From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qc0-x230.google.com (mail-qc0-x230.google.com [IPv6:2607:f8b0:400d:c01::230]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id E0D2C21F19D for ; Thu, 2 Oct 2014 19:36:28 -0700 (PDT) Received: by mail-qc0-f176.google.com with SMTP id r5so378749qcx.7 for ; Thu, 02 Oct 2014 19:36:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=b88m75sUQj4SPtwzpmPr5IrkzCxBU/EDIl7va6qBsTM=; b=VY5mj4DJMmX8UzS9fiHfw+SLtk1JEfqaDhr5AVkbAEDLnfRbUUy11YOMriZKmbje9P hPDzvRuSoZd8chIyoXpPYYBaimFsLhy1y92L7jh5sqjvFxfbvbApCGFcrd99fKpJxFYg fSYX0pp4P9qb4W/Ok/GBLI64sbu3U2bh+uQawnpHZFT76mx5uX3Jjuh4/tXSdSFK0ljz Ygl+xhX9rc5iEYH60BPLayKehlXGDXL72C0AyZ/CMb/mn3pgOih+vkr+1yDsAcYcUXPm 3tVNRZuGcoGdIttE/TRcVSvqiH2bVwi7lRtqCpoBsFZV/qUXrrDJ9T2aDw10gpXEkWtx TK7w== MIME-Version: 1.0 X-Received: by 10.140.106.130 with SMTP id e2mr1568170qgf.21.1412303787505; Thu, 02 Oct 2014 19:36:27 -0700 (PDT) Received: by 10.202.227.76 with HTTP; Thu, 2 Oct 2014 19:36:27 -0700 (PDT) In-Reply-To: References: <542DFCCA.7080708@eggo.org> Date: Thu, 2 Oct 2014 19:36:27 -0700 Message-ID: From: Dave Taht To: =?UTF-8?Q?Joel_Wir=C4=81mu_Pauling?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: cerowrt-devel Subject: Re: [Cerowrt-devel] vpn fw question X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Oct 2014 02:36:57 -0000 On Thu, Oct 2, 2014 at 7:24 PM, Joel Wir=C4=81mu Pauling wrote: > I.e Your topology looks like this : > > [(Remote LAN) - VPN Client]---[INTERNET]---(Local LAN)[WAN][LAN][REMOTE-L= AN]) > > Your Local LAN knows nothing about Remote LAN and Vice versa. There is > just a single Inteface/Client member that is a member of REMOTE-LAN. > So to get traffic from Local LAN to Remote LAN all Local-LAN traffic > needs to be masqueraded to that Single interface. I'm not sure this is actually the case. What I used to do (not using openvp= n currently, took it down during heartbleed) was push out and pull in a route or set of routes. 'course that requires a routing protocol on the other end... > > > -Joel > > > > On 3 October 2014 14:32, Eric S. Johansson wrote: >> I was trying to setup my cerowrt box as an openvpn client. everything se= ems >> to be working. The VPN link comes up, tun0 is created. I can access mach= ines >> on the far end of the link from the AP and vice versa. the openwrt >> incantation for the vpn says to create an interface called vpn0 >> >> network.vpn0=3Dinterface >> network.vpn0.proto=3Dnone >> network.vpn0.ifname=3Dtun0 >> >> ifconfig says tun0 exists but no vpn0. fw3 reload says: >> >> Warning: Section @zone[1] (lan) cannot resolve device of network 'lan' >> Warning: Section @zone[2] (guest) cannot resolve device of network 'gues= t' >> >> sometimes it says: Warning: Section @zone[1] (lan) cannot resolve device= of >> network 'vpn0' >> >> tcpdump sees the ICMP request at se00 and tun0 but not at the remote tar= get. >> this leads me to believe that it's probably a firewall problem but I don= 't >> know where the logs are. >> >> This brings me to one of the problem with had making changes in cerowrt, >> namely, how the $##$& do you debug this thing? I've had to reflash this = box >> way too many times because I did something that effectively bricked it. >> right now, I would settle for knowing where to find where logs are put. >> >> thanks >> --- eric >> >> >> >> >> >> >> _______________________________________________ >> Cerowrt-devel mailing list >> Cerowrt-devel@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/cerowrt-devel > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel --=20 Dave T=C3=A4ht https://www.bufferbloat.net/projects/make-wifi-fast