so, i have an dahua ip cameras. the was connected through p2p, but in one moment it stopped working. the cant connect anymore. can someone help me with that? i have upnp and zapret: https://github.com/remittor/zapret-openwrt (turned off)
Given that you haven't even told us what device you're using or anything about the configs, nobody can help.
Let's see all of the following information:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):
Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
root@OpenWrt:~# ubus call system board
{
"kernel": "6.6.73",
"hostname": "OpenWrt",
"system": "MediaTek MT7621 ver:1 eco:4",
"model": "MikroTik RouterBOARD 760iGS (hEX S)",
"board_name": "mikrotik,routerboard-760igs",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.0",
"revision": "",
"target": "ramips/mt7621",
"description": "OpenWrt 24.10.0 ",
"builddate": ""
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix ''
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.0.1'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.1.10'
config device
option name 'br-wan'
option type 'bridge'
list ports 'wan'
list ports 'sfp'
config interface 'wan'
option device 'br-wan'
option proto 'static'
option ipaddr '192.168.1.10'
option gateway '192.168.1.1'
option netmask '255.255.255.0'
config interface 'PPPOE'
option proto 'pppoe'
option device 'br-wan'
option username ''
option password ''
option ipv6 '0'
root@OpenWrt:~# cat /etc/config/wireless
ewallcat: can't open '/etc/config/wireless': No such file or directory
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option start '100'
option limit '150'
option leasetime '12h'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'PPPOE'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
It would be a good idea to upgrade to the latest version...
Next, remove the gateway below -- it is both wrong and should not be there in the first place:
You appear to have 2 upstream networks.... are both in use? Is the PPPOE interface being used? What about the other wan interface?
There is nothing interfering with connections in same subnet
So, i have onu sfp in 192.168.1.1, after that i have pppoe, abd after that i have lan connection. I need p2p to external network, not internal. My program does not connect to my cameras but cameras saying(online)
Is the ONU the same or a different physical connection relative to the one that provides PPPoE services?
Onu is sfp, it is in sfp port, its group is wan. Pppoe is virtual, it is a tunnel
I understand the fact that PPPoE is virtual. What I was trying to ask was: do you have more than one physical wan connection, or is the ONU the only connection providing your internet connectivity?
Only sfp provide
Ok. Thanks.
With that in mind, there is nothing on the OpenWrt side that would block the IP cameras from connecting outbound.
You don't have any rules allowing inbound traffic (initiated from outisde), but presumably that is not required if you didn't need it previously. I would ask the camera provider for assistance.
I need exactly inbound traffic, how can i do that?
Do you have the information about what port(s) and protocols are required for your camera to work with this service?
Check your NAT
https://natchecker.com/
Feels like your provider put you behind kind of cgnat....
Those ports are not wise to expose directly to the internet. Are you sure that is what is required for the camera to work?
When you connect to the camera normally, are you connecting directly back to your home connection IP address or domain name? Or does it happen 'automatically' via an app (which might use a connection broker type method)?
A better approach might be to setup a VPN such that you can securely connect back to your own network when you are away from home.
it happens automatically through an app, called dmss. in reads serian number of the cam through qr code and add it to the app. but the name of the setting, where this qr code lay is p2p.
If it is automatic via the app and you don't have to provide an IP or domain name, that is usually an indication that the system uses a connection broker, and you usually don't need to open any ports for that to work.
I'd ask the camera manufacturer and/or the app vendor, and do some research on what is required from those devices. If port forwarding is required, it will often say so somewhere in the documentation (or in the user forums relevant to those products).
1 Like
okay, thanks a lot, i will try find smth!
Kind of it mentions UPNP - install miniupnpd-nftables and enable it via respective luci-app....