Hi guys,
I am using the latest stable OpenWrt 19.07.4 r11208-ce6496d796 / LuCI openwrt-19.07 branch git-20.247.75781-0d0ab01
no I have OpenVPN also installed connected to my server at a data centre, which has a tunnel then to another server site B which I am intending to use the internet from. However I am trying to avoid NAT config therefore I have disabled masquerading on my VPN firewall on OpenVPN.
So I can ping my server from the LinksysWRT router in shell however I cant seem to rout the traffic form my laptop to the server. I tried to do some logging on the firewall but very quickly it crashed the router.
I would like to problem solve and here are some of my troubleshooting results.
root@OpenWrt:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 118.69.255.106 0.0.0.0 UG 0 0 0 pppoe-wan
118.69.255.106 0.0.0.0 255.255.255.255 UH 0 0 0 pppoe-wan
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
172.16.29.0 172.16.1.1 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.222.0 172.16.1.1 255.255.255.0 UG 0 0 0 tun0
I can see my server via the ovpn tunnel but I dont know why I cant seem to ping the server from my laptop. here are some further details. So I am trying to figure out if its an issue with my OPNsense server running the ovpn tunnel or is it OpenWrt? strange thing is I can ping from the router directly but not form my laptop as mentioned....
When I do live view of my firewall log on OPNsense server it does not show that there has been attempt when I ping form my laptop however it clearly see it when I ping from the router itself from Putty all the way to Site 2 server. therefore I am really puzzled by this.. I do not want to use VPR nor masquarading. see below the ping working but not from my laptop.
root@OpenWrt:~# ping 172.16.29.1
PING 172.16.29.1 (172.16.29.1): 56 data bytes
64 bytes from 172.16.29.1: seq=0 ttl=63 time=22.927 ms
64 bytes from 172.16.29.1: seq=1 ttl=63 time=22.492 ms
64 bytes from 172.16.29.1: seq=2 ttl=63 time=22.932 ms
64 bytes from 172.16.29.1: seq=3 ttl=63 time=23.079 ms
64 bytes from 172.16.29.1: seq=4 ttl=63 time=22.635 ms
64 bytes from 172.16.29.1: seq=5 ttl=63 time=22.621 ms
Thank you to whoever who may know what I am doing wrong. I will post more details in the next post
root@OpenWrt:~# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere /* !fw3 */
588 47120 input_rule all -- any any anywhere anywhere /* !fw3: Custom input rule chain */
298 21427 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
30 1416 syn_flood tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
246 22533 zone_lan_input all -- br-lan any anywhere anywhere /* !fw3 */
4 128 zone_wan_input all -- eth1.2 any anywhere anywhere /* !fw3 */
40 3032 zone_wan_input all -- pppoe-wan any anywhere anywhere /* !fw3 */
0 0 zone_vpn_input all -- tun0 any anywhere anywhere /* !fw3 */
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
49524 11M forwarding_rule all -- any any anywhere anywhere /* !fw3: Custom forwarding rule chain */
49476 11M ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
48 2687 zone_lan_forward all -- br-lan any anywhere anywhere /* !fw3 */
0 0 zone_wan_forward all -- eth1.2 any anywhere anywhere /* !fw3 */
0 0 zone_wan_forward all -- pppoe-wan any anywhere anywhere /* !fw3 */
0 0 zone_vpn_forward all -- tun0 any anywhere anywhere /* !fw3 */
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any lo anywhere anywhere /* !fw3 */
458 76032 output_rule all -- any any anywhere anywhere /* !fw3: Custom output rule chain */
402 71409 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
2 656 zone_lan_output all -- any br-lan anywhere anywhere /* !fw3 */
0 0 zone_wan_output all -- any eth1.2 anywhere anywhere /* !fw3 */
54 3967 zone_wan_output all -- any pppoe-wan anywhere anywhere /* !fw3 */
0 0 zone_vpn_output all -- any tun0 anywhere anywhere /* !fw3 */
Chain forwarding_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_vpn_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_vpn_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_vpn_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (4 references)
pkts bytes target prot opt in out source destination
38 2936 REJECT tcp -- any any anywhere anywhere /* !fw3 */ reject-with tcp-reset
2 96 REJECT all -- any any anywhere anywhere /* !fw3 */ reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
30 1416 RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
0 0 DROP all -- any any anywhere anywhere /* !fw3 */
