New configuration for the multi-wan monitoring


(Filippo Carletti) #1

Last week, me and @giacomo spent some time working on a new configuration for the multi-wan monitoring.
The basic change is that now the “ping IP” (AKA check IP) is global and you don’t need to input one IP for every connection. This also permits to delete the code that tries to auto-detect the right IP.
And we can delete the static routes too.
We did a short and simple test, it worked fine.
Now we’re waiting to see if shorewall will implement the needed modifications.

Here’s the shorewall-users mailing list thread for reference:
https://sourceforge.net/p/shorewall/mailman/message/34525119/

Meanwhile, if someone is interested in testing the new implementation, feel free to ask here.


Using two Wans on nethserver
WAN Link not getting switched to WAN2 if WAN1 is down
(Alessio Fattorini) #2

Good news, thanks for your effort, it looks a smart solution.
I’m sure that @nas @Adam @bsprakash @jgjimenezs and @JOduMonT are interested to test it out


(Adam) #3

I’d be interested in testing this. What about customizing the intervals via web GUI? Was that addressed? Or are there plans to address it?


(Giacomo Sanchietti) #4

Currently there isn’t any implementation fort this but is not hard.
The real question is: which parameters do you want to customize?
These are the available options:

max_packet_loss=15
max_successive_pkts_lost=7
min_packet_loss=5
min_successive_pkts_rcvd=10
interval_ms=1000
timeout_ms=1000

It’s very hard to tune this parameters and IHMO the average user doesn’t bother.


(Adam) #5

These are the available settings in SonicWall routers:

I guess I was looking for something similar.


(Giacomo Sanchietti) #6

You’re right but it depends on the daemon used to check the connectivity.
We use LSM: http://lsm.foobar.fi/


(Giacomo Sanchietti) #7

Just a preview of the new web interface:

What do you think @Adam?


(Alessio Fattorini) #8

I LOVE such previews :heart:


(Adam) #9

Very nice improvement! I can’t wait to test this!

I wasn’t aware that you could put multiple IPs in the Check IP field. What does that accomplish? Does it ping both simultaneously on all WAN connections?


(Giacomo Sanchietti) #10

Yes. And the link goes down if all CheckIPs are unreachable.


(Adam) #11

Very cool! I like that a lot more than being dependent on one check server. Please do let me know when this is ready for testing. :smiley:


(Filippo Carletti) #12

This new multi-wan implementation has two pre-requisites: the latest version of lsm (0.190) which contains a fix to use more than one checkip and the next version of shorewall (the new implementation is already available in shorewall 5.0.2beta1).
As soon as shorewall 5.0.2 is released, we should be able to release a test version of multi wan.


(Giacomo Sanchietti) #13

The new implementation is available for testing and it’s working even with current release of Shorewall with some hacks.

I’d love a long and accurate testing for this feature. If anyone want to put it on production environment, feel free to quickly ask support to me or @filippo_carletti (but please, take care to study a little Linux routing before :wink: )

Reference issue: http://dev.nethserver.org/issues/3289


(Alessio Fattorini) #14

@nas , @mabeleira, @medworthy, @dz00te, @jgjimenezs, @JOduMonT, @GG_jr, @Adam that’s your match :smile:


(Adam) #15

How do I view ip rules and ip routes? I’m looking in /etc/shorewall/rules, /etc/shorewall/rtrules, and other config files… is that right?


(Giacomo Sanchietti) #16

Nope :smile:
You must use ip command.
Some examples:

ip route
ip rule
ip route show table balance

See also: http://lartc.org/howto/

But, do not focus too much on this, as first steps just tests the feature as “how you expect it should work”.
In other words check if the behavior is good and hosts inside the LAN can access the internet even when a providers change its state :wink:


November 2015 Development Updates
(Adam) #17

Thanks. I was trying to investigate some routing issues. I’ll post my findings on redmine in a few minutes.


(Giacomo Sanchietti) #18

Fixed the update process. @Adam have you got a little spare time to try it? :smile:


(Adam) #19

I’m on it! :smiley:


(Giacomo Sanchietti) #20

Thank you, I just saw the bug is verified!