This documentation applies only Turris OS 3.x that is no longer present in newly sold routers. The new documentation is located at https://docs.turris.cz/.
This manual was written for users of Turris Omnia with an active connection to the network using LTE and WAN. The goal is to set the connection to a failover regime, when the primary connection is through WAN and in case of a failure, all traffic is directed through LTE.
For this purpose the mwan3 service is available, which substitutes the older and no longer supported Multiwan.
Mwan3 is intended for connecting through diverse providers, which is why it won't work if you use it for more connections with the same IP address span.
Before starting the installation and setting up mwan3, it is recommended to check that both LTE and WAN are working. If that is not the case, it is necessary to put them into operation first - to do this you can use for example the manual for the Installation of LTE modem.
Check the connection using the ping command:
root@turris:~# ping -c 1 -I eth1 188.8.131.52 root@turris:~# ping -c 1 -I 3g-lte 184.108.40.206
If you proceeded according to the manual for the Installation of LTE modem, the name of the LTE interface will be 3g-lte. Alternatively, you can get it from the output of the ifconfig command as the interface, which which uses the Point-to-Point protocol.
First we set up static routing for both connections, so that after system boot, all network traffic can be run through the WAN interface. This can be done inside the configuration in /etc/config/network, where the value metric '10' is set for the 'wan' interface, standard routing is turned off in the section interface 'lte' via the value defaultroute '0' and then a new section is added with a new routing rule route 'lte_route', which is used for the lte interface.
Individual items within the routing rule route 'lte_route' can be set according to the example for
/etc/config/network. The items target and netmask are set to the address 0.0.0.0, which governs the default routing rule. The address for gateway is set to 10.64.64.64, which is a standard address when connecting with the PPP (Point-to-point protocol). This address can also be viewed via the command
LTE must have a higher metric than WAN, because the path with the smaller metric is used for the routing. More information on possible configuration choices can be taken from the OpenWrt wiki.
config interface 'wan' option ifname 'eth1' option proto 'dhcp' option defaultroute '1' option metric '10' config interface 'lte' option proto '3g' option device '/dev/ttyUSB2' option service 'umts' option apn 'internet' option pincode '1234' option ipv6 'auto' option defaultroute '0' config route 'lte_route' option interface 'lte' option target '0.0.0.0' option gateway '10.64.64.64' option netmask '0.0.0.0' option metric '50'
lte is the logical label within the configuration file /etc/config/network and it differs from the name of the interface, which can be obtained via the command ifconfig.
The last step is the configuration of connection tracking in the firewall configuration /etc/config/firewall. Within the wan section, just set the option conntrack '1'.
config zone option conntrack '1' option name 'wan' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' option network 'wan wan6 lte'
The mwan3 service cannot be run parallel to Multiwan. If Multiwan is installed, it is necessary to deactivate it using one of the following commands.
root@turris:~# /etc/init.d/multiwan stop root@turris:~# /etc/init.d/multiwan disable
After that install the mwan3 package:
root@turris:~# opkg update root@turris:~# opkg install mwan3
After installing mwan3, perform the settings by adjusting the configuration in /etc/config/mwan3. The default configuration is deleted and is substituted by a new one, in which we define the section interface and member for wan and lte and section policy and rule. The section rule 'default' determines that all traffic is routed based on the rule, which is defined in the section policy 'wan_lte'.
config interface 'wan' list track_ip '220.127.116.11' list track_ip '18.104.22.168' list track_ip '22.214.171.124' list track_ip '126.96.36.199' option enabled '1' option reliability '1' option count '1' option timeout '2' option interval '5' option down '3' option up '8' config interface 'lte' list track_ip '188.8.131.52' list track_ip '184.108.40.206' list track_ip '220.127.116.11' list track_ip '18.104.22.168' option enabled '1' option reliability '1' option count '1' option timeout '2' option interval '5' option down '5' option up '10' config policy 'wan_lte' list use_member 'wan_m1_w1' list use_member 'lte_m2_w2' option last_resort 'unreachable' config member 'wan_m1_w1' option interface 'wan' option metric '1' option weight '1' config member 'lte_m2_w2' option interface 'lte' option metric '2' option weight '2' config rule 'default' option proto 'all' option sticky '0' option use_policy 'wan_lte' option dest_ip '0.0.0.0/0'
Individual items within the given sections have the following meanings:
unreachable), blackhole (packets are quietly discarded) or default.
Rule 'default' section
Sets the standard forwarding rule used for all transferred data.
Finally we run the mwan3 service and restart the services network and firewall:
root@turris:~# mwan3 start root@turris:~# /etc/init.d/network restart root@turris:~# /etc/init.d/firewall restart
The name of the interface must correspond to the name of the interface in the configuration file /etc/config/network
To check the mwan3 setting run:
root@turris:~# mwan3 status
To test connection, you can use one of the web services (eg. http://ip4.me ), which display public IP address. After disconnecting the cable from the WAN interface the system should automatically redirect traffic through LTE, which will be manifested by a change of the IP address.
Other options of use and configuration of the mwan3 service are described in wiki OpenWrt.