Hello everyone!
Does anyone have any experience setting up VyOS for use on the AMPR
network? I have the IPIP tunnel to UCSD set up, however, I don't know how
to proceed from there in terms of RIP.
This is what I did so far:
set interfaces tunnel tun0
set interfaces tunnel tun0 local-ip 'wanip'
set interfaces tunnel tun0 remote-ip 169.228.66.251
set interfaces tunnel tun0 encap ipip
set interfaces tunnel tun0 descr "Tunnel to AMPR Gateway"
set interfaces tunnel tun0 multicast enable
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface
tun0
set policy route SOURCE_ROUTE rule 10 set table 1
set policy route SOURCE_ROUTE rule 10 source address 44.0.0.0/16
set interfaces ethernet eth1 vif 44 policy route SOURCE_ROUTE
set protocols rip interface eth1.44
set interfaces ethernet eth1 vif 44 ip rip authentication
plaintext-password [therippass]
--
Miguel Rodriguez
12th Grade Student
MIGUELR-DN42 / KM4VYU
miguemely101(a)gmail.com
Tel: *561-758-0631*
*Accredited District Since 2008; Re-certification - January 2013*
Home of Florida's first LEED Gold Certified School
*Disclaimer*: Under Florida law, e-mail addresses are *public records*. If
you do not want your e-mail address released in response to a public
records request, do not send electronic mail to this entity. Instead,
contact this office by phone or in writing.
First I wanted to mention I am glad to read Bjorn's message about
adding some content to the network.
Keeping in contact is key. Be that a coordinator or any host on the
amprnet. Seems every few months on here we are discussing how someone
is sending out random packets, and a straight forward way to get a
hold of people would be helpful.
Some time back it was brought up to have a whois server or something
like that. I bet I can guess the status of that.
As for everyone having an ampr.org email address, perhaps a forwarding
service like the arrl.net addresses? Then there is the possible spam
problem, and the fact that someone would need to set up such a
service.
Overall a lot of good ideas are brought up on this list, so few ever
happen. The only solution I am offering is everyone should help
spread the word and try and get more people involved with moving this
network forward. I wish I had better coding skills.
One of the core problems at least in my country where the ampr/44net
space is not well utilized is the lack of higher speed equipment to
build a network. You really have to be part of a well organized club
with site connections to do anything microwave on any big scale from
what I have seen.
Hello All,
Looks like I have lost all of my AXIP/UDP links in Australia over the years
and would like to try and configure a couple again within Australia and New
Zealand please?
I am Rob VK1KW 44.136.3.92
Canberra A.C.T. local area
44.136.0.0/21
Vk1kw.dyndns.org
EMAIL Vk1kw(a)netspace.net.au
BBS Vk1kw(a)vk1kw.act.aus.oc
JNOS APRS BPQ & FBB
Best wishes for the New Year
Rob
Miguel,
- The remote IP should be blank, you have to use the tunl0 to connect to
all endpoints
- You must be able to access the underlying Debian system in order to
install ampr-ripd (I haven't seen instructions on how to do this since
it was called Vyatta)
- You cannot use RIPv2, you must use a RIP44 daemon (e.g. ampr-ripd)
73,
Lynwood
KB3VWG
On 12/27/2016 03:00 PM, 44net-request(a)hamradio.ucsd.edu wrote:
> Send 44Net mailing list submissions to
> 44net(a)hamradio.ucsd.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://hamradio.ucsd.edu/mailman/listinfo/44net
> or, via email, send a message with subject or body 'help' to
> 44net-request(a)hamradio.ucsd.edu
>
> You can reach the person managing the list at
> 44net-owner(a)hamradio.ucsd.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of 44Net digest..."
>
>
> Today's Topics:
>
> 1. AMPR + VyOS (Miguel Rodriguez)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 27 Dec 2016 13:40:14 -0500
> From: Miguel Rodriguez <miguemely101(a)gmail.com>
> To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
> Subject: [44net] AMPR + VyOS
> Message-ID:
> <CANvo9Dh7iDAS5JTnTrohNtnSbJuzJjPX5-aFFTgZ8E5pHtUrjQ(a)mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hello everyone!
>
> Does anyone have any experience setting up VyOS for use on the AMPR
> network? I have the IPIP tunnel to UCSD set up, however, I don't know how
> to proceed from there in terms of RIP.
>
> This is what I did so far:
> set interfaces tunnel tun0
> set interfaces tunnel tun0 local-ip 'wanip'
> set interfaces tunnel tun0 remote-ip 169.228.66.251
> set interfaces tunnel tun0 encap ipip
> set interfaces tunnel tun0 descr "Tunnel to AMPR Gateway"
> set interfaces tunnel tun0 multicast enable
> set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface
> tun0
> set policy route SOURCE_ROUTE rule 10 set table 1
> set policy route SOURCE_ROUTE rule 10 source address 44.0.0.0/16
> set interfaces ethernet eth1 vif 44 policy route SOURCE_ROUTE
> set protocols rip interface eth1.44
> set interfaces ethernet eth1 vif 44 ip rip authentication
> plaintext-password [therippass]
>
>
>
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> [44net] AMPR + VyOS
> From:
> Miguel Rodriguez <miguemely101(a)gmail.com>
> Date:
> 12/27/2016 07:40 PM
>
> To:
> AMPRNet working group <44net(a)hamradio.ucsd.edu>
>
>
> Hello everyone!
