Tag: router

Simultaneous dual wan access and bind app (pyload, transmission) on interface to ip on Asus Router

Asus routers has builtin DualWan in two modes. First one, Failover disables second WAN until first one stop works so you cannot use it. Loadbalancing – no one know what it is doing, it has closed sources and you do not know when do you connect which interface. First disable builtin DualWAN and leave as main WAN.

I will describe dual wan with dual default gateways: First cable WAN and second USB hilink modem. We want use main WAN but some apps just bind to second WAN. It is called Source Based Routing. We will use iproute2 and routing tables. Basically we will set rule: if source address is from app using second wan interface use other table rule with other default gateway/router. You can create much more than two.

Check that you have routing tables, if not create one:

cat /etc/iproute2/rt_tables

100 wan0
111 ovpnc1
112 ovpnc2
113 ovpnc3
114 ovpnc4
115 ovpnc5
200 wan1

We will use wan1, if it is empty:

ip route list table wan1

My second WAN is USB Modem HiLink so I have to manually turn on the modem on Asus Router via command line. Router has preinstalled drivers. So just look in dmesg which interface it brings:

dmesg | grep usb
dmesg | grep USB

cdc_ether 2-2:1.0: eth3: register 'cdc_ether' at usb-0000:00:0a.1-2, CDC Ethernet Device
My interface for 3G usb modem is eth3. Bring it up:

ifconfig eth3 up

We have to assign ip address, mask and subnet to this interface. Asus has dhcp client called: udhcpc. It works but you have to create script:

touch /jffs/scripts/udh.sh
chmod +x /jffs/scripts/udh.sh
nano /jffs/scripts/udh.sh

Content of udh.sh

#!/bin/sh
 
#set route table for second wan
TABLE="wan1"
 
[ -n "$1" ] || { echo "Error: should be called from udhcpc"; exit 1; }
[ -n "$broadcast" ] && BROADCAST="broadcast $broadcast"
[ -n "$subnet" ] && NETMASK="netmask $subnet"
 
IFS=. read -r i1 i2 i3 i4 <<EOF
$ip
EOF
IFS=. read -r m1 m2 m3 m4 <<EOF
$subnet
EOF
SUBIP=$(printf "%d.%d.%d.%d" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
 
lip=`ip addr show br0 | grep -o "inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*" | grep -o "[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*"`
lsubnet=`ifconfig br0 | grep Mask | cut -d":" -f4`
IFS=. read -r i1 i2 i3 i4 <<EOF
$lip
EOF
IFS=. read -r m1 m2 m3 m4 <<EOF
$lsubnet
EOF
LOCSUBIP=$(printf "%d.%d.%d.%d" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
 
 
mask2cidr() {
    nbits=0
    IFS=.
    for dec in $1 ; do
case $dec in
    255) let nbits+=8;;
    254) let nbits+=7;;
    252) let nbits+=6;;
    248) let nbits+=5;;
    240) let nbits+=4;;
    224) let nbits+=3;;
    192) let nbits+=2;;
    128) let nbits+=1;;
    0);;
    *) echo "Error: $dec is not recognised"; exit 1
    esac
    done
    printf "$nbits"
}
CIDR=$(mask2cidr $subnet)
 
case "$1" in
    deconfig)
        echo "Clear existing config"
        ifconfig $interface 0.0.0.0
        ip addr flush dev $interface
    ;;
    renew|bound)
        echo "Setting interface IP $interface $ip $BROADCAST $NETMASK"
        #ip addr add $ip/$CIDR broadcast $BROADCAST dev $interface
        ifconfig $interface $ip $BROADCAST $NETMASK
 
        echo "Route adding for $SUBIP/$CIDR"
		#route in table
		ip route add $SUBIP/$CIDR dev $interface table $TABLE
		#LAN br0
		ip route add $LOCSUBIP/$CIDR dev br0 table $TABLE
		#route in default
		ip route add $SUBIP/$CIDR dev $interface
		#route localhost
		ip route add 127.0.0.0/8 dev lo table $TABLE
 
 
        echo "Setting default gateway"
        if [ -n "$router" ] ; then
            echo "Deleting routers"
            while ip route del default dev $interface table $TABLE  ; do
                :
            done
 
            while ip route del default dev $interface ; do
                :
            done
 
            metric=0
            for i in $router ; do
                echo "Adding gateway $i"
				ip route add $i dev $interface metric $metric table $TABLE
				ip route add default via $i dev $interface metric $metric table $TABLE
				ip route add $i dev $interface metric $metric
                : $(( metric += 1 ))
            done
        fi
        #from and to
        echo "IP Rule"
		ip rule add from $SUBIP/$CIDR lookup $TABLE
		ip rule add from all to $SUBIP/$CIDR lookup $TABLE
 
        #set firewall
        echo "Firewall set"
		iptables -t nat -A POSTROUTING ! -s $SUBIP/$CIDR -o $interface -j MASQUERADE
    ;;
esac
 
exit 0

Now run test of udhcpc:

udhcpc -i eth3 -s /jffs/scripts/udh.sh

If everything works and interface has IP address you can add it to autostart. But do not forget add -b switch for udhcpc to work in background for renew the dhcp leases. I will add autostart to post-mount because i has USB modem so i have to wait until it is initialized. Edit post-mount

nano /jffs/scripts/post-mount

add :
ifconfig eth3 up
udhcpc -i eth3 -b -s /jffs/scripts/udh.sh

Now you can bind pyload to second wan interface. Open Config > Menu > General > Download > Download interface to bind (ip or Name)
Enter your interface name for example eth3:

Now check it is works. Add download job with URL to html web page which shows your ip (it cannot be js/html5) for example http://www.whatismyip.net. Open downloaded html file and check it is second wan ip adress.

