Try ssh-ing into the router and running "ping hostname-you-are-having-trouble-with", post the result of that, (is it the right ip?), the result of 'ip route get ip-ping-tried-to-talk-to' and the output of 'iptables-save' and 'ip rule' and 'ip route'. Most likely it should be possible to figure out what's up from that.
On Sun, Jan 5, 2014 at 5:41 PM, Marco Gaiarin <[email protected]> wrote: > > I'm new to OpenWRT, but i'm old GNU/Linux user (mostly, Debian), and i've > flashed my first router some weeks ago, mostly to became a gateway for a > branch office for a nonprofit association, that use connectivity from the > bulding where reside. > Before every writing, i'm really astonished of the OpenWRT project, very > cool!!! My thanks to all the staff!!! > > > But go to the touble. Little explanation: > > Server 'rita', in main office, have static and public IP access, while > OpenWRT router, 'alice', are behind a natted network (10.0.0.0/24); I've > used 'backfire' (10.03.1). > With my knowledge on openvpn, this have nothing to do with the trouble i > will explain. But... > > I'm a long standing user of OpenVPN, and mostly i use it for ''static'' > tunnels, so in p2p/udp mode. > > > So i've setup the tunnel (on openwrt side) adding in /etc/config/network: > > config 'interface' 'vpn' > option 'proto' 'none' > option 'ifname' 'tun1' > > and then on /etc/config/openvpn: > > config 'openvpn' 'custom_config_rita' > option 'config' '/etc/openvpn/rita.conf' > option 'enable' '1' > > (as openvpn user, i've setup some configuration file that i use, so i > prefere that method of configuration; clearly, that configuration use 'ping' > mode to keepalive the tunnel). > > After that i've setup also /etc/config/firewall, adding: > > config zone > option name 'vpn' > option network 'vpn' > option input 'ACCEPT' > option output 'ACCEPT' > option forward 'REJECT' > > [...] > config forwarding > option dest 'lan' > option src 'vpn' > > config forwarding > option dest 'vpn' > option src 'lan' > [...] > config 'rule' > option 'target' 'ACCEPT' > option 'dest_port' '17201' > option 'src' 'wan' > option 'proto' 'udp' > option 'family' 'ipv4' > > and all seems to work as expected. But i need to resolv the local domain > into the local server 'rita', so i've added in /etc/config/dhcp: > > config 'dnsmasq' > [...] > option 'domain' 'my.local.dom' > list 'server' '/my.local.dom/10.172.1.1' > > With 'tshark' on the 'rita' server side, i can see DNS request asked and > correctly replyed, but 'alice', the diagnostic tools on web interface, > or using ping on shell, reply 'bad address'. > > > I've also tried to adding manually some ''wildcard'' rules, like: > > iptables -I INPUT -i tun+ -j ACCEPT > iptables -I OUTPUT -o tun+ -j ACCEPT > iptables -I FORWARD -i tun+ -j ACCEPT > iptables -I FORWARD -o tun+ -j ACCEPT > > but nothing changed. Also, strange, dnsmasqd seems to listen on all > interfaces: > root@alice:~# netstat -nlp | grep 53 > tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN > 25680/dnsmasq > udp 0 0 0.0.0.0:53 0.0.0.0:* > 25680/dnsmasq > > > So, seems to me there's no firewall nor listening IP limitation trouble, and > really i don't know where to hit my head. > > > Thanks. > > -- > Stiamo arrivando a Beziers. Attento alle curve. > (Claudio, in auto con Igor diretto in Spagna) > _______________________________________________ > openwrt-users mailing list > [email protected] > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
