Oh, I am on ROS7/CHR. Is there a way to get it work on ROS7?
Kun
________________________________
From: Marius Petrescu via 44net <44net(a)mailman.ampr.org>
Sent: Monday, September 18, 2023 9:18
To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org>
Subject: [44net] Re: IPIP tunnel for Mikrotik
The v3.1 scripts are for ROS up to 6.40, and the v3.2 scripts from ROS 6.41 up to the latest v6 releases.
The scripts do NOT work on ROS 7 due to the fact that the RIP handling changed and the RIP timers do not work correctly.
Marius, YO2LOJ
On 18/09/2023 18:01, KUN LIN via 44net wrote:
Hi
Has anyone setup the IPIP tunnel successfully in Mikrotik? I think the instruction in Wiki is written for ROS 2.0. Things has changed a lot and I have trouble following. I created the IPIP tunnel in the interface and not sure what to do next. I added my IP subnet to the IP tab. The RIP configuration menu is very different now.
Kun
_______________________________________________
44net mailing list -- 44net(a)mailman.ampr.org<mailto:44net@mailman.ampr.org>
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org<mailto:44net-leave@mailman.ampr.org>
Hello, 44Net!
Last spring, ARDC put out a survey about whether we should adopt a Code
of Conduct. The vast majority (~75%) of you Agreed or Strongly Agreed
that we should. I’m pleased to share that, after many drafts, the day
has finally come!
https://www.ardc.net/about/legal/code-of-conduct/
Please give it a read, as it applies to all ARDC-hosted spaces and
projects, including this mailing list. We’d love to hear your thoughts
and questions. Feel free to respond to this thread for an open
discussion, or email conduct(a)ardc.net for thoughts you’d rather keep
private. If you are interested in having a public Q+A over Zoom, please
let us know and we’ll set one up.
As noted in one of the first paragraphs, we see this as a living
document and expect patches over time. If you have feedback or
suggestions, please send it to the email address above. Please also be
patient with us and our replies – we are working with a new committee
and will be building the plane as we fly it. The current committee
members are noted in the document.
Thanks for taking the time to review the Code of Conduct. We’re looking
forward to continuing to growing the ARDC community, with this new Code
as a solidifying block in our foundation.
73,
Rosy
--
Rosy Schechter - KJ7RYV
Executive Director
Amateur Radio Digital Communications (ARDC)
ardc.net
Hi all,
I’ve been trying off and on over the last few days to set up a VPN connection to amprnet to use my new allocation.
I’m not succeeding on multiple linux machines and a macOS device and seeing a couple of the same errors -
OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Cannot load private key file /etc/openvpn/client.key
Error: private key password verification failed
The first is related to, I assume, my user certificate - is this a fatal error and am I doing something wrong, has the advice changed from `cat certs/user certs/authorities > client.crt`?
Secondly, the password verification is confusing me - I have just imported a new tqsl cert generated this week, and in tqsl it advises me there’s no certificate passphrase. I’m not sure what to do here - if I try and export a .p12 from tqsl, and generate keys from that, I am asked for a password too and that ends in no progress.
I see the same errors in tunnelblick on MacOS.
Is there any reason I’m being asked for a password? My current LoTW password doesn’t resolve this. My concern is that there is some password I’m missing from when the certificate was first generated years ago and that now prevents me from accessing the VPN.
Cheers & 73
Hibby MM0RFN.
Hey Everyone,
* Please join us in welcoming Bob Witte, K0NR, to ARDC's Board of
Directors! To learn more about Bob, check out our recent blog post:
https://www.ardc.net/bob-witte-k0nr-joins-ardcs-board-of-directors/
* The blog post announcing ARDC's 2024 Advisory Committee Members is
also live: check it out to learn more about our new members and see
who's continuing with us this year:
https://www.ardc.net/ardc-welcomes-new-committee-members-for-2024/
Have a great week and 73,
Rebecca
KO4KVG
--
Rebecca Key - KO4KVG
Communicaions Manager
Amateur Radio Digital Communications (ARDC)
ardc.net
Hey Everyone,
ARDC will be atOrlando HamCation happening from Feb. 9 - 11. If you're
at the event, stop by our table and say hello. Also, be sure to attend
our Forum (Friday, 2/9, 3:30pm ET), where John Hays (K7VE) will be
presenting/New Adventures using TCP/IP on 44Net (AMPRNet) and an ARDC
Update/.
Have a great weekend and 73,
Rebecca
KO4KVG
--
Rebecca Key - KO4KVG
Communicaions Manager
Amateur Radio Digital Communications (ARDC)
ardc.net
Hello to those the list,
I have a VPN server running on a VPS (OpenVPN Access Server). I also have
the packet software XRouter (a.k.a. XRLin) running on the VPS. Normally it
can get the routes from the amprnet RIP broadcasts.
The VPN server uses a tunnel to send packets to my client. In the server to
client direction it takes packets from the internet addressed to the static
WAN address and changes the destination address to the client's VPN address
- pretty standard stuff. The dnat results in the traffic being routed to
the VPN tunnel. The OpenVPN Access Server writes rules to NFTables in order
to handle the forwarding, dnat, etc.
XRouter is set up with its own tunnel - somewhat similar to JNOS. I have
added rules in NFTables to forward all transport protocol 4/encap packets
to the XRouter tunnel. Included is a rule to dnat to Xrouter's address
which is on the Xrouter side of the P2P tunnel. This setup is working for
all encap packets EXCEPT the RIP packets.
Checking things with TCPdump, the RIP packets are being dnat'd to the VPN
tunnel address instead of the XRouter tunnel. I can't find any rules added
by the OpenVPN server that are matching any encap traffic, so I'm baffled
as to why they are not matched by my rules and also how they are matched by
the VPN rules. That said, the VPN Access server creates a very confusing
set of NTFable rules jumping all over the place though different chains, so
it's possible that they lost me. However I asked a question on their forum
a while back about support for protocol 4, and their answer was they don't
support it.
Is there anything about the RIP "IPIP" packets that is different from other
"IPIP" traffic so that they would be handled differently by NFTables?
Thanks,
Lee K5DAT
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campai…>
Virus-free.www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campai…>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
Hello!
I've been working on getting my IPIP mesh gateway set up on Debian & feel like I'm almost there. One thing I’ve noticed is every time I reboot the router, it takes around 45-60 minutes before I can start passing traffic to the public internet again via the ucsd gateway. For example, after rebooting the router, once rip44d has retrieved the routes I can:
(a) Ping and curl across tunl0 to n2nov.ampr.org
(b) Use yo2tm’s nettools to successfully ping my ampr ip and see that traffic locally via tcpdump
But cannot:
(c) Ping 8.8.8.8 across tunl0 (via 169.228.34.84) or
(d) Curl to ifconfig.me across tunl0 (via 169.228.34.84)
However, if I just leave everything running and come back 45-60 minutes later, (c) and (d) work fine with no additional configuration changes and (d) returns the assigned 44net ip address.
Just curious if the above is an expected behavior or a sign that I’ve got something misconfigured.
-Steve
kc8qba
Happy New Year, Everyone!
ARDC will be at the Gwinnett Amateur Radio Society TechFest on January
13, 2024 in Lawrenceville, GA. If you're at the event, stop by our table
and say hello!
73,
Rebecca
KO4KVG
--
Rebecca Key - KO4KVG
Communicaions Manager
Amateur Radio Digital Communications (ARDC)
ardc.net
