Firewall or VPN block oauth2.py

Installing and Using OpenWrt
#1

Hi, I use this approach to send my emails by msmtp . Without VPN and firewall running, this approach work very well. However, after I setup VPN and firewall, these errors are reported by oauth2.py:

Traceback (most recent call last):
  File "/home/marcelo/bin/OAuth2/oauth2.py", line 347, in <module>
    main(sys.argv)
  File "/home/marcelo/bin/OAuth2/oauth2.py", line 307, in main
    options.refresh_token)
  File "/home/marcelo/bin/OAuth2/oauth2.py", line 238, in RefreshToken
    response = urllib.urlopen(request_url, urllib.urlencode(params)).read()
  File "/usr/lib/python2.7/urllib.py", line 89, in urlopen
    return opener.open(url, data)
  File "/usr/lib/python2.7/urllib.py", line 217, in open
    return getattr(self, name)(url, data)
  File "/usr/lib/python2.7/urllib.py", line 445, in open_https
    h.endheaders(data)
  File "/usr/lib/python2.7/httplib.py", line 1078, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 894, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 856, in send
    self.connect()
  File "/usr/lib/python2.7/httplib.py", line 1295, in connect
    HTTPConnection.connect(self)
  File "/usr/lib/python2.7/httplib.py", line 833, in connect
    self.timeout, self.source_address)
  File "/usr/lib/python2.7/socket.py", line 557, in create_connection
    for res in getaddrinfo(host, port, 0, SOCK_STREAM):
IOError: [Errno socket error] [Errno -2] Name or service not known

I'm suspect that VPN or Firewall are blocking oauth2.py.

The script will converse with Google and generate an oauth request token, access token, a refresh token, and some metadata about the tokens. The access token can be used until it expires. If it is expired, outh2token script generate a valid token for that credential.

For debug, I need to know how port outh2.py and outh2token use. Could you point me out? Or maybe there are others issues?

There is a way to debug this issue? How?

Thank you

#2

This looks like a name resolution issue.
Most likely, you need to disable peer DNS and set up a public DNS provider:
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#upstream_dns_provider

#3

I did:

root@OpenWrt:~# uci -q delete network.wan.dns
root@OpenWrt:~# uci add_list network.wan.dns="8.8.8.8"
root@OpenWrt:~# uci add_list network.wan.dns="8.8.4.4"
root@OpenWrt:~# uci -q delete network.wan6.dns
root@OpenWrt:~# uci add_list network.wan6.dns="2001:4860:4860::8888"
root@OpenWrt:~# uci add_list network.wan6.dns="2001:4860:4860::8844"
root@OpenWrt:~# uci set network.wan.peerdns="0"
root@OpenWrt:~# uci set network.wan6.peerdns="0"
root@OpenWrt:~# uci commit network
root@OpenWrt:~# /etc/init.d/network restart

and issues continue.

One more clue?

Thank you so much!

1 Like
#4

Check this:

nslookup openwrt.org
nslookup openwrt.org 127.0.0.1
nslookup openwrt.org 8.8.8.8
head -n -0 /etc/resolv.* /tmp/resolv.*
uci show dhcp
#5 
root@OpenWrt:~# nslookup openwrt.org
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:      openwrt.org
Address 1: 139.59.209.225
*** Can't find openwrt.org: No answer
root@OpenWrt:~#

root@OpenWrt:~# nslookup openwrt.org 127.0.0.1
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:      openwrt.org
Address 1: 139.59.209.225
*** Can't find openwrt.org: No answer
root@OpenWrt:~#

root@OpenWrt:~# nslookup openwrt.org 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

Name:      openwrt.org
Address 1: 139.59.209.225
*** Can't find openwrt.org: No answer
root@OpenWrt:~#

root@OpenWrt:~# head -n -0 /etc/resolv.* /tmp/resolv.*
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver 8.8.8.8
nameserver 8.8.4.4
root@OpenWrt:~#

root@OpenWrt:~# uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='0'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
root@OpenWrt:~#
#6

Do you run it on OpenWrt or on your LAN client?

#7

I run it in my Notebook connected by wifi to my router running OpenWrt.

#8

Check on the laptop:

  • System and user proxy settings
  • DNS configuration
#9

My laptop network configurations:

IP 192.168.1.163
GW 192.168.1.1
DNS 192.168.1.1 208.67.222.222 208.67.220.220

My laptop (Debian) was using the OpenWrt IP as primary DNA server.

#10

I forced my Debian system to use Google DNS 8.8.8.8 and 8.8.4.4 and it not solved. I suspect there is a VPN/Firewall issue, not a DNS issue.

#11

Check after you establish the VPN connection:

# laptop
python2.7 << EOF
import socket
print socket.getaddrinfo("example.org", 443, 0, 0, socket.IPPROTO_TCP)
print socket.getaddrinfo("example.org", 443, 0, 0, socket.IPPROTO_UDP)
EOF

https://docs.python.org/2/library/socket.html#socket.getaddrinfo