Re: [44net] BGP/openvpn finally all ok.

-- Dave K9DC > On Jan 15, 2021, at 12:19, pete M via 44Net 44net@mailman.ampr.org wrote: > > Thnaks Nate for the help. > > # ip route show > default via 207.246.122.1 dev ens3 > 44.135.59.0/24 dev tun0 proto kernel scope link src 44.135.59.1 > 169.254.169.254 via 207.246.122.1 dev ens3 > 207.246.122.0/23 dev ens3 proto kernel scope link src 207.246.122.57 > > I have fixed the mixe up in the fact that ens3 and tun0 had the 44.135.59.0/24 assigned to them both > > traceroute from a windows 10 machine (french so dont worry about the strange words ;-) > tracert 8.8.8.8 > > Détermination de l’itinéraire vers 8.8.8.8 avec un maximum de 30 sauts. > > 1 20 ms 18 ms 21 ms 44.135.59.1 > 2 * * * Délai d’attente de la demande dépassé. > 3 * * * Délai d’attente de la demande dépassé. > 4 * * * Délai d’attente de la demande dépassé. > 5 * * * Délai d’attente de la demande dépassé. > 6 * * * Délai d’attente de la demande dépassé. > 7 * * * Délai d’attente de la demande dépassé. > 8 * * * Délai d’attente de la demande dépassé. > 9 * * * Délai d’attente de la demande dépassé. > 10 * * * Délai d’attente de la demande dépassé. > > I have ipv4.ip_forward = 1 in /etc/sysctl.conf > > > ________________________________________ > De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Nate Sales via 44Net 44net@mailman.ampr.org > Envoyé : 15 janvier 2021 11:53 > À : 44net@mailman.ampr.org > Cc : Nate Sales > Objet : Re: [44net] BGP/openvpn finally all ok. > > By outside connectivity, do you mean egress only? In either case, > please provide a traceroute sourced from an address within your 44net > block so we can see where things are going wrong. Also, do a "ip route" > so we can check the routing table to make sure everything is in order. > > Nate > KJ7DMC > > On Fri, 2021-01-15 at 16:23 +0000, pete M via 44Net wrote: >> Well It looks like I still have a problem. >> When I connect to my openvpn server it works. BUT I have no >> connection to the outside world. >> >> here is my output of my iptable. >> >> iptables -L -v >> Chain INPUT (policy ACCEPT 0 packets, 0 bytes) >> pkts bytes target prot opt >> in out source destination >> 1937 332K ACCEPT udp >> -- ens3 any anywhere anywhere udp >> dpt:openvpn >> 3 180 ACCEPT all >> -- tun0 any anywhere anywhere >> >> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) >> pkts bytes target prot opt >> in out source destination >> 979 94816 ACCEPT all >> -- tun0 ens3 anywhere anywhere >> 0 0 ACCEPT all >> -- ens3 tun0 anywhere anywhere >> >> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) >> pkts bytes target prot opt >> in out source destination >> >> and here is my network adress state: >> >> # ip a >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN >> group default qlen 1000 >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> inet 127.0.0.1/8 scope host lo >> valid_lft forever preferred_lft forever >> inet6 ::1/128 scope host >> valid_lft forever preferred_lft forever >> 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP >> group default qlen 1000 >> link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff >> inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic >> ens3 >> valid_lft 85194sec preferred_lft 85194sec >> inet 44.135.59.1/32 brd 44.135.59.1 scope global ens3 >> valid_lft forever preferred_lft forever >> inet6 fe80::5400:2ff:fefc:bdba/64 scope link >> valid_lft forever preferred_lft forever >> 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq >> state UNKNOWN group default qlen 100 >> link/none >> inet 44.135.59.1/24 brd 44.135.59.255 scope global tun0 >> valid_lft forever preferred_lft forever >> inet6 fe80::cd3f:6e0a:55e:e9ac/64 scope link stable-privacy >> valid_lft forever preferred_lft forever >> >> Bird show my route advertised properly. >> >> Anyone can help? >> >> >> ________________________________________ >> De : pete M petem001@hotmail.com >> Envoyé : 15 décembre 2020 17:40 >> À : James Colderwood via 44Net >> Objet : BGP/openvpn finally all ok. >> >> I want to thanks all that helped with the setup of my vultr vps with >> BGP and openvpn to distribute the /24 that was assigned to me. >> >> I played a lot with the openvpn and wireguard software up to a point >> I had to redo the whole install of the VPS. >> >> here is the receipy I have been able to use for the task. I am >> running a Debian10 that was updated to the latest software >> >> First I have use the tutorial at >> https://www.vultr.com/docs/configuring-bgp-on-vultr >> >> Be aware that on my version of bird I was not able to open the >> "/var/log/bird.log" files because of a propriatary right. the file >> belongned to root and it was supposed to belong to bird it is a known >> bug that I hope will be fixed soon. >> >> this helped me create that information into my bird.conf >> ------------------------------------------------------------------- >> ----------- >> log "/var/log/bird.log" all; >> >> router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps >> >> protocol device >> { >> scan time 60; >> } >> >> protocol static >> { >> route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned >> /24 from ampr and the ipv4 from your vps >> } >> >> >> protocol bgp vultr >> { >> local as yyyyyyyyyyy; this is the private asn given to you by >> vultr and availble on your dashboard on myvultr.com for your vps >> source address xxx.xxx.xxx.xxx; >> import none; >> export all; >> graceful restart on; >> next hop self; >> multihop 2; >> neighbor 169.254.169.254 as 64515; >> password "YourSecretPassword" ; >> } >> ------------------------------------------------------------------- >> ----------- >> >> On the openvpn side of thing I have use the install script from >> angristan available at https://github.com/angristan/openvpn-install >> >> just followed the instruction and all was good. >> >> from there I changed some things on my network at >> etc/network/interfaces >> >> ------------------------------------------------------------------- >> ------- >> # This file describes the network interfaces available on your system >> # and how to activate them. For more information, see interfaces(5). >> >> #source /etc/network/interfaces.d/* >> >> auto lo >> iface lo inet loopback >> >> auto ens3 >> allow-hotplug ens3 >> iface ens3 inet dhcp >> iface ens3 inet static >> address 44.135.59.1/32 >> --------------------------------------------------------------------- >> the last line point at the first address of my /24 put yours into >> your file. >> >> then on the openvpn server I changed into the server.conf file only >> one line >> >> the file is at /etc/openvpn/server.conf >> >> i switched the server line from >> server 10.8.0.0 255.255.255.0 >> to >> server 44.135.59.0 255.255.255.0 >> >> the 44 address is my /24 put yours if you follow my exemple. >> >> that's it! >> >> it was not that complicated. But I had to dig a bit to understand >> the whole thing. >> >> My next step will be to split my /24 in parts. one section will be >> for the single connections like now, but I want to have connection >> that are like blocks of /28 or /29. >> >> I know I will have to make another instence of the openvpn server >> That is the part that is the less clear for me yet. The conf file is >> more clear. As I want to strat and stop each instence easily I will >> have to make a new starting script for systemd And that is where I >> will need to read more. >> >> If this helps someone I will be happy! >> >> If you see a problem with my setup please let me know! >> >> >> Pierre >> VE2PF >> >> _________________________________________ >> 44Net mailing list >> 44Net@mailman.ampr.org >> https://mailman.ampr.org/mailman/listinfo/44net > > _________________________________________ > 44Net mailing list > 44Net@mailman.ampr.org > https://mailman.ampr.org/mailman/listinfo/44net > > _________________________________________ > 44Net mailing list > 44Net@mailman.ampr.org > https://mailman.ampr.org/mailman/listinfo/44net