Asus routers has builtin DualWan in two modes. First one, Failover disables second WAN until first one stop works so you cannot use it. Loadbalancing – no one know what it is doing, it has closed sources and you do not know when do you connect which interface. First disable builtin DualWAN and leave as main WAN.
I will describe dual wan with dual default gateways: First cable WAN and second USB hilink modem. We want use main WAN but some apps just bind to second WAN. It is called Source Based Routing. We will use iproute2 and routing tables. Basically we will set rule: if source address is from app using second wan interface use other table rule with other default gateway/router. You can create much more than two.
Check that you have routing tables, if not create one:
cat /etc/iproute2/rt_tables |
100 wan0
111 ovpnc1
112 ovpnc2
113 ovpnc3
114 ovpnc4
115 ovpnc5
200 wan1
We will use wan1, if it is empty:
ip route list table wan1 |
My second WAN is USB Modem HiLink so I have to manually turn on the modem on Asus Router via command line. Router has preinstalled drivers. So just look in dmesg which interface it brings:
dmesg | grep usb dmesg | grep USB |
cdc_ether 2-2:1.0: eth3: register 'cdc_ether' at usb-0000:00:0a.1-2, CDC Ethernet Device
My interface for 3G usb modem is eth3. Bring it up:
ifconfig eth3 up |
We have to assign ip address, mask and subnet to this interface. Asus has dhcp client called: udhcpc. It works but you have to create script:
touch /jffs/scripts/udh.sh chmod +x /jffs/scripts/udh.sh nano /jffs/scripts/udh.sh |
Content of udh.sh
#!/bin/sh #set route table for second wan TABLE="wan1" [ -n "$1" ] || { echo "Error: should be called from udhcpc"; exit 1; } [ -n "$broadcast" ] && BROADCAST="broadcast $broadcast" [ -n "$subnet" ] && NETMASK="netmask $subnet" IFS=. read -r i1 i2 i3 i4 <<EOF $ip EOF IFS=. read -r m1 m2 m3 m4 <<EOF $subnet EOF SUBIP=$(printf "%d.%d.%d.%d" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))") lip=`ip addr show br0 | grep -o "inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*" | grep -o "[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*"` lsubnet=`ifconfig br0 | grep Mask | cut -d":" -f4` IFS=. read -r i1 i2 i3 i4 <<EOF $lip EOF IFS=. read -r m1 m2 m3 m4 <<EOF $lsubnet EOF LOCSUBIP=$(printf "%d.%d.%d.%d" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))") mask2cidr() { nbits=0 IFS=. for dec in $1 ; do case $dec in 255) let nbits+=8;; 254) let nbits+=7;; 252) let nbits+=6;; 248) let nbits+=5;; 240) let nbits+=4;; 224) let nbits+=3;; 192) let nbits+=2;; 128) let nbits+=1;; 0);; *) echo "Error: $dec is not recognised"; exit 1 esac done printf "$nbits" } CIDR=$(mask2cidr $subnet) case "$1" in deconfig) echo "Clear existing config" ifconfig $interface 0.0.0.0 ip addr flush dev $interface ;; renew|bound) echo "Setting interface IP $interface $ip $BROADCAST $NETMASK" #ip addr add $ip/$CIDR broadcast $BROADCAST dev $interface ifconfig $interface $ip $BROADCAST $NETMASK echo "Route adding for $SUBIP/$CIDR" #route in table ip route add $SUBIP/$CIDR dev $interface table $TABLE #LAN br0 ip route add $LOCSUBIP/$CIDR dev br0 table $TABLE #route in default ip route add $SUBIP/$CIDR dev $interface #route localhost ip route add 127.0.0.0/8 dev lo table $TABLE echo "Setting default gateway" if [ -n "$router" ] ; then echo "Deleting routers" while ip route del default dev $interface table $TABLE ; do : done while ip route del default dev $interface ; do : done metric=0 for i in $router ; do echo "Adding gateway $i" ip route add $i dev $interface metric $metric table $TABLE ip route add default via $i dev $interface metric $metric table $TABLE ip route add $i dev $interface metric $metric : $(( metric += 1 )) done fi #from and to echo "IP Rule" ip rule add from $SUBIP/$CIDR lookup $TABLE ip rule add from all to $SUBIP/$CIDR lookup $TABLE #set firewall echo "Firewall set" iptables -t nat -A POSTROUTING ! -s $SUBIP/$CIDR -o $interface -j MASQUERADE ;; esac exit 0 |
Now run test of udhcpc:
udhcpc -i eth3 -s /jffs/scripts/udh.sh |
If everything works and interface has IP address you can add it to autostart. But do not forget add -b switch for udhcpc to work in background for renew the dhcp leases. I will add autostart to post-mount because i has USB modem so i have to wait until it is initialized. Edit post-mount
nano /jffs/scripts/post-mount |
add :ifconfig eth3 up
udhcpc -i eth3 -b -s /jffs/scripts/udh.sh
Now you can bind pyload to second wan interface. Open Config > Menu > General > Download > Download interface to bind (ip or Name)
Enter your interface name for example eth3:
Now check it is works. Add download job with URL to html web page which shows your ip (it cannot be js/html5) for example http://www.whatismyip.net. Open downloaded html file and check it is second wan ip adress.
List of commands without script:
IP ADDR: 192.168.8.100
GATEWAY: 192.168.8.1
MASK: 255.255.255.0 or /24
BROADCAST: 192.168.8.255
SUBNET: 192.168.0
INTERFACE: eth3
ifconfig eth3 up ifconfig eth3 0.0.0.0 ifconfig eth3 192.168.8.100 192.168.8.255 255.255.255.0 ip route add 192.168.0/24 dev eth3 src 192.168.8.100 table wan1 ip route add 192.168.0/24 dev eth3 ip route del default dev eth3 table wan1 ip route del default dev eth3 ip route add default via 192.168.8.1 dev eth3 metric 0 table wan1 ip rule add from 192.168.8.100/32 table wan1 ip rule add to 192.168.8.100/32 table wan1 iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE |
There is much more routes because i want to access second gateway config page on 192.168.1 from local subnet.
Use MASQUERADE on last step only if you enabled firewall in router settings. If you disabled you have to create forward rule. You can check iptables for correct one:
iptables -t nat -vL iptables -vL |
You can change DNS servers by adding in script:
RESOLV_CONF="/etc/resolv.conf" echo "Recreating $RESOLV_CONF" # If the file is a symlink somewhere (like /etc/resolv.conf # pointing to /run/resolv.conf), make sure things work. realconf=$(readlink -f "$RESOLV_CONF" 2>/dev/null || echo "$RESOLV_CONF") tmpfile="$realconf-$$" > "$tmpfile" [ -n "$domain" ] && echo "search $domain" >> "$tmpfile" for i in $dns ; do echo " Adding DNS server $i" echo "nameserver $i" >> "$tmpfile" done mv "$tmpfile" "$realconf" |
Of course you can built your own dual wan script and switch to second wan in failover:
ip route change default via 192.168.8.1 dev eth3 metric 0 |
LoadBalancing is much more complicated.
Sources:
mask2cidr – https://www.linuxquestions.org/questions/programming-9/bash-cidr-calculator-646701/#post3173472
subnet ip from ip and mask: https://stackoverflow.com/questions/15429420/given-the-ip-and-netmask-how-can-i-calculate-the-network-address-using-bash
script for udhcpc simple.script – https://github.com/brgl/busybox/tree/master/examples/udhcp
Najnowsze komentarze