Hi, > Regarding the issue you have found, I have not been able to reproduce > it. Could you let me know the command you use to port scan the router? nmap -sU -p 4341,4342 <ipv4-address of openwrt router>
> When the router crashes, are you able to SSH to the machine? If yes, > could you check if lisptun0 interface and routes are still there? I have to double check this, but I think that the routes are there, and the rules also. Because if I restart oor I see all the rules doubled, so I guess that they are not deleted by oor. Thanks again Holger > > Thanks > > Albert > > On 13/09/16 15:01, Holger Zuleger wrote: >> Hi Albert, >> >> thanks for the feedback. >> >>> First of all sorry for the delay. We were on holidays. I will try to >>> answer inline. >>> >>>> The first problem with this config was, that the oor process didn't >>>> startup, because the pppoe-wan interface wasn't up at the oor startup >>>> time. I changed the startup script to wait for the pppoe-wan interface >>>> to come up before starting oor. >>> Good >> Just if someone needs a similar functionality: >> >> root@OpenWrt:~# cat /etc/init.d/oor >> #!/bin/sh /etc/rc.common >> >> START=30 >> STOP=80 >> >> start() { >> echo "Stopping previous oor process ..." >> killall oor &> /dev/null >> rm /var/run/oor.pid >> >> echo "Starting Open Overlay Router ..." >> i=1 >> until ifconfig pppoe-wan 2>&1 > /dev/null >> do >> echo "waiting for pppoe-wan interface up" >> sleep $i >> i=`expr $i + 1` >> test $i -gt 5 && break >> done >> /usr/sbin/oor -D >> } >> >> stop() { >> echo "Stopping Open Overlay Router ..." >> killall oor >> } >> >> >>> OOR routing use rule to redirect traffic to lisptun0. >>> For instance: >>> #ip -6 rule >>> 0: from all lookup local >>> 99: from all to 2a03:3e00:ff01:1::1/64 lookup main >>> 100: from 2a03:3e00:ff01:1::1/64 lookup 100 >>> 32766: from all lookup main >>> >>> #ip -6 route show table 100 >>> default dev lispTun0 proto static metric 100 >> Yes, this is (more or less) how it looks here too. >> >>>> My guess is, that it has something to do with the (wrong) firewall >>>> setting, wich is a bit of mystery for me. >>> Yes, this could be the reason. We also not have many experience with the >>> firewall of OpenWRT >>> We add this changes to the basic configuration of the firewall to make >>> it work: >>> >>> config defaults >>> option syn_flood '1' >>> option input 'ACCEPT' >>> option output 'ACCEPT' >>> option forward '*ACCEPT*' >> I guess this is the trick! >> >> Now it works. Great! >> >> However, now I have to play around with the firewall settings again to >> protect my hosts. But this is a different story... >> >> >> What's left open is the issue with the crashing oor process if I do a >> port scan. >> Now I even don't see the log message. The oor daemon just crashes >> immediately if I send a UDP port scan to the (IPv4) wan IP address. >> Of course that's a big problem... >> >> Have anyone seen something similar running oor on an openwrt box >> (probably on a ppp-interface)? >> >> Thanks so far, best regards >> Holger >> > > -- HZNET / Zur Röderburg 6 / D-35315 Homberg/Ohm-Höingen / mailto:holger.zule...@hznet.de / xmpp:h...@jabber.hznet.de / http://www.hznet.de / tel:+49 6633 642022
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list Users@openoverlayrouter.org http://mail.openoverlayrouter.org/cgi-bin/mailman/listinfo/users