Policy Based Routing + Disable WAN Failover

Tested on UDM-Pro 1.10.0

The following scripts can be used on a UDM-Pro with on boot script to force specific vlans out WAN2 as well as prevent that traffic from going out wan1 and all other traffic from going out wan2 in the event one WAN is disconnected.

curl -fsSLo /mnt/data/on_boot.d/98-vlan_to_wan2.sh https://gist.githubusercontent.com/GlitchWitch/9833888842dbd7d0b42669faab4c4a4a/raw/9ede55da6820c65c3aeb5d0951a71855641b0041/98-vlan_to_wan2.sh 

curl -fsSLo /mnt/data/on_boot.d/99-disable_wan_failover.sh https://gist.githubusercontent.com/GlitchWitch/9833888842dbd7d0b42669faab4c4a4a/raw/9ede55da6820c65c3aeb5d0951a71855641b0041/99-disable_wan_failover.sh

chmod +x /mnt/data/on_boot.d/*.sh

Modify 98-vlan_to_wan2.sh and replace the three instances of 1337 with the desired vlan you wish to route out wan2.

Reference:

• https://community.ui.com/questions/UDM-Pro-and-dual-WAN-per-VLAN-or-even-WiFi-Network/39015cbb-77b3-4eac-af5b-788b20358c2f#answer/f74e3e71-8a81-4a38-a191-90a95270d2cd
• https://www.reddit.com/r/Starlink/comments/nxuf3x/starlink_and_udm_pro_with_policy_routing_on_wan2/

98-vlan_to_wan2.sh

#!/bin/sh
## 98-vlan_to_wan2.sh
## A script to add policy-based routing to send vlan2 to wan2 to the UDM-Pro
## Includes monitoring to re-add rules in the event of config changes
## Use in conjunction with 99-disable_wan_failover.sh


vlan1337_to_wan_monitor() {
        (while :; do
                    ip rule show | grep 32400 &> /dev/null ||
                        (ip rule add pref 32400 from all iif br1337 lookup 202)
                sleep 1
        done) &
}

vlan1337_to_wan_monitor

## Uncomment below to add an additional vlan to route out wan2
## Replace vlan1234 and br1234 with your desired vlan number

#run_vlan1234_to_wan_watcher() {
#        (while :; do
#                    ip rule show | grep 32401 &> /dev/null ||
#                        (ip rule add pref 32401 from all iif br1234 lookup 202)
#                sleep 1
#        done) &
#}

#run_vlan1234_to_wan_watcher

99-disable_wan_failover.sh

#!/bin/sh
## 99-disable_wan_failover.sh
## A script to disable WAN Failover for dual-wan setups that use policy-based routing from 98-vlan_to_wan2.sh
## Prevents vlan-to-wan2 traffic from going out wan1 and all other traffic from going out wan2


wan1_failover_monitor() {
        (while :; do
                    ip rule show | grep "from all lookup 202" &> /dev/null &&
                        (ip rule del pref 32766; ip rule add pref 32766 from all lookup 201)
                sleep 1
        done) &
}
wan1_failover_monitor

wan2_failover_monitor() {
        (while :; do
                    ip route show table 202 | grep "default" &> /dev/null ||
                        (ip route add blackhole 0.0.0.0/0 table 202)
                sleep 1
        done) &
}
wan2_failover_monitor