1 (edytowany przez Konrad_1992 2017-12-25 20:41:06)

Temat: TP-LINK TD-W8970 lede mwan3

Witam.

Mam problem z konfiguracją mwan3 na routerze TP-LINK TD-W8970, występuje on na Lede jak i na CC.

Konfiguracja:

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fdfc:b074:29e4::/48'

config dsl 'dsl'
    option annex 'a'
    option tone 'av'
    option xfer_mode 'atm'

config interface 'lan'
    option type 'bridge'
    option ifname 'eth0.1'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config interface 'wan'
    option ifname 'nas0'
    option proto 'pppoa'
    option encaps 'vc'
    option vci '35'
    option vpi '0'
    option atmdev '0'
    option username 'xxxx@neostrada.pl'
    option password 'xxxx'
    option ipv6 '0'
    option delegate '0'
    option metric '10'

config device 'wan_dev'
    option name 'nas0'
    option macaddr '14:cc:20:ac:94:bf'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '0 2 4 5 6t'

config interface 'wan2'
    option proto 'l2tp'
    option delegate '0'
    option server 'germany.privateinternetaccess.com'
    option username 'xxxx'
    option password 'xxxx'
    option ipv6 '0'
    option metric '20'
config defaults
    option syn_flood '1'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'
    option network 'lan'

config zone
    option name 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
    option network 'wan wan2'

config forwarding
    option src 'lan'
    option dest 'wan'


config rule
    option name 'Allow-DHCP-Renew'
    option src 'wan'
    option proto 'udp'
    option dest_port '68'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-IGMP'
    option src 'wan'
    option proto 'igmp'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-DHCPv6'
    option src 'wan'
    option proto 'udp'
    option src_ip 'fc00::/6'
    option dest_ip 'fc00::/6'
    option dest_port '546'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-MLD'
    option src 'wan'
    option proto 'icmp'
    option src_ip 'fe80::/10'
    list icmp_type '130/0'
    list icmp_type '131/0'
    list icmp_type '132/0'
    list icmp_type '143/0'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Input'
    option src 'wan'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'router-solicitation'
    list icmp_type 'neighbour-solicitation'
    list icmp_type 'router-advertisement'
    list icmp_type 'neighbour-advertisement'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Forward'
    option src 'wan'
    option dest '*'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config include
    option path '/etc/firewall.user'

config rule
    option src 'wan'
    option dest 'lan'
    option proto 'esp'
    option target 'ACCEPT'

config rule
    option src 'wan'
    option dest 'lan'
    option dest_port '500'
    option proto 'udp'
    option target 'ACCEPT'
config interface 'wan2'
    list track_ip '8.8.8.8'
    list track_ip '208.67.220.220'
    option reliability '1'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'
    option enabled '1'

config interface 'wan'
    option enabled '1'
    list track_ip '8.8.4.4'
    list track_ip '8.8.8.8'
    list track_ip '208.67.222.222'
    list track_ip '208.67.220.220'
    option reliability '2'
    option count '1'
    option timeout '2'
    option interval '5'
    option down '3'
    option up '8'

config rule 'ip'
    option src_ip 'moje-ip.eu'
    option dest_ip 'moje-ip.eu'
    option proto 'all'
    option use_policy 'wan2_only'
    option sticky '1'

config rule 'default_rule'
    option dest_ip '0.0.0.0/0'
    option proto 'all'
    option sticky '0'
    option use_policy 'wan_only'

config member 'wan_m1_w3'
    option interface 'wan'
    option metric '1'
    option weight '3'

config member 'wan_m2_w3'
    option interface 'wan'
    option metric '2'
    option weight '3'

config member 'wan2_m1_w2'
    option interface 'wan2'
    option metric '1'
    option weight '2'

config member 'wan2_m2_w2'
    option interface 'wan2'
    option metric '2'
    option weight '2'

config policy 'wan_only'
    list use_member 'wan_m1_w3'

config policy 'wan2_only'
    list use_member 'wan2_m1_w2'

config policy 'balanced'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m1_w2'

config policy 'wan_wan2'
    list use_member 'wan_m1_w3'
    list use_member 'wan2_m2_w2'

config policy 'wan2_wan'
    list use_member 'wan_m2_w3'
    list use_member 'wan2_m1_w2'

Fragment logu:

Mon Dec 25 18:21:54 2017 user.notice mwan3: ifup interface wan2 (l2tp-wan2)
Mon Dec 25 18:21:57 2017 user.notice firewall: Reloading firewall due to ifup of wan2 (l2tp-wan2)
Mon Dec 25 18:21:58 2017 user.notice mwan3: ifup interface wan (pppoa-wan)
Mon Dec 25 18:22:00 2017 user.notice firewall: Reloading firewall due to ifup of wan (pppoa-wan)
Mon Dec 25 18:22:14 2017 authpriv.info dropbear[15677]: Child connection from 192.168.0.133:50255
Mon Dec 25 18:22:17 2017 user.notice mwan3track: Interface wan2 (l2tp-wan2) is offline
Mon Dec 25 18:22:18 2017 user.notice mwan3: ifdown interface wan2 (l2tp-wan2)

Po uruchomieniu mwan3 łącze wan2 przestaje funkcjonować, nie da się przez ten interfejs wykonać pingu przez co mwan prawdopodobnie unieruchamia łącze. Proszę o pomoc w znalezieniu błędu w konfiguracji.