🇬🇧 𝗢𝗽𝗲𝗻𝗪𝗿𝘁, 𝗺𝘄𝗮𝗻𝟯 𝗮𝗻𝗱 𝗱𝗲𝗳𝗮𝘂𝗹𝘁 𝗿𝗼𝘂𝘁𝗲 𝗳𝗼𝗿 𝗜𝗣𝘀𝗲𝗰 𝘁𝘂𝗻𝗻𝗲𝗹
OpenWrt mwan3 and IPsec failover: Resolve default route issues for seamless internet & VPN redundancy. Learn how to configure mwan3.user for automatic metric adjustments and IPsec tunnel switching.
https://dariusz.wieckiewicz.org/en/openwrt-mwan3-default-route-ipsec/
#OpenWrt
#ipsec
#wireguard
#mwan3
#defaultroute
#iproute
#failover
OK, finally figured out why #openwrt's #mwan3 was acting as a load balancer not a failover system.
The advice all over the Internet is "Give all your interfaces metrics".
This is probably true, but mwan3 will ignore the metrics unless you also do some additional set up. Specifically in MultiWan manager's Rules tabs are listed three "rules" by default. Two of these should be deleted (the IPv6 rule and the HTTPS rule. The former is silly, the latter is apparently an example, and useless.)
But the middle rule, "default_rule_v4" needs modifying to use the 'wan_wanb' policy. Edit it and that will fix the fact it's load balancing instead of failovering.
How does that use the metrics? Well, it doesn't use THE Interface metrics. Instead it uses the "Member" metrics. wan_wanb is a policy that says "Use members wan_m1_w3 and wanb_m2_w2 for routing stuff". And in Members, wan_m1_w3 is a "member" that has a metric of 1, and wanb_m2_w2 is a "member" that has a metric of 2.
It's THOSE metrics that are actually important. Despite everything I read on the Internet suggesting it was the Interface metrics that mattered.
So... I think the thing is finally working. It only took 3-4 days to figure it all out. I am not 14 years old! I am too old to do this kind of thing!
Guys, please make the documentation match the stuff you're installing.
Bon, et maintenant, comment qu'on passe du load balancing, qui ne m'intéresse que très peu, à un failover ?
Tu sais ça, Mastodon ?
Dariusz Więckiewicz 
#?.info 
Hambone Fakenamington
Dave Smith has moved
Lanza
George Dorn