Skip to content

Instantly share code, notes, and snippets.

@braian87b

braian87b/mwan3-notes.md

Last active October 22, 2023 12:33
Show Gist options
  • Star 42 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save braian87b/97a186b2e11b5aa438d8fd17de0eab20 to your computer and use it in GitHub Desktop.
Save braian87b/97a186b2e11b5aa438d8fd17de0eab20 to your computer and use it in GitHub Desktop.
Download ZIP
How to get MWAN3 Working Properly on OpenWRT / LEDE
Raw
mwan3-notes.md

In experience to get a proper working multiple wan configuration using mwan3 starting from scratch you should:

Important: this works well on OpenWRT 15.05.1, on newer versions there was some breaking changes, for example, the wan ifaces have ipv6 capability and now are named with letters ("wan, wanb... , wanc" instead of "wan, wan2... wan3" so wanb6 means 2nd wan ipv6.): https://github.com/openwrt/packages/blob/master/net/mwan3/files/etc/config/mwan3

The official documentation seems to be very detailed and up to date, I recommend reading those first: https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3 but I recommend to give a look at my config file below, since my approach for policyes is very nice.

First of all: Activate conntrack, docs says that is important and neccesary to get MWAN3 work properly, and it is needed to reboot:

Ensure the CONNTRACK module is enabled in OpenWrt mwan3 requires that the CONNTRACK module is enabled and active on its WAN interfaces. If the interfaces are in the "wan" firewall zone, and the "Masquerading" option is enabled for the firewall zone, the CONNTRACK module is enabled by default already (this is the default OpenWrt configuration) If masquerading/NAT is not enabled for the WAN interface (for example, if just routing without NAT is being using between the LAN and your different WAN interfaces), you need to add the following rule to the LAN and WAN zone configurations in your /etc/config/firewall:

uci set firewall.@zone[0].conntrack='1'
uci set firewall.@zone[1].conntrack='1'
uci commit
sync
reboot
  1. As you will have multiple wan''s you will need to tell the routing table the metric of each gateway, conventionally wan (first one) will have 10, and 2nd will have 20, and so on...

uci set network.wan.metric='10'

  1. if needed, remove port from switch, add that port to a new vlan in the switch, see vlan (probably if eth0 will be eth0.2 if the vlan is id 2, if you also had eth1 could depending on which tagged cpu, usually 1 or 5 in 4 ports routers, in this case it could be eth1.2), repeat this step as many addional wan's you will have (if you will have 3 wan's total, do it two times)

Sample for Additional VLAN 3 for WAN2: https://gist.github.com/braian87b/ab2dfdef72d507a18b057a5831eb1337

  1. define a new network, set IP (static or DHCP) assign corresponding metric, and ifname (as previous step)

    uci set network.wan2='interface'; uci set network.wan2.proto='dhcp' uci set network.wan2.metric='20' uci set network.wan2.ifname='eth0.2'

repeat this as many additional wan''s you will have.

  1. Assign that new network to wan zone on firewall (or create a new proper one with proper configuration and rules) uci add_list firewall.@zone[1].network='wan2' zone[1] is usually wan

  2. do a /etc/init.d/network restart and test or commit and save changes and reboot using uci commit; sync; reboot

  3. test specific connections using ping, wget or trace, here is how to use ping:

    ping -c 1 -I eth0.1 www.google.com

    ping -c 1 -I eth0.2 www.google.com

    ping -c 1 -I wan www.google.com

    ping -c 1 -I wan2 www.google.com

  4. now install mwan3 and luci-app-mwan3 if needed

  5. config mwan3 as needed, and remember to restart on each test or firewall change using:

/usr/sbin/mwan3 restart

you could use /usr/sbin/mwan3 status to diagnose.

Here is my /etc/config/mwan3 config file: https://gist.github.com/braian87b/126f20a920e7aabdd495afc861c2a22c it has some comments and explanations too.

Please pay attention to how I managed to create which members and which policyes and how I name them: only_1, then_1_2, more_1_2

only_ defines a only one wan

more_1_2 define a load balacing of wan and wan2 but using more wan than wan2...

then_1_2 define a failover using wan and if gets down, then use wan2.

if you need to have an equally balanced wan you could use someting like balanced_1_2 or equal_1_2

in experience 50-50 it is actually not needed in practice, and it is unpractical... and that naming convention is more verbose and easier to use and maintain that the default one too.

it is usefull to use just one letter, example C for Cable, or A for ADSL, F for FiberOptic or similar, or event a letter that relates to your ISP name, in that way you could do something like then_C12_A3 and that will crearly read as load balance Cable connection 1 and 2, and if both are down then use ADSL 3... etc.. (REMEMBER you just have 15 chars long in policy names)

IMPORTANT, to keep the entire OpenWRT/LEDE Enviroment Working you should leave wan as wan and not rename it to something else like wan1 or some things will stop working...

@braian87b
Copy link
Author

So if you discarded mwan3 issue you will need to take a look into openwrt forums then. mwan3 does not process anything just relies on routing table and iptables rules... take a look into your iptables rules and try changing conntrack also... find in forums about hardware nat also.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment