12 Nov
2021
12 Nov
'21
1:43 a.m.
At the beginning, this concept confused the heck out of me, so I'd like
to share some things I was not aware of.
I have worked with tunnels before, also ipip/ipencap ("proto 4")
tunnels. There is usually a concept like local end/remote end. But
"strangely" a remote end was never configured for ampr.
Now say your tunnel device is tunl0 which has *no* endpoint configured.
1.) When traffic is sent to your 44.x IP address, "someone else"
(possibly amprgw.ucsd.edu) will pack that entire IP Packet into another
IP packet and send it to your public, static IP, protocol 4. The network
stack removes the outer header and the original packet (with destination
IP) pops out of your tunl0 device
2.) But what when you send something? How is this processed in the
tunnel without remote endpoint? There is a property of "nexthop" on
Linux routes. When used in combination with a tunl device without
explicit endpoint, Linux will take the destination address of the
nexthop in the route.
So say you have a route in the system
ip route add 44.63.15.64/28 dev tunl0 nexthop 93.83.102.170
and you ping 44.63.15.65, Linux will wrap an outer IP packet (proto=4)
and destination IP 93.83.102.170 around it and just send that packet via
another route (most likely your normal default route over your normal
internet uplink).
What rip44d does is that it listens on the tunnel device for RIP packets
(acually, modified RIP packets) and then adds (via "ip route command")
all routes from the portal (44.xx pairs and the public IPs) to the
routing table.
I know you got your tunnel up now (great!) but just wanted to add this
if it helps understanding.
- KM6RDV
On 2021-11-04 14:25, Marius Petrescu via 44Net wrote:
Kun,
I think you got the whole concept wrong.
1. you need yo configure a network interface with your public IP
2. You need to register that public IP wit the portal
3. After 30 min or so, on that public IP you need to receive IP proto 4
traffic, at least the once every 5 minutes (the RIP broadcasts)
4. Next you need to set up a point to multipoint tunnel interface
5. You need to run ampr-ripd on that tunnel interface to receive the RIP
broadcasts. Ampr-ripd will set up all your additional routes as defined
in its command parameters
6. you need to setup a local networtk interface according to your
allocation, where the gateway will forward the 44-net trafic to local
machines
So in your case you may listen to ens3 as long as you wish.
The correct command to check for RIPv2 messages is:
ampr-ripd -d -v -i ampr0
The incoming ampr0 traffic is seen on the interface ampr0, not on
ens3... Ens3 in your setup is for connecting your local machines...
Marius, YO2LOJ
On 04/11/2021 23:15, KUN LIN via 44Net wrote:
Yes. I am trying this on a buyvm vps.
When I run sudo tcpdump -i ens3 -vvv host amprgw.ucsd.edu
This is what I got:
tcpdump: listening on ens3, link-type EN10MB (Ethernet), snapshot
length 262144 bytes
So it does look like something is blocking it?
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on
behalf of Steve L via 44Net <44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
I have configured the public IP in the AMPR
portal as gateway.
If you just did this, wait a while like a half hour.
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at
Waiting for RIPv2 broadcasts... and never retrieve a password.
You don't need
to run the find password script or specify a password
if you are using ampr-ripd above version 1.14 (its hardcoded in the
program). But I do believe even if you run that, it should retrieve
it.
I usually start off really stripped down, with all firewall stuff off
till I know I am receiving the protocol 4 rip broadcasts.
Do you see anything with tcpdump ?
tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
If not, then something upstream is blocking protocol 4 from reaching
you. Seems like it might be outside of your home if your configuring
the interface directly with a public IP
In the iptables world, here is the ipencap (protocol 4) syntax:
iptables -A INPUT -p 4 -j ACCEPT
On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net
<44net(a)mailman.ampr.org> wrote:
> I have been trying to configure the AMPRtunnel for a while without
> success. Could someone please point me to the right direction.
>
> I am running Debian 11 with public IP. I have configured the public
> IP in the AMPR portal as gateway.
>
> I am trying to follow this document
> https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
>
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at
Waiting for RIPv2 broadcasts... and never retrieve a password.
>
> Here is what I have done so far.
>
> in /etc/network/interfaces, I added
>
> auto ens3:1
> iface ens3:1 inet static
> address 44.26.0.168
> netmask 255.255.255.248
>
> Then I created ipip tunnel using following commands
>
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
> ip link set dev ampr0 up
> ifconfig ampr0 multicast
> ip rule add to 44.0.0.0/8 table 44 priority 44
> ip rule add from 44.26.0.168/29 table 44 priority 45
> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
> ip route add 44.26.0.168/29 dev ens3 table 44
>
> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to
> plug into lat command
> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p <SecretPassword>
>
> However, the find_password.sh stopped at waiting for ripv2
> broadcast. Here is the logs for command
>
> Using metric 0 for routes.
> Using TCP window 840 for routes.
> Using gateway 209.141.42.1 for direct 44net endpoints via interface
> ens3.
> Waiting for RIPv2 broadcasts...
>
> Any idea on what am I doing wrong?
> Thanks
>
> Kun
>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net