You are here

hAP-ac-lite

6 posts / 0 new
Last post
N7JYS
hAP-ac-lite

I have discovered  a bug that goes  back to 3.19.3.0 firmware build. I have updated my hAP ac lite to NB-1366 and the issue still exists. When running a tunnel server, and I change the default DHCP lan server from 5 direct host to 13 or 29 direct  host, my tunnel server will no longer connect  to the enabled nodes.

Otherwise if the lan server DHCP is left at 5 direct host, (the default) the nodes that are enabled connect fine across the tunnel server.

I have uploaded a support file for the device.

Eric


 

Support File Attachment: 
k1ky
k1ky's picture
hAP-ac-lite
I don't think that I have changed the Host config on my tunnel servers mid-stream.  Have you looked to see if your internal network addresses in your tunnel server have changed?  Since your LAN IP addy changes with a host config chage, is it possible that those 172 addy's changed as well?  Also, your home network router port forwarding might need a "refresh" just in case?  Are you using DHCP or STATIC IP on your WAN port?  
 
N7JYS
Reply to #2
 I have double check the tunnel server network address after changing the lan DHCP settings and  the tunnel server address (172.31.70.132) remains the same. I am running the wan in static (192.168.1.92). Not seeing any changes except the tunnels fail to connect.

Eric
K6CCC
K6CCC's picture
Not so sure about that

I recently changed my hAP-at-home node from 5 to 13 devices.  Because I live in an AREDN desert, my only access to the AREDN world is via tunnel.  I normally have at least seven tunnels running - five to eight as a server and two as a client.  Changing the LAN size had no effect on the tunnels - other than a short drop for the required re-boot..  This change was about 2 weeks ago, and the node would have been running whatever was the current Nightly Build at that time.
 

AE6XE
AE6XE's picture
Eric,   This device has
Eric,   This device has custom firewall rules that appears to be forwarding the 5525 port to 10.5.10.97.  This is the port the tunnel feature uses.    if this device is the tunnel server, it appears to be forwarding the ports to some other device, consequently a client wouldn't be able to connect directly to this device.   

This is the rule I'm seeing on your device:
-A zone_wan_prerouting -p tcp -m tcp --dport 5525 -m comment --comment "!fw3: @redirect[1]" -j DNAT --to-destination 10.5.10.97:5525

Joe AE6XE

 
N7JYS
Reply to # 5

Joe, I put that in there some time ago thinking that was needed to make the tunnel server work. I have removed the port in the firewall rules and it fixed the issue. This IP address (10.5.10.97) is the lan address of the tunnel server node (N7JYS-Russ-32-161-75-hAP)   running only 5 direct host. I now see that address changes the more direct host I select. :) Thanks again for the help!!

Eric

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer