Topic: OpenWrt & TP-Link WR842NDv2 & xl2tpd

The content of this topic has been archived on 5 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

porotkin

3 Aug 2014, 11:35

Hello
I have a router TP-Link WR842NDv2. It installed OpenWrt barrier_breaker, 14.07-rc2 (ar71xx).
br-wan (eth0) - cable from the provider (beeline).
br-lan (eth1) - LAN cable
wan6 - wifi?
I can not set up a connection to your ISP via xl2tpd.
xl2tpd with dependencies installed.
xl2tpd run at system startup.
xl2tpd to log writes.
Tell me what is my fault?
/etc/config/network:

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd27:f016:1c45::/48'

config interface 'lan'
    option ifname 'eth1'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config interface 'wan'
    option proto 'dhcp'
    option broadcast '1'
    option type 'bridge'
    option _orig_ifname 'eth0'
    option _orig_bridge 'true'
    option ifname 'eth0 vpn'

config interface 'wan6'
    option ifname '@wan'
    option proto 'dhcpv6'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '0 1 2 3 4'

config interface 'vpn'
    option proto 'l2tp'
    option server '78.107.38.7'
    option username '0893916402'
    option password 'password'

config interface 'ppp0'
    option _orig_ifname 'eth0'
    option _orig_bridge 'false'
    option proto 'l2tp'
    option server 'tp.internet.beeline.ru'
    option username '0893916402'
    option password 'password'

ifconfig

# ifconfig 
br-lan    Link encap:Ethernet  HWaddr E8:94:F6:87:D0:A4  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::ea94:f6ff:fe87:d0a4/64 Scope:Link
          inet6 addr: fd27:f016:1c45::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17549 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14717 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2640665 (2.5 MiB)  TX bytes:4408574 (4.2 MiB)

br-wan    Link encap:Ethernet  HWaddr E8:94:F6:87:D0:A3  
          inet addr:10.174.161.47  Bcast:10.174.167.255  Mask:255.255.248.0
          inet6 addr: fe80::ea94:f6ff:fe87:d0a3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9243 errors:0 dropped:3152 overruns:0 frame:0
          TX packets:5988 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:525859 (513.5 KiB)  TX bytes:663373 (647.8 KiB)

eth0      Link encap:Ethernet  HWaddr E8:94:F6:87:D0:A3  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13193 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7905 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:963476 (940.8 KiB)  TX bytes:871886 (851.4 KiB)
          Interrupt:4 

eth1      Link encap:Ethernet  HWaddr E8:94:F6:87:D0:A4  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17553 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14716 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2886609 (2.7 MiB)  TX bytes:4408438 (4.2 MiB)
          Interrupt:5 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:780 errors:0 dropped:0 overruns:0 frame:0
          TX packets:780 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:59436 (58.0 KiB)  TX bytes:59436 (58.0 KiB)

/etc/config/firewall

config defaults
    option syn_flood '1'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'
    option network 'lan'

config zone
    option name 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
    option network 'wan6'

config forwarding
    option src 'lan'
    option dest 'wan'

config rule
    option name 'Allow-DHCP-Renew'
    option src 'wan'
    option proto 'udp'
    option dest_port '68'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-DHCPv6'
    option src 'wan'
    option proto 'udp'
    option src_ip 'fe80::/10'
    option src_port '547'
    option dest_ip 'fe80::/10'
    option dest_port '546'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Input'
    option src 'wan'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'router-solicitation'
    list icmp_type 'neighbour-solicitation'
    list icmp_type 'router-advertisement'
    list icmp_type 'neighbour-advertisement'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Forward'
    option src 'wan'
    option dest '*'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config include
    option path '/etc/firewall.user'

/etc/xl2tpd/xl2tpd.conf

[global]
port = 1701
auth file = /etc/xl2tpd/xl2tp-secrets
access control = no

[lac vpn]
lns = tp.internet.beeline.ru
name = 0893916402
redial = yes
redial timeout = 5
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tp
autodial = yes
flow bit = no
require chap = yes
require pap = no
refuse chap = no
refuse pap = yes
tx bps = 1000000000

/etc/ppp/options.xl2tpd

name 0893916402
remotename br-wan
mru 1460
mtu 1460
ipparam eth0
ifname vpn
logfile /tmp/log/xl2tpd.log
noaccomp
nopcomp
novj
novjccomp
nobsdcomp
nodeflate
noipx
nomp
defaultroute
unit 0

(Last edited by porotkin on 3 Aug 2014, 11:40)

Post #2

porotkin

5 Aug 2014, 19:50

Hello.
I was able to customize xl2tpd.
In the console WR842ND

# ping google.com
PING google.com (173.194.32.135): 56 data bytes
64 bytes from 173.194.32.135: seq=0 ttl=53 time=74.727 ms
64 bytes from 173.194.32.135: seq=1 ttl=53 time=74.525 ms
64 bytes from 173.194.32.135: seq=2 ttl=53 time=73.983 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 73.983/74.411/74.727 ms

But on the computer does (it is connected to lan) Internet disconnected:

# ping google.com
PING google.com (173.194.32.134) 56(84) bytes of data.
^C
--- google.com ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 10000ms

