44net

44net@mailman.ampr.org

3170 discussions

Re: [44net] eth0 VM incoming IPIP, RIP [no chksum], like dhcp mangle issue ???

by Rob Janssen

> 1. There is no socket option called that in FreeBSD. Amprgw is not Linux. I am aware of that. Sometimes those socket options have the same name, sometimes not. When looking this up I got the impression that it was added to Linux copying from BSD, but it appears to be not the case. In the Apple variant of BSD the same option exists but it is named differently. > 2. We're not using the kernel socket mechanism to construct the UDP packets Ok... well, it is possible to calculate the checksum of course but it is a bit tricky as it is not only a checksum of the actual packet but also of a "pseudo header" that is temporarily added in front of it... But again, it should not be required. The 0000 checksum indicates "no checksum" and it is valid. I think Maiko has a different issue, maybe the problem with multicast sockets? (try -r option to force raw mode) Rob

7 years, 5 months

Re: [44net] eth0 VM incoming IPIP, RIP [no chksum], like dhcp mangle issue ???

by Rob Janssen

Maiko, I think you are chasing a red herring. It is true that the RIP broadcasts have no checksum, but that is unlikely to be the cause of any problem you may have. Checksums are optional in UDP, these packets don't have them (I can confirm that in a trace on my gateway), but that is not a reason not to process them. It could be argued that it would be better to send the packets with checksum, which could be accomplished using the |SO_NO_CHECK socket option. Rob |

7 years, 5 months

eth0 VM incoming IPIP, RIP [no chksum], like dhcp mangle issue ???

by Maiko Langelaar

Good day, This is bizarre, I confirm IPIP is definitely coming to my linux (running as a VM) : Here is a tcpdump of the eth0 (direct internet side) : 22:27:35.447588 IP (tos 0x0, ttl 50, id 59965, offset 0, flags [none], proto IPIP (4), length 552) amprgw.ucsd.edu > XXXXXX.members.linode.com: IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 532) gw.ampr.org.router > rip2-routers.mcast.net.router: [no cksum] RIPv2, Response, length: 504, routes: 25 or less Simple Text Authentication data: XXXXXXXXX AFI IPv4, gw.ampr.org/32, tag 0x0004, metric: 1, next-hop: amprgw.ucsd.edu AFI IPv4, .... I'm using iptables PREROUTING to route protocol 4 (IPIP) to my JNOS over tun0, most of of the traffic is working very nicely, not worried about that. However, if you look closely, this RIP broadcast is showing [NO CKSUM] ! I read somewhere there is a similar issue with DHCP packets (to VM of all things), the end result is that these particular packets are then dropped and never make it to the tun0 link, so JNOS will never see these. I have run tcpdump on the tun0 interface, and sure enough not seeing these at all. I've tried variations of the following command to 'fill in the checksum' but no luck : iptables -t mangle <missing other arguments> -j CHECKSUM --checksum fill This is only affecting my RIP broadcasts encapsulated in IP (so far), my usual 44 ntwk traffic over the tun0 link and JNOS is working fine, checksums all correct, etc. Help :) Maiko / VE4KLM

7 years, 5 months

ve4klm.ampr.org issues

by Maiko Langelaar

Thought maybe this is the place to let people know (as a courtesy I suppose). I recently lost my static IP address (my bridge radio died after 12+ years or so), looking at other solutions. So in the meantime my existing IP address as noted in the encap.txt and rip broadcasts will simply not respond to anything. No worries about it being used by other entities, it's an IP on 'our system' that no one else will ever use for a long time down the road. I don't want to delete my entry in the portal, so I will try to get some form of Dynamic DNS hostname in place as soon as possible, since I am now using a DSL service as a temporary internet connection. It might be a while, just saying. Thanks for your understanding. Maiko / VE4KLM

7 years, 5 months

Lost my subnet...

by jerome schatten

Yesterday I lost all the folks I had links with… Today after much head scratching I decided to look at my gateway on the ampr portal. The gateway addy is 174.6.225.73 and the subnet I had WAS 44.135.172.0/29 My 44 addy is 44.135.172.128 So at the portal it says: 'network not found' I don’t find this block of four addresses in the available networks list to add it back in. Help please. Confused in Vancouver jerome - ve7ass

