We connect the backup channel of the Internet in a router with firmware dd-wrt
It is unpleasant if the provider has an accident and you have internet access at home. It is doubly unpleasant, if at this moment you are far from home and you need to climb on a home computer or NAS. In my case, MGTS helped me to insure against the fall of the channel, replacing outdated copper with optics, from which I received another Internet channel, and reading various dd-wrt manuals. If I can’t help with optics, then I’ll be happy to share my ready-made solution for dd-wrt.
The solution is not universal, but it seems to me very simple and on its basis inexperienced users can, if not create their own, then simply expand their horizons and understanding of this popular firmware.
I use asus rt-n16 router and firmware from comrade. Kong 22000 ++. Internet from the main provider comes to me by cable, all settings are obtained by the router via dhcp. In the dd-wrt interface, it looks something like this:
')
In fact, everything is the default. The router's address on the internal network has been changed to 192.168.199.1.
Switching channels of the Internet will be performed by a script that we will create in the internal memory of the JFFS2 router, respectively, we need to enable this internal memory. To do this, in the Administration-Mangement section of the dd-wrt interface, enable the corresponding option:
After enabling JFFS2, the memory needs to be cleared. To do this, select "Clean JFFS2" and click apply. You may need to restart the router. Our task is to ensure that a free space appears in this memory.
Now let's log in to the router using telnet. I use putty for this:
The username is root, even if you use a different name for the login to the dd-wrt web interface. The password is the one you use to login to the web interface.
Next step. We connect the backup cable to the LAN1 port of the router. In my case, the backup cable comes from the GPON equipment that MGTS supplied. This equipment distributes the Internet in its local network 192.168.100.0/255.255.255.0. We will need to “tear off” the required port of our router from the other ports and assign it an address from the GPON equipment network, for example, 192.168.100.200.
Now the information is specific to a specific piece of hardware, namely, asus rt-n16. We type the following commands in the terminal and see the answer:
Port groups are combined into velans. Port 0 is the WAN port of the router, ports 1234 are the ports of the router that correspond (attention!) To the LAN4, LAN3, LAN2, LAN1 ports of the router, that is, port 4 is signed on the case of the LAN1 router. Port 8 and port 8 * are the processor ports, through them we will see the interfaces in the router. I don’t want to go into details, it’s fundamentally that any vlan should close to the router processor. Let's tear off the 4th port:
and now let's assign the 4th port to the 3rd vélan
in order for the new vlan to be visible, you need to enter the command
save changes
By analogy, you can do it for other routers with dd-wrt firmware.
Now non-lyrical retreat. In the ddwrt web interface, there are settings for velans. But if you try to play with them, it’s not enough that nothing happens, but it can happen that only the reset of the router will help.
We will assign the address to our new interface, which is connected to the 4th port, from the script at the start. Therefore, let's start writing this script. But first, where it will be stored. As theBokonon dd-wrt wiki teaches us, every script in the
In these lines, everything is simple. We brought in nvram 4-D new variables and brought in them the interface name, address, mask and gateway for our backup port Internet. Every time we start, we check that the address is exactly the one specified in the script variable, this is in case you need to change the settings of the backup Internet. Next we configure the port with the specified values. With current variables, it would look like this:
Add to our script an infinite loop, in which we will switch the Internet channel to the backup channel and back:
This long piece of code can be described in words as follows. Every n seconds we check:
The script include the main channel wan1.up:
Everything is simple here. Removed all default gateways. Yes, there may be several of them: if after restarting the router the main channel was unavailable, then the backup Internet is turned on and we have one default gateway. If the main channel then starts working, dd-wrt adds another default gateway. There's nothing to be done. I didn’t want to think long and a dirty hack appeared:
After all the default gateways have been deleted, we will add a new gateway, which is recorded in the variable wan_gateway nvram (the dd-wrt logic recorded it when receiving parameters from the main provider). Replace dns with dns google, kill the dnsmasq process and run this process again.
