User Tools

Site Tools

This documentation applies only Turris OS 3.x that is no longer present in newly sold routers. The new documentation is located at

Failover to LTE using mwan3

This manual was written for users of Turris Omnia with an active connection to the network using LTE and WAN. The goal is to set the connection to a failover regime, when the primary connection is through WAN and in case of a failure, all traffic is directed through LTE.

For this purpose the mwan3 service is available, which substitutes the older and no longer supported Multiwan.

Mwan3 is intended for connecting through diverse providers, which is why it won't work if you use it for more connections with the same IP address span.

Connection verification

Before starting the installation and setting up mwan3, it is recommended to check that both LTE and WAN are working. If that is not the case, it is necessary to put them into operation first - to do this you can use for example the manual for the Installation of LTE modem.

Check the connection using the ping command:

root@turris:~#  ping -c 1 -I eth1
root@turris:~#  ping -c 1 -I 3g-lte

If you proceeded according to the manual for the Installation of LTE modem, the name of the LTE interface will be 3g-lte. Alternatively, you can get it from the output of the ifconfig command as the interface, which which uses the Point-to-Point protocol.

Setting up routing and firewall

First we set up static routing for both connections, so that after system boot, all network traffic can be run through the WAN interface. This can be done inside the configuration in /etc/config/network, where the value metric '10' is set for the 'wan' interface, standard routing is turned off in the section interface 'lte' via the value defaultroute '0' and then a new section is added with a new routing rule route 'lte_route', which is used for the lte interface.

Individual items within the routing rule route 'lte_route' can be set according to the example for /etc/config/network. The items target and netmask are set to the address, which governs the default routing rule. The address for gateway is set to, which is a standard address when connecting with the PPP (Point-to-point protocol). This address can also be viewed via the command ifconfig.

LTE must have a higher metric than WAN, because the path with the smaller metric is used for the routing. More information on possible configuration choices can be taken from the OpenWrt wiki.

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'
        option defaultroute '1'
        option metric '10'
config interface 'lte'
        option proto '3g'
        option device '/dev/ttyUSB2'
        option service 'umts'
        option apn 'internet'
        option pincode '1234'
        option ipv6 'auto'
        option defaultroute '0'
config route 'lte_route'
        option interface 'lte'
        option target ''
        option gateway ''
        option netmask ''
        option metric '50'

lte is the logical label within the configuration file /etc/config/network and it differs from the name of the interface, which can be obtained via the command ifconfig.

The last step is the configuration of connection tracking in the firewall configuration /etc/config/firewall. Within the wan section, just set the option conntrack '1'.

config zone
        option conntrack '1'
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6 lte'

Installation and setting up of mwan3

The mwan3 service cannot be run parallel to Multiwan. If Multiwan is installed, it is necessary to deactivate it using one of the following commands.

root@turris:~# /etc/init.d/multiwan stop
root@turris:~# /etc/init.d/multiwan disable

After that install the mwan3 package:

root@turris:~# opkg update
root@turris:~# opkg install mwan3

After installing mwan3, perform the settings by adjusting the configuration in /etc/config/mwan3. The default configuration is deleted and is substituted by a new one, in which we define the section interface and member for wan and lte and section policy and rule. The section rule 'default' determines that all traffic is routed based on the rule, which is defined in the section policy 'wan_lte'.

config interface 'wan'
	list track_ip ''
	list track_ip ''
	list track_ip ''
	list track_ip ''
	option enabled '1'
	option reliability '1'
	option count '1'
	option timeout '2'
	option interval '5'
	option down '3'
	option up '8'
config interface 'lte'
	list track_ip ''
	list track_ip ''
	list track_ip ''
	list track_ip ''
	option enabled '1'
	option reliability '1'
	option count '1'
	option timeout '2'
	option interval '5'
	option down '5'
	option up '10'
config policy 'wan_lte'
	list use_member 'wan_m1_w1'
	list use_member 'lte_m2_w2'
	option last_resort 'unreachable'
config member 'wan_m1_w1'
	option interface 'wan'
	option metric '1'
	option weight '1'
config member 'lte_m2_w2'
	option interface 'lte'
	option metric '2'
	option weight '2'
config rule 'default'
	option proto 'all'
	option sticky '0'
	option use_policy 'wan_lte'
	option dest_ip ''

Individual items within the given sections have the following meanings:

Interface section

  • track_ip - IP address on which the connection is tested
  • enable - activates the given interface
  • reliability - determines how many IP addresses defined under track_ip have to respond to a query for the given interface to be considered active
  • count - number of queries sent to an address defined as track_ip during a test
  • timeout - the break in seconds between individual test queries
  • interval - the timespan in seconds between individual test
  • down - the number of unsuccessful tests needed to pronounce the connection inactive
  • up - the number of successful tests needed to pronounce the connection active

Members section

  • interface - sets the interface, which the members section applies to
  • metric - the items marked members with a smaller value have priority over items with a bigger value within the policy section
  • weight - members with an identical metric value distribute the transfered data based on a ratio of set values

Policy section

  • use_member - defines the list of used members items
  • last_resort - defines what happens to packets in the case that all interfaces defined through use_member are inactive. Possible values are: unreachable (the returned answer is unreachable), blackhole (packets are quietly discarded) or default.

Rule 'default' section

Sets the standard forwarding rule used for all transferred data.

  • proto - names the protocols to which the given rule is applied
  • sticky - allows routing for data with the same source IP address within the original interface during the time set by the timeout limit.
  • use_policy - defines the policy in use
  • dest_ip - sets the target IP address (or the range of addresses), which the rule is used for. sets the use for all target addresses.

Finally we run the mwan3 service and restart the services network and firewall:

root@turris:~# mwan3 start
root@turris:~# /etc/init.d/network restart
root@turris:~# /etc/init.d/firewall restart

The name of the interface must correspond to the name of the interface in the configuration file /etc/config/network


To check the mwan3 setting run:

root@turris:~# mwan3 status

To test connection, you can use one of the web services (eg. ), which display public IP address. After disconnecting the cable from the WAN interface the system should automatically redirect traffic through LTE, which will be manifested by a change of the IP address.

Other options of use and configuration of the mwan3 service are described in wiki OpenWrt.