About a year and a half ago I have asked how good will be the AmprNet to use to connect DMR repeaters
So finaly i have made a HotSpot and connected it to the AmprNet and it connect to our Server via the AmprNet
I use tunnel to UCSD and not BGP so traffic travel to UCSD
The results are impressive
No problem at all although the latency is big no words loose or packet loss
The only thing i see is a bit delay until the Hotspot start to transmit and this is (probably ) because the latency so the PTT command delay a bit
It is a high power hotspot consist of a 25 Watt radio connected to a MMDVM system so users use it and i didnt get any complain of any disconnection or any issue of networking or service so far
If you are interested the statistic of the MikroTik Router that handle the AmprNet traffic show about 12Kbit/Sec UDP when the data flow from the hotspot to the server
Ronen - 4Z4ZQ
http://www.ronen.org
Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/>
www.ronen.orgronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
Dear List
I'm pretty newly connected to hamnet, and also work at an ISP.
I always assumed 44.0.0.0/8 would not be announced to the internet, but
only routed privately on hamnet.
Now I see routing issues I don't quite understand as for me this looks
like routing is completely broken...
On the internet core router I see that 44.0.0.0/8 is being announced by
AS7377 (UCSD).
But IP Addresses from the swiss HamNet range are not reachable
via AS7377. So what is the point announcing the whole range to the
internet? There is no 'more specific' route to 44.142.200.1
On the other hand I cannot reach parts of hamnet via hamnet. Take for
example the Primary DNS of ampr.org:
ampr.org. 3600 IN SOA ampr.org.
ampr.org has address 44.0.0.1
1 gateway (157.161.57.65) 2.947 ms 2.887 ms 2.847 ms
2 mikrotik-hamnet.woody.ch (192.168.57.243) 4.937 ms 4.920 ms 4.887 ms
3 rf0.am-32.hb9am.ch.ampr.org (44.142.162.97) 21.810 ms 24.858 ms 29.860 ms
4 bb-hb9am-30.db0wbd.ch.ampr.org (44.224.90.81) 29.847 ms 32.792 ms 32.771 ms
5 wan-db0wbd.hc.r1.ampr.org (44.148.240.45) 78.907 ms 81.925 ms 84.438 ms
6 dc1-dc2.hc.r1.ampr.org (44.148.255.253) 97.808 ms 98.107 ms 113.973 ms
7 wan-db0gw.db0fhn.ch.ampr.org (44.224.122.2) 113.986 ms 113.149 ms 118.384 ms
8 db0fhn.ch.ampr.org (44.130.60.100) 126.890 ms 118.628 ms 137.776 ms
9 * * *
My Gateway has a default route to the internet and a static route for
44.0.0.0/8 pointing to my WLAN Link to a 'public' Hamnet AP.
So what is the point of having sort of a split-brain situation on the
44.0.0.0/8 hamnet ip range?
I 'see' ospf packets on the WLAN link, but they only seem announce the
local routes withing the swiss part of hamnet, not the global routes.
Sort of makes sense, as you probably would run bgp to interconnect the
different hamnet as numbers.
So do I need to get an own hamnet as number? As a User?!?
Or what mechanism is there supposed to be to tell a user which hamnet
ip ranges are reachable via internet and which ones are reachable via
hamnet.
73
-Benoit- / HB9EUE
Hello Everyone,
I'm helping out a local HAM getting an IPIP AMPR setup working but his
current AT&T Uverse / Pace s 5862ac unit doesn't seem to be playing
nicely. Yeah.. I know.. Shocking! Anyway, touter/NAT mode seems to
*only* want to forward TCP/UDP protocols (typical) and it's DMZPlus
feature mode seems to be breaking his Wifi network. As we maybe hack
with the DMZplus feature tomorrow, I was curious if there is anyone
willing to offer up a VPN connection to his Raspberry Pi as a Plab-B:
Looking through the archives, there was
http://wiki.ampr.org/index.php/AMPRNet_VPN but that link is 404. I know
there is also the http://wiki.ampr.org/wiki/AMPRNet_VPN link but I know
other HAMs are/were offering less complicated setups. I can help him
setup any offering be it IPSEC, SSL-VPN, etc. He's not looking for any
sort of performance.. just general IPIP access to play around, etc. at
the moment.
If already hosting or you're willing to host a solution, let me know.
Thanks!
--David
KI6ZHD
All the examples I have found have a static public ip, is there a way to do it with a dynamic public ip, my ISP does not assign statics to residential customers.
cantantes laudat orbis terrarum
I have followed the directions in http://lz4ny.eu/en/amprnet-44-rip/ to setup my GW, but all I get when I run ampr-ripd is the following
root@thor:/home/w0kcf# ampr-ripd -d -i tunl0
Using gateway 192.168.1.1 for direct 44net endpoints via interface enp0s18.
Waiting for RIPv2 broadcasts...
Network configuration is as follows
w0kcf@thor:~$ ifconfig
enp0s10 Link encap:Ethernet HWaddr 00:14:6c:81:ff:fe
inet addr:44.26.1.80 Bcast:44.26.1.95 Mask:255.255.255.240
inet6 addr: fe80::214:6cff:fe81:fffe/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16335 errors:0 dropped:10870 overruns:0 frame:0
TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1273233 (1.2 MB) TX bytes:6874 (6.8 KB)
enp0s18 Link encap:Ethernet HWaddr 00:13:8f:7a:c8:aa
inet addr:192.168.1.9 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::213:8fff:fe7a:c8aa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23028 errors:0 dropped:0 overruns:0 frame:0
TX packets:17964 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6155448 (6.1 MB) TX bytes:2789754 (2.7 MB)
What am I missing?
