Hi Holger,
We have fixed the error you found. You can find the downloads here
<https://github.com/OpenOverlayRouter/oor/wiki/Downloads>. Please, let
me know if it works properly now.
Best regards
Albert
On 13/09/16 17:20, Holger Zuleger wrote:
Hi,
Regarding the issue you have found, I have not been able to reproduce
it. Could you let me know the command you use to port scan the router?
nmap -sU -p 4341,4342 <ipv4-address of openwrt router>
When the router crashes, are you able to SSH to the machine? If yes,
could you check if lisptun0 interface and routes are still there?
I have to double check this, but I think that the routes are there, and
the rules also.
Because if I restart oor I see all the rules doubled, so I guess that
they are not deleted by oor.
Thanks again
Holger
Thanks
Albert
On 13/09/16 15:01, Holger Zuleger wrote:
Hi Albert,
thanks for the feedback.
First of all sorry for the delay. We were on holidays. I will try to
answer inline.
The first problem with this config was, that the oor process didn't
startup, because the pppoe-wan interface wasn't up at the oor startup
time. I changed the startup script to wait for the pppoe-wan interface
to come up before starting oor.
Good
Just if someone needs a similar functionality:
root@OpenWrt:~# cat /etc/init.d/oor
#!/bin/sh /etc/rc.common
START=30
STOP=80
start() {
echo "Stopping previous oor process ..."
killall oor &> /dev/null
rm /var/run/oor.pid
echo "Starting Open Overlay Router ..."
i=1
until ifconfig pppoe-wan 2>&1 > /dev/null
do
echo "waiting for pppoe-wan interface up"
sleep $i
i=`expr $i + 1`
test $i -gt 5 && break
done
/usr/sbin/oor -D
}
stop() {
echo "Stopping Open Overlay Router ..."
killall oor
}
OOR routing use rule to redirect traffic to lisptun0.
For instance:
#ip -6 rule
0: from all lookup local
99: from all to 2a03:3e00:ff01:1::1/64 lookup main
100: from 2a03:3e00:ff01:1::1/64 lookup 100
32766: from all lookup main
#ip -6 route show table 100
default dev lispTun0 proto static metric 100
Yes, this is (more or less) how it looks here too.
My guess is, that it has something to do with the (wrong) firewall
setting, wich is a bit of mystery for me.
Yes, this could be the reason. We also not have many experience with the
firewall of OpenWRT
We add this changes to the basic configuration of the firewall to make
it work:
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward '*ACCEPT*'
I guess this is the trick!
Now it works. Great!
However, now I have to play around with the firewall settings again to
protect my hosts. But this is a different story...
What's left open is the issue with the crashing oor process if I do a
port scan.
Now I even don't see the log message. The oor daemon just crashes
immediately if I send a UDP port scan to the (IPv4) wan IP address.
Of course that's a big problem...
Have anyone seen something similar running oor on an openwrt box
(probably on a ppp-interface)?
Thanks so far, best regards
Holger
_______________________________________________
Users mailing list
[email protected]
http://mail.openoverlayrouter.org/cgi-bin/mailman/listinfo/users
