Hi Holger,

We have fixed the error you found. You can find the downloads here <https://github.com/OpenOverlayRouter/oor/wiki/Downloads>. Please, let me know if it works properly now.


Best regards

Albert


On 13/09/16 17:20, Holger Zuleger wrote:
Hi,

Regarding the issue you have found, I have not been able to reproduce
it. Could you let me know the command you use to port scan the router?
nmap -sU -p 4341,4342 <ipv4-address of openwrt router>

When the router crashes, are you able to SSH to the machine? If yes,
could you check if lisptun0 interface and routes are still there?
I have to double check this, but I think that the routes are there, and
the rules also.
Because if I restart oor I see all the rules doubled, so I guess that
they are not deleted by oor.

Thanks again
  Holger

Thanks

Albert

On 13/09/16 15:01, Holger Zuleger wrote:
Hi Albert,

thanks for the feedback.

First of all sorry for the delay. We were on holidays. I will try to
answer inline.

The first problem with this config was, that the oor process didn't
startup, because the pppoe-wan interface wasn't up at the oor startup
time. I changed the startup script to wait for the pppoe-wan interface
to come up before starting oor.
Good
Just if someone needs a similar functionality:

root@OpenWrt:~# cat /etc/init.d/oor
#!/bin/sh /etc/rc.common

START=30
STOP=80

start() {
          echo "Stopping previous oor process ..."
          killall oor &> /dev/null
     rm /var/run/oor.pid

          echo "Starting Open Overlay Router ..."
     i=1
     until ifconfig pppoe-wan 2>&1 > /dev/null
     do
         echo "waiting for pppoe-wan interface up"
         sleep $i
         i=`expr $i + 1`
         test $i -gt 5 && break
     done
          /usr/sbin/oor -D
}

stop() {
          echo "Stopping Open Overlay Router ..."
          killall oor
}


OOR routing use rule to redirect traffic to lisptun0.
For instance:
#ip -6 rule
     0:    from all lookup local
     99:    from all to 2a03:3e00:ff01:1::1/64 lookup main
     100:    from 2a03:3e00:ff01:1::1/64 lookup 100
     32766:    from all lookup main

#ip -6 route show table 100
    default dev lispTun0  proto static  metric 100
Yes, this is (more or less) how it looks here too.

My guess is, that it has something to do with the (wrong) firewall
setting, wich is a bit of mystery for me.
Yes, this could be the reason. We also not have many experience with the
firewall of OpenWRT
We add this changes to the basic configuration of the firewall to make
it work:

config defaults
      option syn_flood '1'
      option input 'ACCEPT'
      option output 'ACCEPT'
      option forward '*ACCEPT*'
I guess this is the trick!

Now it works. Great!

However, now I have to play around with the firewall settings again to
protect my hosts. But this is a different story...


What's left open is the issue with the crashing oor process if I do a
port scan.
Now I even don't see the log message. The oor daemon just crashes
immediately if I send a UDP port scan to the (IPv4) wan IP address.
Of course that's a big problem...

Have anyone seen something similar running oor on an openwrt box
(probably on a ppp-interface)?

Thanks so far, best regards
   Holger



_______________________________________________
Users mailing list
Users@openoverlayrouter.org
http://mail.openoverlayrouter.org/cgi-bin/mailman/listinfo/users

Reply via email to