[OOR-Users] Problems configuring oor on a openwrt router

Holger Zuleger Holger.Zuleger at hznet.de
Thu Aug 4 15:22:43 CEST 2016 

Hi list,

I am trying to setup a xTR using oor on a openwrt router to get IPv6
access on a ipv4-only ppp link.
I installed the binary image from the openoverlay.org website and
configured the oor package.

It is the first time I'm using oor and openwrt as well. So probably my
problems are not related to oor but more on the network or firewall
configuration of openwrt.

However, it would be nice if someone could take a look at my config and
shed on a light what's wrong with it.

The first thing I configured is the upstream connection witch is a pppoe
connection. So I did something like this in the network config:
config interface 'lan'
        option ifname 'eth0.1'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6hint '01'
        option ip6assign '64'

config interface 'wan'
        option ifname 'eth1'
        option proto 'pppoe'
        option username 'userxxxx'
        option password 'xxxxx'

The pppoe-wan interface is coming up, and I configured this in
/etc/config/oor as rloc interface, as well as the usual config
parameters for an xTR:
package 'oor'

config 'daemon'
        option  'debug'                 '1'
        option  'log_file'              '/tmp/oor.log'
        option  'map_request_retries'   '2'
        option  'operating_mode'        'xTR'
        option  'nat_traversal_support' 'off'

config 'rloc-probing'
        option  'rloc_probe_interval'           '30'
        option  'rloc_probe_retries'            '2'
        option  'rloc_probe_retries_interval'   '5'

config 'map-resolver'
        list  'address'               '109.235.46.40'

config 'map-server'
        option   'address'              '109.235.46.40'
        option   'key_type'             '1'
        option   'key'                  'xxxxxx'
        option   'proxy_reply'          'on'

config 'database-mapping'
        option   'eid_prefix'           '2a03:3e00:ff01::/48'
        option   'iid'                  '0'
        option   'rloc_set'             'hknrlocset'

config 'proxy-itr'
        list   'address'              '109.235.46.40'

config 'proxy-etr'
        option   'address'              '109.235.46.40'
        option   'priority'             '1'
        option   'weight'               '100'

config 'rloc-set'
        option   'name'             'hknrlocset'
        list     'rloc_name'        'pppwan'

config 'rloc-iface'
        option   'name'                 'pppwan'
        option   'interface'            'pppoe-wan'
        option   'ip_version'           '4'
        option   'priority'             '1'
        option   'weight'               '5'

The first problem with this config was, that the oor process didn't
startup, because the pppoe-wan interface wasn't up at the oor startup
time. I changed the startup script to wait for the pppoe-wan interface
to come up before starting oor.

The next question was how to configure the IPv6 prefix.
I tried out a config global section like the ula prefix, but this won't
work.
So I configured the lisp ipv6 prefix as static on the wan6 interface:
 config interface 'wan6'
        option ifname 'eth1'
        option ip6prefix '2a03:3e00:ff01::/48'
        option proto 'static'

Now the registration at the map-server worked well, the lispTun0
interface is up, and the lan config looks good as well:

root at OpenWrt:/etc/config# ifconfig br-lan
br-lan    Link encap:Ethernet  HWaddr 00:1D:73:B1:92:97
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2a03:3e00:ff01:1::1/64 Scope:Global
          inet6 addr: fe80::21d:73ff:feb1:9297/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2559 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2132 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:192132 (187.6 KiB)  TX bytes:576824 (563.3 KiB)

root at OpenWrt:/etc/config# ifconfig pppoe-wan
pppoe-wan Link encap:Point-to-Point Protocol
          inet addr:185.122.6.208  P-t-P:185.122.4.4  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1480  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:913 (913.0 B)  TX bytes:1318 (1.2 KiB)

root at OpenWrt:/etc/config# ifconfig lispTun0
lispTun0  Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          UP POINTOPOINT RUNNING  MTU:1440  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B)  TX bytes:520 (520.0 B)

The routing table on the oor router shows me a default route pointing to
the lispTun0 Interface, but ip -6 route does not:

root at OpenWrt:/etc/config# ip -6 route show
2a03:3e00:ff01:1::/64 dev br-lan  proto static  metric 1024
unreachable 2a03:3e00:ff01::/48 dev lo  proto static  metric 2147483647
error -128
fe80::/64 dev eth0  proto kernel  metric 256
fe80::/64 dev br-lan  proto kernel  metric 256
fe80::/64 dev eth1  proto kernel  metric 256

root at OpenWrt:/etc/config# route -Ainet6
Kernel IPv6 routing table
Destination                                 Next Hop
           Flags Metric Ref    Use Iface
2a01:4f8:130:1261::2/128
::                                      UC    0      8        0 lispTun0
::/0                                        ::
           U     100    0        1 lispTun0
2a03:3e00:ff01:1:2d5f:1607:e6a4:6348/128    ::
           UC    0      6        0 br-lan
2a03:3e00:ff01:1::/64                       ::
           U     1024   0        1 br-lan
 ...


However, if a ping6 a remote side from a host sitting on the lan side, I
will see an entry in the route table (see above) but will get an
destination unreachable error from the oor router:

$ ping6 2a01:478:130:1261::2
PING 2a01:478:130:1261::2(2a01:478:130:1261::2) 56 data bytes
From 2a03:3e00:ff01:1::1 icmp_seq=1 Destination unreachable: Port
unreachable
From 2a03:3e00:ff01:1::1 icmp_seq=2 Destination unreachable: Port
unreachable
^C
--- 2a01:478:130:1261::2 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1009ms


My guess is, that it has something to do with the (wrong) firewall
setting, wich is a bit of mystery for me.

What I changend in the firewall config is more or less the definition of
the wan zone like this:
## Firewall config (part)
config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        list   network          'pppoe-wan'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

Has anyone here an idea whats wrong with my config, or any suggestion
what I can check next?

Thanks for any help in advance
Best regards
 Holger


-- 
HZNET / Zur Röderburg 6 / D-35315 Homberg/Ohm-Höingen /
mailto:Holger.Zuleger at hznet.de / xmpp:hoz at jabber.hznet.de /
http://www.hznet.de / tel:+49 6633 642022

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4160 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.openoverlayrouter.org/pipermail/users/attachments/20160804/3fd57965/attachment.bin>

More information about the Users mailing list