[OOR-Users] Problems configuring oor on a openwrt router

Tue Sep 13 17:20:19 CEST 2016

Hi,

> Regarding the issue you have found, I have not been able to reproduce
> it. Could you let me know the command you use to port scan the router?
nmap -sU -p 4341,4342 <ipv4-address of openwrt router>

> When the router crashes, are you able to SSH to the machine? If yes,
> could you check if lisptun0 interface and routes are still there?
I have to double check this, but I think that the routes are there, and
the rules also.
Because if I restart oor I see all the rules doubled, so I guess that
they are not deleted by oor.

Thanks again
 Holger

> 
> Thanks
> 
> Albert
> 
> On 13/09/16 15:01, Holger Zuleger wrote:
>> Hi Albert,
>>
>> thanks for the feedback.
>>
>>> First of all sorry for the delay. We were on holidays. I will try to
>>> answer inline.
>>>
>>>> The first problem with this config was, that the oor process didn't
>>>> startup, because the pppoe-wan interface wasn't up at the oor startup
>>>> time. I changed the startup script to wait for the pppoe-wan interface
>>>> to come up before starting oor.
>>> Good
>> Just if someone needs a similar functionality:
>>
>> root at OpenWrt:~# cat /etc/init.d/oor
>> #!/bin/sh /etc/rc.common
>>
>> START=30
>> STOP=80
>>
>> start() {
>>          echo "Stopping previous oor process ..."
>>          killall oor &> /dev/null
>>     rm /var/run/oor.pid
>>
>>          echo "Starting Open Overlay Router ..."
>>     i=1
>>     until ifconfig pppoe-wan 2>&1 > /dev/null
>>     do
>>         echo "waiting for pppoe-wan interface up"
>>         sleep $i
>>         i=`expr $i + 1`
>>         test $i -gt 5 && break
>>     done
>>          /usr/sbin/oor -D
>> }
>>
>> stop() {
>>          echo "Stopping Open Overlay Router ..."
>>          killall oor
>> }
>>
>>
>>> OOR routing use rule to redirect traffic to lisptun0.
>>> For instance:
>>> #ip -6 rule
>>>     0:    from all lookup local
>>>     99:    from all to 2a03:3e00:ff01:1::1/64 lookup main
>>>     100:    from 2a03:3e00:ff01:1::1/64 lookup 100
>>>     32766:    from all lookup main
>>>
>>> #ip -6 route show table 100
>>>    default dev lispTun0  proto static  metric 100
>> Yes, this is (more or less) how it looks here too.
>>
>>>> My guess is, that it has something to do with the (wrong) firewall
>>>> setting, wich is a bit of mystery for me.
>>> Yes, this could be the reason. We also not have many experience with the
>>> firewall of OpenWRT
>>> We add this changes to the basic configuration of the firewall to make
>>> it work:
>>>
>>> config defaults
>>>      option syn_flood '1'
>>>      option input 'ACCEPT'
>>>      option output 'ACCEPT'
>>>      option forward '*ACCEPT*'
>> I guess this is the trick!
>>
>> Now it works. Great!
>>
>> However, now I have to play around with the firewall settings again to
>> protect my hosts. But this is a different story...
>>
>>
>> What's left open is the issue with the crashing oor process if I do a
>> port scan.
>> Now I even don't see the log message. The oor daemon just crashes
>> immediately if I send a UDP port scan to the (IPv4) wan IP address.
>> Of course that's a big problem...
>>
>> Have anyone seen something similar running oor on an openwrt box
>> (probably on a ppp-interface)?
>>
>> Thanks so far, best regards
>>   Holger
>>
> 
> 

-- 
HZNET / Zur Röderburg 6 / D-35315 Homberg/Ohm-Höingen /
mailto:Holger.Zuleger at hznet.de / xmpp:hoz at jabber.hznet.de /
http://www.hznet.de / tel:+49 6633 642022

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4160 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.openoverlayrouter.org/pipermail/users/attachments/20160913/429fd891/attachment.bin>