Dual WAN with one as standby backup

From DD-WRT Wiki

Jump to: navigation, search

article need of major revision - one with dual wan as backup another simple round equalization

This tutorial explains how you can assign one (or more) of the LAN ports as an extra WAN port. There is another tutorial Dual-WAN for simple round-robin load equalization which explains how you can load balance between the two WAN connections. In this case I did not want to load balance; but rather create a standby WAN connection.

Contents

[edit] Justification

I needed to configure backup WAN as standby as it is not an unlimited connection. I pay for the backup connections by Giga-Bytes used. My primary WAN connection is of unlimited type. I intend to switch to backup only when the primary one goes down.

[edit] Assumptions

I have assumed static IP addresses for both the WAN interfaces. Making them dynamic will require some changes (hint: nvram set wan2_proto=dynamic) Also, I am assuming DNSMasq is used for DHCP and DNS. JFFS should be enabled if you want to save the WAN-connection switch scripts. Also, I am assuming that you have already configured the first WAN connection (tied to vlan1) using nvram or web interface.

[edit] Create an extra VLAN

First you need to create an extra VLAN. In this case we want to to remove the port 4 from vlan0 and add it to the new vlan2

nvram set vlan0ports="1 2 3 5*"
nvram set vlan2ports="4 5"
nvram set vlan2hwname=et0
nvram set wan2_ifnames=vlan2
nvram set wan2_ifname=vlan2
nvram set wan2_mtu=1500
nvram commit

You can confirm or perform the setting using the dd-wrt web interface

http://your_router_ip/Vlan.asp

Now you have created an extra VLAN (vlan2).

[edit] Bring up the vlan2 interface

I found it easier to configure the interface using ifconfig in the startup script. Somehow nvram bindings for backup WAN interface IP address did not work. ifconfig does the job though.

 nvram set rc_startup='
 #!/bin/ash

 PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"

 ifconfig vlan2 10.10.2.209 netmask 255.255.255.0

 ifconfig vlan2 up
 ' 

Replace 10.10.2.209 with your WAN2 IP address

You can also perform this operation via the web interface

http://your_router_ip/Diagnostics.asp

Of course you will need a reboot for this to be effective.

[edit] Configure NAT on vlan2

We want to make sure packets leaving vlan2 are NATed

 nvram set rc_firewall='
  iptables -t nat -A POSTROUTING -o vlan2 -j MASQUERADE
 '

Again, the same Diagnostics.asp page can be used on the web interface.

[edit] Create scripts to do the connection switch

We switch the internet connection by switching the default route and DNS servers.

Here we will create two scripts in /jffs to switch from one WAN connection to the other.

[edit] Script to switch to wan1

Put this in /jffs/activate.wan1:

#!/bin/ash
nvram set wan_dns="10.10.1.10 10.10.1.11"
route delete default
route delete default
route add default gw 10.10.1.1 vlan1
echo "nameserver 10.10.1.10" > /tmp/resolv.dnsmasq
echo "nameserver 10.10.1.11" >> /tmp/resolv.dnsmasq
pr="$(ps | awk '/dnsmasq/ {print $1}')"
kill -9 $pr
dnsmasq --conf-file /tmp/dnsmasq.conf

Used kill -9; because not sure why -1 (HUP) didnt work.

Obviously 10.10.1.10 and 10.10.1.11 are DNS servers for WAN1 and 10.10.1.1 is the default gateway. Replace these values with your own settings for WAN1.

[edit] Script to switch to wan2

And put this in /jffs/activate.wan2:

#!/bin/ash
nvram set wan_dns="10.10.2.10 10.10.2.11"
route delete default
route delete default
route add default gw 10.10.2.1 vlan2
echo "nameserver 10.10.2.10" > /tmp/resolv.dnsmasq
echo "nameserver 10.10.2.11" >> /tmp/resolv.dnsmasq
pr="$(ps | grep dnsmasq | grep -v grep| awk '{print $1}')"
kill -9 $pr
dnsmasq --conf-file /tmp/dnsmasq.conf &

Obviously 10.10.2.10 and 10.10.2.11 are DNS servers for WAN2 and 10.10.2.1 is the default gateway. Replace these values with your own settings for WAN2.

You can switch connection by running the respective script.

Connect the cable

Connect the backup WAN cable to the ethernet port marked as "4" and reboot.

[edit] More to come

  1. Automation of connection switching with email notification
  2. Web interface to monitor and switch connection

[edit] See also