In experience to get a proper working multiple wan configuration using mwan3 starting from scratch you should:
Important: this works well on OpenWRT 15.05.1, on newer versions there was some breaking changes, for example, the wan ifaces have ipv6 capability and now are named with letters ("wan, wanb... , wanc" instead of "wan, wan2... wan3" so wanb6 means 2nd wan ipv6.): https://github.com/openwrt/packages/blob/master/net/mwan3/files/etc/config/mwan3
The official documentation seems to be very detailed and up to date, I recommend reading those first: https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3 but I recommend to give a look at my config file below, since my approach for policyes is very nice.
First of all: Activate conntrack, docs says that is important and neccesary to get MWAN3 work properly, and it is needed to reboot:
Ensure the CONNTRACK module is enabled in OpenWrt mwan3 requires that the CONNTRACK module is enabled and active on its WAN interfaces. If the interfaces are in the "wan" firewall zone, and the "Masquerading" option is enabled for the firewall zone, the CONNTRACK module is enabled by default already (this is the default OpenWrt configuration) If masquerading/NAT is not enabled for the WAN interface (for example, if just routing without NAT is being using between the LAN and your different WAN interfaces), you need to add the following rule to the LAN and WAN zone configurations in your /etc/config/firewall:
uci set firewall.@zone.conntrack='1' uci set firewall.@zone.conntrack='1' uci commit sync reboot
- As you will have multiple wan''s you will need to tell the routing table the metric of each gateway, conventionally wan (first one) will have 10, and 2nd will have 20, and so on...
uci set network.wan.metric='10'
- if needed, remove port from switch, add that port to a new vlan in the switch, see vlan (probably if eth0 will be eth0.2 if the vlan is id 2, if you also had eth1 could depending on which tagged cpu, usually 1 or 5 in 4 ports routers, in this case it could be eth1.2), repeat this step as many addional wan's you will have (if you will have 3 wan's total, do it two times)
Sample for Additional VLAN 3 for WAN2: https://gist.github.com/braian87b/ab2dfdef72d507a18b057a5831eb1337
define a new network, set IP (static or DHCP) assign corresponding metric, and ifname (as previous step)
uci set network.wan2='interface'; uci set network.wan2.proto='dhcp' uci set network.wan2.metric='20' uci set network.wan2.ifname='eth0.2'
repeat this as many additional wan''s you will have.
Assign that new network to wan zone on firewall (or create a new proper one with proper configuration and rules)
uci add_list firewall.@zone.network='wan2'zone is usually
/etc/init.d/network restartand test or commit and save changes and reboot using
uci commit; sync; reboot
test specific connections using ping, wget or trace, here is how to use ping:
ping -c 1 -I eth0.1 www.google.com
ping -c 1 -I eth0.2 www.google.com
ping -c 1 -I wan www.google.com
ping -c 1 -I wan2 www.google.com
now install mwan3 and luci-app-mwan3 if needed
config mwan3 as needed, and remember to restart on each test or firewall change using:
you could use
/usr/sbin/mwan3 status to diagnose.
Here is my
/etc/config/mwan3 config file: https://gist.github.com/braian87b/126f20a920e7aabdd495afc861c2a22c
it has some comments and explanations too.
Please pay attention to how I managed to create which members and which policyes and how I name them: only_1, then_1_2, more_1_2
only_ defines a only one wan
more_1_2 define a load balacing of wan and wan2 but using more wan than wan2...
then_1_2 define a failover using wan and if gets down, then use wan2.
if you need to have an equally balanced wan you could use someting like balanced_1_2 or equal_1_2
in experience 50-50 it is actually not needed in practice, and it is unpractical... and that naming convention is more verbose and easier to use and maintain that the default one too.
it is usefull to use just one letter, example C for Cable, or A for ADSL, F for FiberOptic or similar, or event a letter that relates to your ISP name, in that way you could do something like then_C12_A3 and that will crearly read as load balance Cable connection 1 and 2, and if both are down then use ADSL 3... etc.. (REMEMBER you just have 15 chars long in policy names)
IMPORTANT, to keep the entire OpenWRT/LEDE Enviroment Working you should leave wan as wan and not rename it to something else like wan1 or some things will stop working...