I'm new to OpenWRT, but i'm old GNU/Linux user (mostly, Debian), and i've
flashed my first router some weeks ago, mostly to became a gateway for a
branch office for a nonprofit association, that use connectivity from the
bulding where reside.
Before every writing, i'm really astonished of the OpenWRT project, very
cool!!! My thanks to all the staff!!!
But go to the touble. Little explanation:
Server 'rita', in main office, have static and public IP access, while
OpenWRT router, 'alice', are behind a natted network (10.0.0.0/24); I've
used 'backfire' (10.03.1).
With my knowledge on openvpn, this have nothing to do with the trouble i
will explain. But...
I'm a long standing user of OpenVPN, and mostly i use it for ''static''
tunnels, so in p2p/udp mode.
So i've setup the tunnel (on openwrt side) adding in /etc/config/network:
config 'interface' 'vpn'
option 'proto' 'none'
option 'ifname' 'tun1'
and then on /etc/config/openvpn:
config 'openvpn' 'custom_config_rita'
option 'config' '/etc/openvpn/rita.conf'
option 'enable' '1'
(as openvpn user, i've setup some configuration file that i use, so i
prefere that method of configuration; clearly, that configuration use 'ping'
mode to keepalive the tunnel).
After that i've setup also /etc/config/firewall, adding:
config zone
option name 'vpn'
option network 'vpn'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
[...]
config forwarding
option dest 'lan'
option src 'vpn'
config forwarding
option dest 'vpn'
option src 'lan'
[...]
config 'rule'
option 'target' 'ACCEPT'
option 'dest_port' '17201'
option 'src' 'wan'
option 'proto' 'udp'
option 'family' 'ipv4'
and all seems to work as expected. But i need to resolv the local domain
into the local server 'rita', so i've added in /etc/config/dhcp:
config 'dnsmasq'
[...]
option 'domain' 'my.local.dom'
list 'server' '/my.local.dom/10.172.1.1'
With 'tshark' on the 'rita' server side, i can see DNS request asked and
correctly replyed, but 'alice', the diagnostic tools on web interface,
or using ping on shell, reply 'bad address'.
I've also tried to adding manually some ''wildcard'' rules, like:
iptables -I INPUT -i tun+ -j ACCEPT
iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT
but nothing changed. Also, strange, dnsmasqd seems to listen on all
interfaces:
root@alice:~# netstat -nlp | grep 53
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
25680/dnsmasq
udp 0 0 0.0.0.0:53 0.0.0.0:*
25680/dnsmasq
So, seems to me there's no firewall nor listening IP limitation trouble, and
really i don't know where to hit my head.
Thanks.
--
Stiamo arrivando a Beziers. Attento alle curve.
(Claudio, in auto con Igor diretto in Spagna)
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
