44net

44net@mailman.ampr.org

3194 discussions

Re: [44net] IP-IP Mikrotik
by Rob Janssen 08 Oct '18

08 Oct '18

> thanks! I will read and do some tests on a spare MT router prior to > modifying our primary router Remember you can use CHR to do testing. Install it on a virtualization platform and you don't even need a physical system. It can do 1 Mbps for free (usually enough for IP-IP). When you have an existing ESXi host it is very easy to deploy it (using OVA template). It can also run on many of the available VPS services so you can have an IP-IP gateway when you cannot meet the requirements to reasonably run it at home (static IP, incoming protocol 4 without issues). You can then run an outbound VPN from your home to the CHR instance. Rob

1 0

IP-IP Mikrotik
by Dan Keizer 08 Oct '18

08 Oct '18

Hi there - Dan ve4drk here. I want to setup an IP-IP gateway on one of the Mikrotik devices we have on our network. We have a number of subnets defined in the 44 address space that we host locally via BGP. We'd like to ensure they are available to the IP-IP tunnels. I looked at this link: http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_MikroTik_Routers and there is a reference to the MIkrotik setup by yo2loj - but it's a bad URL. Is there an update somewhere else I can't seem to find? I was checking the list and I see his link is down for a bit. 73, Dan ve4drk

3 3

Server down
by Marius Petrescu 08 Oct '18

08 Oct '18

Hello, Due to some bulldozer guy, yo2loj.ro and yo2m.ampr.org are down for the moment, probably for the whole week (they cut a main cable with some 200 pairs). I am migrating to a VPS, to get the download section up asap. Tnx, 73s, Marius, YO2LOJ

1 0

Recent news regarding Mikrotik remote root access
by John Ricketts 07 Oct '18

07 Oct '18

Fresh from DerbyCon/Jacob Barnes: "Hey @derbycon if you didn't wake up early enough to catch my talk, I just dropped a variation on CVE-2018-14847 that allows attackers to remotely root a Mikrotik router: " https://github.com/tenable/routeros/tree/master/poc/bytheway

4 6

TAPR Elections
by Brian 06 Oct '18

06 Oct '18

I was asked by one of the current TAPR board members to throw my name into the hat for this year's elections which I have done. One thing I would like to try to do is help us get some exposure on TAPR with our projects amongst other things I'd like to help accomplish. TAPR has been at some of our EastNet meetings and they know what we're about and are supportive of our use of IP over RF. I also would like to think having someone from within amprnet on the TAPR board could be beneficial to both. They should have emailed you a ballot with your membership ID number and expiration date of your membership. You'll need that to cast your 3 member vote. With that said, please cast a vote for me so that I'll be able to help achieve some great things for us all. Thanks in advance. -- Do Lipton Tea employees take coffee breaks? ----- 73 de Brian N1URO IPv6 Certified n1uro-dawt-ampr-dawt-org uronode-dawt-n1uro-dawt-com

1 0

Re: [44net] Right Way to Add IPIP Connections to BGP-Announced Network
by Rob Janssen 06 Oct '18

06 Oct '18

Jason, It is difficult to define "right way" because there always is someone with a setup that breaks when you do it in some way. Who is wrong and who is right is difficult to tell in such cases. We have a BGP-announced /16 for the Netherlands and we also announce the same /16 on the IPIP tunnel network. Subnets from this are routed internally (using BGP as well, but not related to the internet BGP, we use private AS numbers) and also some people have IPIP tunnels with subnets or addresses that are within the /16. We use ampr-ripd to get the IPIP routes. This works OK. People communicating to others that are on IPIP as well use the IPIP tunnel, when they want to talk to others they send it via IPIP to our gateway (i.e. our gateway is the default gw on the 44-net routing table, instead of amprgw as in the examples) and we decapsulate it and forward the internal IP packet to our internal systems or to internet. To have it working this way it is important that all routes are in the same routing table. You can use different metrics to avoid collisions between BGP routes and IPIP routes for the same subnet, but it is not a good idea to use different routing tables for BGP and IPIP routes and then use ip rules to lookup in those tables until a route is found. This is because a more specific route should always be preferred, independent from the routing protocol. So when a packet is to be routed, it is looked up in the table and either a route via the IPIP mesh or some other route is used to forward it. A destination on IPIP can be within the BGP routed subnet without problem, and vice-versa. It will work fine when the remotes on IPIP correctly route back to you via IPIP as well. But some stations use clever hacks to work around certain problems and the result can be that they are unreachable for people using this solution. Who is right and who is wrong is difficult to determine, as has been shown in earlier discussions on the list. Rob

