Hi! Thanks for the quick answer! > Hi. > >> I have installed "Attitude adjustment" 12.09 with 2.2.2 OpenVpn. > > That is not supported anymore, use a current release. > >> I know these are quite old, but have less memory foot print (also I >> do not need IPv6, which I couldn't switch off on 15.x version) > > uci del network.globals.ula_prefix > uci commit network > /etc/init.d/odhcpd disable > reboot > Thanks a lot! I will try it out! OFF: I'm planning to expand memory, but it is risky. > - I have about 12M >> RAM, when openvpn is running about 6M what is convenient for me. > > OpenVPN (or rather OpenSSL) in 12.09 has several known security > vulnerabilities. > >> For testing I have use my home router (here is my "lab") connected to >> the internet using UPC cable - this suppose to be the server. The >> client connected through USB stick (HUAWEI E3372 LTE) connected to a >> Raspberry PI which is a gateway for the client router. In other words >> client router is connected to RPI ethernet adapter through wan >> interface and it could reach internet and my server router on >> internet. >> >> The routers configuration, resulting settings and logs are on >> pastebin: server side (tovis-lab): http://pastebin.com/3VRAadXz >> client side (tovis-lak): http://pastebin.com/h8Ctfmx2 server side LAN >> is 192.168.1.0 255.255.255.0 tunnel is 10.8.0.1 client side LAN is >> 192.168.2.0 255.255.255.0 tunnel is 10.8.0.6 >> >> At now the connection is established and working! - but it's like >> "half duplex". The client could reach the LAN on the server side, but >> the server can not reach the client side. > > That is because there is no route to the clients LAN via the clients VPN > IP 10.8.0.6. Take a look at > https://community.openvpn.net/openvpn/wiki/RoutedLans. > I have seen this document - I will reread. >> From the server side I can only ping the client side tun address >> 10.8.0.6 (and of course own tun 10.8.0.1). I have install tcpdump on >> RPI, when I ping the client side tun interface 10.8.0.6 I can see >> incoming/outgoing packages, but when I try to ping router's LAN side >> 192.168.2.254 no sign of packages. At now I have only one box at the >> client side what I can not access either - no ping no ssh. >> >> I suspect iptables on server side. I have tried several settings >> found on openwrt site and openvpn site, and some others (blogs and >> etc.) But no one was helped :( it is quite complex (for me) to >> understand in every details. (Also I've several times confused by uci >> and native iptables commands.) > > I know that people love to blame firewalls for any network problem but > in general you can roughly categorize the problem like that: > > If you get no ping result at all or if you get "Destination network > unreachable" then you have a routing problem. > > If you get "destination port unreachable" then your traffic is firewalled. > What if I do not have any of these? - I could only break the command using Ctrl+C and I have a message that it was send x packages and receive 0 packages :(
> HTH, > Jow > _______________________________________________ > openwrt-users mailing list > [email protected] > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users > > Sincerely tovis _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
