Destination Port Unreachable

username1 · January 2, 2022, 8:53pm

Destination port unreachable from where to where?

When I ping google.com on a computer, terminal shows this error. But when I do ping google.com inside the raspberry pi router, I see no problem.

psherman · January 2, 2022, 8:55pm

Well, we should start by looking at this -- your LAN address is not correct.
This should be an RFC1918 address.

username1 · January 2, 2022, 9:07pm

I have changed it to 192.168.1.15. Still same issue. When VPN is off, internet does not work on the computer but it does work inside the raspberry pi.

username1 · January 2, 2022, 9:12pm

I don't want to bypass anything. I want everything to go through this vpn.
Basically, I want to use VPN so I can mask my location. That's all. So whenever I am connected to work computer, I want them to know that I am connected from xyz location.

psherman · January 2, 2022, 9:12pm

It looks like you don't have your VPN assigned to a firewall zone. Assign tun0 to your wan zone.

Also -- this is really important: change the wan zone INPUT to reject! This is critical because your router is currently exposed to the internet.

username1 · January 2, 2022, 9:17pm

Can you please help me with the config? How do I do both of them?

psherman · January 2, 2022, 9:20pm

let's see the output of this:
uci show firewall.@zone[1]

username1 · January 2, 2022, 9:21pm

root@OpenWrt:/etc/config# uci show firewall.@zone[1]
firewall.cfg03dc81=zone
firewall.cfg03dc81.name='wan'
firewall.cfg03dc81.input='ACCEPT'
firewall.cfg03dc81.output='ACCEPT'
firewall.cfg03dc81.forward='REJECT'
firewall.cfg03dc81.masq='1'
firewall.cfg03dc81.mtu_fix='1'
firewall.cfg03dc81.network='wan' 'wan6' 'wwan'

psherman · January 2, 2022, 9:22pm

uci set firewall.@zone[1].input='REJECT'
uci set firewall.@zone[1].network='wan' 'wan6' 'wwan' 'tun0'
uci commit firewall
/etc/init.d/firewall restart

username1 · January 2, 2022, 11:34pm

I did this. This is the result. I still have the same problem

root@OpenWrt:/etc/config# uci show firewall.@zone[1]
firewall.cfg03dc81=zone
firewall.cfg03dc81.name='wan'
firewall.cfg03dc81.output='ACCEPT'
firewall.cfg03dc81.forward='REJECT'
firewall.cfg03dc81.masq='1'
firewall.cfg03dc81.mtu_fix='1'
firewall.cfg03dc81.network='wan' 'wan6' 'wwan' 'tun0'
firewall.cfg03dc81.input='REJECT'

psherman · January 2, 2022, 11:36pm

what happens if you ping 8.8.8.8?

username1 · January 2, 2022, 11:44pm

When VPN is on:
- Inside Raspberry PI:

root@OpenWrt:/etc/config# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=120 time=134.652 ms
64 bytes from 8.8.8.8: seq=1 ttl=120 time=134.153 ms
64 bytes from 8.8.8.8: seq=2 ttl=120 time=118.831 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 118.831/129.212/134.652 ms

On my computer

username@username-HP-ProBook-640-G1:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.1.15 icmp_seq=1 Destination Port Unreachable
From 192.168.1.15 icmp_seq=2 Destination Port Unreachable
From 192.168.1.15 icmp_seq=3 Destination Port Unreachable
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2034ms

psherman · January 2, 2022, 11:45pm

your problem is DNS related.

Set a public DNS such as 8.8.8.8 on the router.

mk24 · January 2, 2022, 11:48pm

You need to add tun0 to the wan zone as a device not a network.
list device 'tun0'
Or you can do it the old way and create a dummy network to associate a network name with the device.
(in /etc/config/network)

config interface 'vpn'`
    option device 'tun0'
    option proto 'none'

then add 'vpn' to the list of networks in the wan zone.

username1 · January 2, 2022, 11:49pm

How do I do that? Sorry for asking noob questions.

username1 · January 3, 2022, 12:13am

Hi u/psherman. It's working now. The answer by u/mk24 solved the problem. I will clean it up and post the clean solution so others who run into the same issue can solve it. Thanks

username1 · January 3, 2022, 12:14am

Hi mk24, thanks for your response. I did the 2nd part

config interface 'vpn'`
    option device 'tun0'
    option proto 'none

This worked. However your first part:

You need to add tun0 to the wan zone as a device not a network.

How would I do that if I were to do that?

mk24 · January 3, 2022, 12:43am

It's an either or choice-- don't do both. The first way would be to add the list device line to the wan zone section of /etc/config/firewall.

psherman · January 3, 2022, 1:07am

Great. I totally neglected making the device/network for the VPN, so when we assigned tun0 as a network to the wan firewall zone, it didn't actually do anything. Doh! Good catch @mk24!

system · January 13, 2022, 1:08am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.