List of commands without script:
IP ADDR: 192.168.8.100
GATEWAY: 192.168.8.1
MASK: 255.255.255.0 or /24
BROADCAST: 192.168.8.255
SUBNET: 192.168.0
INTERFACE: eth3

ifconfig eth3 up
ifconfig eth3 0.0.0.0
ifconfig eth3 192.168.8.100 192.168.8.255 255.255.255.0
ip route add 192.168.0/24 dev eth3 src 192.168.8.100 table wan1
ip route add 192.168.0/24 dev eth3
ip route del default dev eth3 table wan1
ip route del default dev eth3
ip route add default via 192.168.8.1 dev eth3 metric 0 table wan1
ip rule add from 192.168.8.100/32 table wan1
ip rule add to 192.168.8.100/32 table wan1
iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE

There is much more routes because i want to access second gateway config page on 192.168.1 from local subnet.
Use MASQUERADE on last step only if you enabled firewall in router settings. If you disabled you have to create forward rule. You can check iptables for correct one:

iptables -t nat -vL
iptables -vL

You can change DNS servers by adding in script:

RESOLV_CONF="/etc/resolv.conf"
echo "Recreating $RESOLV_CONF"
# If the file is a symlink somewhere (like /etc/resolv.conf
# pointing to /run/resolv.conf), make sure things work.
realconf=$(readlink -f "$RESOLV_CONF" 2&gt;/dev/null || echo "$RESOLV_CONF")
tmpfile="$realconf-$$"
&gt; "$tmpfile"
[ -n "$domain" ] &amp;&amp; echo "search $domain" &gt;&gt; "$tmpfile"
for i in $dns ; do
	echo " Adding DNS server $i"
	echo "nameserver $i" &gt;&gt; "$tmpfile"
done
mv "$tmpfile" "$realconf"

Of course you can built your own dual wan script and switch to second wan in failover:

ip route change default via 192.168.8.1 dev eth3 metric 0

LoadBalancing is much more complicated.

Sources:
mask2cidr – https://www.linuxquestions.org/questions/programming-9/bash-cidr-calculator-646701/#post3173472
subnet ip from ip and mask: https://stackoverflow.com/questions/15429420/given-the-ip-and-netmask-how-can-i-calculate-the-network-address-using-bash
script for udhcpc simple.script – https://github.com/brgl/busybox/tree/master/examples/udhcp

Aria2 on Asus Router with AsusWRT Merlin

Built-in Download Master from Asus is not very good. So you can install Entware and Aria2 Download manager on your router. You have to connect USB hard drive but first create and Linux partition on it (recommended ext4). On Windows you can use MiniTool Partition Wizard on linux just use GParted. You can shrink main partition and create second with ext4 or ext3 file system.

  • Enable SSH in Administration > System > Enable SSH > LAN Only
  • Log in with Putty on Windows or terminal on Linux toy your router via SSH and run script and put number of tour partition (remember to create ext4). Login and password is the same for admin in web panel.
    entware-setup.sh

  • Install Aria2, lighttpd and certificates to support SSL and php (not necessary for this gui)
    opkg install aria2 ca-bundle ca-certificates lighttpd lighttpd-mod-fastcgi php7-fastcgi
  • Install WEB GUI for Aria2:
    wget -c -O /opt/tmp/webui-aria2.zip https://github.com/ziahamza/webui-aria2/archive/master.zip --no-check-certificate
    unzip /opt/tmp/webui-aria2.zip -d /opt/tmp/
    rm /opt/tmp/webui-aria2.zip
    mv /opt/tmp/webui-aria2-master /opt/share/www/aria2
  • Configure lighttpd for php and port 81:
    sed -i 's/#server.port = 81/server.port = 81/g' "/opt/etc/lighttpd/lighttpd.conf"
    sed -i "/server.upload-dirs*/cserver.upload-dirs = ( \"/opt/tmp\" )" "/opt/etc/lighttpd/lighttpd.conf"
    cat &gt;&gt; /opt/etc/lighttpd/conf.d/30-fastcgi.conf &lt;&lt; EOF server.modules += ( "mod_fastcgi" ) fastcgi.server = ( ".php" =&gt;
    ( "localhost" =&gt;
    ( "socket" =&gt; "/tmp/php-fcgi.sock",
    "bin-path" =&gt; "/opt/bin/php-fcgi",
    "max-procs" =&gt; 1,
    "bin-environment" =&gt;
    ( "PHP_FCGI_CHILDREN" =&gt; "2",
    "PHP_FCGI_MAX_REQUESTS" =&gt; "1000" )
    )
    )
    )
    EOF
  • Edit configuration of Aria2 in /opt/etc/aria2.conf. If you create a small partition with ext4 you should change download directory to main partition (it should be sub-directory for example Downloads):
    dir=/mnt/Partition/Downloads
  • Run aria2 and lighttpd:
    /opt/etc/init.d/S81aria2 start
    /opt/etc/init.d/S80lighttpd start
  • Open in web browser (replace your router address): 192.168.1.1:81/aria2/
  • Configure Secret Token in Settings > Connection Settings > Enter the secret token default token is Passw0rd. Save settings on the bottom.
  • Done. You can download via http(s), ftp(s) and torrents.