Hi. Thanks for your suggestion. Whit some help from openvpn mailing list I have managed to get a working setup for site-to-site vpn (my mistake was that I have gives a relative path to clients directory instead of absolute, iroute was not executed on connection). Now I give a try for new version "Chaos Calmer 15.05" again. After installation, I was apply settings you suggest: > uci del network.globals.ula_prefix > uci commit network > /etc/init.d/odhcpd disable > reboot First of all I have realize that IPv6 addresses still in near every interfaces (ifconfig) - I have disable them from /etc/rc.locale "echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6" After I look over ps and I have still working "odhcp6c -s /lib/netifd/dhcpv6.script -P0 -t120 eth0.2" Do I need it? I thought that "/etc/init.d/odhcpd disable" will prevent it to load. Any suggestions?
Sincerely tovis > Hi. > >> I have installed "Attitude adjustment" 12.09 with 2.2.2 OpenVpn. > > That is not supported anymore, use a current release. > >> I know these are quite old, but have less memory foot print (also I >> do not need IPv6, which I couldn't switch off on 15.x version) > > uci del network.globals.ula_prefix > uci commit network > /etc/init.d/odhcpd disable > reboot > > - I have about 12M >> RAM, when openvpn is running about 6M what is convenient for me. > > OpenVPN (or rather OpenSSL) in 12.09 has several known security > vulnerabilities. > >> For testing I have use my home router (here is my "lab") connected to >> the internet using UPC cable - this suppose to be the server. The >> client connected through USB stick (HUAWEI E3372 LTE) connected to a >> Raspberry PI which is a gateway for the client router. In other words >> client router is connected to RPI ethernet adapter through wan >> interface and it could reach internet and my server router on >> internet. >> >> The routers configuration, resulting settings and logs are on >> pastebin: server side (tovis-lab): http://pastebin.com/3VRAadXz >> client side (tovis-lak): http://pastebin.com/h8Ctfmx2 server side LAN >> is 192.168.1.0 255.255.255.0 tunnel is 10.8.0.1 client side LAN is >> 192.168.2.0 255.255.255.0 tunnel is 10.8.0.6 >> >> At now the connection is established and working! - but it's like >> "half duplex". The client could reach the LAN on the server side, but >> the server can not reach the client side. > > That is because there is no route to the clients LAN via the clients VPN > IP 10.8.0.6. Take a look at > https://community.openvpn.net/openvpn/wiki/RoutedLans. > >> From the server side I can only ping the client side tun address >> 10.8.0.6 (and of course own tun 10.8.0.1). I have install tcpdump on >> RPI, when I ping the client side tun interface 10.8.0.6 I can see >> incoming/outgoing packages, but when I try to ping router's LAN side >> 192.168.2.254 no sign of packages. At now I have only one box at the >> client side what I can not access either - no ping no ssh. >> >> I suspect iptables on server side. I have tried several settings >> found on openwrt site and openvpn site, and some others (blogs and >> etc.) But no one was helped :( it is quite complex (for me) to >> understand in every details. (Also I've several times confused by uci >> and native iptables commands.) > > I know that people love to blame firewalls for any network problem but > in general you can roughly categorize the problem like that: > > If you get no ping result at all or if you get "Destination network > unreachable" then you have a routing problem. > > If you get "destination port unreachable" then your traffic is firewalled. > > HTH, > Jow > _______________________________________________ > openwrt-users mailing list > [email protected] > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users > > _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
