The mwan3 with IPsec does not work in a failover scenario as expected.
Because the default table is used for an lookup which traffic should be
encrypt.
The traffic for encryption is sent out on the interface with the lowest
metric. No matter which interface is currently seen as connected by the
mwan3.
In order for this that mwan3 could work with IPsec, an additional metric
is set that indicates which interface is currently connected. And the
interface with the lowest 'online_metric' is used as the IPsec interface.
If the interface is not considered connected by the mwan3, then the
online_metric for this interface is not set and the next route with an
higher metric is used.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If we set the option "local_source" in the globals mwan3 section to "none",
traffic generated by the router it self will always use the default route from
the wan interface with the lowest metric. If this interface is down
the router traffic still uses the connection with the lowest metric but
this is disconnected. Load balancing and failover from the lan site is
still possible. Only router generated traffic is not load balanced and
could not use failover.
To solve this issue with router initiated traffic add the additional
option "online_metric" to the mwan3 interface section.
If the interface is connected then this lower "online metric" is set in the
default routing table.
With this change we have at least a failover with router initiated
traffic.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>