[OOR-Users] Problems configuring oor on a openwrt router

Fri Sep 16 12:04:09 CEST 2016

Hi Holger,

We have fixed the error you found. You can find the downloads here 
<https://github.com/OpenOverlayRouter/oor/wiki/Downloads>. Please, let 
me know if it works properly now.

Best regards

Albert

On 13/09/16 17:20, Holger Zuleger wrote:
> Hi,
>
>> Regarding the issue you have found, I have not been able to reproduce
>> it. Could you let me know the command you use to port scan the router?
> nmap -sU -p 4341,4342 <ipv4-address of openwrt router>
>
>> When the router crashes, are you able to SSH to the machine? If yes,
>> could you check if lisptun0 interface and routes are still there?
> I have to double check this, but I think that the routes are there, and
> the rules also.
> Because if I restart oor I see all the rules doubled, so I guess that
> they are not deleted by oor.
>
> Thanks again
>   Holger
>
>> Thanks
>>
>> Albert
>>
>> On 13/09/16 15:01, Holger Zuleger wrote:
>>> Hi Albert,
>>>
>>> thanks for the feedback.
>>>
>>>> First of all sorry for the delay. We were on holidays. I will try to
>>>> answer inline.
>>>>
>>>>> The first problem with this config was, that the oor process didn't
>>>>> startup, because the pppoe-wan interface wasn't up at the oor startup
>>>>> time. I changed the startup script to wait for the pppoe-wan interface
>>>>> to come up before starting oor.
>>>> Good
>>> Just if someone needs a similar functionality:
>>>
>>> root at OpenWrt:~# cat /etc/init.d/oor
>>> #!/bin/sh /etc/rc.common
>>>
>>> START=30
>>> STOP=80
>>>
>>> start() {
>>>           echo "Stopping previous oor process ..."
>>>           killall oor &> /dev/null
>>>      rm /var/run/oor.pid
>>>
>>>           echo "Starting Open Overlay Router ..."
>>>      i=1
>>>      until ifconfig pppoe-wan 2>&1 > /dev/null
>>>      do
>>>          echo "waiting for pppoe-wan interface up"
>>>          sleep $i
>>>          i=`expr $i + 1`
>>>          test $i -gt 5 && break
>>>      done
>>>           /usr/sbin/oor -D
>>> }
>>>
>>> stop() {
>>>           echo "Stopping Open Overlay Router ..."
>>>           killall oor
>>> }
>>>
>>>
>>>> OOR routing use rule to redirect traffic to lisptun0.
>>>> For instance:
>>>> #ip -6 rule
>>>>      0:    from all lookup local
>>>>      99:    from all to 2a03:3e00:ff01:1::1/64 lookup main
>>>>      100:    from 2a03:3e00:ff01:1::1/64 lookup 100
>>>>      32766:    from all lookup main
>>>>
>>>> #ip -6 route show table 100
>>>>     default dev lispTun0  proto static  metric 100
>>> Yes, this is (more or less) how it looks here too.
>>>
>>>>> My guess is, that it has something to do with the (wrong) firewall
>>>>> setting, wich is a bit of mystery for me.
>>>> Yes, this could be the reason. We also not have many experience with the
>>>> firewall of OpenWRT
>>>> We add this changes to the basic configuration of the firewall to make
>>>> it work:
>>>>
>>>> config defaults
>>>>       option syn_flood '1'
>>>>       option input 'ACCEPT'
>>>>       option output 'ACCEPT'
>>>>       option forward '*ACCEPT*'
>>> I guess this is the trick!
>>>
>>> Now it works. Great!
>>>
>>> However, now I have to play around with the firewall settings again to
>>> protect my hosts. But this is a different story...
>>>
>>>
>>> What's left open is the issue with the crashing oor process if I do a
>>> port scan.
>>> Now I even don't see the log message. The oor daemon just crashes
>>> immediately if I send a UDP port scan to the (IPv4) wan IP address.
>>> Of course that's a big problem...
>>>
>>> Have anyone seen something similar running oor on an openwrt box
>>> (probably on a ppp-interface)?
>>>
>>> Thanks so far, best regards
>>>    Holger
>>>
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openoverlayrouter.org/pipermail/users/attachments/20160916/599326bc/attachment.html>