Chain zone_lan_dest_ACCEPT (4 references)
pkts bytes target prot opt in out source destination
2 656 ACCEPT all -- any br-lan anywhere anywhere /* !fw3 */
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
48 2687 forwarding_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan forwarding rule chain */
48 2687 zone_wan_dest_ACCEPT all -- any any anywhere anywhere /* !fw3: Zone lan to wan forwarding policy */
9 540 zone_vpn_dest_ACCEPT all -- any any anywhere anywhere /* !fw3: Zone lan to vpn forwarding policy */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
0 0 zone_lan_dest_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_lan_input (1 references)
pkts bytes target prot opt in out source destination
246 22533 input_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan input rule chain */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
246 22533 zone_lan_src_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_lan_output (1 references)
pkts bytes target prot opt in out source destination
2 656 output_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan output rule chain */
2 656 zone_lan_dest_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_lan_src_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
246 22533 ACCEPT all -- br-lan any anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
Chain zone_vpn_dest_ACCEPT (3 references)
pkts bytes target prot opt in out source destination
9 540 ACCEPT all -- any tun0 anywhere anywhere /* !fw3 */
Chain zone_vpn_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 forwarding_vpn_rule all -- any any anywhere anywhere /* !fw3: Custom vpn forwarding rule chain */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
0 0 zone_vpn_dest_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_vpn_input (1 references)
pkts bytes target prot opt in out source destination
0 0 input_vpn_rule all -- any any anywhere anywhere /* !fw3: Custom vpn input rule chain */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
0 0 zone_vpn_src_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_vpn_output (1 references)
pkts bytes target prot opt in out source destination
0 0 output_vpn_rule all -- any any anywhere anywhere /* !fw3: Custom vpn output rule chain */
0 0 zone_vpn_dest_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_vpn_src_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- tun0 any anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
Chain zone_wan_dest_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any eth1.2 anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
0 0 ACCEPT all -- any eth1.2 anywhere anywhere /* !fw3 */
2 104 DROP all -- any pppoe-wan anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
91 6010 ACCEPT all -- any pppoe-wan anywhere anywhere /* !fw3 */
Chain zone_wan_dest_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any eth1.2 anywhere anywhere /* !fw3 */
0 0 reject all -- any pppoe-wan anywhere anywhere /* !fw3 */
Chain zone_wan_forward (2 references)
pkts bytes target prot opt in out source destination
0 0 forwarding_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan forwarding rule chain */
0 0 zone_lan_dest_ACCEPT esp -- any any anywhere anywhere /* !fw3: Allow-IPSec-ESP */
0 0 zone_lan_dest_ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp /* !fw3: Allow-ISAKMP */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
0 0 zone_wan_dest_REJECT all -- any any anywhere anywhere /* !fw3 */
Chain zone_wan_input (2 references)
pkts bytes target prot opt in out source destination
44 3160 input_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan input rule chain */
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request /* !fw3: Allow-Ping */
4 128 ACCEPT igmp -- any any anywhere anywhere /* !fw3: Allow-IGMP */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
40 3032 zone_wan_src_REJECT all -- any any anywhere anywhere /* !fw3 */
Chain zone_wan_output (2 references)
pkts bytes target prot opt in out source destination
54 3967 output_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan output rule chain */
54 3967 zone_wan_dest_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_wan_src_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- eth1.2 any anywhere anywhere /* !fw3 */
40 3032 reject all -- pppoe-wan any anywhere anywhere /* !fw3 */
1 Like
system
November 6, 2020, 10:56pm
5
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.