>GRE works just fine depending on your system. We've never had any problems with GRE except using Mikrotik devices. There is a bug in the GRE implementation on MikroTiks where you will experience a 20-30% packet loss when the system is under any non-trivial use (e.g. multiple audio streams or a file transfer). Several versions of the OS and several different hardware platforms all experienced the same issue. We changed to IPIP and IPIP6 and the issue disappeared with no other reconfiguration. We're using a mix of IPIP, IPIP6, and GRE6 tunnels to a number of sites fed out of our VPS gateway.
I cannot confirm that at all. We use GRE tunnels inside our network to connect isolated areas back to our gateway over internet tunnels, and it works very well. The gateway router is a MikroTik CCR1009 and most users use MikroTik RB750Gr3 or comparable routers. No packet loss issues at all.
There are of course a couple of things you need to watch for:
- the "keepalive" mechanism is a defacto-standard thingy that is not working in standard Linux systems so it has to be kept disabled when the other side is not a MikroTik or maybe Cisco or comparable router
- as for any tunnel, the MTU is always lower than 1500 and you cannot send fullsize packets through it without fragmentation. it is best to install a TCP MSS clamping rule to limit the MTU of most traffic
- there is a bug in the firewall of more recent RouterOS versions which causes GRE traffic not to be matched by Established/Related firewall rules, and be stamped as Invalid. So when you have the default ruleset of "accept Established/Related, drop Invalid, then accept certain incoming traffic" you need to insert a rule that accepts GRE traffic from your peers BEFORE the "drop Invalid" rule.
Of course you can always use IPIP instead. I have chosen GRE in the hope that it is more widely available on other makes of routers, and also it can transport IPv6 in the future. But as GRE usually requires fixed public addresses on each end of the tunnel and also is often a bit troublesome to pass through NAT routers, we also offer the additional option of L2TP/IPsec tunnels, which can be setup from a dynamic address and have no issues with NAT on the client side.
(the gateway router itself of course is directly on a fixed address)
Rob
Hi everyone,
Anyone been playing with GRE tunneling?
I am looking at that solution to bring part of my /24 to sites where I have multiple machine that each need a 44 address.
GRE have no encryption, it is only an encapsulation of a Layer 2 packet. This lower the actual possible MTU size lowering the throughput slightly. But it is an easy way to connect a site to the VPS. At the same time, we dont need encryption as all the data that are passing into that tunnel is supposed to be ok to route on the internet. and if they contain special thing they should already be encrypted with tls/ssl or other mean of securing the connection.
Anyone have experience with this?
I would then use openvpn is its normal way for simple client. Then I imagine I will need to bridge both tunnel so that every one could talk to each other at the VPS level.
Sounds plausible?
Pierre
VE2PF
Hi, me again with an OT kind of topic.
I have been pretty happy with the way the vps at vultr and the bgp announce been doing, this did not missed a beat since it been fix, again thanks to every one that helped.
Now I need a push in the right direction for OpenVpn.
Went on the openvpn forum, asked a noob question, got shamed post by a prick, waited for someone else to try to help me. Now I am asking the ham community for help.
I have seen many tutorial/video/explanation and how to's for OpenVpn. Most are tutorial where, you start a script, enter some magic numbers its start installing package after package and it start working. Youhou! NOT!
That ain't the kind of stuff I am looking for. If I want to support the server and be able to debug it in case it fail I need to know where and how all this works.
Let me tell you my goal. I will have multiple site that will connect to the vpn server. on those site Multiple machine will need a 44net address. some will have fix address but I want to also have some assigned by dhcp.
Now I could also have some simple client that will connect and those will have dhcp address.
How do I manage that into OpenVpn. Does the dhcp vs fix address is managed by the OpenVpn config?
Or does I need to have a local dhcp server at the site (the router that will connect as the client)
will I have to do some bridging between my site (client to client communication)?
And finally is there a real good how to that is not 300 page long, as hard to read as the U.N. whole bylaws and treaty and that a layman can understand somewhere& hopefully that is not a recipe that say, add some pixi dust here, open notepad 3 time while typing "I will not read my sister's diary in front of the whole class" Copyright the Simpson's . 200 time, without saving the file between each opening and closing, and hoping that it will do the job.
>From a pretty tired guy of searching the answer to life.
Yeah I know its 42.
Pierre
VE2PF
That is why the discussion and exposing the long dormant system to new users.
