Hi. > I have installed "Attitude adjustment" 12.09 with 2.2.2 OpenVpn.
That is not supported anymore, use a current release. > I know these are quite old, but have less memory foot print (also I > do not need IPv6, which I couldn't switch off on 15.x version) uci del network.globals.ula_prefix uci commit network /etc/init.d/odhcpd disable reboot - I have about 12M > RAM, when openvpn is running about 6M what is convenient for me. OpenVPN (or rather OpenSSL) in 12.09 has several known security vulnerabilities. > For testing I have use my home router (here is my "lab") connected to > the internet using UPC cable - this suppose to be the server. The > client connected through USB stick (HUAWEI E3372 LTE) connected to a > Raspberry PI which is a gateway for the client router. In other words > client router is connected to RPI ethernet adapter through wan > interface and it could reach internet and my server router on > internet. > > The routers configuration, resulting settings and logs are on > pastebin: server side (tovis-lab): http://pastebin.com/3VRAadXz > client side (tovis-lak): http://pastebin.com/h8Ctfmx2 server side LAN > is 192.168.1.0 255.255.255.0 tunnel is 10.8.0.1 client side LAN is > 192.168.2.0 255.255.255.0 tunnel is 10.8.0.6 > > At now the connection is established and working! - but it's like > "half duplex". The client could reach the LAN on the server side, but > the server can not reach the client side. That is because there is no route to the clients LAN via the clients VPN IP 10.8.0.6. Take a look at https://community.openvpn.net/openvpn/wiki/RoutedLans. > From the server side I can only ping the client side tun address > 10.8.0.6 (and of course own tun 10.8.0.1). I have install tcpdump on > RPI, when I ping the client side tun interface 10.8.0.6 I can see > incoming/outgoing packages, but when I try to ping router's LAN side > 192.168.2.254 no sign of packages. At now I have only one box at the > client side what I can not access either - no ping no ssh. > > I suspect iptables on server side. I have tried several settings > found on openwrt site and openvpn site, and some others (blogs and > etc.) But no one was helped :( it is quite complex (for me) to > understand in every details. (Also I've several times confused by uci > and native iptables commands.) I know that people love to blame firewalls for any network problem but in general you can roughly categorize the problem like that: If you get no ping result at all or if you get "Destination network unreachable" then you have a routing problem. If you get "destination port unreachable" then your traffic is firewalled. HTH, Jow _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
