44net May 2014

44net@mailman.ampr.org

32 participants
37 discussions

Re: [44net] 44Net Digest, Vol 3, Issue 103

by Rob Janssen

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > [44net] Pings to 44... from Internet not returning > From: > Pedro Converso <pconver(a)gmail.com> > Date: > 05/19/2014 11:26 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > Hello fellows 44 crew > > I have a ping not returning syndrome from my 44 address via Internet. It looks like you are not sending your pings back encapped to 169.228.66.251 You send them directly without encap. That may work if you have a bad ISP, but normally it should not work. You should have separate route tables for net-44 and public-IP traffic and send all traffic originating at net-44 back out via 169.228.66.251. I don't think jnos can do that. It really is outdated, you should consider migrating to Linux where this is no problem. (see earlier recipes provided on this list) Rob

9 years, 11 months

Pings to 44... from Internet not returning

by Pedro Converso

Hello fellows 44 crew I have a ping not returning syndrome from my 44 address via Internet. >From any ampr system ping to 44.153.0.1 are answered ok, but from internet don't receive answer to pings sent to 44.153.0.1 To try thru Internet I use https://www.wormly.com/test_remote_ping setting 44.153.0.1 as destination for pings. System is an ubuntu 10.03 and jnos2.0i, locally pings returns ok. I made some traces that follows, some related autoexec.nos are at end. Same symptom happens with several 44 systems, pings from Internet don't return. As pings don't return any other tcp function doesn't work either. Any help/guidance/sugestion will be much appreciated. Best 73, lu7abf, Pedro Converso PD: Router: TL-MR3420 DMZ: 44.153.0.10 (IP of my jnos2) ================================================================ Trace of tun0 interfase made by jnos> trace tun0 211 Here can be seen that tun0 receives Echo request encapsulated thru amprgw and Reply with no encapsulation, which originating pinger doesn't receive Mon May 19 16:36:37 2014 - tun0 recv: IP: len 104 169.228.66.251->44.153.0.1 ihl 20 ttl 39 prot IP IP: len 84 184.72.226.23->44.153.0.1 ihl 20 ttl 38 DF prot ICMP ICMP: type Echo Request id 58952 seq 1 0000 45 00 00 68 63 95 00 00 27 04 16 84 a9 e4 42 fb E..hc...'...)dB{ 0010 2c 99 00 01 45 00 00 54 33 75 40 00 26 01 5a 3a ,...E..T3u@.&.Z: 0020 b8 48 e2 17 2c 99 00 01 08 00 f1 bb e6 48 00 01 8Hb.,.....q;fH.. 0030 2e 5d 7a 53 00 00 00 00 ab 76 0d 00 00 00 00 00 .]zS....+v...... 0040 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................ 0050 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./ 0060 30 31 32 33 34 35 36 37 01234567 Mon May 19 16:36:37 2014 - tun0 recv: IP: len 104 169.228.66.251->44.153.0.1 ihl 20 ttl 39 prot IP IP: len 84 184.72.226.23->44.153.0.1 ihl 20 ttl 38 DF prot ICMP ICMP: type Echo Request id 58952 seq 1 0000 45 00 00 68 63 95 00 00 27 04 16 84 a9 e4 42 fb E..hc...'...)dB{ 0010 2c 99 00 01 45 00 00 54 33 75 40 00 26 01 5a 3a ,...E..T3u@.&.Z: 0020 b8 48 e2 17 2c 99 00 01 08 00 f1 bb e6 48 00 01 8Hb.,.....q;fH.. 0030 2e 5d 7a 53 00 00 00 00 ab 76 0d 00 00 00 00 00 .]zS....+v...... 0040 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................ 0050 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./ 0060 30 31 32 33 34 35 36 37 01234567 Mon May 19 16:36:37 2014 - tun0 sent: IP: len 84 44.153.0.1->184.72.226.23 ihl 20 ttl 175 prot ICMP ICMP: type Echo Reply id 58952 seq 1 0000 45 00 00 54 71 c7 00 00 af 01 d2 e7 2c 99 00 01 E..TqG../.Rg,... 0010 b8 48 e2 17 00 00 f9 bb e6 48 00 01 2e 5d 7a 53 8Hb...y;fH...]zS 0020 00 00 00 00 ab 76 0d 00 00 00 00 00 10 11 12 13 ....+v.......... 0030 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 ............ !"# 0040 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 $%&'()*+,-./0123 0050 34 35 36 37 4567 ======================================================================= Trace of encap interfase made by jnos> trace encap 211 Here can be seen that encap interfase receives echo req but don't answer Mon May 19 16:36:37 2014 - encap recv: IP: len 84 184.72.226.23->44.153.0.1 ihl 20 ttl 38 DF prot ICMP ICMP: type Echo Request id 58952 seq 1 0000 45 00 00 54 33 75 40 00 26 01 5a 3a b8 48 e2 17 E..T3u@.&.Z:8Hb. 0010 2c 99 00 01 08 00 f1 bb e6 48 00 01 2e 5d 7a 53 ,.....q;fH...]zS 0020 00 00 00 00 ab 76 0d 00 00 00 00 00 10 11 12 13 ....+v.......... 0030 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 ............ !"# 0040 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 $%&'()*+,-./0123 0050 34 35 36 37 4567 Mon May 19 16:36:37 2014 - encap recv: IP: len 84 184.72.226.23->44.153.0.1 ihl 20 ttl 38 DF prot ICMP ICMP: type Echo Request id 58952 seq 2 0000 45 00 00 54 33 76 40 00 26 01 5a 39 b8 48 e2 17 E..T3v@.&.Z98Hb. 0010 2c 99 00 01 08 00 38 ce e6 48 00 02 2f 5d 7a 53 ,.....8NfH../]zS 0020 00 00 00 00 6f 63 01 00 00 00 00 00 10 11 12 13 ....oc.......... 0030 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 ............ !"# 0040 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 $%&'()*+,-./0123 0050 34 35 36 37 4567 Mon May 19 16:36:37 2014 - encap recv: IP: len 84 184.72.226.23->44.153.0.1 ihl 20 ttl 38 DF prot ICMP ICMP: type Echo Request id 58952 seq 3 0000 45 00 00 54 33 77 40 00 26 01 5a 38 b8 48 e2 17 E..T3w@.&.Z88Hb. 0010 2c 99 00 01 08 00 c7 a0 e6 48 00 03 2f 5d 7a 53 ,.....G fH../]zS 0020 00 00 00 00 dd 8f 04 00 00 00 00 00 10 11 12 13 ....]........... 0030 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 ............ !"# 0040 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 $%&'()*+,-./0123 0050 34 35 36 37 4567 ======================================================================= Related autoexec.nos commands to routes & interfaces hostname lu7abf.ampr.org. ip address 44.153.0.1 ax25 mycall lu7abf attach tun tun0 1500 0 ifconfig tun0 ipaddress 44.153.0.10 ifconfig tun0 netmask 255.255.255.0 ifconfig tun0 mtu 1500 shell ifconfig tun0 44.153.0.3 pointopoint 44.153.0.10 mtu 1500 up shell route add 44.153.0.1 gw 44.153.0.3 tun0 shell sudo arp -sD 44.153.0.10 eth0 pub shell echo 0 > /proc/sys/net/ipv4/conf/tun0/rp_filter # disable arp_filter shell echo 1 > /proc/sys/net/ipv4/ip_forward # enable ip_forward shell iptables -t nat -A PREROUTING -d 44.153.0.10/32 --proto 4 \-j DNAT --to 44.153.0.1 shell iptables -t nat -A PREROUTING -d 44.153.0.10/32 --proto 94 \-j DNAT --to 44.153.0.1 shell iptables -t nat -A POSTROUTING -s 44.153.0.1/32 -o eth0 -p 4 shell iptables -t nat -A POSTROUTING -s 44.153.0.1/32 -o eth0 -p 94 shell sudo -s iptables -t nat -A PREROUTING -d 44.153.0.3/32 -p tcp --dport 23 \-j DNAT --to 44.153.0.1:23 shell sudo -s iptables -t nat -A PREROUTING -d 44.153.0.3/32 -p tcp --dport 6300 \-j DNAT --to 44.153.0.1:23 shell sudo -s iptables -t nat -A PREROUTING -d lu7abf.org.ar -p tcp --dport 6300 \-j DNAT --to 44.153.0.1:23 shell sudo -s iptables -t nat -A POSTROUTING -s 44.153.0.1/32 -o eth0 -j MASQUERADE shell sudo -s iptables -t nat -A POSTROUTING -s 44.153.0.10/32 -o eth0 -j MASQUERADE ifconfig encap ip 44.153.0.1 ifconfig encap mtu 1500 ifconfig encap netmask 0xffffffff ifconfig encap broadcast 255.255.255.255 ifc encap descript "IPIP Encapulation interface" arp eaves tun0 on arp eaves encap on arp poll tun0 on arp poll encap on arp maxq 20 route addprivate default tun0 44.153.0.3 route add 44.153.0.1 tun0 44.153.0.10 route add 44.153.0.2 tun0 44.153.0.10 route add 44.153.0.3 tun0 44.153.0.10 ========================================================

