> Hello Rob,
> I have receive your email this morning and reply to it before your send
> on the group, I also close my amprnet for the moment. I'm new with the
> mikrotik router and don't know all, I get information on the internet to
> get it work. Sorry for the bad packet this is not intentionnal.
> 73 de Pascal
> ve2hom
Hi Pascal,
Well I did not get a mail from you, probably it has been lost somewhere due to spamfiltering.
Good to hear you use a MikroTik router! It is possible to fix it on this kind of router.
When you go to the IP->Firewall page and open the NAT tab, you will find an existing NAT
rule that you use for your internet connection. It will probably show something like
"masquerade", chain srcnat, out.interface ether1.
You can just add another item like that, with the settings:
chain srcnat
src.address 192.168.0.0/16
out interface ! ether1 (click in the empty box for the ! to appear and select your internet interface)
action src-nat
to address 44.135.50.x (select an address you want to use for this)
That should fix your problem, assuming you use this router only for internet and hamnet and
have no other interfaces to other networks.
This rule will make any traffic from the 192.168 range to be translated to a fixed address in hamnet
(but only when it is not sent to the internet interface, that is where the other rule applies)
Rob
> This also provides an opportunity for peer review in cases of misguided
> allocation schemes
>(such as breaking up a state block by county).
>
>Tom
Tom.
Can you validate why using a county scheme is misguided?
----------
Wm Lewis (KG6BAJ)
AMPR Net IP Address Coordinator - Northern and Central California Regions
(A 100% Volunteer Group)
______________________________________________
----------
This message is for the designated recipient only and MAY CONTAIN
PRIVILEGED OR CONFIDENTIAL INFORMATION.
If you have received it in error, please notify the sender immediately and
delete the original. Any other use of this E-mail is prohibited.
Does anyone know how to reach VE2HOM? He is keeping his contact information well-hidden, it appears.
His gateway at 206.80.251.222 is sending a lot of traffic with RFC1918 source address:
Feb 19 15:00:53 Packet DROP: IN=tunl0 OUT=eth1 TUNL=206.80.251.222 SRC=192.168.0.5 DST=44.137.42.18 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=13455 DF PROTO=TCP SPT=40510 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0
Feb 19 15:00:57 Packet DROP: IN=tunl0 OUT=eth1 TUNL=206.80.251.222 SRC=192.168.0.5 DST=44.137.42.18 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=38262 DF PROTO=TCP SPT=40512 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0
Feb 19 15:01:01 Packet DROP: IN=tunl0 OUT=eth1 TUNL=206.80.251.222 SRC=192.168.0.5 DST=44.137.42.18 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=14124 DF PROTO=TCP SPT=40480 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0
Everyone remember: when you are combining the routing of AMPRnet and other network traffic, make sure you
have the proper routing and/or NAT rules in place, and preferably also a filter, to make sure you don't send traffic
with a source address like 192.168.0.5 into an AMPRnet tunnel.
Rob
> I am trying to get a feel for how active AMPR is today.
This varies a lot by region. The old network (1200/9600 bps packet radio) is completely dead in most
regions and what is left over in those speeds is usually only APRS, so unrelated to IP used in AMPRnet.
However, in some places new networks are being built using WiFi technology. Much faster and much more
usable. Plus there is tunneling and direct routing of the net-44 space over internet to interconnect those islands.
Rob
Greetings,
I am trying to get a feel for how active AMPR is today. I am a software developer by trade these days and am relatively new to the hobby but not to IT / networking. Looking for a place to get involved and give back to the community.
Regards,
Jim KD8MTY
Sent from my iPhone
> Subject:
> [44net] Amprnet vpn
> From:
> Shawn Bush <daemon75joker(a)gmail.com>
> Date:
> 02/17/2017 01:18 PM
>
> To:
> 44net(a)hamradio.ucsd.edu
>
>
> something
> that I couldn't figure out how to get a ubuntu vm to run with.
>
> In the ubuntu host, the ipip works just fine and there is a module for it.
> But the module isn't in the VM and I dont see why.
You probably are not running a full VM (hardware virtualization with a standard OS running in it)
but paravirtualization like Xen which runs a special kernel in the guest machine.
This is popular for providing virtual webservers and other "cloud" servers.
However, as those servers are normally not full-featured, the guest kernel is compiled with
limited selections in the kernel config, and it may well be that exotic features like IPIP tunnels
are not provided in that config.
When it is your own system, you could opt to compile your own kernel and modify the config
while doing that. It may be easier to run the IPIP tunnel gateway on a dedicated system, e.g.
a Raspberry Pi (as I do myself) or router (e.g. a MikroTik using Marius YO2LOJ's method.
Rob
Shawn,
I'm lost; but I guess my inquires sum up to:
- Are you running a stock installation of Ubuntu, or is it a version
offered by the Virtual Machine Provider?
- How are you "receiving the route information" and what do you mean by
"but that would be it"?
Did you receive route information via rip44d and confirm it by typing:
ip route show table 44 ?
Have you been successful at getting rip44d to run as a service?
If the routes are there, this indicates you may have already made great
progress.
Did you attempt to ping or traceroute any IPs from an interface assigned
an AMPR IP?
If so, did you receive a reply?
In any case, this means you are receiving the packets at the VM. We need
to determine if the tunnel interface Up. Please verify by typing: ifconfig
If you used startampr, you should see an interface listed as tunl0, it
MIGHT say IPIP or UNSPEC, but you will recall you configured it for
IPENCAP (this is because the Linux Kernel module for both are the same).
Also note the names of your other interfaces, as the names used in the
script must also be correct. Since Ubuntu 16.04, the Ethernet interfaces
were no longer named: eth0, eth1, etc. Since I used eth0 and eth1 in
documentation, you must account for variations in your system
configuration. The ifconfig command will be most helpful to that end.
You can also assign an IP to tunl0 (a commented-out line in the script
allows for that).
Lastly, have you ever received a copy of startampr from me? If you're
using a script from Internet, that might be your problem (earlier
versions contained less documentation). The current copy is only
available on AMPR at:
http://kb3vwg-010.ampr.org/amprnet_docs/start_ampr_version2/startampr
Since that presents a chicken-and-the-egg problem for you at this time,
contact me off-forum and we can arranging for you to get a copy.
- KB3VWG
Thanks for the detailed reasponce. I have work with the 44ripd daemon and I
was recieveing the route information but that would be it. In thr startampr
script that is show, it tries to setup mode ipip and that is just something
that I couldn't figure out how to get a ubuntu vm to run with.
In the ubuntu host, the ipip works just fine and there is a module for it.
But the module isn't in the VM and I dont see why. But I was told ipensec
is what I'm supposed to be using? I have no idea how to route diffrent
protocols....