7 years, 5 months

MikroTik Routers

by Marc Williams

Good afternoon all, Unfortunately I made little progress with my home setup due to the joys of work and real life demands.Anyway sob story aside I have a little spare time again so I am looking to get a MikroTik router ordered.So my question is do I need to adhere to a minimum spec? The memory and processor specs seem to very greatly. Thanks in advance. Marc (2W0PNT)

7 years, 5 months

Lost my subnet... Still More

by jerome schatten

And also, none of the folks I’m linked to can connect to me if they are using the rip broadcasts or the list. I’m probably not the only one that has this problem. I seem to remember a cleansing of the gateways that are inactive, maybe you can fix this so that those whose CPE no longer allows rip to function (the ‘bitten’) can still make use of the system. j. ve7ass ----------------- And of course I’m no longer in the gateways list… If this is because I don’t reply to pings, unfortunately I can no longer receive gateway broadcasts so that would be expected, no? jerome _________________________________________ 44Net mailing list 44Net(a)hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net

7 years, 5 months

Lost my subnet... More

by jerome schatten

And of course I’m no longer in the gateways list… If this is because I don’t reply to pings, unfortunately I can no longer receive gateway broadcasts so that would be expected, no? jerome

7 years, 5 months

Re: [44net] MikroTik Routers

by Rob Janssen

> In my case, where we run a BGP session with Internet and publish our assigned segment, we use a CCR1036 having in memory the full BGP routing table, but even so, this is not a compulsory requirement for you. Indeed for doing BGP on internet you need such a router. To do BGP on AMPRnet (i.e. internal routes only) the RB750Gr3 is good enough. > In example, you can configure a less expensive router with only a default gateway to your ISP and/or to the ISP that runs the BGP session for you (if that would be the case). This is what we do at our gateway as well. The ISP advertises our network and routes the traffic to our system. > If you want to launch a traceroute from public Internet, just to demonstrate above setup, you can use 44.133.233.8 It does not answer to us. First hop is 88.26.246.131 via IPIP tunnel. > Being said that, and nonetheless, I don’t think a Mikrotik RB750 is a good idea as it quite skimpy to have many things running at the same time. > A Mikrotik RB2011 (no Wi-Fi) and above will be, for sue, very good platforms to play with. Remember the suggestion was not the RB750 but the RB750Gr3. This is an entirely different thing. It is more powerful than the RB2011. (but has less ports of course) Rob

7 years, 5 months

Re: [44net] MikroTik Routers

by Rob Janssen

> Thanks Rob, so I can ignore all the wiki instructions then and follow the script and read me? Yes > I assume I don't want to use a dmz but put my vdsl router into dumb bridged modem mode? Well that is usually better (when you don't want to be bitten by DMZ bugs), however that complicates things a little bit. Maybe it is better to make that your second experiment :-) When you want to put the VDSL router in bridged mode, you probably also want the MikroTik to double-up as a NAT router for your normal internet use. In itself that is not a problem, it can do that. But it requires a little more study of the matter, especially when you want to be able to talk from AMPRnet to internet (no NAT) and at the same time want to talk from your RFC1918 LAN to internet using NAT. This involves using "policy routing", i.e. two route tables, one for each usage, and "IP Route Rule" settings to select the proper routing table based on source address. Like this: /ip route rule add src-address=44.x.x.x/28 table=ampr then put all AMPRnet routes in the table "ampr". the normal table "main" has the "internet" routes. Traffic from your normal LAN (e.g. 192.168.88.x) to normal internet addresses is routed via the "main" table where there is a default route to your ISP, traffic from your AMPRnet network 44.x.x.x/28 is routed to the "ampr" table where there are the 600 or so tunnel routes and a default route pointing to amprgw. You may also want to separate the LAN side in two different networks, either by reserving physical ports for each network or by using a tagged VLAN for one of the networks. Can be done as well. Almost anything can be done using these routers. However, trying to do it all at once and finding out everything with your network lying in shambles because you re-configured your VDSL router to bridge mode at the same time is not the easiest way forward :-) So, first experiment a bit with the modem in DMZ mode and the MikroTik behind it, find out how things operate, lock yourself out and find out how to recover, etc. Then you can more easily move on to a more complex configuration by adding the above mentioned things. Rob

7 years, 6 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net