[OOR-Users] Problems configuring oor on a openwrt router

Tue Sep 13 15:57:09 CEST 2016

Hi Holger,

Thanks for the script. It could be useful for other users.
Regarding the issue you have found, I have not been able to reproduce 
it. Could you let me know the command you use to port scan the router?
When the router crashes, are you able to SSH to the machine? If yes, 
could you check if lisptun0 interface and routes are still there?

Thanks

Albert

On 13/09/16 15:01, Holger Zuleger wrote:
> Hi Albert,
>
> thanks for the feedback.
>
>> First of all sorry for the delay. We were on holidays. I will try to
>> answer inline.
>>
>>> The first problem with this config was, that the oor process didn't
>>> startup, because the pppoe-wan interface wasn't up at the oor startup
>>> time. I changed the startup script to wait for the pppoe-wan interface
>>> to come up before starting oor.
>> Good
> Just if someone needs a similar functionality:
>
> root at OpenWrt:~# cat /etc/init.d/oor
> #!/bin/sh /etc/rc.common
>
> START=30
> STOP=80
>
> start() {
>          echo "Stopping previous oor process ..."
>          killall oor &> /dev/null
> 	rm /var/run/oor.pid
>
>          echo "Starting Open Overlay Router ..."
> 	i=1
> 	until ifconfig pppoe-wan 2>&1 > /dev/null
> 	do
> 		echo "waiting for pppoe-wan interface up"
> 		sleep $i
> 		i=`expr $i + 1`
> 		test $i -gt 5 && break
> 	done
>          /usr/sbin/oor -D
> }
>
> stop() {
>          echo "Stopping Open Overlay Router ..."
>          killall oor
> }
>
>
>> OOR routing use rule to redirect traffic to lisptun0.
>> For instance:
>> #ip -6 rule
>>     0:    from all lookup local
>>     99:    from all to 2a03:3e00:ff01:1::1/64 lookup main
>>     100:    from 2a03:3e00:ff01:1::1/64 lookup 100
>>     32766:    from all lookup main
>>
>> #ip -6 route show table 100
>>    default dev lispTun0  proto static  metric 100
> Yes, this is (more or less) how it looks here too.
>
>>> My guess is, that it has something to do with the (wrong) firewall
>>> setting, wich is a bit of mystery for me.
>> Yes, this could be the reason. We also not have many experience with the
>> firewall of OpenWRT
>> We add this changes to the basic configuration of the firewall to make
>> it work:
>>
>> config defaults
>>      option syn_flood '1'
>>      option input 'ACCEPT'
>>      option output 'ACCEPT'
>>      option forward '*ACCEPT*'
> I guess this is the trick!
>
> Now it works. Great!
>
> However, now I have to play around with the firewall settings again to
> protect my hosts. But this is a different story...
>
>
> What's left open is the issue with the crashing oor process if I do a
> port scan.
> Now I even don't see the log message. The oor daemon just crashes
> immediately if I send a UDP port scan to the (IPv4) wan IP address.
> Of course that's a big problem...
>
> Have anyone seen something similar running oor on an openwrt box
> (probably on a ppp-interface)?
>
> Thanks so far, best regards
>   Holger
>