Tuesday, November 10, 2009

Murphy...

Since I was already busy with upgrading my laptop, I figured I might aswell upgrade my home server which was running ubuntu 8.04. However after upgrading to 8.10 my network didn't work anymore. When booting an older kernel it worked fine. Figured it was an issue in the kernel, Ubuntu 8.10 was using and since the target was to get to 9.10, I thought I might aswell continue. So upgraded the 8.10 to 9.04, however the network issue remained. With 2.6.28 on 9.04, I was unable to ping my WRT54G which runs OpenWRT. With 2.6.24 on 9.04 it works 'fine'. My home setup uses a couple of VLANs and it seems that that was causing the problems, without the VLANs the new kernel was able to ping the router.

As it was already getting late, I booted the machine with 2.6.24 and decided to call it a day.

Today, when I tried to initiate an OpenVPN connection to my home server from a remote location, the connection failed. Even a secure shell to the server didn't work. Going via the OpenWRT's shell to the server did work for some bizarre reason.

After some tracing with tcpdump and wireshark, it showed that the port number of the connection was somehow changing... ie. make a connection to port 1000 and it arrived on the server at port 1040 according to the packet trace.

First thought it had to do with the VLAN tagging and that for some reason the ubuntu kernel was interpreting the packets wrong, as I already had issues with the VLAN... but when I did the packet trace on the OpenWRT on the incoming interface, it was correct.. on the outgoing interface however it was wrong... which showed the cause was not with the ubuntu server but with the OpenWRT device. After rebooting it, the connections worked fine again.

Goes to show that when stuff goes bad, it really goes bad.. as in 2 different things going banana's at the exact same time!


Anyway the OpenWRT issue seems to be a bug in the 7.07 Kamikaze release, which is fixed in 8.09

Kamikaze 8.09 Release notes states:

* fix port forwarding NAT issues in brcm-2.4


So it looks like I'll have to update yet another device.
Posted by at
Labels: ,

1 comment:

Anonymous said...

Still looking for the t-shirt "Murphy's law, I'm a believer!"
Seen enough proof to take the law as a fact!

November 11, 2009 at 6:56 AM

Post a Comment

Subscribe to: Post Comments (Atom)