Dual WAN with one as standby backup

From DD-WRT Wiki

Jump to: navigation, search

article need of major revision - one with dual wan as backup another simple round equalization

This tutorial explains how you can assign one (or more) of the LAN ports as an extra WAN port. There is another tutorial Dual-WAN for simple round-robin load equalization which explains how you can load balance between the two WAN connections. In this case I did not want to load balance; but rather create a standby WAN connection.


[edit] Justification

I needed to configure backup WAN as standby as it is not an unlimited connection. I pay for the backup connections by Giga-Bytes used. My primary WAN connection is of unlimited type. I intend to switch to backup only when the primary one goes down.

[edit] Assumptions

I have assumed static IP addresses for both the WAN interfaces. Making them dynamic will require some changes (hint: nvram set wan2_proto=dynamic) Also, I am assuming DNSMasq is used for DHCP and DNS. JFFS should be enabled if you want to save the WAN-connection switch scripts. Also, I am assuming that you have already configured the first WAN connection (tied to vlan1) using nvram or web interface.

[edit] Create an extra VLAN

First you need to create an extra VLAN. In this case we want to to remove the port 4 from vlan0 and add it to the new vlan2

nvram set vlan0ports="1 2 3 5*"
nvram set vlan2ports="4 5"
nvram set vlan2hwname=et0
nvram set wan2_ifnames=vlan2
nvram set wan2_ifname=vlan2
nvram set wan2_mtu=1500
nvram commit

You can confirm or perform the setting using the dd-wrt web interface


Now you have created an extra VLAN (vlan2).

[edit] Bring up the vlan2 interface

I found it easier to configure the interface using ifconfig in the startup script. Somehow nvram bindings for backup WAN interface IP address did not work. ifconfig does the job though.

 nvram set rc_startup='


 ifconfig vlan2 netmask

 ifconfig vlan2 up

Replace with your WAN2 IP address

You can also perform this operation via the web interface


Of course you will need a reboot for this to be effective.

[edit] Configure NAT on vlan2

We want to make sure packets leaving vlan2 are NATed

 nvram set rc_firewall='
  iptables -t nat -A POSTROUTING -o vlan2 -j MASQUERADE

Again, the same Diagnostics.asp page can be used on the web interface.

[edit] Create scripts to do the connection switch

We switch the internet connection by switching the default route and DNS servers.

Here we will create two scripts in /jffs to switch from one WAN connection to the other.

[edit] Script to switch to wan1

Put this in /jffs/activate.wan1:

nvram set wan_dns=""
route delete default
route delete default
route add default gw vlan1
echo "nameserver" > /tmp/resolv.dnsmasq
echo "nameserver" >> /tmp/resolv.dnsmasq
pr="$(ps | awk '/dnsmasq/ {print $1}')"
kill -9 $pr
dnsmasq --conf-file /tmp/dnsmasq.conf

Used kill -9; because not sure why -1 (HUP) didnt work.

Obviously and are DNS servers for WAN1 and is the default gateway. Replace these values with your own settings for WAN1.

[edit] Script to switch to wan2

And put this in /jffs/activate.wan2:

nvram set wan_dns=""
route delete default
route delete default
route add default gw vlan2
echo "nameserver" > /tmp/resolv.dnsmasq
echo "nameserver" >> /tmp/resolv.dnsmasq
pr="$(ps | grep dnsmasq | grep -v grep| awk '{print $1}')"
kill -9 $pr
dnsmasq --conf-file /tmp/dnsmasq.conf &

Obviously and are DNS servers for WAN2 and is the default gateway. Replace these values with your own settings for WAN2.

You can switch connection by running the respective script.

Connect the cable

Connect the backup WAN cable to the ethernet port marked as "4" and reboot.

[edit] More to come

  1. Automation of connection switching with email notification
  2. Web interface to monitor and switch connection

[edit] See also