From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id D03B421F2F8 for ; Thu, 2 Oct 2014 19:24:49 -0700 (PDT) Received: by mail-la0-f51.google.com with SMTP id ge10so280208lab.10 for ; Thu, 02 Oct 2014 19:24:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aenertia.net; s=dkimaenertianet; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=sW8Nq+iDGpVxWPMufNM4sMWea8VfkW6MMNYANIPrKxE=; b=X1yrd5XQpSF2MvUxju7zq4+rxcfkCHRVqQEc35aPwKxsDMXTnrcvG11FzQ31xzeWtm jHlg4dkDqx5f24dx6mydk3HER/wyvWpmb6Y4aAvEY1hMYR816OBInzt2qgwYEbiWL8u6 dXEs0MfzBUWkhAVn1EpT/eNETXBM/z7+XVsMQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=sW8Nq+iDGpVxWPMufNM4sMWea8VfkW6MMNYANIPrKxE=; b=cbS61jT7nwLvAhD/2IIuA+/6Gs9stPibVWuUmj+fyy6YmQXhRdS9E3HZwypP815WyX 93eD6nopCDMgo14NIQrylHVUNDgPfHb0GaPFpwzoKrhHH51vtoiU8iXIyJeTF1M4+2Mn 3PZr9EVPEkvURJeQbIW9ld6HutCzLzV2XsrgvfP7anFDZk7WmaoAzwq0Y5N4JT24CE8Y dAuhFDF5SpwRxpVwbYdqYWSAA4HR1wLQZh/GPFLxiqOm6mdjvdhc4rlKSwa+15Y1UZIP 1UKvQBMvpxFLG6a85m0KfI9JdSnx7V8u0h6oFZ65P60filjVMOX+XSIi93y0pV0tnHi+ ZWQg== X-Gm-Message-State: ALoCoQmhalPwToQZoarGcOGRUGtgiLEkFsg7eF2vX9ZPchHkiaLlTqsUUsgrEAtaeJ8dJJoXqvsS X-Received: by 10.152.19.225 with SMTP id i1mr2392559lae.21.1412303086946; Thu, 02 Oct 2014 19:24:46 -0700 (PDT) MIME-Version: 1.0 Sender: aenertia@aenertia.net Received: by 10.25.16.220 with HTTP; Thu, 2 Oct 2014 19:24:26 -0700 (PDT) In-Reply-To: <542DFCCA.7080708@eggo.org> References: <542DFCCA.7080708@eggo.org> From: =?UTF-8?Q?Joel_Wir=C4=81mu_Pauling?= Date: Fri, 3 Oct 2014 15:24:26 +1300 X-Google-Sender-Auth: NwtR1_QTIYWNLMb_s4NADx5gCyQ Message-ID: To: "Eric S. Johansson" Content-Type: text/plain; charset=UTF-8 Cc: cerowrt-devel Subject: Re: [Cerowrt-devel] vpn fw question X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Oct 2014 02:25:18 -0000 I.e Your topology looks like this : [(Remote LAN) - VPN Client]---[INTERNET]---(Local LAN)[WAN][LAN][REMOTE-LAN]) Your Local LAN knows nothing about Remote LAN and Vice versa. There is just a single Inteface/Client member that is a member of REMOTE-LAN. So to get traffic from Local LAN to Remote LAN all Local-LAN traffic needs to be masqueraded to that Single interface. -Joel On 3 October 2014 14:32, Eric S. Johansson wrote: > I was trying to setup my cerowrt box as an openvpn client. everything seems > to be working. The VPN link comes up, tun0 is created. I can access machines > on the far end of the link from the AP and vice versa. the openwrt > incantation for the vpn says to create an interface called vpn0 > > network.vpn0=interface > network.vpn0.proto=none > network.vpn0.ifname=tun0 > > ifconfig says tun0 exists but no vpn0. fw3 reload says: > > Warning: Section @zone[1] (lan) cannot resolve device of network 'lan' > Warning: Section @zone[2] (guest) cannot resolve device of network 'guest' > > sometimes it says: Warning: Section @zone[1] (lan) cannot resolve device of > network 'vpn0' > > tcpdump sees the ICMP request at se00 and tun0 but not at the remote target. > this leads me to believe that it's probably a firewall problem but I don't > know where the logs are. > > This brings me to one of the problem with had making changes in cerowrt, > namely, how the $##$& do you debug this thing? I've had to reflash this box > way too many times because I did something that effectively bricked it. > right now, I would settle for knowing where to find where logs are put. > > thanks > --- eric > > > > > > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel