Hi Chris
Thank you. I am able to bring up the tunnel.
Kun
From: Chris <chris@ardc.net>
Sent: Tuesday, April 23, 2024 2:42
To: 44Net general discussion <44net@mailman.ampr.org>
Cc: KUN LIN <dnwk@linkun.info>
Subject: Re: [44net] Waiting for RIPv2 broadcasts
 
Hi Kun,

The RIP broadcasts are sent as encapsulated multicast packets over the tunnel from the UCSD gateway server on 44.0.0.1 to your tunnel endpoint, so you need the tunnel setup before RIP44d can receive these broadcasts.

I am assuming you are using some flavour of Linux as your gateway machine, if so as a minimum you would need to:

modprobe ipip

ip addr add 44.x.x.x dev tunl0

ip link set dev tunl0 up


where 44.x.x.x is your tunnel endpoint IP.

Then you can run the find_pass.sh script, which is just a one liner:

ampr-ripd -d -v -i tunl0

I use Debian 12 and this is how I have my gateway setup, hope it helps...
I use systemd to start everything up automatically after a reboot: /etc/systemd/system/amprgw.service

[Unit]

Description=AMPRNet

After=network-online.target

Wants=network-online.target



[Service]

Type=oneshot

RemainAfterExit=true

ExecStart=/usr/local/bin/ampr_start.sh

ExecStop=/usr/local/bin/ampr_stop.sh


[Install]

WantedBy=multi-user.target


After creating this file you need to run “systemctl daemon-reload” followed by “systemctl enable amprgw” and “systemctl start amprgw”

Here is the ampr_start.sh script:

#!/bin/sh


PWD=“<the RIP44d password>"


LOCATION="G1FEF@IO91mk"


AMPR_OUR_LAN="44.63.7.208/29"

AMPR_OUR_TUN="44.63.7.215"

EXT_INTERFACE="enp1s0"

INT_INTERFACE="enp2s0"

TUN_INTERFACE="tunl0"


# Enable IP Forwarding

sysctl -w net.ipv4.ip_forward=1


# Enable IPIP tunnel and interface

modprobe ipip

ip addr add $AMPR_OUR_TUN dev $TUN_INTERFACE


# Set some tunnel interface options

#    * Give the tunnel its own TTL of 64 hops enabling traceroute over the tunnel

#    * Bring up the interface

#    * Set the tunnel MTU

ip tunnel change ttl 64 mode ipip $TUN_INTERFACE

ip link set dev $TUN_INTERFACE up

ifconfig $TUN_INTERFACE mtu 1480


# Set AMPRNet routing table rules

#    * Any packets from any AMPRNet space use routing table 44

#    * Any packets from my AMPRNet space use routing table 44

ip rule add to 44.0.0.0/9 table 44 priority 44

ip rule add to 44.128.0.0/10 table 44 priority 44

ip rule add from $AMPR_OUR_LAN table 44 priority 45


# Set AMPRNet routes

#   * Default route out of AMPRNet is 169.228.34.84

#   * Set local route for AMPRNet on local AMPRNet interface

ip route add default dev $TUN_INTERFACE via 169.228.34.84 onlink table 44

ip route add $AMPR_OUR_LAN dev $INT_INTERFACE table 44


# Rest of the routes are added dynamically by the AMPR-RIPD routing Daemon.

/usr/sbin/ampr-ripd -s -r -t 44 -i $TUN_INTERFACE -a $AMPR_OUR_LAN -p $PWD -L $LOCATION


and the ampr_stop.sh script

#!/bin/bash


NET_AMP="44.63.7.208/29"

NIC_AMP="enp2s0.44"

NIC_TUN="tunl0"


### DISABLE IP FORWARDING ###

sysctl -w net.ipv4.ip_forward=0


### Take the tunnel offline ###

ifconfig $NIC_TUN down


### Remove the table 44 routes ###

ip route delete default dev $NIC_TUN via 169.228.34.84 onlink table 44


# Deletes local 44 network from Table 44

#ip route delete $NET_AMP dev $NIC_AMP table 44


### STOPS THE ampr-ripd ROUTER DAMEON

killall -KILL ampr-ripd


73,
Chris - G1FEF



On 23 Apr 2024, at 09:23, KUN LIN <dnwk@linkun.info> wrote:

Hi Chris,
I should setup tunnel interference before running find_password.sh? I was following Linux Gateway Examples on the wiki. I'm not quite sure how to setup the tunnel interference before getting the passwords.
Could you point me to the right direction?
Thanks 
Kun


From: Chris <chris@ardc.net>
Sent: Tuesday, April 23, 2024 12:33 AM
To: KUN LIN
Subject: Re: [44net] Waiting for RIPv2 broadcasts

I can see your gateway is in the encap file, I am also receiving your route entry via RIP

44.16.2.64/27 via 23.94.xxx.xx dev tunl0 proto 44 onlink window 840 

So you should be receiving the RIP broadcasts. Have you run ampr-ripd to get the password? i.e. ampr-ripd -d -v -i ampr0
“ampr0” should be your tunnel interface.

Leave that running for 10 minutes and you should see the broadcasts coming through with the password in plain text, you can then setup ampr-ripd to receive and process the encap routes.

You can get more information here; https://git.ampr.org/yo2loj/ampr-ripd

If you manage to get things running you can ping/traceroute to my gateway for testing: 44.63.7.215
73,
Chris - G1FEF

ARDC Administrator

Web: https://www.ardc.net


On 23 Apr 2024, at 03:32, KUN LIN via 44net <44net@mailman.ampr.org> wrote:

I am trying to setup IPIP tunnel following instructions on wiki and can't move beyond "waiting for RIPv2 broadcasts". When I run tcpdump, I do have something.


tcpdump -nni eth0 proto 4

tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
18:15:00.559893 IP 169.228.34.84 > 23.94.*.*(my gateway ip): IP 44.0.0.1.520 > 224.0.0.9.520: RIPv2, Response, length: 504
18:15:39.222805 IP 79.190.68.116 > 23.94.*.*(my gateway ip): IP 0.0.0.0.5678 > 255.255.255.255.5678: UDP, length 103

So, it looks like I am getting some RIPv2 broadcast, but it doesn't seem like ampr-ripd is processing these broadcasts?

Any help would be appricated.
Thanks
Kun Lin
_______________________________________________
44net mailing list -- 44net@mailman.ampr.org
To unsubscribe send an email to 44net-leave@mailman.ampr.org