[OOR-Users] Problems configuring oor on a openwrt router

Holger Zuleger Holger.Zuleger at hznet.de
Tue Sep 13 15:01:48 CEST 2016 

Hi Albert,

thanks for the feedback.

> First of all sorry for the delay. We were on holidays. I will try to
> answer inline.
> 
>> The first problem with this config was, that the oor process didn't
>> startup, because the pppoe-wan interface wasn't up at the oor startup
>> time. I changed the startup script to wait for the pppoe-wan interface
>> to come up before starting oor.
> Good
Just if someone needs a similar functionality:

root at OpenWrt:~# cat /etc/init.d/oor
#!/bin/sh /etc/rc.common

START=30
STOP=80

start() {
        echo "Stopping previous oor process ..."
        killall oor &> /dev/null
	rm /var/run/oor.pid

        echo "Starting Open Overlay Router ..."
	i=1
	until ifconfig pppoe-wan 2>&1 > /dev/null
	do
		echo "waiting for pppoe-wan interface up"
		sleep $i
		i=`expr $i + 1`
		test $i -gt 5 && break
	done
        /usr/sbin/oor -D
}

stop() {
        echo "Stopping Open Overlay Router ..."
        killall oor
}


> OOR routing use rule to redirect traffic to lisptun0.
> For instance:
> #ip -6 rule
>    0:    from all lookup local
>    99:    from all to 2a03:3e00:ff01:1::1/64 lookup main
>    100:    from 2a03:3e00:ff01:1::1/64 lookup 100
>    32766:    from all lookup main
> 
> #ip -6 route show table 100
>   default dev lispTun0  proto static  metric 100
Yes, this is (more or less) how it looks here too.

>> My guess is, that it has something to do with the (wrong) firewall
>> setting, wich is a bit of mystery for me.
> Yes, this could be the reason. We also not have many experience with the
> firewall of OpenWRT

> We add this changes to the basic configuration of the firewall to make
> it work:
> 
> config defaults
>     option syn_flood '1'
>     option input 'ACCEPT'
>     option output 'ACCEPT'
>     option forward '*ACCEPT*'
I guess this is the trick!

Now it works. Great!

However, now I have to play around with the firewall settings again to
protect my hosts. But this is a different story...


What's left open is the issue with the crashing oor process if I do a
port scan.
Now I even don't see the log message. The oor daemon just crashes
immediately if I send a UDP port scan to the (IPv4) wan IP address.
Of course that's a big problem...

Have anyone seen something similar running oor on an openwrt box
(probably on a ppp-interface)?

Thanks so far, best regards
 Holger

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4160 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.openoverlayrouter.org/pipermail/users/attachments/20160913/2c19bf30/attachment.bin>

More information about the Users mailing list