Hi I finally got my bpg annonce working, bird do works i have 2 interface on the machine,
as stated here: ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff
inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic ens3
valid_lft 72787sec preferred_lft 72787sec
3: dummy1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 9e:fe:80:f5:a5:e2 brd ff:ff:ff:ff:ff:ff
inet 44.135.59.0/24 brd 44.135.59.255 scope global dummy1
valid_lft forever preferred_lft forever
when I list my route I have this:
route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 207.246.122.1 0.0.0.0 UG 0 0 0 ens3
44.135.59.0 0.0.0.0 255.255.255.0 U 0 0 0 dummy1
169.254.169.254 207.246.122.1 255.255.255.255 UGH 0 0 0 ens3
207.246.122.0 0.0.0.0 255.255.254.0 U 0 0 0 ens3
Now my next thing is to have an openvpn server so that the client can use address from the /24 as there ip adress to the world. (openvpn is a vpn solution, but if you have other/better solution I am open).
one little other thing. will the connection by the vpn be limited to one ip address by tunel or can I specify the number of address available by client configuration?
one other thing, is there a dashboard to control/monitor by a web interface a server like openvpn?
thanks
Pierre
VE2PF
Pete,
Before you mess anything up. Your traffic is NOT going toward AMPRGW on this side of the Earth:
user@machine:~$ tracepath 44.135.59.1
1?: [LOCALHOST] pmtu 1500
1: router7.lan 0.393ms
1: router7.lan 0.347ms
2: no reply
3: B3352.WASHDC-LCR-21.verizon-gni.net 1.831ms
4: no reply
5: 0.ae1.BR1.IAD8.ALTER.NET 3.582ms
6: 204.148.11.238 5.714ms
7: ae1.cr2-nyc4.ip4.gtt.net 7.653ms
8: ip4.gtt.net 21.672ms
9: no reply
10: vl20-br2.pnj1.choopa.net
Some larger looking glasses you are pointing toward AS20473 - Choopa, LLC, not UCSD.
73,
- Lynwood
KB3VWG
I know it is not 44 net fully related, but I've been searching for some time.
I have a vultr vps and I am trying to bgp announce my /24.
When I look at the status I have this.
systemctl status bird.service
● bird.service - BIRD Internet Routing Daemon (IPv4)
Loaded: loaded (/lib/systemd/system/bird.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2020-11-22 18:50:13 UTC; 16min ago
Process: 25329 ExecStartPre=/usr/lib/bird/prepare-environment (code=exited, status=0/SUCCESS)
Process: 25335 ExecStartPre=/usr/sbin/bird -p (code=exited, status=0/SUCCESS)
Process: 25336 ExecStart=/usr/sbin/bird -f -u $BIRD_RUN_USER -g $BIRD_RUN_GROUP $BIRD_ARGS (code=exited, status=1/FAILURE)
Main PID: 25336 (code=exited, status=1/FAILURE)
Nov 22 18:50:13 hamrad.ca systemd[1]: Starting BIRD Internet Routing Daemon (IPv4)...
Nov 22 18:50:13 hamrad.ca systemd[1]: Started BIRD Internet Routing Daemon (IPv4).
Nov 22 18:50:13 hamrad.ca bird[25336]: /etc/bird/bird.conf:1:5 Unable to open log file `/var/log/bird.log': Permission denied
Nov 22 18:50:13 hamrad.ca bird[25336]: bird: /etc/bird/bird.conf:1:5 Unable to open log file `/var/log/bird.log': Permission denied
Nov 22 18:50:13 hamrad.ca systemd[1]: bird.service: Main process exited, code=exited, status=1/FAILURE
Nov 22 18:50:13 hamrad.ca systemd[1]: bird.service: Failed with result 'exit-code'.
I understand that my log file is the problem. But I did set the rights of the log file properly.
If I list the log file i have
ls -l bir**
-rw-r--r-- 1 root bird 0 Nov 20 18:55 bird.log
Anyone can help?
Pierre
VE2PF
All,
I am testing a AWS server that runs the DNS and HTTP services for my node. NTP (kb3vwg-001.ampr.org/44.60.44.1) was not moved.
Please verify:
~ AMPR DNS (44.60.44.3)
- OPEN ACCESS for AMPRNet hosts, 44 hosts can also AXFR 44.in-addr.arpa. and ampr.org
- **if you accessed DNS via your WAN IP and it's now fails, let me know off thread about why and/or reconfigure to use your AMPRNet IP for inquires**
- **If you used HTTP on this address, it now fails**
---
~ AMPR HTTP (44.60.44.10):
- http://whatismyip.ampr.org - you will only receive your valid 44 SRC IP on AMPRNet, all other IPs receive the non-Internet-reachable 44.60.44.254
- http://speedtest.ampr.org - currently Error 302 redirects to https://speedtest.org/
- Main landing (http://kb3vwg-010.ampr.org / http://44.60.44.10) - amprdocs and tools pages should be visible here if you're on AMPRNet
- **The 44-Trace and Ping tools to 44 IPs ONLY should work as intended - please message me off thread if not** - other IPs (and 44.0.0.1/32) use the AWS interface now
- **Since this server is now hosted...I am able to add my device as an official Slave DNS of AMPRNet on its real interface...if you all desire (and it's approved)** - I'd like to test transfer on a temporary basis before we make it a go...I do pay for if it spikes, LOL
---
~ WAN HTTP (<IP>):
- http://kb3vwg.ampr.org (WAN HTTP) - is no longer CMS-based
- Main landing (http://<IP>/) - currently Error 302 redirects to https://speedtest.org/
(HINT: you can nslookup kb3vwg.ampr.org for the current WAN IP)
NOTE: if you accessed NTP via your WAN IP, this may change in the future. Please migrate to using AMPRNet SRC IPs access to ALL AMPRNet services [on the KB3VWG node].
