Hello, I have a TPLink N600 (TL-WDR3600) with OpenWRT 15 (CC). I have 3 AP with this System and all of them in a switched closed network (no access to internet) with the WAN interface and I use the LAN interface for administration with LuCI and SSH, but now I want to put an OpenWRT client into the AP and connect to my OpenVPN server. The connection is working great, the tun0 device inside the AP is created and I can do a "ping" between the server and client....
The principal problem is that i want to put all the Dropbear server and HTTP server over that tun0 interface. Already i was writted into /etc/config/dropbear this (the interface name into config/network is OVPN_TUN)
config dropbear
option Port '22'
option Interface 'OVPN_TUN'
option PasswordAuth 'off'
option RootPasswordAuth 'off'
When I execute "/etc/init.d/dropbear restart", dropbear say that the OVPN_TUN doesn't have a physdev or physdev has no an ip address.
Then I execute "dropbear -F -P /var/run/dropbear.2.pid -s -g -p 10.9.0.2:23 -E -K 300" and nmap from my pc to 10.9.0.2 show that port 23 and 80 are open, but when i try connect to them, has a timeout, ssh example
---------------INTO OPENWRT--------------------------------------------------------------------------------------
root@DESARROLLO:~# dropbear -F -P /var/run/dropbear.2.pid -s -g -p 10.9.0.2:23 -E -K 300
[3848] Aug 23 21:26:52 Not backgrounding
[3849] Aug 23 21:26:58 Child connection from 10.11.0.61:47600
[3831] Aug 23 21:28:10 Exit before auth: Timeout before auth
[3834] Aug 23 21:28:51 Exit before auth: Timeout before auth
[3835] Aug 23 21:28:56 Exit before auth: Timeout before auth
[3842] Aug 23 21:30:00 Exit before auth: Timeout before auth
[3849] Aug 23 21:31:58 Exit before auth: Timeout before auth
--------------------------------------------------------------------------------------------------------------------------------
----------------INTO MY SERVER---------------------------------------------------------------------------------------
ssh root@10.9.0.2 -v -p 23 ↵ 130
OpenSSH_7.5p1 Debian-5, OpenSSL 1.0.2l 25 May 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.9.0.2 [10.9.0.2] port 23.
debug1: Connection established.
debug1: identity file /home/luis/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/luis/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/luis/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/luis/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/luis/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/luis/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/luis/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/luis/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5p1 Debian-5
debug1: Remote protocol version 2.0, remote software version dropbear_2015.67
debug1: no match: dropbear_2015.67
debug1: Authenticating to 10.9.0.2:23 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group14-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
Connection closed by 10.9.0.2 port 23
--------------------------------------------------------------------------------------------------------------------------------
and with HTTP same timeout, well testing with "telnet 10.9.0.2 80" with GET / HTTP/1.1 works and response with the LuCI redirect page, but if I used chrome, firefox, w3m... then Timeout, very strange......