9 years, 11 months

Re: [44net] Avoid/delete own gw entry broadcast from amprgw (resend)

by Pedro Converso

Wow! Nice and elegant solution !! I did it that way, it works ! route lookup shows now correct despicte amprgw sets wider route. Thanks!!! 73, lu7abf, Pedro > > On Mon, May 19, 2014 at 3:26 AM, Steve Fraser <sfraser(a)sky.apana.org.au> wrote: >> Hi Pedro >> >> (oops, typo) >> >> I think if you have two static routes that are smaller (more specific) than >> the amprgw route (e.g. /24) then they should take priority over the /23 >> amprgw route. >> >> So add routes to 44.153.0.0/24 and 44.153.1.0/24 , to your default. >> >> regards >> >> Steve, vk5asf >> >> On 19/05/14 15:16, Pedro Converso wrote: >>> >>> (Please trim inclusions from previous messages) >>> _______________________________________________ >>> Hello fellow crew aboard this 44 ship, >>> >>> I receive ok every 5 min update routes from amprgw in my jnos2 using rip2. >>> >>> Along with all gateways my own gateway is included affecting my local >>> route that should be pointing to my default route, not to my gw >>> internet IP. >>> >>> Question is: how I can avoid receive/load my own gateway entry ? or >>> else how I can drop this entry coming from amprgw from my route table >>> ? or how to make a permanent route that is not overlaid ? >>> >>> I tried with an at command: at 15 "route drop 44.153.0.0/23 encap+" >>> but in less than 5 minutes the route is again overlaid with my gw >>> entry from amprgw. >>> >>> Appreciate any suggestion/advice, >>> Tks in advance >>> lu7abf, Pedro Converso >>> >>> 73, lu7abf, Pedro >>> _________________________________________ >>> 44Net mailing list >>> 44Net(a)hamradio.ucsd.edu >>> http://hamradio.ucsd.edu/mailman/listinfo/44net >> >>

9 years, 11 months

AMPR VPN

by lleachii＠aol.com

Ok, I finally took the time to setup my VPN. I made all the necessary CRT and KEY files, and was able to connect with OpenVPN for Android. I haven't had any success reaching any 44 hosts while connected, except the 44 devices local to the VPN server (I assume). Any ideas anyone? -KB3VWG

