Raspberry Pi 5 OpenWrt Multi-WAN: Cannot ping primary modem from Pi

[BBSA]

I'm setting up a Raspberry Pi 5 as my home router with a multi-WAN failover configuration, and I've run into a very strange issue with my primary internet connection.

My Setup:

Router: Raspberry Pi 5, running OpenWrt 24.10.2
Primary WAN (B618): Huawei B618-22d LTE modem.
Backup WAN (B535): Huawei B535 LTE modem (connected via a USB-to-Ethernet adapter to the Pi).

Network Configuration:

• OpenWrt LAN: 192.168.8.1/24, DHCP server enabled.
• Huawei B618-22d: IP Address 192.168.9.1, DHCP server disabled. Connected to Pi's eth0.
• Huawei B535: IP Address 192.168.10.1, DHCP server disabled. Connected to Pi's eth1.

OpenWrt Interface Configuration:

WAN_B618_Primary Interface:
Protocol: Static address
Device: eth0
IPv4 address: 192.168.9.2
IPv4 netmask: 255.255.255.0
IPv4 gateway: 192.168.9.1
Gateway Metric: 10
Firewall Zone: wan

WAN_B535_Backup Interface:
Protocol: Static address
Device: eth1
IPv4 address: 192.168.10.2
IPv4 netmask: 255.255.255.0
IPv4 gateway: 192.168.10.1
Gateway Metric: 20
Firewall Zone: wan

mwan3 is installed and configured to use WAN_B618_Primary as preferred (metric 10) and WAN_B535_Backup as backup (metric 20).

The Problem:

I am encountering a very puzzling issue with the WAN_B618_Primary connection:

• From the Raspberry Pi's SSH console, I CANNOT ping 192.168.9.1 (the B618 modem).
• However, from the Raspberry Pi's SSH console, I CAN ping 192.168.10.1 (the B535 backup modem) without any issues.

CRITICAL DETAIL:
If I connect a client device (e.g., my laptop) directly to the B618-22d's LAN port (which then gets an IP from the B618's internal range, though DHCP is off), I am able to successfully SSH to the Raspberry Pi's 192.168.9.2 IP address. This confirms that:

• The physical cable connection between the B618 and the Pi's eth0 is good.
• The Pi's eth0 interface is up, configured correctly on the 192.168.9.x subnet, and is able to receive and respond to traffic (like SSH) originating from the B618's network.

Confirmed that the B618-22d's DHCP server is disabled.

Question:
Given that SSH to the Pi via the B618-22d works, but ping from the Pi to the B618-22d fails (even with the B618's firewall disabled), what else could be preventing the Pi from reaching its primary gateway via ICMP? It seems very inconsistent. Are there any other specific settings on the B618 or OpenWrt that I should investigate for this behavior?

Any insights or diagnostic commands would be greatly appreciated!

 

[SauRoNZA]

Sounds like there is Firewalling or at least some sort of IP filtering on the B618-22d which is blocking incoming comms.

Outgoing is fine because most firewalls by default allow all.

Since you said firewalling is disabled check for anything related to access control.

But also why are you running three different IP ranges? Configured them all on the same IP range and just give them dedicated Static IP’s outside of your DHCP range. This may very well be part of your problem right there.

Unless OpenWRT is forcing it on you, it’s been a long while since I’ve used it in this kind of configuration but it should be no problem just pointing it to a gateway on the same local range and NAT might actually be the issue with your SSH setup because it essentially sees them as “on the internet” but then I would have expected neither to work.

Any chance you have a Static Route setup for the secondary router/range you don’t have for the primary? It would need to know exactly which gateway to use for which range.

 

[SauRoNZA]

What does the routing table look like?

 

[BBSA]

Sounds like there is Firewalling or at least some sort of IP filtering on the B618-22d which is blocking incoming comms.

Outgoing is fine because most firewalls by default allow all.

Since you said firewalling is disabled check for anything related to access control.

But also why are you running three different IP ranges? Configured them all on the same IP range and just give them dedicated Static IP’s outside of your DHCP range. This may very well be part of your problem right there.

Unless OpenWRT is forcing it on you, it’s been a long while since I’ve used it in this kind of configuration but it should be no problem just pointing it to a gateway on the same local range and NAT might actually be the issue with your SSH setup because it essentially sees them as “on the internet” but then I would have expected neither to work.

Any chance you have a Static Route setup for the secondary router/range you don’t have for the primary? It would need to know exactly which gateway to use for which range.

Thanks for the suggestion! I appreciate you taking the time to look at my setup.

To clarify why I'm running three different IP ranges:

It's standard practice for a router with multiple WAN connections to have each WAN on a distinct subnet from the LAN and from each other.
My Raspberry Pi (the OpenWrt router) needs to treat each modem as a gateway to a different external network.
If both WAN modems (B618 and B535) and my LAN were all on the same 192.168.8.x subnet, it would create routing ambiguities and potential conflicts for the OpenWrt router, as it would be trying to route between interfaces that appear to be on the same local broadcast domain, rather than distinct external networks. This can lead to problems like asymmetric routing issues or even IP conflicts if devices on different physical WANs accidentally pick up similar IPs.

 

[SauRoNZA]

Thanks for the suggestion! I appreciate you taking the time to look at my setup.

To clarify why I'm running three different IP ranges:

It's standard practice for a router with multiple WAN connections to have each WAN on a distinct subnet from the LAN and from each other.
My Raspberry Pi (the OpenWrt router) needs to treat each modem as a gateway to a different external network.
If both WAN modems (B618 and B535) and my LAN were all on the same 192.168.8.x subnet, it would create routing ambiguities and potential conflicts for the OpenWrt router, as it would be trying to route between interfaces that appear to be on the same local broadcast domain, rather than distinct external networks. This can lead to problems like asymmetric routing issues or even IP conflicts if devices on different physical WANs accidentally pick up similar IPs.

Makes sense, but at the same time also seems unnecessarily complex for some big maybes.

That being said I’ve always had this with direct PPPoE interfaces so my routers would automatically be different interfaces and become “transparent” anyway.

I don’t think Mwan even existed when I last did this, as I recall it was all just policy based.

I do think your problem is more than likely on the Primary Router itself considering the Secondary works fine.

Does the internet gateway part on Primary work though? Is it just ICMP and SSH that are broken?

 

[BBSA]

Makes sense, but at the same time also seems unnecessarily complex for some big maybes.

That being said I’ve always had this with direct PPPoE interfaces so my routers would automatically be different interfaces and become “transparent” anyway.

I don’t think Mwan even existed when I last did this, as I recall it was all just policy based.

I do think your problem is more than likely on the Primary Router itself considering the Secondary works fine.

Does the internet gateway part on Primary work though? Is it just ICMP and SSH that are broken?

No, the Internet doesn't work on the primary gateway, it only works on the backup.

 

[SauRoNZA]

No, the Internet doesn't work on the primary gateway, it only works on the backup.

Okay so a much deeper problem then.

 

[netstrider]

What happens if you enable DHCP on Primary WAN (B618) and set that interface on OpenWRT to obtain IP via DHCP (much like a pretend DHCP fibre setup)?