WAN chains and WAN groups
WAN chains allow to configure WAN connections individually by sequencing/cascading their individual components. Components of a WAN chain can be all interfaces, like VPN interfaces and cellular interfaces or also serial interfaces. WAN chains enable to control the sequence in which the individual interfaces are established within a WAN chain. This permits for example to establish a VPN tunnel first upon the cellular connection has been established successfully. WAN chains permit the configuration of redundant WAN connections, fall backs to another WAN chain in case a connection fails or also the establishment of several VPN tunnels via different interfaces.
A WAN chain is the sequential arrangement of interfaces or WAN groups that defines the establishment of a WAN connection. The router needs at least one WAN chain to connect to a network. A WAN group is a parallel arrangement of interfaces for the use in a WAN chain that can be started or stopped together.
A WAN chain starts the interfaces required for a connection one after the other as soon as the WAN chain will be started. If an interface is inactive (i.e. disabled using the respective checkbox), it will be skipped. If the startup wizard is used, the first WAN chain will be created automatically. Further WAN chains can then be created to switch to an alternative connection in case of connection problems for example
A comparison of the interfaces will be made when changing from one WAN chain to another. If there are the same interfaces at the beginning of the WAN chain to be started as in the WAN chain that is currently being stopped, these interfaces will not even be restarted and considered as already “operating”. Only with the first different interface or the interface that has caused the termination of the WAN chain (e.g. due to a connection check failure), this and all following interfaces will be initialised and started again.
In case an interface in a WAN chain will be closed, this causes that the complete WAN chain will be closed. In case an interface in a WAN group will be closed, this does not cause that the WAN cahin containing this group will be closed.
The WAN chain defines an LTE-OpenVPN connection in the following example. The LTE modem will be started first here and then an OpenVPN tunnel will be established over the LTE connection.
The WAN chain defines an LTE-IPsec-GRE connection in the following example. The LTE modem will be started first here and then an encrypted IPsec connection will be established. The IPsec connection uses the LTE connection of the modem. If the IPsec connection has been established, the GRE tunnel will be established over the IPsec connection.
The WAN chain defines an Ethernet-OpenVPN connection with two parallel OpenVPN tunnels in the following example. The interface of an IP net which defines the Ethernet connection will be started first here (if it is a local network, it is already started). Then, a WAN group will be started that contains two OpenVPN tunnels. These two OpenVPN tunnels will be established in parallel over the Ethernet connection.