Thanks, TCP MSS was the answer!
On my router ( Mikrotik ):
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp
tcp-flags=syn
On Sun, Sep 17, 2023 at 4:02 PM Jonathan Lassoff <jof(a)thejof.com> wrote:
> That DNS resolution seems ok, 20.201.28.151 is one of the web frontend
> IPs. (Confirmed with their API's /meta endpoint:
> https://api.github.com/meta)
>
> However, an operation timing out implies that something along the path
> is filtering your TCP connection.
>
> Maybe use `tcptraceroute` to try and tell how far your initial TCP SYN
> packet is making it (to try and tell whom is filtering).
>
> The other thought that comes in mind in the context of TCP breaking
> while traversing VPNs (where small packets like ICMP pings are
> working) is that maybe something along the path is not clamping TCP
> MSS? Maybe try adding a `mssfix` option into the OpenVPN config (maybe
> sized 1420 bytes).
>
> --j
>
> On Sat, 16 Sept 2023 at 11:19, Henrique Brancher Gravina
> <henrique(a)gravina.com.br> wrote:
> >
> > gnutls-cli cannot connect to the host, it give me a timeout:
> >
> > $gnutls-cli github.com:443
> > Processed 137 CA certificate(s).
> > Resolving 'github.com:443'...
> > Connecting to '20.201.28.151:443'...
> > *** Fatal error: The operation timed out
> >
> >
> > But I cant ping the host:
> >
> > $ping www.github.com
> > PING github.com (20.201.28.151) 56(84) bytes of data.
> > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=1 ttl=111
> time=22.3 ms
> > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=2 ttl=111
> time=19.5 ms
> > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=3 ttl=111
> time=22.3 ms
> > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=4 ttl=111
> time=19.8 ms
> > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=5 ttl=111
> time=19.7 ms
> >
> >
> >
> >
> > On Sat, Sep 16, 2023 at 3:33 AM Jonathan Lassoff <jof(a)thejof.com> wrote:
> >>
> >> For what it's worth, I am able to successfully do git clones from IPv4
> >> Github from 44net BGP island space, and even that repo you list.
> >>
> >> That error suggests that something happened with GNUTLS while
> >> establishing a TLS connection. Maybe test just that with GNUTLS and
> >> run "gnutls-cli github.com:443"?
> >>
> >> On Fri, 15 Sept 2023 at 23:08, Henrique Brancher Gravina via 44net
> >> <44net(a)mailman.ampr.org> wrote:
> >> >
> >> > Hello,
> >> >
> >> > I am running a 44 network with bgp announces on Vultr ( mikrotik )
> and a VPN to my home ( mikrotik ) . Everything is working fine inbound and
> outbound traffic are being routed ok.
> >> >
> >> > The problem is that I can use github on the server on my 44 hosts.
> >> >
> >> > For example:
> >> >
> >> > # git clone https://github.com/Henriquegravina/DxccResolver
> >> > Cloning into 'DxccResolver'...
> >> > fatal: unable to access '
> https://github.com/Henriquegravina/DxccResolver/': gnutls_handshake()
> failed: Error in the pull function.
> >> > # root@odc1:/home/henrique/tmp# git clone
> https://github.com/Henriquegravina/DxccResolver
> >> > Cloning into 'DxccResolver'...
> >> > fatal: unable to access '
> https://github.com/Henriquegravina/DxccResolver/': gnutls_handshake()
> failed: Error in the pull function.
> >> >
> >> > Thanks for any help.
> >> > PU3IKE
> >> >
> >> >
> >> > _______________________________________________
> >> > 44net mailing list -- 44net(a)mailman.ampr.org
> >> > To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
>
Dear 44Net Members,
Many thanks to all of you who responded to the ‘44Net + Groups.io’
survey back in June. Thank you also for your patience in our follow-up,
as it’s been a very busy summer here at ARDC.
