Hi, > Regarding the issue you have found, I have not been able to reproduce > it. Could you let me know the command you use to port scan the router? nmap -sU -p 4341,4342 <ipv4-address of openwrt router>
> When the router crashes, are you able to SSH to the machine? If yes,
> could you check if lisptun0 interface and routes are still there?
I have to double check this, but I think that the routes are there, and
the rules also.
Because if I restart oor I see all the rules doubled, so I guess that
they are not deleted by oor.
Thanks again
Holger
>
> Thanks
>
> Albert
>
> On 13/09/16 15:01, Holger Zuleger wrote:
>> Hi Albert,
>>
>> thanks for the feedback.
>>
>>> First of all sorry for the delay. We were on holidays. I will try to
>>> answer inline.
>>>
>>>> The first problem with this config was, that the oor process didn't
>>>> startup, because the pppoe-wan interface wasn't up at the oor startup
>>>> time. I changed the startup script to wait for the pppoe-wan interface
>>>> to come up before starting oor.
>>> Good
>> Just if someone needs a similar functionality:
>>
>> root@OpenWrt:~# cat /etc/init.d/oor
>> #!/bin/sh /etc/rc.common
>>
>> START=30
>> STOP=80
>>
>> start() {
>> echo "Stopping previous oor process ..."
>> killall oor &> /dev/null
>> rm /var/run/oor.pid
>>
>> echo "Starting Open Overlay Router ..."
>> i=1
>> until ifconfig pppoe-wan 2>&1 > /dev/null
>> do
>> echo "waiting for pppoe-wan interface up"
>> sleep $i
>> i=`expr $i + 1`
>> test $i -gt 5 && break
>> done
>> /usr/sbin/oor -D
>> }
>>
>> stop() {
>> echo "Stopping Open Overlay Router ..."
>> killall oor
>> }
>>
>>
>>> OOR routing use rule to redirect traffic to lisptun0.
>>> For instance:
>>> #ip -6 rule
>>> 0: from all lookup local
>>> 99: from all to 2a03:3e00:ff01:1::1/64 lookup main
>>> 100: from 2a03:3e00:ff01:1::1/64 lookup 100
>>> 32766: from all lookup main
>>>
>>> #ip -6 route show table 100
>>> default dev lispTun0 proto static metric 100
>> Yes, this is (more or less) how it looks here too.
>>
>>>> My guess is, that it has something to do with the (wrong) firewall
>>>> setting, wich is a bit of mystery for me.
>>> Yes, this could be the reason. We also not have many experience with the
>>> firewall of OpenWRT
>>> We add this changes to the basic configuration of the firewall to make
>>> it work:
>>>
>>> config defaults
>>> option syn_flood '1'
>>> option input 'ACCEPT'
>>> option output 'ACCEPT'
>>> option forward '*ACCEPT*'
>> I guess this is the trick!
>>
>> Now it works. Great!
>>
>> However, now I have to play around with the firewall settings again to
>> protect my hosts. But this is a different story...
>>
>>
>> What's left open is the issue with the crashing oor process if I do a
>> port scan.
>> Now I even don't see the log message. The oor daemon just crashes
>> immediately if I send a UDP port scan to the (IPv4) wan IP address.
>> Of course that's a big problem...
>>
>> Have anyone seen something similar running oor on an openwrt box
>> (probably on a ppp-interface)?
>>
>> Thanks so far, best regards
>> Holger
>>
>
>
--
HZNET / Zur Röderburg 6 / D-35315 Homberg/Ohm-Höingen /
mailto:holger.zule...@hznet.de / xmpp:h...@jabber.hznet.de /
http://www.hznet.de / tel:+49 6633 642022
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list Users@openoverlayrouter.org http://mail.openoverlayrouter.org/cgi-bin/mailman/listinfo/users
