44net September 2023

44net@mailman.ampr.org

32 participants
15 discussions

Re: Problems accessing guthub
by Henrique Brancher Gravina 21 Sep '23

21 Sep '23

Thanks, TCP MSS was the answer! On my router ( Mikrotik ): /ip firewall mangle add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn On Sun, Sep 17, 2023 at 4:02 PM Jonathan Lassoff <jof(a)thejof.com> wrote: > That DNS resolution seems ok, 20.201.28.151 is one of the web frontend > IPs. (Confirmed with their API's /meta endpoint: > https://api.github.com/meta) > > However, an operation timing out implies that something along the path > is filtering your TCP connection. > > Maybe use `tcptraceroute` to try and tell how far your initial TCP SYN > packet is making it (to try and tell whom is filtering). > > The other thought that comes in mind in the context of TCP breaking > while traversing VPNs (where small packets like ICMP pings are > working) is that maybe something along the path is not clamping TCP > MSS? Maybe try adding a `mssfix` option into the OpenVPN config (maybe > sized 1420 bytes). > > --j > > On Sat, 16 Sept 2023 at 11:19, Henrique Brancher Gravina > <henrique(a)gravina.com.br> wrote: > > > > gnutls-cli cannot connect to the host, it give me a timeout: > > > > $gnutls-cli github.com:443 > > Processed 137 CA certificate(s). > > Resolving 'github.com:443'... > > Connecting to '20.201.28.151:443'... > > *** Fatal error: The operation timed out > > > > > > But I cant ping the host: > > > > $ping www.github.com > > PING github.com (20.201.28.151) 56(84) bytes of data. > > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=1 ttl=111 > time=22.3 ms > > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=2 ttl=111 > time=19.5 ms > > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=3 ttl=111 > time=22.3 ms > > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=4 ttl=111 > time=19.8 ms > > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=5 ttl=111 > time=19.7 ms > > > > > > > > > > On Sat, Sep 16, 2023 at 3:33 AM Jonathan Lassoff <jof(a)thejof.com> wrote: > >> > >> For what it's worth, I am able to successfully do git clones from IPv4 > >> Github from 44net BGP island space, and even that repo you list. > >> > >> That error suggests that something happened with GNUTLS while > >> establishing a TLS connection. Maybe test just that with GNUTLS and > >> run "gnutls-cli github.com:443"? > >> > >> On Fri, 15 Sept 2023 at 23:08, Henrique Brancher Gravina via 44net > >> <44net(a)mailman.ampr.org> wrote: > >> > > >> > Hello, > >> > > >> > I am running a 44 network with bgp announces on Vultr ( mikrotik ) > and a VPN to my home ( mikrotik ) . Everything is working fine inbound and > outbound traffic are being routed ok. > >> > > >> > The problem is that I can use github on the server on my 44 hosts. > >> > > >> > For example: > >> > > >> > # git clone https://github.com/Henriquegravina/DxccResolver > >> > Cloning into 'DxccResolver'... > >> > fatal: unable to access ' > https://github.com/Henriquegravina/DxccResolver/': gnutls_handshake() > failed: Error in the pull function. > >> > # root@odc1:/home/henrique/tmp# git clone > https://github.com/Henriquegravina/DxccResolver > >> > Cloning into 'DxccResolver'... > >> > fatal: unable to access ' > https://github.com/Henriquegravina/DxccResolver/': gnutls_handshake() > failed: Error in the pull function. > >> > > >> > Thanks for any help. > >> > PU3IKE > >> > > >> > > >> > _______________________________________________ > >> > 44net mailing list -- 44net(a)mailman.ampr.org > >> > To unsubscribe send an email to 44net-leave(a)mailman.ampr.org >