(This temp test may lead to proof-of-concept for a FREE/donated permanent site [for more services/CPUs] for VMs.)
73,
- Lynwood
KB3VWG
I can only confirm that the amount of "network probing" traffic is ever
increasing.
We have the 44.137.0.0/16 network BGP routed towards us so we do not
experience
the described issues, but at the firewall there is a massive amount of
incoming probes
and I do use some techniques to auto-block these.
For example, I have a static list of known probers (the likes of
shodan.io, internet-census.org,
binaryedge.ninja, etc etc. a total of 674 entries, 90 of them subnets
(often /24).
Additionally, I have an automatic blacklist of servers sending 10 or
more probes per minute to any
address in our /16 that is not in use (similar to the "are you in DNS"
check in amprgw)
and keeps the address blacklisted for an hour. That list usually
contains about 75000
addresses!
In the past I have tried several times to mail those "researchers" and
"services that
allow you to search for open ports" guys to get our subnet removed from
their scan
range. The results are limited. Sometimes it works, usually for
limited time, sometimes
just nothing changes. Maybe the contacts for the AMPRnet could try some
of those
requests as well.
We get several Mbit/s of useless crap on our /16 so I can guess what it
looks like for amprgw.
Pity that there are so many of those jerks around.
Rob
Hello, 44net!
This week we're doing our first office hours:
Thurs. 12 Nov
18:00 UTC (10am PT / 1pm ET / 6pm GMT / 7pm CET)
Will go to about 20:00 UTC
Full Zoom invite below this message.
Following our community call on Oct. 10, folks at ARDC have started to
put together some thinking around 44net maintenance and improvement.
This is especially true for Chris (G1FEF), who knows the most about the
technological and administrative aspects of running the portal.
Some items from his list include:
* Improving logic using Laravel open source framework (Laravel framework
enables easy internationalization)
* Improving presentation, e.g. for use on mobile
* Create workflows to improve admin tasks
...and that really just scratches the surface. Learn more on Thursday!
If you are someone who is interested in 44net development, please join
us at this Thursday's meeting! If you can't make it, feel free to share
your thoughts via email. Note that we have a growing list of thoughts
from previous messages and the survey to be prioritized as part of this
work.
Speaking of prioritization, as part of this effort to improve 44net,
we'll be putting the Technical Advisory Committee (TAC) back together.
The first job of the TAC will be to discuss, test, review, and
collaborate on the work being done on the Portal. More information for
how to apply to the TAC to come as soon as possible.
In the meantime, hope you can join us on Thursday and share your
thoughts here.
Many thanks,
Rosy
//
ARDC is inviting you to a scheduled Zoom meeting.
Topic: ARDC Office Hours
Time: Nov 12, 2020 10:00 AM Pacific Time (US and Canada)
Join Zoom Meeting
https://us02web.zoom.us/j/85376459195?pwd=TmpZQ2FqVW13TEU3VmpjNHp1TlhhUT09
Meeting ID: 853 7645 9195
Passcode: 440088
One tap mobile
+13462487799,,85376459195#,,,,,,0#,,440088# US (Houston)
+16699006833,,85376459195#,,,,,,0#,,440088# US (San Jose)
Dial by your location
+1 346 248 7799 US (Houston)
+1 669 900 6833 US (San Jose)
+1 253 215 8782 US (Tacoma)
+1 312 626 6799 US (Chicago)
+1 929 205 6099 US (New York)
+1 301 715 8592 US (Washington D.C)
Meeting ID: 853 7645 9195
Passcode: 440088
Find your local number: https://us02web.zoom.us/u/kd4rPrWKJX
--
Rosy Wolfe - KJ7RYV
Executive Director
Amateur Radio Digital Communications (ARDC)
ampr.org
Hi David,
> Chris: Are you the official administrator of the AMPRGW FreeBSD host now?
Yes, I am.
I’ve been doing some tests from the gw and it looks like there is some packet loss upstream depending on which route the packets are going, for example I ran a 100 count ping to one of my servers in the UK and got no packet loss at all with a consistent RTT:
--- 85.199.212.83 ping statistics ---
100 packets transmitted, 100 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 147.366/147.491/151.369/0.409 ms
Then I ran a test to 98.143.158.201 (the IP WB7AWL was using for his test) and I got 2% loss with varying RTT:
--- 98.143.158.201 ping statistics ---
100 packets transmitted, 98 packets received, 2.0% packet loss
round-trip min/avg/max/stddev = 3.514/12.592/209.460/30.918 ms
I’ve repeated these tests a few times and looked at the routes taken and it does seem to indicate that the gw machine itself is not the issue. I will have a discussion with the folks at UCSD and let you know what transpires.
Regards,
Chris
Good Evening Folks,
Is something going on with the gateway...????? I just noticed this today:
--- ampr.org ping statistics ---
92 packets transmitted, 72 received, 21% packet loss, time 91427ms
rtt min/avg/max/mdev = 33.320/41.448/51.167/2.890 ms
As opposed to:
--- aa6hf.ampr.org ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 99146ms
rtt min/avg/max/mdev = 47.409/56.381/70.304/4.552 ms
Pings to my commercial IP (from my network at work) are 100%.....but pings to ampr.org (from my network at work) are showing dropped packets as well.
73's
-Albert
WB7AWL
