Closed pmelange closed 5 years ago
As a side note, if the WAN interface is brought down (via ifdown wan) then the DNS queries go over the smart gw. But bringing down WAN prevents the ffuplink from coming up again. So this is not an option.
This problem should also be seen on a pre Hedy-1.0.0 node, right?
I would assume that this is also a problem with earlier version of the firmware.
@SvenRoederer do you know how we could make dnsmasq use the same route as the clients on the br-dhcp interface and to fail back on br-wan if there isn't a route?
I've seen https://github.com/openwrt/packages/tree/master/net/pingcheck in the packages feed. This can run scripts when the uplink dies.
I'm unsure if it's a good idea to route all dns-traffic via the VPN too
I'm unsure if it's a good idea to route all dns-traffic via the VPN too
I agree.
Wouldn't it be possible to set up an IP rule that sends all locally generated traffic to a specific table? Normally the default table, but in this above mentioned situation, the olsr table?
This is a better URL for pingcheck https://github.com/br101/pingcheck
In combination with a ping check (possibly using the pingcheck package) I suggest the following action.
If internet not reachable via WAN
ip rule add prio 3000 iif lo lookup olsr-tunnel
else
ip rule del prio 3000 iif lo lookup olsr-tunnel
fi
With this ip rule, all locally generated traffic will go over the olsr-tunnel but any VPN connection will not (since is it bound to WAN). Also, ping -c 1 8.8.8.8 -I br-wan
works/fails as expected.
Does anyone have any comments on using this ip rule when the internet is not reachable via WAN?
not sure if this is the perfect rule, but something in this direction
Before I start implementing this, it would be great to have suggestions as to what would be better.
btw. just seen, that there is a package "freifunk-gwcheck" which might also do the job.
I don't think freifunk-gwcheck will do what we want. I think pingcheck looks promising.
probably it makes sense to combine pingcheck with the logic of the scripts of freifunk-gwcheck
it would be welcome if we tested the mentioned approach. I maintain two small sites that regularly run into the situation described.
I would highly appreciate if we (first) create some documentation about the whole routing setup and the involved tables, rules, scripts. It feels like we create a even more complex system with every commit that involves the routing.
@booo, I also think it wise to have better documentation. #565
But at the same time, I have already made a branch which solves this issue and #659.
The branch is called pingcheck in both the firmware and firmware-packages repos. Please take a look at them and let me know what you think. For example, do the rules have an acceptable prio? Is there a better way to do the uci-defaults? Is the host that I'm pinging reliable? If not, what would be a better host?
This situation is referred to in #659 but affects all the uplink types.
When a router's uplink no longer works, the router should fail over to the smart gw. This works with openvpn and tunneldigger relatively quick. But it still leaves the users without usable internet because DSL is not working.
The issue is best seen in the situation where the fritz box is still powered on, but the DSL connection is down. Dnsmasq will still try to make all DNS queries via WAN (fritz box) leaving the users with an unusable internet connection.