3 4

Survey results + update re: groups.io
by Rosy Schechter - KJ7RYV 18 Sep '23

18 Sep '23

Dear 44Net Members, Many thanks to all of you who responded to the ‘44Net + Groups.io’ survey back in June. Thank you also for your patience in our follow-up, as it’s been a very busy summer here at ARDC. Here’s what we learned from the 54 folks who responded: * 90% of you were familiar with Groups.io * 52% of you were interested in moving from mailman.ardc.net to Groups.io * The remaining 48% of you either wanted to remain on Mailman or wanted more information about a move to Groups.io (with a pretty even split between those two groups) A nearly 50/50 split is not enough to warrant a migration of this mailing list to Groups.io. It does, however, tell us that there is a general interest in making the move, and that many of you would like more information before making a decision one way or another. In an effort to provide more information, in the coming months, our team will put together some educational information about groups.io, so be on the lookout. Until then, feel free to peruse around ardc.groups.io and give some of the subgroups a try. Some information about how to join the subgroups is provided below this email. Depending on how things go, we may move the full mailing list over to ardc.groups.io over time. For now, though, please consider this only an experiment! If you have any questions, please don’t hesitate to reach out to us at any time at contact(a)ardc.net. You can also post questions and comments here or on ardc.groups.io. Looking forward to the discussion! 73, Rosy + ARDC Staff / For those of you who are interested in joining the mentined subgroups, here’s how: * Join the ‘Main’ group at ardc.groups.io. * Once approved, you’ll be automatically added to the Community subgroup for general discussions (the ‘Main’ group serves as an announcement group, where only ARDC staff can post). * From here, you can join many of the other subgroups for special interest topics. 44Net VPN Subgroup: https://ardc.groups.io/g/net-44-vpn 44Net Wiki Subgroup: https://ardc.groups.io/g/wiki/ Subgroup list (which has some info about each group): https://ardc.groups.io/g/main/subgroups If you get stuck, our resident groups.io expert John Hays K7VE is here to answer any questions. Reach out any time: john.hays(a)ardc.net -- Rosy Schechter - KJ7RYV Executive Director Amateur Radio Digital Communications (ARDC) ardc.net

1 0

IPIP tunnel for Mikrotik
by KUN LIN 18 Sep '23

18 Sep '23

Hi Has anyone setup the IPIP tunnel successfully in Mikrotik? I think the instruction in Wiki is written for ROS 2.0. Things has changed a lot and I have trouble following. I created the IPIP tunnel in the interface and not sure what to do next. I added my IP subnet to the IP tab. The RIP configuration menu is very different now. Kun

2 1

Problems accessing guthub
by Henrique Brancher Gravina 16 Sep '23

16 Sep '23

Hello, I am running a 44 network with bgp announces on Vultr ( mikrotik ) and a VPN to my home ( mikrotik ) . Everything is working fine inbound and outbound traffic are being routed ok. The problem is that I can use github on the server on my 44 hosts. For example: # git clone https://github.com/Henriquegravina/DxccResolver Cloning into 'DxccResolver'... fatal: unable to access 'https://github.com/Henriquegravina/DxccResolver/': gnutls_handshake() failed: Error in the pull function. # root@odc1:/home/henrique/tmp# git clone https://github.com/Henriquegravina/DxccResolver Cloning into 'DxccResolver'... fatal: unable to access 'https://github.com/Henriquegravina/DxccResolver/': gnutls_handshake() failed: Error in the pull function. Thanks for any help. PU3IKE

2 1

Wiki Documentation
by hello＠k1yuu.net 12 Sep '23

12 Sep '23

Good Evening, I noticed that the amprwiki has some information that could use some updating/knowledge additions to make onboarding easier for new end-users. 1. On all gateway setups, there should be notices about having to enter your gateway WAN onto the gateway list on the 44net portal, as well your allocation being broadcasted by your gateway. 2. Explanations on delay times in receiving RIPv2 packets (1 hour to update, 5 mins/announcement). A few of the instruction sets say "wait a few minutes" but dont explain why and don't all explain that your gateway needs to be registered before anything can happen. 3. Additional Documentation for folks who are using coordinator-maintained VPN gateways 4. General cleanup and some additional explanations on how each piece of the IPIP tunnel works for folks who want to learn how to run the system, to ensure that we can have more people using the gateway rather than BGPing out of frustration. I've worked for several orgs cleaning up documentation so questions can be answered efficiently, I'm more than happy to volunteer my time to help clean things up if needed! 73, -M. K1YUU

3 2

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net September 2023