The script to enable the backup channel wan2.up is arranged in the same way, but the gateway address is taken from the variable wan2_gateway nvram and the interface associated with the 4th port of the router is used.
There is a small script vlan3.wanup, which runs after the WAN has been raised, immediately after the firewall turns on:
The purpose of the script is to add a rule for Nata through the backup interface.
Now you can reboot the router and test. All scripts were taken from my router that lives its own life and tests the resulting configuration for a long time.
Of course, one can and should be corrected \ add much, but my goal, namely to quickly fasten the backup channel at home, has been completed. The main trouble is the firewall and port forwarding when working with the backup channel, I did not need them, so I did not configure. For those who need to - supplement the vlan3.wanup script. Good luck in your sequels!
Article ideas were gleaned from the dd-wrt wiki .
The solution is not universal, but it seems to me very simple and on its basis inexperienced users can, if not create their own, then simply expand their horizons and understanding of this popular firmware.
I use asus rt-n16 router and firmware from comrade. Kong 22000 ++. Internet from the main provider comes to me by cable, all settings are obtained by the router via dhcp. In the dd-wrt interface, it looks something like this:
')
In fact, everything is the default. The router's address on the internal network has been changed to 192.168.199.1.
Switching channels of the Internet will be performed by a script that we will create in the internal memory of the JFFS2 router, respectively, we need to enable this internal memory. To do this, in the Administration-Mangement section of the dd-wrt interface, enable the corresponding option:
After enabling JFFS2, the memory needs to be cleared. To do this, select "Clean JFFS2" and click apply. You may need to restart the router. Our task is to ensure that a free space appears in this memory.
Now let's log in to the router using telnet. I use putty for this:
putty -telnet 192.168.199.1The username is root, even if you use a different name for the login to the dd-wrt web interface. The password is the one you use to login to the web interface.
Lyrical digression
The first team we enter and my result
As you can see, there are few free bytes in nvram and this is why we will not store our scripts there. If this memory is exhausted, the router will reboot and restore all dd-wrt configs by default. Therefore, it is not necessary, for example, to load openvpn certificates in the web interface, because certificates stored via the web interface will be stored in nvram variables. Openvpn certificates can be stored in jffs2 memory and plugged in the “additional config” variable of openvpn settings in the following way:
root@DD-WRT:~# nvram show >/dev/null size: 29978 bytes (2790 left) As you can see, there are few free bytes in nvram and this is why we will not store our scripts there. If this memory is exhausted, the router will reboot and restore all dd-wrt configs by default. Therefore, it is not necessary, for example, to load openvpn certificates in the web interface, because certificates stored via the web interface will be stored in nvram variables. Openvpn certificates can be stored in jffs2 memory and plugged in the “additional config” variable of openvpn settings in the following way:
Next step. We connect the backup cable to the LAN1 port of the router. In my case, the backup cable comes from the GPON equipment that MGTS supplied. This equipment distributes the Internet in its local network 192.168.100.0/255.255.255.0. We will need to “tear off” the required port of our router from the other ports and assign it an address from the GPON equipment network, for example, 192.168.100.200.
Now the information is specific to a specific piece of hardware, namely, asus rt-n16. We type the following commands in the terminal and see the answer:
root@DD-WRT:~# nvram show | grep vlan.*port vlan2ports=0 8 vlan0ports=1 2 3 4 5* vlan1ports=4 3 2 1 8* size: 29978 bytes (2790 left) root@DD-WRT:~# nvram show | grep vlan.*hw vlan2hwname=et0 vlan1hwname=et0 vlan0hwname=et0 size: 29978 bytes (2790 left) Port groups are combined into velans. Port 0 is the WAN port of the router, ports 1234 are the ports of the router that correspond (attention!) To the LAN4, LAN3, LAN2, LAN1 ports of the router, that is, port 4 is signed on the case of the LAN1 router. Port 8 and port 8 * are the processor ports, through them we will see the interfaces in the router. I don’t want to go into details, it’s fundamentally that any vlan should close to the router processor. Let's tear off the 4th port:
root@DD-WRT:~# nvram set vlan0ports="1 2 3 5*" root@DD-WRT:~# nvram set vlan1ports="3 2 1 8*" and now let's assign the 4th port to the 3rd vélan
root@DD-WRT:~# nvram set vlan3ports="4 8" in order for the new vlan to be visible, you need to enter the command
root@DD-WRT:~# nvram set vlan3hwname=et0 save changes
root@DD-WRT:~# nvram commit By analogy, you can do it for other routers with dd-wrt firmware.
