Modify

Opened 3 years ago

Last modified 3 years ago

#17703 new defect

WDR4900 v1 stange behavior nat or packet loss when routing via a vpn gateway in my lan

Reported by: lars.nordmeyer@… Owned by: developers
Priority: normal Milestone:
Component: packages Version: Barrier Breaker 14.07
Keywords: Cc:

Description

I updated from BB r40599 to rc3 and then down to rc2 , rc1 and back to r40599 where the problem disappeared again.

i have a vpngateway behind openwrt on the lan which is connected to a lan port and has a internal lan ip . the second outbound port of the gateway is connected to an interface that is set up as dmz with a 172er ip range where port forwarding for the vpn traffic is configured on openwrt.

openwrt has a static route for remote subnet 192.168.0.0/19 via the vpn gateway

i can ping hosts on the remote subnet, but any traffic that has more packets does not flow regardless if i issue the download from the remote or the local side.
i can wget a very simple html page but when i wget a file the traffic stops.
on the remote gateway a saw strange source ip packets that had the ip of the dsl lines gateway.
maybe the packets get natted but i really couldn't pinpoint the problem.

i kept the config and went back to r40599 1st may and everything is fine again.

Attachments (0)

Change History (3)

comment:1 Changed 3 years ago by anonymous

config interface 'loopback'

option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'

option ula_prefix 'fd7f:3178:f924::/48'

config interface 'lan'

option ifname 'eth0.1'
option type 'bridge'
option proto 'static'
option macaddr 'c0:4a:00:a4:31:17'
option ipaddr '192.168.48.1'
option gateway '192.168.48.1'
option broadcast '192.168.49.255'
option dns '8.8.8.8 8.8.4.4'
option netmask '255.255.0.0'

config interface 'wan2'

option _orig_ifname 'eth0.2'
option _orig_bridge 'false'
option ifname 'eth0.2'
option proto 'static'
option ipaddr '80.157.168.50'
option gateway '80.157.168.49'
option broadcast '80.157.168.54'
option netmask '255.255.255.250'
option dns '8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220'
option auto '0'

config interface 'wancomm'

option ifname 'eth0.2'
option proto 'static'
option ipaddr '80.157.168.51'
option gateway '80.157.168.49'
option broadcast '80.157.168.54'
option netmask '255.255.255.250'
option dns '8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220'
option auto '0'

config interface 'wan6'

option ifname 'eth0.2'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option auto '0'

config interface 'wan'

option ifname 'ppp0'
option proto '3g'
option apn 'pinternet.interkom.de'
option pincode '5606'
option service 'umts'
option device '/dev/ttyUSB0'
option ipv6 '1'
option peerdns '0'
option dns '8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220'
option auto '0'

config switch

option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan

option device 'switch0'
option vlan '1'
option vid '1'
option ports '0t 2 3 4'

config switch_vlan

option device 'switch0'
option vlan '2'
option vid '2'
option ports '0t'

config interface 'DMZ'

option proto 'static'
option ifname 'eth0.8'
option dns '8.8.8.8 8.8.4.4'
option ipaddr '172.16.0.3'
option netmask '255.255.255.0'

config switch_vlan

option device 'switch0'
option vlan '3'
option vid '3'
option ports '0t'

config switch_vlan

option device 'switch0'
option vlan '4'
option vid '7'
option ports '0t 1t'

config switch_vlan

option device 'switch0'
option vlan '5'
option vid '8'
option ports '0t 5'

config interface 'dsl'

option proto 'pppoe'
option ifname 'eth0.7'
option password 'xxx'
option peerdns '0'
option dns '8.8.8.8 8.8.4.4 208.67.220.220 208.67.222.222'
option username 'x/y@…'
option mtu '1488'

config route

option interface 'lan'
option target '192.168.0.0'
option netmask '255.255.224.0'
option gateway '192.168.48.8'

config switch_vlan

option device 'switch0'
option vlan '6'
option vid '9'
option ports '0t 3t'

comment:2 Changed 3 years ago by anonymous

The behavior you describe sounds very much like an MTU issue.

Read:
http://networkcanuck.com/2013/06/10/troubleshooting-mtu-size-over-ipsec-vpn/
https://www.strongvpn.com/mtu.shtml

Are you using option mtu_fix 1 in your /etc/config/firewall ?

comment:3 Changed 3 years ago by lars.nordmeyer@…

yes its on for the pppoe dsl link which is the only internet connection on the remote site
i also added the masq_dest but it didn't solve the problem
It's a german telekom VDSL 50 line connected via ZyXEL VMG1312-B30A
normal internet downloads from the router are ok only the routed traffic is affected.

config zone

option forward 'REJECT'
option output 'ACCEPT'
option name 'wan3'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
option network 'dsl'
list masq_dest '!192.168.0.0/19'

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.