FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

11956 questions

14231 answers

22442 comments

35490 members

0 votes
327 views 13 comments
by

Dear all,

With fw RUT9_R_00.07.01.4 I built a setup with three failover connections in the following order (wan/ eth1, wwan/ wlan0, and mob1s1a1/ wwan0) all using dhcp, with then wan connection being the default. Additionally I have a static ip + dhcp server configured on Lan/ eth0.

The problem I observe is, that even when wan is detected as "Offline" by failover, traffic from the lan network is still routed over the wan interface, resulting in traffic being interrupted and the two failover options wwan and mob1s1a1 not being used.

I did some debugging on this and here is what I can say: I can test the failover functionality manually switching wan interface to "off" in the webinterface. Then failover successfully switches to next available interface, in this case it would be wwan. However if I set a non-reachable track-ip for the wan failover, the failover will recognize the interface as offline, but traffic is still routed over it and the interface still shows as online in the interfaces tab.

Attaching the output of vuci.network.mwan status. I am not sure if it shows conflicting information about the status of interface "wan"? It is both listed as offline and up, and both offline and online counters are increasing...

I am really clueless here on how to proceed. Any suggestions? Happy to provide more details.

Thanks much!
Benjamin


P.S. output of vuci.network.mwan for interface "wan":

{'enabled': True, 'score': 0, 'up': True, 'age': 6, 'turn': 216, 'track_ip': [{'status': 'down', 'latency': 0, 'packetloss': 0, 'ip': '8.8.8.7'}], 'online': 0, 'uptime': 2492, 'running': True, 'downtime': 2365, 'offline': 0, 'status': 'offline', 'lost': 216}

by
I also had this problem with a 2 interface failover config on the same firmware: https://community.teltonika-networks.com/47962/rut240-firmware-rut2_r_00-doesnt-drop-main-route-when-fails with similar logs reporting the main wan had been switched to backup due to ping failure on main wan, but traceroute showed the packets still going over the main wan interface.  It is still on my todo list to test again with previous firmware versions.
by
Hi Everyone!

Does this issue have a solution already? I have been experiencing this issue also in my RUT240. I have same observations as them, apparently, the interface is switching but was not able to drop previous routes. As a result, it continues to use the primary WAN as next hop (wired WAN) even the ping to the target address is failing resulting to unreachable ip addresses and unresolvable host names. The issue can be resolved only if I will physically remove the WAN link.
by
Which firmware version is your device using?

Could you please provide the steps to reproduce the issue, or even send me the troubleshoot file taken from the device with the issue present?
by
Hi PJKC, the issue was never understood but in the end I was able to solve it by resetting the device and then configuring it again by hand (not via config backup).

My best guess about what the problem could have been, is that some old interface settings got garbled across multiple firmware upgrades and it just needed a reset and a fresh start. Additionally, right after having done so, I saved a basic working config as a backup config that I can switch back to in case of future problems.

3 Answers

0 votes
by
Hello,

I have tried to replicate your scenario by configuring failover in the following order: wan/ eth1, wwan/ wlan0, and mob1s1a1/ wwan0. I also changed the Track IP to 8.8.8.7, however, the switch does happen and traffic is rerouted. Could you provide more details about your testing steps, any additional configurations?

Also, you could connect to the router vis SSH and enter command logread -f, to see in real time what happens, when the main WAN interface does not ping the specified address.

Best regards,

Žygimantas
by

Dear Žygimantas, dear support team,

thanks for looking into this. There are currently no other configurations on the router that I know of, except the wifi interface also serves an access point for clients (while being the wwan backup as a wifi client itself). 

Then, for testing, all I do is to change the track ip of wan to an unreachable destination. Then secondly I perform a traceroute from both the router terminal (via ssh) and from a connected lan client, and both still route via the gateway connected to primary wan.

The logread does not show anything too abnormal, allthough it looks like it directly tries to switch to mob1s1a1 even though wwan0 would also be available. Adding the full log to the original ticket. I am posting the relevant lines here:

Tue May 17 13:38:07 2022 user.info mwan3track[3063]: Check (ping) failed for target "8.8.8.7" on interface wan (eth1)
Tue May 17 13:38:17 2022 user.notice mwan3[3656]: Execute ifup event on interface wwan (wlan0)
Tue May 17 13:38:36 2022 user.notice mwan3[4749]: Execute ifup event on interface mob1s1a1 (wwan0)
Tue May 17 13:38:45 2022 kern.info Switched to backup WAN (mob1s1a1)
Tue May 17 13:38:50 2022 user.notice mwan3[4785]: Execute ifdown event on interface wan (eth1)
Tue May 17 13:39:05 2022 user.info mwan3track[3063]: Detect ifdown event on interface wan (eth1)
Tue May 17 13:39:05 2022 user.info mwan3track[4073]: Check (ping) failed for target "8.8.8.8" on interface wwan (wlan0)
Tue May 17 13:39:15 2022 user.notice mwan3track[3063]: Interface wan (eth1) is offline

Then, when I do a "traceroute 8.8.8.8" both in router terminal and connected client, it will still go through wan.

How can I proceed?

Thanks
Benjamin

by

I have a similar problem, but it will probably work if you have a registered IfUp or IfDown event on the interfaces.

-> I want the event to be driven by ping Lost and Failoverrules also.

Details:

In my case I want Failover to work when I lose Ping8.8.8.8, on eth1 and Switch to mob1s1a1. And revert to eth1 when this is regeistrerad as Online.

Something happens when with the routes, SMTP i lost when running failover to mob1s1a1, and regained when disableling mob1s1a1 and running on eth1.

So I loose DNS-server there fore NTP is also lost.

Regards Pelle

Edit I am on a Private Network and APN. can't use whois.

Test Block 8.8.8.8/1.1.1.1 in the Firewall(Whole network for the different interfaces(Ip-adresses))

1. eth1

2. mob1s1a1

-> Ping will fail in the Trouble Shoot System-log(As expected)

Online Indication Won't work as expected in Failover.. Shows Offline for eth1 all the time. reboot shows both online.

Edit2:

Configuration\Failover

Reliability should be set to no more than the number  IP-adresses that is declared!?

This seems to set the Online Indication to the expected value. 

by

Hello,

To eberhab:

Could you check, what do you get when you access the internet after failover? Specifically, what IP is show when you enter “What is my IP“ in google search, or enter a site like this. Does it show the public IP of your WAN or Mobile interface?

Best regards,

Žygimantas

by
@ZygimantasBliu: I have just checked outside wan ip via your lined website, then triggered failover via unreachable ping target, then checked wan ip again. It remains unchanged on my DSL provider IP, supporting our previous observation from the traceroute test.

Is there any additional information/ logs/ commands on the router I can provide?

Happy to share a tmate/ mumble if you want to have a quick look at the router terminal yourself.
by

To Pelle:

The switch from the secondary failover option back to your main WAN happens automatically, once the interface comes back online.

Regarding your SMTP problem, it might be that your mobile public IP is recognized as insecure or unreliable, therefore, one of the things you could try is to login to your email account while being connected to the internet via your mobile interface to introduce your SIM IP to the mail server.

For DNS, the default DNS should be given by your provider, but you can also enter custom DNS servers in the WebUI, by navigating to Network -> Interfaces, entering your mobile interface editing window, and switching to Advanced settings tab. 

If you fail to receive correct time or do not get updated, access your device via CLI/SSH and try restarting the NTP service by entering this command: 

  • /etc/init.d/ntpclient restart

Best regards,

Žygimantas

  

by

To Žygimantas

Thanks for your help, I'm now checking with all the tips you gave me..

But before the log was full of but "Success"

Wed May 18 09:50:59 2022 user.info mwan3track[17954]: Check (ping) failed for target "8.8.8.7" on interface wan (eth1)

Is it normaly only showing failed in System Log?

* CLI via WEB was a pain.. IP, not DNS-Name worked.

Can I see what is the current active Routing/Interface to "Wan" here?

Sent a email.. it still originated from eth1..

Should I flush Connections?

Edit1:

If I Disable Eth1 then the sent email gets the correct sender IP. mob1s1a1. So failover with only losing 1.1.1.1 as "Event" does not seem to Reroute all the trafic.

0 votes
by
Thanks for the reply, eberhab. I'll try your suggestion and hope the issue will be resolved. Thank you!
0 votes
by

Hi ZygimantasBliu,

So I tried Eberhabs suggestion but still got no luck in the testing. Please see the image below to understand my setup. My rut240 has two uplinks: the primary is wired WAN through RUT950, and the secondary link (backup) is LTE. I'm simulating the "no internet connection" scenario by disconnecting the wireless connection between the RUT950 and the ISP Modem. When I disconnect the WWAN in the RUT950, my ping to 8.8.8.8 stops and I also cannot browse the internet. I tried to run traceroute but it only shows RTO after the RUT240. The connection will only come back if I disconnected manually the patchcord in the RUT240 for the wired WAN or if I reconnect the WWAN in the RUT950. Im using this firmware BTW, RUT2_R_00.07.02.7.

by
Sorry, I forgot to mention that I also running wireguard VPN on the RUT240. Im not sure if that adds to my issue. I found a topic here in the community that they had the same problem with the failover of Teltonika while wireguard vpn is enabled.

https://community.teltonika-networks.com/29149/multiwan-failover-doesnt-wireguard-tunnels-multiple-scenarios?show=29149#q29149

Do you think that's the main issue here? If yes, do you have any fix aside from the solution found in the above link? I found his solution quite complex since I don't have much knowledge in using scripts in the openwrt.
by

A couple of issues regarding failover with Wireguard were solved with 7.2 firmware release.

Would it be possible if you recreated your setup, replicated above described scenario with pings and main WAN interface disabled during the process, and then generate a troubleshoot file? To generate the file, access router's WebUI, go to System -> Administration > Troubleshoot section and download troubleshoot file from there. Send the file in a private message.

 

by
Hi ZygimantasBliu,

Thanks for helping, I really appreciate it. Just letting you know that I already sent you a private message. Thank you!