Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
WAN backup routing via LTE
### WAN backup routing via LTE ###
# A Linux device, such as PC Engines APU, can be equipped with an LTE modem, but
# sometimes it's desirable to use the mobile connection only if the wired
# connection is unavailable.
# The following scenario is for Debian 9 on an APU box, but it's also
# applicable to any other Linux device.
# The DHCP client is tweaked to ignore the DNS server addresses that are
# coming with DCHP offer. Otherwise, the LTE provider may provide DNS addresses
# that are not usable via the ethernet WAN link.
# The "ifmetric" package allows setting metrics in interface definitions
# in Debian. This way we can have two default routes with a preferred metric
# over LAN interface. The default route with lower metric is chosen for
# outbound traffic.
# The watchdog process checks availability of a well-known public IP address
# over each of the uplinks, and shuts down and brings up again the corresponding
# interface. It only protects from next-hop failures. If you want to protect
# from failures in the whole WAN service, you need to increase the Ethernet port
# metric if it fails, and then start checking the connectivity, and lower the
# metric when it's stable again.
# Also the second NIC on the box is configured to provide DHCP address
# and to NAT all outbound traffic.
# enable IP routing
cat >/etc/sysctl.d/local.conf <<'EOT'
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
EOT
apt-get update && apt-get install -y ifmetric iptables-persistent
# configure two uplinks with corresponding metrics
# The LTE modem setup scripts are taken from
# https://github.com/ssinyagin/wwan_udev_rules/blob/master/Huawei_ME909s-120.sh
cat >/etc/network/interfaces <<'EOT'
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
EOT
# Primary Ethernet uplink
cat >/etc/network/interfaces.d/enp1s0 <<'EOT'
auto enp1s0
iface enp1s0 inet dhcp
metric 10
EOT
# Secondary LTE uplink
cat >/etc/network/interfaces.d/lte0 <<'EOT'
allow-hotplug lte0
iface lte0 inet dhcp
metric 20
pre-up /usr/sbin/chat -v -f /etc/chatscripts/sunrise.HUAWEI >/dev/ttyWWAN02 </dev/ttyWWAN02
post-down /usr/sbin/chat -v -f /etc/chatscripts/gsm_off.HUAWEI >/dev/ttyWWAN02 </dev/ttyWWAN02
EOT
# This prevents dhclient from updating /etc/resolver.conf
cat >/etc/dhcp/dhclient-enter-hooks.d/nodnsupdate <<'EOT'
make_resolv_conf() {
:
}
EOT
# Public DNS resolvers
cat >/etc/resolv.conf <<'EOT'
nameserver 8.8.8.8
nameserver 1.1.1.1
EOT
# LAN port providing DHCP, DNS, and default route
cat >/etc/network/interfaces.d/enp2s0 <<'EOT'
auto enp2s0
iface enp2s0 inet static
address 172.30.30.1
netmask 255.255.255.0
EOT
cat >/etc/dnsmasq.d/enp2s0 <<'EOT'
dhcp-range=172.30.30.50,172.30.30.150,1h
EOT
# NAT rules for outbound traffic
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o lte0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
iptables-save >/etc/iptables/rules.v4
### Watchdog script ###
apt-get install -y fping
echo 'DEVS="enp1s0 lte0"' >/usr/local/etc/wireless_watchdog
cat >/usr/local/sbin/wireless_watchdog <<'EOT'
#!/bin/sh
LOGFILE=/var/log/wireless_watchdog
. /usr/local/etc/wireless_watchdog
if [ x"$DEVS" = x ]; then
echo missing DEVS variable 1>&2
exit 1
fi
for dev in ${DEVS}; do
if ! fping -I ${dev} -q 8.8.8.8 ; then
logger -p user.notice -t wireless_watchdog \
Internet is unreachable on ${dev}, restarting ${dev}
date >>$LOGFILE
echo restarting ${dev} >>$LOGFILE
/sbin/ifdown ${dev} >>$LOGFILE 2>&1
sleep 5
/sbin/ifup ${dev} >>$LOGFILE 2>&1
fi
done
EOT
chmod u+x /usr/local/sbin/wireless_watchdog
cat >/etc/cron.d/wireless_watchdog <<'EOT'
*/2 * * * * root /usr/local/sbin/wireless_watchdog
EOT
cat >/etc/logrotate.d/wireless_watchdog <<'EOT'
/var/log/wireless_watchdog {
rotate 6
monthly
compress
missingok
notifempty
}
EOT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.