9 years, 11 months

Avoid/delete own gw entry broadcast from amprgw

by Pedro Converso

Hello fellow crew aboard this 44 ship, I receive ok every 5 min update routes from amprgw in my jnos2 using rip2. Along with all gateways my own gateway is included affecting my local route that should be pointing to my default route, not to my gw internet IP. Question is: how I can avoid receive/load my own gateway entry ? or else how I can drop this entry coming from amprgw from my route table ? or how to make a permanent route that is not overlaid ? I tried with an at command: at 15 "route drop 44.153.0.0/23 encap+" but in less than 5 minutes the route is again overlaid with my gw entry from amprgw. Appreciate any suggestion/advice, Tks in advance lu7abf, Pedro Converso 73, lu7abf, Pedro

9 years, 11 months

Re: [44net] Pi Query

by Brian

Thanks Marius; I'll give it a shot when I get home. Sent via the Samsung Galaxy Note® 3, an AT&T 4G LTE smartphone <div>-------- Original message --------</div><div>From: Marius Petrescu <marius(a)yo2loj.ro> </div><div>Date:05/18/2014 11:37 AM (GMT-05:00) </div><div>To: 'AMPRNet working group' <44net(a)hamradio.ucsd.edu> </div><div>Subject: Re: [44net] Pi Query </div><div> </div>(Please trim inclusions from previous messages) _______________________________________________ Hi Brian, Try to set the TTL at tunnel creation: ip tun add tunl0 mode ipip ttl 64 local <your_local_ip> I had the same problem and it works for me. Marius, YO2LOJ -----Original Message----- From: 44net-bounces+marius=yo2loj.ro(a)hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Brian Sent: Sunday, May 18, 2014 16:15 To: AMPRNet working group Subject: Re: [44net] Pi Query (Please trim inclusions from previous messages) _______________________________________________ On Sat, 2014-05-17 at 17:08 -0400, lleachii.aol.com spake: > If your referring to what I think you are. My startup script mentions the command to make traceroute work on a Linux tunnel. > http://44.60.44.13/startampr I use the same command on my boxes and it works fine, however, on the Pi with the latest wheezy (and updates) it does not: root@gw:/home/n1uro# ip tunnel change ttl 64 mode ipip tunl0 add tunnel tunl0 failed: No such file or directory root@gw:/proc# cat version Linux version 3.10.25+ (dc4@dc4-arm-01) (gcc version 4.7.2 20120731 (prerelease) (crosstool-NG linaro-1.13.1+bzr2458 - Linaro GCC 2012.08) ) #622 PREEMPT Fri Jan 3 18:41:00 GMT 2014 root@gw:/proc# ip -V ip utility, iproute2-ss120521 -- 73 de Brian Rogers - N1URO email: <n1uro(a)n1uro.ampr.org> Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont. _________________________________________ 44Net mailing list 44Net(a)hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net _________________________________________ 44Net mailing list 44Net(a)hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net

9 years, 11 months

Pi Query

by lleachii.aol.com

Brian, If your referring to what I think you are. My startup script mentions the command to make traceroute work on a Linux tunnel. http://44.60.44.13/startampr - KB3VWG

9 years, 11 months

Pi Query

by Brian

Greetings list members; I'm just wondering if anyone's been able (besides creating dupe tunnel interfaces) to fix the traceroute bug on the Raspberry Pi units when tracing through a standard tunl0 ipencap tunnel interface on the updated wheezy distro? -- 73 de Brian Rogers - N1URO email: <n1uro(a)n1uro.ampr.org> Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.

9 years, 11 months

Re: [44net] AMPR VPN

by kb9mwr＠gmail.com

My OpenVPN server doesn't use keys compatible with LoTW like Hessu's. It's mostly just for myself and other local applications. However if you wanted I could email you a ovpn file and the keys off-list. In reality adding a OpenVPN server to your own gateway is a snap.

9 years, 11 months

Re: [44net] AMPR VPN

by kb9mwr＠gmail.com

My bad, I missed the part that you were using Hessu's VPN server. I have not tried that yet. Nor do I know how he has things configured. I do run a OpenVPN server on my IPIP gateway. And as I mentioned; the OpenVPN server hands out a 44 address in my subnet and routes all 44 client traffic back to the OpenVPN / IPIP server and it works great. 73' Steve, KB9MWR

9 years, 11 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net May 2014