Hi,
I have a wierd problem with a wan loadbalancing in vyos 1.3.4. If I set it up like below no traffic will pass trough the router not even from lan to wan ip of the router.
Setup, I have a vyos box with 2 nic.
On nic eth0 has two ISP connectec. VLAN 301 and VLAN 311 both have static IPs, the other nic eth1 has WLAN with differen SSID / VLAN on it. VLAN 122,130,131.
Everything is working fine (DNS, DHCP) from the vyos to the WLAN Clients. The vyos can reach Internet via both ISPs.
I had source nat in place to one ISP. Now I want bloadbalnce both.
If should be a pretty easy tusk, the only twist is, clients try to connect our ISP assigned networks (/28) should not go to the outside. Like Client is loadbalance to ISP A and then goes to the internet to reach ISP B. That why I added the exclusion from the loadbalancing for the /28 Networks from Loadbalancing and added some native source nat only for this destination.
Since there are 3 SSIDs and 3 VLAN many rules needed to be duplicated since with vyos I couldn’t use network groups here. (or at least with 1.3.4)
Maybe this is total the wrong thinking or I overcomplicated the config. Any suggestion on where to improve or make it other are wellcome. Below find attached the full config.
interfaces {
ethernet eth0 {
hw-id b8:85:84:9c:73:aa
vif 301 {
address 81.XX.YYY.78/28
description goetelnet
}
vif 311 {
address 62.AAA.BBB.42/28
description telekom
}
}
ethernet eth1 {
hw-id 0c:37:96:0a:f7:c3
vif 122 {
address 192.168.122.254/24
description "wlan vpn"
}
vif 130 {
address 192.168.130.254/24
description "wlan intern"
}
vif 131 {
address 192.168.131.254/24
description "wlan guest"
}
}
loopback lo {
}
wireless wlan0 {
disable
hw-id 74:40:bb:42:cd:8f
physical-device phy0
}
}
load-balancing {
wan {
enable-local-traffic
flush-connections
interface-health eth0.301 {
failure-count 10
nexthop 81.XX.YYY.65
success-count 3
}
interface-health eth0.311 {
failure-count 3
nexthop 62.AAA.BBB.33
success-count 3
}
rule 5 {
destination {
address 62.AAA.BBB.32/28
}
exclude
inbound-interface eth1.122
protocol all
}
rule 6 {
destination {
address 81.XX.YYY.64/28
}
exclude
inbound-interface eth1.122
protocol all
}
rule 10 {
inbound-interface eth1.122
interface eth1.301 {
weight 1
}
interface eth1.311 {
weight 1
}
protocol all
}
rule 15 {
destination {
address 62.AAA.BBB.32/28
}
exclude
inbound-interface eth.130
protocol all
}
rule 16 {
destination {
address 81.XX.YYY.64/28
}
exclude
inbound-interface eth.130
protocol all
}
rule 20 {
inbound-interface eth1.130
interface eth1.301 {
weight 1
}
interface eth1.311 {
weight 1
}
protocol all
}
rule 25 {
destination {
address 62.AAA.BBB.32/28
}
exclude
inbound-interface eth.131
protocol all
}
rule 26 {
destination {
address 81.XX.YYY.64/28
}
exclude
inbound-interface eth.131
protocol all
}
rule 30 {
inbound-interface eth1.131
interface eth1.301 {
weight 1
}
interface eth1.311 {
weight 1
}
protocol all
}
sticky-connections {
}
}
}
nat {
source {
rule 100 {
destination {
address 81.XX.YYY.64/28
}
outbound-interface eth0.301
protocol all
source {
address 192.168.130.0/24
}
translation {
address 81.XX.YYY.78
}
}
rule 110 {
destination {
address 81.XX.YYY.64/28
}
outbound-interface eth0.301
source {
address 192.168.131.0/24
}
translation {
address 81.XX.YYY.78
}
}
rule 200 {
destination {
address 62.159.236.32/28
}
outbound-interface eth0.311
protocol all
source {
address 192.168.130.0/24
}
translation {
address masquerade
}
}
rule 210 {
destination {
address 62.AAA.BBB.32/28
}
outbound-interface eth0.311
protocol all
source {
address 192.168.131.0/24
}
translation {
address masquerade
}
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 62.AAA.BBB.33 {
}
next-hop 81.XX.YYY.65 {
}
}
}
}