Hi Chris
Thank you. I am able to bring up the tunnel.
Kun
________________________________
From: Chris <chris(a)ardc.net>
Sent: Tuesday, April 23, 2024 2:42
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: KUN LIN <dnwk(a)linkun.info>
Subject: Re: [44net] Waiting for RIPv2 broadcasts
Hi Kun,
The RIP broadcasts are sent as encapsulated multicast packets over the tunnel from the
UCSD gateway server on 44.0.0.1 to your tunnel endpoint, so you need the tunnel setup
before RIP44d can receive these broadcasts.
I am assuming you are using some flavour of Linux as your gateway machine, if so as a
minimum you would need to:
modprobe ipip
ip addr add 44.x.x.x dev tunl0
ip link set dev tunl0 up
where 44.x.x.x is your tunnel endpoint IP.
Then you can run the find_pass.sh script, which is just a one liner:
ampr-ripd -d -v -i tunl0
I use Debian 12 and this is how I have my gateway setup, hope it helps...
I use systemd to start everything up automatically after a reboot:
/etc/systemd/system/amprgw.service
[Unit]
Description=AMPRNet
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/local/bin/ampr_start.sh
ExecStop=/usr/local/bin/ampr_stop.sh
[Install]
WantedBy=multi-user.target
After creating this file you need to run “systemctl daemon-reload” followed by “systemctl
enable amprgw” and “systemctl start amprgw”
Here is the ampr_start.sh script:
#!/bin/sh
PWD=“<the RIP44d password>"
LOCATION="G1FEF@IO91mk"
AMPR_OUR_LAN="44.63.7.208/29"
AMPR_OUR_TUN="44.63.7.215"
EXT_INTERFACE="enp1s0"
INT_INTERFACE="enp2s0"
TUN_INTERFACE="tunl0"
# Enable IP Forwarding
sysctl -w net.ipv4.ip_forward=1
# Enable IPIP tunnel and interface
modprobe ipip
ip addr add $AMPR_OUR_TUN dev $TUN_INTERFACE
# Set some tunnel interface options
# * Give the tunnel its own TTL of 64 hops enabling traceroute over the tunnel
# * Bring up the interface
# * Set the tunnel MTU
ip tunnel change ttl 64 mode ipip $TUN_INTERFACE
ip link set dev $TUN_INTERFACE up
ifconfig $TUN_INTERFACE mtu 1480
# Set AMPRNet routing table rules
# * Any packets from any AMPRNet space use routing table 44
# * Any packets from my AMPRNet space use routing table 44
ip rule add to 44.0.0.0/9 table 44 priority 44
ip rule add to 44.128.0.0/10 table 44 priority 44
ip rule add from $AMPR_OUR_LAN table 44 priority 45
# Set AMPRNet routes
# * Default route out of AMPRNet is 169.228.34.84
# * Set local route for AMPRNet on local AMPRNet interface
ip route add default dev $TUN_INTERFACE via 169.228.34.84 onlink table 44
ip route add $AMPR_OUR_LAN dev $INT_INTERFACE table 44
# Rest of the routes are added dynamically by the AMPR-RIPD routing Daemon.
/usr/sbin/ampr-ripd -s -r -t 44 -i $TUN_INTERFACE -a $AMPR_OUR_LAN -p $PWD -L $LOCATION
and the ampr_stop.sh script
#!/bin/bash
NET_AMP="44.63.7.208/29"
NIC_AMP="enp2s0.44"
NIC_TUN="tunl0"
### DISABLE IP FORWARDING ###
sysctl -w net.ipv4.ip_forward=0
### Take the tunnel offline ###
ifconfig $NIC_TUN down
### Remove the table 44 routes ###
ip route delete default dev $NIC_TUN via 169.228.34.84 onlink table 44
# Deletes local 44 network from Table 44
#ip route delete $NET_AMP dev $NIC_AMP table 44
### STOPS THE ampr-ripd ROUTER DAMEON
killall -KILL ampr-ripd
73,
Chris - G1FEF
On 23 Apr 2024, at 09:23, KUN LIN <dnwk(a)linkun.info> wrote:
Hi Chris,
I should setup tunnel interference before running find_password.sh? I was following Linux
Gateway Examples on the wiki. I'm not quite sure how to setup the tunnel interference
before getting the passwords.
Could you point me to the right direction?
Thanks
Kun
________________________________
From: Chris <chris(a)ardc.net>
Sent: Tuesday, April 23, 2024 12:33 AM
To: KUN LIN
Subject: Re: [44net] Waiting for RIPv2 broadcasts
I can see your gateway is in the encap file, I am also receiving your route entry via RIP
44.16.2.64/27 via 23.94.xxx.xx dev tunl0 proto 44 onlink window 840
So you should be receiving the RIP broadcasts. Have you run ampr-ripd to get the password?
i.e. ampr-ripd -d -v -i ampr0
“ampr0” should be your tunnel interface.
Leave that running for 10 minutes and you should see the broadcasts coming through with
the password in plain text, you can then setup ampr-ripd to receive and process the encap
routes.
You can get more information here;
https://git.ampr.org/yo2loj/ampr-ripd
and here:
https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Linux
If you manage to get things running you can ping/traceroute to my gateway for testing:
44.63.7.215
73,
Chris - G1FEF
—
ARDC Administrator
Web:
https://www.ardc.net
On 23 Apr 2024, at 03:32, KUN LIN via 44net <44net(a)mailman.ampr.org> wrote:
I am trying to setup IPIP tunnel following instructions on wiki and can't move beyond
"waiting for RIPv2 broadcasts". When I run tcpdump, I do have something.
tcpdump -nni eth0 proto 4
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
18:15:00.559893 IP 169.228.34.84 > 23.94.*.*(my gateway ip): IP 44.0.0.1.520 >
224.0.0.9.520: RIPv2, Response, length: 504
18:15:39.222805 IP 79.190.68.116 > 23.94.*.*(my gateway ip): IP 0.0.0.0.5678 >
255.255.255.255.5678: UDP, length 103
So, it looks like I am getting some RIPv2 broadcast, but it doesn't seem like
ampr-ripd is processing these broadcasts?
Any help would be appricated.
Thanks
Kun Lin
_______________________________________________
44net mailing list -- 44net(a)mailman.ampr.org
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org