Here’s what we learned from the 54 folks who responded:
* 90% of you were familiar with Groups.io
* 52% of you were interested in moving from mailman.ardc.net to Groups.io
* The remaining 48% of you either wanted to remain on Mailman or wanted
more information about a move to Groups.io (with a pretty even split
between those two groups)
A nearly 50/50 split is not enough to warrant a migration of this
mailing list to Groups.io. It does, however, tell us that there is a
general interest in making the move, and that many of you would like
more information before making a decision one way or another.
In an effort to provide more information, in the coming months, our team
will put together some educational information about groups.io, so be on
the lookout. Until then, feel free to peruse around ardc.groups.io and
give some of the subgroups a try. Some information about how to join the
subgroups is provided below this email.
Depending on how things go, we may move the full mailing list over to
ardc.groups.io over time. For now, though, please consider this only an
experiment! If you have any questions, please don’t hesitate to reach
out to us at any time at contact(a)ardc.net. You can also post questions
and comments here or on ardc.groups.io.
Looking forward to the discussion!
73,
Rosy + ARDC Staff
/
For those of you who are interested in joining the mentined subgroups,
here’s how:
* Join the ‘Main’ group at ardc.groups.io.
* Once approved, you’ll be automatically added to the Community subgroup
for general discussions (the ‘Main’ group serves as an announcement
group, where only ARDC staff can post).
* From here, you can join many of the other subgroups for special
interest topics.
44Net VPN Subgroup: https://ardc.groups.io/g/net-44-vpn
44Net Wiki Subgroup: https://ardc.groups.io/g/wiki/
Subgroup list (which has some info about each group):
https://ardc.groups.io/g/main/subgroups
If you get stuck, our resident groups.io expert John Hays K7VE is here
to answer any questions. Reach out any time: john.hays(a)ardc.net
--
Rosy Schechter - KJ7RYV
Executive Director
Amateur Radio Digital Communications (ARDC)
ardc.net
Hi
Has anyone setup the IPIP tunnel successfully in Mikrotik? I think the instruction in Wiki is written for ROS 2.0. Things has changed a lot and I have trouble following. I created the IPIP tunnel in the interface and not sure what to do next. I added my IP subnet to the IP tab. The RIP configuration menu is very different now.
Kun
Hello,
I am running a 44 network with bgp announces on Vultr ( mikrotik ) and a
VPN to my home ( mikrotik ) . Everything is working fine inbound and
outbound traffic are being routed ok.
The problem is that I can use github on the server on my 44 hosts.
For example:
# git clone https://github.com/Henriquegravina/DxccResolver
Cloning into 'DxccResolver'...
fatal: unable to access 'https://github.com/Henriquegravina/DxccResolver/':
gnutls_handshake() failed: Error in the pull function.
# root@odc1:/home/henrique/tmp# git clone
https://github.com/Henriquegravina/DxccResolver
Cloning into 'DxccResolver'...
fatal: unable to access 'https://github.com/Henriquegravina/DxccResolver/':
gnutls_handshake() failed: Error in the pull function.
Thanks for any help.
PU3IKE
Good Evening,
I noticed that the amprwiki has some information that could use some updating/knowledge additions to make onboarding easier for new end-users.
1. On all gateway setups, there should be notices about having to enter your gateway WAN onto the gateway list on the 44net portal, as well your allocation being broadcasted by your gateway.
2. Explanations on delay times in receiving RIPv2 packets (1 hour to update, 5 mins/announcement). A few of the instruction sets say "wait a few minutes" but dont explain why and don't all explain that your gateway needs to be registered before anything can happen.
3. Additional Documentation for folks who are using coordinator-maintained VPN gateways
4. General cleanup and some additional explanations on how each piece of the IPIP tunnel works for folks who want to learn how to run the system, to ensure that we can have more people using the gateway rather than BGPing out of frustration.
I've worked for several orgs cleaning up documentation so questions can be answered efficiently, I'm more than happy to volunteer my time to help clean things up if needed!
73,
-M.
K1YUU
