Recent content by JDA
-
J
RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time
I'm going to say now that the root cause of this problem was having DDNS setup to keep HE tunnelbroker updated. With DDNS off, there are no eth0 assignment errors in the log, and the firewall rules permitting traffic inbound over openvpn to the client subnet are persisting. I wonder if there...- JDA
- Post #15
- Forum: Asuswrt-Merlin
-
J
RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time
So I guess the next step is to disable ddns and see what happens. But it would be nice if this played together properly- JDA
- Post #14
- Forum: Asuswrt-Merlin
-
J
RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time
I think that the ipv6 tunnel is working fine, and the ddns to tunnelbroker is working fine, but the software is complaining because it somehow thinks that eth0 should get a new ipv6. With a tunnel, the ipv6 address is assigned to interface v6tun0, not eth0. Perhaps that causes the problem....- JDA
- Post #13
- Forum: Asuswrt-Merlin
-
J
RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time
But maybe we are onto something. I have the tunnel broker tunnel up, and ddns says successful. I can log into the router and ping foreign ipv6 addresses. But I get this log entry over and over: Jan 17 09:42:00 watchdog: start ddns. Jan 17 09:42:00 ddns: eth0 has not yet obtained an WAN IPv6...- JDA
- Post #11
- Forum: Asuswrt-Merlin
-
J
RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time
I do have DDNS, and it wasn't successful because it was setup to keep a tunnel broker IPv6 link active. I had IPv6 turned off, but hadn't turned off the DDNS. So I turned the IPv6 back on, and it is working, and so is the DDNS. Lets see if the behavior changes. How would DDNS be related to...- JDA
- Post #10
- Forum: Asuswrt-Merlin
-
J
RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time
And these rules are present when working, and then absent after a time; they just disappear and the openvpn link hasn't gone anywhere. iptables -L -n: Chain OVPNCF (1 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0...- JDA
- Post #8
- Forum: Asuswrt-Merlin
-
J
RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time
That isn't the case. I can ssh and ping and anything I want from an openvpn client network host to a server network host. I can access either router from the other. The openvpn link is up and working, it is just that these firewall rules are dropped and the specific limitation is this server...- JDA
- Post #7
- Forum: Asuswrt-Merlin
-
J
RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time
I used iptables-save when the ping worked and saved as 1.txt. Then again today when the ping did not work, saved as 2.txt. Then "diff 1.txt 2.txt". The "OVPNCF" and "OVPNCI" lines that go missing after a time seem the culprit. Why would they disappear? The "OVPNSF" lines also disappear for...- JDA
- Post #5
- Forum: Asuswrt-Merlin
-
J
RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time
Thank you Colin, I do have a server enabled on the client router, for access when the router is somehow not working properly as a client. I did turn off the server, and did see that line go away. I confirmed when the server was disabled on the client router that the pings work fine from a...- JDA
- Post #3
- Forum: Asuswrt-Merlin
-
J
RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time
This is for ASUS Merlin running latest version on two RT-AC88U routers, one as an openvpn server, and the other as a client. I route 10.0.0.0/8 subnets on either side of the openvpn link. When the link is established, the client route iptables has the following line in it: Chain OVPNSI ACCEPT...- JDA
- Thread
- Replies: 14
- Forum: Asuswrt-Merlin