>
> Does anyone have any experience setting up VyOS for use on the AMPR
> network? I have the IPIP tunnel to UCSD set up, however, I don't know how
> to proceed from there in terms of RIP.
I have no experience with that, but I would guess that the easiest way is to use ampr-ripd for that.
Is is possible to compile and install it on your system?
Check the generic installation instructions on the WiKi.
Rob
I've recently installed Marius YO2LOJ's RIPv2 AMPR Gateway Setup Script
2.2 on a Mikrotik RB450G. RouterOS is version 6.37.3, I have
44.131.56.241 configured on the ucsd-gw interface and 44.131.56.9/29 on
ether5 for my LAN. It seems to work well and I can access 44net hosts
from a 44net machine on the LAN.
I'm filtering traffic on the WAN interface of the router to only permit
ipip traffic, however I still see traffic from outside 44/8 - mainly tcp
syn packets to port 23 appearing on the LAN. These must be coming down
via a tunnel and I'd like to filter them out. I've implemented an output
rule to permit traffic from 44/8 to 44/8 and drop everything else,
applied this to ether5. Is there a better way to implement this? I
would like to filter on the WAN side but that would mean a firewall
input rule on every tunnel.
Thanks,
--
Nick G4IRX
> i was able to telnet in from here and got a login prompt from
> wa4zlw.ampr.org
Yes, from .ampr.org hosts it works OK. But the question was about "Public IP" users
(he means users on the normal internet). That does not work, at least not here.
When JNOS is running on Linux it is best to do the tunneling in Linux and have JNOS
on a local subnet behind that. When running on another OS, it will be required to
put a decent router inbetween.
Rob
> Your JNOS is trying to respond directly to the incoming connections rather
> than traversing an encap tunnel. This will not work as the upstream
> hardware does not know about you and your 44net allocation. You receive
> packets over the encap bridge but you respond back directly.
> As for how to fix it? Dunno. We need to somehow encap your outgoing default
> route for your 44 IP address so that packet response is along the same path
> that it came in.
Is that the issue? When I telnet to him from internet I do get "established"
suggesting that something gets back...
But when it is as you write, what you need is "policy routing". that means,
the capability to select a (default) route based on criteria like the source
address (your 44-net address or your public IP address). The first has to go to
amprgw, the second has to go to your ISP.
Does JNOS even offer that? It can be solved with Linux or a sophisticated router
like MikroTik or OpenWRT, but I am not sure a bare JNOS system can do this.
Rob
> Subject:
> [44net] Telnet To JNOS From Public IP Users Not Working
> From:
> "Charles Hargrove" <n2nov(a)n2nov.net>
> Date:
> 12/09/2016 07:13 PM
>
> To:
> 44net(a)hamradio.ucsd.edu
>
>
> I am having trouble getting users to telnet from their homes to my JNOS box
> located at 44.68.41.1 on port 2300. Their seems to be an asynchronous
> connections as they try to transverse the UCSD portal. I see my responses
> going back to them, but they are just hanging on their side. I have in my
> autoexec.nos file "route add default tun1 44.0.0.1" as their is a tunnel
> interface between the JNOS and the linux box that it is running on. Does
> anyone have any ideas? Thanks.
I get a connect but no text. Normally this means there is an MTU issue somewhere,
but in this case (trying from net-44) the welcome text appears to be too smal for that
kind of problem. it could be a firewall issue as well.
Why do you set the default route to 44.0.0.1 instead of 169.228.66.251 ?
Is that normal for JNOS?
Rob
I am having trouble getting users to telnet from their homes to my JNOS box
located at 44.68.41.1 on port 2300. Their seems to be an asynchronous
connections as they try to transverse the UCSD portal. I see my responses
going back to them, but they are just hanging on their side. I have in my
autoexec.nos file "route add default tun1 44.0.0.1" as their is a tunnel
interface between the JNOS and the linux box that it is running on. Does
anyone have any ideas? Thanks.
--
Charles J. Hargrove - N2NOV
NYC ARECS/RACES Citywide Radio Officer/Skywarn Coord.
NYC-ARECS/RACES Net Mon. @ 8:30PM 449.025/123.0 PL
http://www.nyc-arecs.org and http://www.nyc-skywarn.org
NY-NBEMS Net Saturdays @ 10AM & USeast-NBEMS Net Wednesdays @ 7PM
on 7.036 Mhz USB/1500 hz waterfall spot; Olivia 8/500 check-ins
"Information is the oxygen of the modern age. It seeps through the walls topped
by barbed wire, it wafts across the electrified borders." - Ronald Reagan
"The more corrupt the state, the more it legislates." - Tacitus
"Molann an obair an fear" - Irish Saying
(The work praises the man.)
"No matter how big and powerful government gets, and the many services it
provides, it can never take the place of volunteers." - Ronald Reagan
"We are fast approaching the stage of ultimate inversion: the stage where
the government is free to do anything it pleases, while the citizens may
act only by permission." - Ayn Rand