Now non-lyrical retreat. In the ddwrt web interface, there are settings for velans. But if you try to play with them, it’s not enough that nothing happens, but it can happen that only the reset of the router will help.
And now the lyrical digression
Probably everyone who read about the installation of dd-wrt on the router, faced with the magic ritual "30 30 30". This is a complete reset of the router. He is strongly recommended to do, otherwise then problems are possible. Now I will explain to you why. Resetting the settings in the web interface does not affect all of the nvram variables, in particular, the changes of the velans that we made can remain. Therefore, the ritual is really needed. But you can replace it with another command from the terminal (provided that you can still log in to the router):
If you "played" with the vlans and everything stopped working, then the above full reset "30 30 30" can help.
root@DD-WRT:~# erase nvram root@DD-WRT:~# reboot If you "played" with the vlans and everything stopped working, then the above full reset "30 30 30" can help.
We will assign the address to our new interface, which is connected to the 4th port, from the script at the start. Therefore, let's start writing this script. But first, where it will be stored. As the
/jffs/etc/config/ folder with the .startup extension runs at system startup before the firewall is configured. Let's call our script vlan3.startup and write the following lines: #!/bin/sh WAN2_IFNAME=vlan3 WAN2_IPADDR=192.168.100.200 WAN2_GATEWAY=192.168.100.1 WAN2_NETMASK=255.255.255.0 if [ "$(nvram get wan2_ipaddr)" != "$WAN2_IPADDR" ]; then nvram set wan2_ifname=$WAN2_IFNAME nvram set wan2_ipaddr=$WAN2_IPADDR nvram set wan2_gateway=$WAN2_GATEWAY nvram set wan2_netmask=$WAN2_NETMASK nvram commit fi ifconfig $(nvram get wan2_ifname) up $(nvram get wan2_ipaddr) netmask $(nvram get wan2_netmask) In these lines, everything is simple. We brought in nvram 4-D new variables and brought in them the interface name, address, mask and gateway for our backup port Internet. Every time we start, we check that the address is exactly the one specified in the script variable, this is in case you need to change the settings of the backup Internet. Next we configure the port with the specified values. With current variables, it would look like this:
ifconfig vlan3 up 192.168.100.200 netmask 255.255.255.0Add to our script an infinite loop, in which we will switch the Internet channel to the backup channel and back:
INTERVAL=30 while sleep $INTERVAL do WAN1ALIVE=0 WAN2USING=0 WAN1GW=`nvram get wan_gateway` echo "check" if [ "$WAN1GW" != "0.0.0.0" ]; then if [ "1" = `ping -c 1 $WAN1GW 2>/dev/null | awk '/packets received/ {print $4}'` ]; then WAN1ALIVE=1 echo "wan1alive" fi fi TARGET=`ip -4 route list 0/0 | awk -v gate="via "$WAN2_GATEWAY '$0 ~ gate {print $3}'` if [ ! -z "$TARGET" ]; then WAN2USING=1 echo "wan2using" fi if [ "$WAN1ALIVE" = "1" ] && [ "$WAN2USING" = "1" ]; then /jffs/etc/config/wan1.up echo "Changed active WAN port to 1!" fi if [ "$WAN1ALIVE" = "0" ] && [ "$WAN2USING" = "0" ]; then if [ "1" = `ping -c 1 $WAN2_GATEWAY 2>/dev/null | awk '/packets received/ {print $4}'` ]; then /jffs/etc/config/wan2.up echo "Changed active WAN port to 2!" fi fi done; This long piece of code can be described in words as follows. Every n seconds we check:
- The current gateway address of the main channel. It is stored in the wan_gateway variable in the nvram and is automatically assigned when the main gateway receives the dhcp settings from the main provider. If this address is not equal to “0.0.0.0”, and “0.0.0.0” it is equal when the address cannot be obtained, that is, the provider is lying, we ping it and in the case of a response set the WAN1ALIVE flag to one, that is, the main channel supposed to work.