# ifconfig 
br-lan    Link encap:Ethernet  HWaddr E8:94:F6:87:D0:A4  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::ea94:f6ff:fe87:d0a4/64 Scope:Link
          inet6 addr: fd27:f016:1c45::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1670 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1359 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:120323 (117.5 KiB)  TX bytes:382139 (373.1 KiB)

eth0      Link encap:Ethernet  HWaddr E8:94:F6:87:D0:A3  
          inet addr:10.174.161.47  Bcast:10.174.167.255  Mask:255.255.248.0
          inet6 addr: fe80::ea94:f6ff:fe87:d0a3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:34700 errors:0 dropped:2669 overruns:0 frame:0
          TX packets:30120 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4684987 (4.4 MiB)  TX bytes:3894705 (3.7 MiB)
          Interrupt:4 

eth1      Link encap:Ethernet  HWaddr E8:94:F6:87:D0:A4  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:267232 errors:0 dropped:0 overruns:0 frame:0
          TX packets:267442 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:18090195 (17.2 MiB)  TX bytes:32196965 (30.7 MiB)
          Interrupt:5 

l2tp-vpn  Link encap:Point-to-Point Protocol  
          inet addr:89.179.4.234  P-t-P:89.179.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1456  Metric:1
          RX packets:1580 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1687 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:165789 (161.9 KiB)  TX bytes:194918 (190.3 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:218 errors:0 dropped:0 overruns:0 frame:0
          TX packets:218 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:15508 (15.1 KiB)  TX bytes:15508 (15.1 KiB)

root@OpenWrt:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *               0.0.0.0         U     0      0        0 l2tp-vpn
10.0.0.0        10.174.160.1    255.0.0.0       UG    0      0        0 eth0
10.174.160.0    *               255.255.248.0   U     0      0        0 eth0
78.106.0.0      10.174.160.1    255.254.0.0     UG    0      0        0 eth0
89.179.0.1      10.174.160.1    255.255.255.255 UGH   0      0        0 eth0
89.179.0.1      *               255.255.255.255 UH    0      0        0 l2tp-vpn
192.168.1.0     *               255.255.255.0   U     0      0        0 br-lan
195.14.50.0     10.174.160.1    255.255.255.224 UG    0      0        0 eth0
224.0.0.0       10.174.160.1    240.0.0.0       UG    0      0        0 eth0

Post #3

porotkin

5 Aug 2014, 19:57

my Settings:
/etc/config/firewall

config defaults
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'

config include
    option path '/etc/firewall.user'

config rule
    option enabled '1'
    option target 'ACCEPT'
    option name '1'
    option proto 'all'
    option src '*'
    option dest '*'

config zone
    option name 'newzone'
    option input 'ACCEPT'
    option forward 'ACCEPT'
    option output 'ACCEPT'
    option network 'lan'

config zone
    option name 'newzone2'
    option input 'ACCEPT'
    option forward 'ACCEPT'
    option output 'ACCEPT'
    option network 'vpn'

config forwarding
    option dest 'newzone'
    option src 'newzone2'

config forwarding
    option dest 'newzone2'
    option src 'newzone'

config zone
    option name 'newzone3'
    option input 'ACCEPT'
    option forward 'ACCEPT'
    option output 'ACCEPT'
    option network 'wan'

config forwarding
    option dest 'newzone'
    option src 'newzone3'

config forwarding
    option dest 'newzone2'
    option src 'newzone3'

config forwarding
    option dest 'newzone3'
    option src 'newzone'

config forwarding
    option dest 'newzone3'
    option src 'newzone2'

/etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd27:f016:1c45::/48'

config interface 'lan'
    option ifname 'eth1'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config interface 'wan'
    option ifname 'eth0'
    option proto 'dhcp'

config interface 'wan6'
    option _orig_ifname 'wlan0'
    option _orig_bridge 'false'
    option proto 'static'

config switch
    option name 'switch0'
    option reset '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '0 1 2 3 4'
    option vid '1'

config interface 'vpn'
    option proto 'l2tp'
    option server 'tp.internet.beeline.ru'
    option username '0893916402'
    option password 'nhtybhjdrf'
    option keepalive '20 5'
    option mtu '1460'
    option delegate '0'

/etc/xl2tpd/xl2tpd.conf

[global]
access control = yes
debug avp = yes
debug network = yes
debug packet = yes
debug state = yes
debug tunnel = yes
force userspace = yes

[lac vpn]
lns = tp.internet.beeline.ru
name = 0893916402
redial = yes
redial timeout = 5
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
autodial = yes
flow bit = no
require chap = yes
require pap = no
refuse chap = no
refuse pap = yes
tx bps = 1000000000

/etc/ppp/options.xl2tpd

name 0893916402
remotename l2tp
ifname 'l2tp-vpn'
logfile /var/log/xl2tpd.log
mru 1460
mtu 1460
noaccomp
nopcomp
novj
novjccomp
nobsdcomp
nodeflate
nomp
defaultroute
unit 0

Why no internet on the computer?

Post #4

porotkin

7 Aug 2014, 17:12

the problem is solved
Deleted all zones and rules. Posted in Custom rules my.

The discussion might have continued from here.

Page 1 of 1