73
Kevin W0KCF
Hello,
Mikrotik released its new RouterOS version 6.41, with some changes
affecting the gateway script.
I released an updated script version to address this issue.
For those using pre-6.41 ROS, the update is not necessary.
If you want to correct the script manually, just delete the line
referring to neighbor discovery disabling in the 'add new tunnel'
section of the ampr_gw script whic states:
/ip neighbor discovery set $gw discover=no
As usual, download at:
http://www.yo2loj.ro/hamprojects/http://yo2tm.ampr.org/hamprojects/
Marius, YO2LOJ
Currently running on a Raspberry Pi in a pfSense DMZ on residential Dynamic
IP. Marius’ ampr-ripd compiled with no issue, the scripts from my linux
gateway that I worked on with Lynwood work perfectly with no modification.
Need to do a little tweaking with iptables firewall as my network
implementation is different from what it was when I was running one box.
Diagram:
(Internet)===<pfSense>==(DMZ)==<Raspberry Pi>==(44.98.63.0/29)
- I’m NAT forwarding ipip traffic that hits the pfSense external interface
to the DMZ (usb NIC) interface on the Pi.
- tunnel script and ampr-ripd run on the pi creating tunl0 on the pi
- local AMPR segment on the Pi native interface.
- pfSense NATs outbound encapsulated traffic making it appear as if it
comes from the pfSense box.
- My gateways appears on Marius map.
Working on documentation for the wiki and will post by weeks end.
—tom
--
73 de N2XU/Tom Cardinal/MSgt USAF (Ret)/BSCS/Security+/IPv6 Certified
Hi Tom,
Some tome ago I was fiddling with pfSense to make it my gateway. I
abandoned this idea because there was a couple of key issues for me:
- BSD needs a device for each IPIP tunnel, this gets the things much
more harder to setup;
- PfSense does not have the protocols used enabled by default, needing
manual edit of the web interface after each update. You have to do it by
yourself every time;
- Linux has ready made scripts to get the job done. These scripts were
made by good hams here and tested by several other people. It is easier
to create a small virtual machine and put a 256MB RAM Devuan working
than creating a gateway using BSD.
- PfSense team is minded to get the commercial way of pfSense as a
product, so do not expect any support to get the things working. Their
support forum is getting more unconcerned every day.
If you are still inclined to use some type of BSD firewall as an AMPRNet
gateway, I suggest using OPNSense to start. It was a project forked from
pfSense, but today have only 10% of original code and have open source
as priority yet. Their forum is much more friendly and responsive.
OPNSense has all protocols listed in the web interface, so passing IPIP
traffic back and forth is more intuitive (I still would not use it as a
gateway anyway).
Hope this helps,
73 de PT2LDR
Luzemario
www.luzehost.com.br
Em 06-01-2018 18:00, 44net-request(a)mailman.ampr.org escreveu:
> Greetings,
> I was working with Dan Cooper last spring to turn my pfSense box into
> an ampr gateway. At the time I was trying to learn how IPIP worked AND
> how BSD (pfSense) worked. I'm pretty well versed in linux... BSD...
> not so much.
>
> At the time I moved to Linux and Lynwood helped me get my head around
> how the IPIP tunneling works. After seeing the volume of traffic that
> tries to crack into my residential ISP connection (even though it
> fails) I've decided to put my ampr gateway into a DMZ. I'm currently
> in the process of moving my AMPR gateway into a pfSense DMZ.
>
> I work in a loosely security related position at work and I'm doing
> this as a security measure to knock down some of the noise my Linux
> gateway/Router/Firewall/AMPRgateway was seeing, mostly from Russia,
> China and other places that I didn't research. My new AMPR gateway
> will still be on Linux, actually Raspbian on a Raspberry Pi, but the
> only traffic it'll ever see is encapsulated traffic and traffic from
> my network because all of the other noise will be filtered by the
> pfSense box and won't exist in my DMZ.
>
> Out of the box the pfSense user interface doesn't have support for
> ipencap or AX25. I did a little bit of research (google) and found an
> older post on the pfsense forum about which files to edit to add
> ipencap and ax25 to the UI. Also, I just asked on the pfSense
> subreddit to see if there are any other places within the pfSense UI
> to edit which protocols are available for use.
>
> Is anyone else using this method to NAT forward IPIP traffic to an
> internal gateway (in my case using pfSense). I'm looking to find out
> if I've missed anything with the port forwarding before I move
> forward. I know Brian (N1URO) was working with IPIP tunneling behind a
> NAT and I think (THINK) this might work.
>
> So... here's what I've done.
>
> pfSense version is 2.4.2p1. File edits follow...
>
> In file:
> /usr/local/www/firewall_nat_edit.php
>
> On line 708, change:
> $protocols = "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF";
>
> To:
> $protocols = "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF
> IPENCAP AX25";
>
> In file:
> /usr/local/www/firewall_nat_out_edit.php
>
> On line 510, change:
> $protocols = "any TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP carp pfsync";
>
> To:
> $protocols = "any TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP carp
> pfsync IPENCAP AX25";
>
> In file:
> /usr/local/www/firewall_rules_edit.php
>
> Insert as line 1315 and 1316:
> 'ipencap' => 'IPENCAP',
> 'ax25' => 'AX25',
>
> --
> Tom / n2xu / MSgt USAF (Ret) / BSCS, CASP
