Modify

Opened 7 years ago

Closed 7 years ago

#9034 closed defect (invalid)

Firewall for ppp0 broken

Reported by: hanipouspilot@… Owned by: jow
Priority: normal Milestone:
Component: packages Version: Trunk
Keywords: Cc:

Description

Built 26046 from backfire branch.
I set up an L2TP connection using xl2tps.
Interface ppp0 is attached to firewall wan.
When interface ppp0 is up it is not attached to zone wan according to log.
There is no trigger to assign interface to zone when it is up.

Attachments (0)

Change History (10)

comment:1 Changed 7 years ago by hanipouspilot@…

I found where was the problem. It is in xl2tpd 1.2.8 package
When i installed 1.2.5 firewall works OK.

comment:2 Changed 7 years ago by jow

Any details? I fail to see how the update affects firewalling.

comment:3 Changed 7 years ago by Dmitry Tunin <hanipouspilot@…>

I did not dig deep. The thing is that when 1.2.8 is installed and ppp0 is assign to wan zone, when ppp0 is up there is no 'assigning ppp0 to zone wan'.
When I just uninstall 1.2.8 and install 1.2.5, firewall works fine.
I think new xl2tpd does not send peoper information about interface up.

comment:4 Changed 7 years ago by Dmitry Tunin <hanipouspilot@…>

You can easily see it in the log
OpenWrt user.info firewall: adding vpn (ppp0) to zone wan

When there is 1.2.8 it does not appear.

comment:5 Changed 7 years ago by Dmitry Tunin <hanipouspilot@…>

Probably this fix xouses it. The problem starts only in version 1.2.8
https://gsoc.xelerance.com/issues/1078

I suggest finding a workaround or downgrade to 1.2.7

comment:6 Changed 7 years ago by jow

  • Owner changed from developers to jow
  • Status changed from new to accepted

comment:7 Changed 7 years ago by Dmitry Tunin <hanipouspilot@…>

I tested 1.2.7 works perfectly. There is already "nolog-error11" patch. So log is clean. Makefile patches can stay from 1.2.5
So it makes sense to just replace the package.
1.2.8 seems buggy.

comment:8 Changed 7 years ago by Dmitry Tunin <hanipouspilot@…>

I tried openl2tpd. And same thing.
Firewall does not see when ppp0 is up and does not add it to a zone.
This means that firewall checks interfaces not in a good way.

comment:9 Changed 7 years ago by Dmitry Tunin <hanipouspilot@…>

I found what was the problem.
xl2tpd 1.2.8 and openl2tp do not pass ipparam tp pppd.
This may be fixed by adding ipparam to /etc/ppp/options

The ticket may be closed. Or for easier use you can add ipparam to the file.

comment:10 Changed 7 years ago by jow

  • Resolution set to invalid
  • Status changed from accepted to closed

Configuration issue

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.