- Whether the address of the backup gateway is in the routing table. If present, then set the flag WAN2USING = 1, that is, at the moment the backup Internet channel is used.
- If the main channel works and the backup channel is used, then switch to the main channel Internet.
- If the main channel does not work and the backup channel is not used, then we test the availability of the backup channel gateway and switch to the working reserve.
The script include the main channel wan1.up:
#!/bin/sh # WAN1 DEV=vlan2 GATEWAY=`nvram get wan_gateway` DNS1=8.8.8.8 DNS2=8.8.4.4 nvram set wan_dns="$DNS1 $DNS2" while ip route del default; do :; done ip route add default via $GATEWAY dev $DEV echo "nameserver $DNS1" >/tmp/resolv.dnsmasq echo "nameserver $DNS2" >>/tmp/resolv.dnsmasq pr="$(ps|awk '/dnsmasq/ {print $1}')" kill -9 $pr dnsmasq --conf-file=/tmp/dnsmasq.conf Everything is simple here. Removed all default gateways. Yes, there may be several of them: if after restarting the router the main channel was unavailable, then the backup Internet is turned on and we have one default gateway. If the main channel then starts working, dd-wrt adds another default gateway. There's nothing to be done. I didn’t want to think long and a dirty hack appeared:
while ip route del default; do :; done while ip route del default; do :; done while ip route del default; do :; done , namely, to delete all the default gateways until an error occurs due to the fact that there are no more gateways. Ugly, think how best.After all the default gateways have been deleted, we will add a new gateway, which is recorded in the variable wan_gateway nvram (the dd-wrt logic recorded it when receiving parameters from the main provider). Replace dns with dns google, kill the dnsmasq process and run this process again.
The script to enable the backup channel wan2.up is arranged in the same way, but the gateway address is taken from the variable wan2_gateway nvram and the interface associated with the 4th port of the router is used.
#!/bin/sh # WAN2 DEV=vlan3 GATEWAY=`nvram get wan2_gateway` DNS1=8.8.8.8 DNS2=8.8.4.4 nvram set wan_dns="$DNS1 $DNS2" while ip route del default; do :; done ip route add default via $GATEWAY dev $DEV echo "nameserver $DNS1" >/tmp/resolv.dnsmasq echo "nameserver $DNS2" >>/tmp/resolv.dnsmasq pr="$(ps|awk '/dnsmasq/ {print $1}')" kill -9 $pr dnsmasq --conf-file=/tmp/dnsmasq.conf There is a small script vlan3.wanup, which runs after the WAN has been raised, immediately after the firewall turns on:
#!/bin/sh iptables -t nat -A POSTROUTING -o $(nvram get wan2_ifname) -j SNAT --to $(nvram get wan2_ipaddr) The purpose of the script is to add a rule for Nata through the backup interface.
Now you can reboot the router and test. All scripts were taken from my router that lives its own life and tests the resulting configuration for a long time.
Generalized script
We insert the following sheet into the telnet \ ssh window and press "Enter":
nvram set vlan0ports="1 2 3 5*" nvram set vlan1ports="3 2 1 8*" nvram set vlan3ports="4 8" nvram set vlan3hwname=et0 nvram commit mkdir -p /jffs/etc/config cat << 'EOF' > /jffs/etc/config/vlan3.startup #!/bin/sh WAN2_IFNAME=vlan3 WAN2_IPADDR=192.168.100.200 WAN2_GATEWAY=192.168.100.1 WAN2_NETMASK=255.255.255.0 if [ "$(nvram get wan2_ipaddr)" != "$WAN2_IPADDR" ]; then nvram set wan2_ifname=$WAN2_IFNAME nvram set wan2_ipaddr=$WAN2_IPADDR nvram set wan2_gateway=$WAN2_GATEWAY nvram set wan2_netmask=$WAN2_NETMASK nvram commit fi ifconfig $(nvram get wan2_ifname) up $(nvram get wan2_ipaddr) netmask $(nvram get wan2_netmask) INTERVAL=30 while sleep $INTERVAL do WAN1ALIVE=0 WAN2USING=0 WAN1GW=`nvram get wan_gateway` echo "check" if [ "$WAN1GW" != "0.0.0.0" ]; then if [ "1" = `ping -c 1 $WAN1GW 2>/dev/null | awk '/packets received/ {print $4}'` ]; then WAN1ALIVE=1 echo "wan1alive" fi fi TARGET=`ip -4 route list 0/0 | awk -v gate="via "$WAN2_GATEWAY '$0 ~ gate {print $3}'` if [ ! -z "$TARGET" ]; then WAN2USING=1 echo "wan2using" fi if [ "$WAN1ALIVE" = "1" ] && [ "$WAN2USING" = "1" ]; then /jffs/etc/config/wan1.up echo "Changed active WAN port to 1!" fi if [ "$WAN1ALIVE" = "0" ] && [ "$WAN2USING" = "0" ]; then if [ "1" = `ping -c 1 $WAN2_GATEWAY 2>/dev/null | awk '/packets received/ {print $4}'` ]; then /jffs/etc/config/wan2.up echo "Changed active WAN port to 2!" fi fi done; EOF chmod +x /jffs/etc/config/vlan3.startup cat << 'EOF' > /jffs/etc/config/vlan3.wanup #!/bin/sh iptables -t nat -A POSTROUTING -o $(nvram get wan2_ifname) -j SNAT --to $(nvram get wan2_ipaddr) EOF chmod +x /jffs/etc/config/vlan3.wanup cat << 'EOF' > /jffs/etc/config/wan1.up #!/bin/sh # WAN1 DEV=vlan2 GATEWAY=`nvram get wan_gateway` DNS1=8.8.8.8 DNS2=8.8.4.4 nvram set wan_dns="$DNS1 $DNS2" #`ip -4 route list 0/0 | awk '/default via/ {print "ip route delete default"}'` | sh # ip route delete default while ip route del default; do :; done ip route add default via $GATEWAY dev $DEV echo "nameserver $DNS1" >/tmp/resolv.dnsmasq echo "nameserver $DNS2" >>/tmp/resolv.dnsmasq pr="$(ps|awk '/dnsmasq/ {print $1}')" kill -9 $pr dnsmasq --conf-file=/tmp/dnsmasq.conf EOF chmod +x vi /jffs/etc/config/wan1.up cat << 'EOF' > /jffs/etc/config/wan2.up #!/bin/sh # WAN2 DEV=vlan3 GATEWAY=`nvram get wan2_gateway` DNS1=8.8.8.8 DNS2=8.8.4.4 nvram set wan_dns="$DNS1 $DNS2" #`ip -4 route list 0/0 | awk '/default via/ {print "ip route delete default"}'`|sh # ip route delete default while ip route del default; do :; done ip route add default via $GATEWAY dev $DEV echo "nameserver $DNS1" >/tmp/resolv.dnsmasq echo "nameserver $DNS2" >>/tmp/resolv.dnsmasq pr="$(ps|awk '/dnsmasq/ {print $1}')" kill -9 $pr dnsmasq --conf-file=/tmp/dnsmasq.conf EOF chmod +x /jffs/etc/config/wan2.up Of course, one can and should be corrected \ add much, but my goal, namely to quickly fasten the backup channel at home, has been completed. The main trouble is the firewall and port forwarding when working with the backup channel, I did not need them, so I did not configure. For those who need to - supplement the vlan3.wanup script. Good luck in your sequels!
Article ideas were gleaned from the dd-wrt wiki .
Source: https://habr.com/ru/post/263163/
All Articles