These are not rules but logical suggestion on using the system while playing
nice in the sandbox called the entire planet. Time will tell, but not if we
do not talk about it in the open. I agree about chat clients. I use HexChat.
--
73 de N2NOV
PROPOSED WWCONVERS CHANNEL SCHEME
There are 32767 possible channels in the WWconvers with channel 0 reserved
for a local bbs to use as it's default when users log onto their system.
Finding other stations by area, interest or any other special use can get a
little confusing. Some countries have settled on a scheme where their users
can find each other based on the second number of their assigned 44Net (AMPR)
address. For example, Greece is assigned 44.154.0.0/16 and they can be found
on channel 154.
In the USA (because of sheer numbers of systems over the years) the second
number in the address is typically an entire state with some having multiple
subnets (California has 6). There has been an effort in recent years to clean
up the numbers and subnets no longer in use and this resulted in the range
from 44.191.0.0/16 to 44.255.0.0/16 to be sold to Amazon.
To make things easier, I am proposing a somewhat logical layout to the
channel usage, not only by the 44Net addresses but also by specilized
uses for activities and watering holes like HF/VHF/UHF frequencies.
As you can see, there will be plenty of space for adhoc arrangements.
Discussions are welcomed and encouraged as how to use this space for the
benefit of many different groups and interests.
DEFAULT
Channel 0 . default local use and not propagated across the WWconvers system.
REGIONAL
Channel 1 through 190 . based on second number in the 44Net/AMPR addresses
MATCHING TO RF FREQUENCY USED
(ie: net on 7240 kHz would use channel 7240)
1800-1999 160m Channels
3500-3999 80m Channels
7000-7299 40m Channels
10100-10149 30m Channels
14000-14349 20m Channels
18068-18167 17m Channels
21000-21449 20m Channels
24890-24989 12m Channels
28000-29699 10m Channels
5000-5399 6m Channels
14400-14799 2m Channels
22200-22499 1.25m Channels
4200-4499 70cm Channels
9020-9279 33cm Channels
12400-12999 23cm Channels
CURRENT SPECIALTY USERS
625 . UHF Amateur TV Channel in UK
10177 . OK2KOJ Club Channel in Czech Republic
14736 . WC2OEM Channel for NYC Amateur Radio Emergency Communications Service
SET AS LOCAL BBS USE (ie. JNOS Systems, etc)
211 . Local NCS/ALT Channel for nets
411 . Local WX Event Channel (Skywarn nets)
911 . Local Emergency Net Activation Channel
--
73 de N2NOV
For those who have the capability to link their systems for WWconvers/chat,
I host the Hub_NA chat server that links to various chat hubs in Europe.
We are hoping that systems in other parts of the world get set up for chat.
Hub_NA can be reached at 44.68.41.2 or convers.n2nov.net, both on port 3600.
If you are using the non-44Net address, you have to contact me first at
n2nov(a)n2nov.net to be added to the permissions file.
--
73 de N2NOV
All,
Can the operator of 44.178.0.0/30 contact me off thread and/or reconfigure their gateway's public 93.123.xxx.xxx address - as to stop sending incessant DNS requests. This traffic is blocked at my firewall and using the resources of AMPRGW.
As an FYI and reminder, operators should use 44net IPs to access the DNS service.
(times UTC)
09:06:20.787664 IP (tos 0x0, ttl 44, id 61193, offset 0, flags [none], proto UDP (17), length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36)
09:06:21.788026 IP (tos 0x0, ttl 44, id 52880, offset 0, flags [none], proto UDP (17), length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36)
09:06:22.788096 IP (tos 0x0, ttl 44, id 40377, offset 0, flags [none], proto UDP (17), length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36)
09:06:23.792789 IP (tos 0x0, ttl 44, id 52426, offset 0, flags [none], proto UDP (17), length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36)
09:06:24.787615 IP (tos 0x0, ttl 44, id 8877, offset 0, flags [none], proto UDP (17), length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36)
Is this the normal behavior of a MikroTik device?
73,
- Lynwood
KB3VWG
Hi,
Some time ago I requested a /24 subnet. I have my network and I'm trying to
make it work but with no success.
I follow this tutorial
https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_MikroTik_Routers but it
doesn't work.
After this, I read that I need a dns record in ampr.org and fill the
contact form in portal.ampr.org without answer yet.
My other option is to change the network to bgp (my datacenter supports
bgp).
Can anyone help me to make my network work?
Thanks !
--
Rodrigo Pérez R.
CD5RPY