1 0

Right Way to Add IPIP Connections to BGP-Announced Network
by Jason McCormick 05 Oct '18

05 Oct '18

With is the correct AMPRNet way to connect a BGP-announced AMPR netblock to the IPs that live behind IPIP tunnels? Should I just use one of my IPs in the /24 for the IPIP tunnel on my side, connect to 44.0.0.1/169.228.66.251, and use ampr-ripd? Or do I need a second subnet as in a "pure" IPIP setup and route between those networks myself? I'm not finding any good docs on the topic, but if I'm missing something please point me in the right direction. My understanding is that AMPR networks behind IPIP-based gateways can't necessarily get out to the wider Internet but rely on IPIP tunnels to different networks they want to reach via the rip44 service. We're working on setting up a larger Allstar-based repeater network and once we get it finally going, I want networks elsewhere in AMPRNet to be able to connect if they desire. Thanks. Jason

1 0

Re: [44net] Difference between RIPv2 and RIP44
by lleachii＠aol.com 04 Oct '18

04 Oct '18

Aaron, As Brian said, I have the following IPs online: 44.60.44.1 - ping, NTP44.60.44.3 - ping, DNS44.60.44.10 - ping, HTTP44.60.44.254 (only accessible on AMPRNet) - ping I allow ping from your Public IP endpoint address and your 44 subnet(s) in the Portal. If you're on AMPRNet, a folder containing the ITU Radio Regulations and compiled ampr-ripd versions will be visible on the web server at: http://44.60.44.10/amprnet_docs/ -------------------------- Miguel, Also, I've added Marius' information to the Wiki: http://wiki.ampr.org/wiki/RIP -------------------------- Marius, FYI, I am able to ping 44.0.0.1: root@OpenWrt:~# ip route get 44.0.0.1 from 44.60.44.144.0.0.1 from 44.60.44.1 via 169.228.34.84 dev tunl0 table 44 uid 0 cache expires 582sec mtu 1480 window 840 root@OpenWrt:~# ping 44.0.0.1 -I 44.60.44.1 -c 3PING 44.0.0.1 (44.0.0.1) from 44.60.44.1: 56 data bytes64 bytes from 44.0.0.1: seq=0 ttl=62 time=67.768 ms64 bytes from 44.0.0.1: seq=1 ttl=62 time=67.814 ms64 bytes from 44.0.0.1: seq=2 ttl=62 time=67.492 ms --- 44.0.0.1 ping statistics ---3 packets transmitted, 3 packets received, 0% packet lossround-trip min/avg/max = 67.492/67.691/67.814 ms 73, - Lynwood KB3VWG

2 3

Difference between RIPv2 and RIP44
by Aaron Jackson 04 Oct '18

04 Oct '18

I am curious to understand the specific differences between "standard" RIPv2 and the "RIP44" used by AMPR. I read on the wiki that 44net uses a "modified RIP advertisements". I find that tcpdump can decode these packets, showing the destination nextwor and next hop address. Why is a standard ripd unable to process these? Not complaining - just curious :) Thanks, Aaron, M6PIU

8 23

Re: [44net] EdgeRouter (was Re: Difference between RIPv2 and RIP44)
by Rob Janssen 03 Oct '18

03 Oct '18

> I updated ampr-ripd in line with recent changes. Running v2.3. I do > use multiple routing tables as recommended in the documentation. Using multiple routing tables is good when you have to work around source address filtering, so you want to send traffic from your 44 address to systems outside 44.0.0.0/8 via another default router, e.g. amprgw, than your usual internet traffic. However, I think ampr-ripd >= 2.0 should insert a route for 44.0.0.1 in your table for net44 like: 44.0.0.1 via 169.228.34.84 dev tunl0 proto ampr-ripd onlink Strange that you don't have that. But when you use multiple tables you should also have: default via 169.228.34.84 dev tunl0 onlink in the net44 table (unless you use another system to work around source address filtering) so it should not matter much that 44.0.0.1 is missing as this happens to use the same gateway. Rob

2 1

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net