5 Aug
2015
5 Aug
'15
3:16 p.m.
Subject:
Re: [44net] New Linux Boot Scripts for Testing
From:
Gustavo Ponza <g.ponza(a)tin.it>
Date:
08/05/2015 01:52 AM
To:
44net(a)hamradio.ucsd.edu
The following is the routing situation seen from here; the 44.137 IPIP routes
result correctly addressed toward the commercial GW IP addresses according
to the above statements.
The routes are collected from the gw.ampr.org and so only that setup there.
Now, as per my understanding, all the whole 44.137 GWs should be setup
on the same way of that (above) pingable GWs to be reached via tunl0.
root@ir0rm-7:/# route -n|grep 44.137
44.137.2.138 84.106.127.22 255.255.255.255 UGH 0 0 0 tunl0
44.137.24.1 88.159.160.228 255.255.255.255 UGH 0 0 0 tunl0
44.137.24.5 89.18.172.156 255.255.255.255 UGH 0 0 0 tunl0
44.137.25.62 88.159.83.58 255.255.255.255 UGH 0 0 0 tunl0
44.137.32.50 84.83.147.249 255.255.255.255 UGH 0 0 0 tunl0
44.137.0.49 77.175.246.216 255.255.255.255 UGH 0 0 0 tunl0
44.137.40.2 89.18.172.156 255.255.255.255 UGH 0 0 0 tunl0
44.137.40.1 89.18.172.156 255.255.255.255 UGH 0 0 0 tunl0
44.137.40.10 89.18.172.155 255.255.255.255 UGH 0 0 0 tunl0
44.137.40.20 89.18.172.155 255.255.255.255 UGH 0 0 0 tunl0
44.137.1.160 46.21.164.170 255.255.255.240 UG 0 0 0 tunl0
44.137.1.208 195.240.133.194 255.255.255.240 UG 0 0 0 tunl0
44.137.33.16 84.83.147.249 255.255.255.240 UG 0 0 0 tunl0
44.137.33.32 62.45.244.128 255.255.255.240 UG 0 0 0 tunl0
44.137.51.64 130.255.72.61 255.255.255.240 UG 0 0 0 tunl0
44.137.37.160 82.161.55.187 255.255.255.240 UG 0 0 0 tunl0
44.137.37.176 82.139.110.195 255.255.255.240 UG 0 0 0 tunl0
44.137.37.192 31.151.69.80 255.255.255.240 UG 0 0 0 tunl0
44.137.41.128 83.160.55.17 255.255.255.240 UG 0 0 0 tunl0
44.137.27.112 88.159.160.228 255.255.255.240 UG 0 0 0 tunl0
44.137.31.32 82.176.45.37 255.255.255.240 UG 0 0 0 tunl0
44.137.0.0 213.222.29.194 255.255.0.0 UG 0 0 0 tunl0
That is correct, Gus. The above list except the last line are routes to individuals that
are directly on
the IPIP tunnel mesh. The last line is a route for everyone in NL that is not on the IPIP
mesh, via a
gateway system that is both on IPIP and BGP and also routes to radio networks inside the
country.
The address 44.137.41.97 is on such a radio network, so you get the route to 44.137.0.0
(because
it does not appear in the list of more specific entries) and from there via 2 more hops to
my station.
I think there is no problem with this routing, but the fact that I cannot reach some
stations even though
all routing is correct is caused by problems with home routers. Some people are behind NAT
routers
providerd by their ISP, and they have difficulty forwarding the IPIP packets we are using.
Some of
those routers incorrectly apply stateful firewall rules to (part of) the IPIP incoming
traffic. When such
a user sends traffic outward, the router puts the temporary rule in place that allows
incoming traffic
from the tunnel endpoint they route to, and the link works both ways. But when the first
traffic is
from outside, the IPIP packet never makes it through the router and there is no reply.
I have been trying to help a local user who has this problem, and it looks like IPIP is
just not possible
with them. At least not when the user wants to accept incoming connections.
The strange thing is that it appears to work from some systems, and not from others. I
have not yet
found a clue why this is. Others?
Rob
For example, 44.137.41.97 should be pingable via
that endpoint. When doing a traceroute,
you should see a couple more hops after the tunnel that are radio hops.
That IP address doesn't appear on the above list but it is positively
pingable