4 Nov
2021
4 Nov
'21
4:35 p.m.
See my comments below in bold. Thanks.
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf of Marius
Petrescu via 44Net <44net(a)mailman.ampr.org>
Sent: Thursday, November 4, 2021 14:25
To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org>
Cc: Marius Petrescu <marius(a)yo2loj.ro>
Subject: Re: [44net] Tunnel setup help: Debian 11
Kun,
I think you got the whole concept wrong.
1. you need yo configure a network interface with your public IP I am configuring it on
my public IP. Interface ens3 is the interface with public IP. I create an interface
ens3:1 with my AMPR IP
2. You need to register that public IP wit the portal I have setup my public IP with
amprportal
3. After 30 min or so, on that public IP you need to receive IP proto 4 The find_pass.sh
could receive the password bradcast now
traffic, at least the once every 5 minutes (the RIP broadcasts)
4. Next you need to set up a point to multipoint tunnel interface I have setup a script
to create the IPIP tunnel. Attached below. Let me know if something isn't right.
5. You need to run ampr-ripd on that tunnel interface to receive the RIP
broadcasts. Ampr-ripd will set up all your additional routes as defined
in its command parameters
6. you need to setup a local networtk interface according to your
allocation, where the gateway will forward the 44-net trafic to local
machines
So in your case you may listen to ens3 as long as you wish.
The correct command to check for RIPv2 messages is:
ampr-ripd -d -v -i ampr0 Where is the ampr0 interface come from. I could create one in
/etc/network/interface. I only have one network interface.
The incoming ampr0 traffic is seen on the interface ampr0, not on
ens3... Ens3 in your setup is for connecting your local machines...
Marius, YO2LOJ
-- rc.local
###
## Create AMPRNet Tunnel and routing
##
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.0.168/29 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at UCSD
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for <SecretPassword>
# Put your static IP you received from your ISP here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p <thepassword I received>
--/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens3
iface ens3 inet dhcp
auto ens3:1
iface ens3:1 inet static
address 44.26.0.168
netmask 255.255.255.248
On 04/11/2021 23:15, KUN LIN via 44Net wrote:
Yes. I am trying this on a buyvm vps.
When I run sudo tcpdump -i ens3 -vvv host amprgw.ucsd.edu
This is what I got:
tcpdump: listening on ens3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
So it does look like something is blocking it?
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf of Steve L
via 44Net <44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
I have configured the public IP in the AMPR
portal as gateway.
If you just did this, wait a while like a half hour.
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at Waiting for RIPv2 broadcasts... and never retrieve a
password.
You don't need to run the find password script or specify a password
if you are using ampr-ripd above version 1.14 (its hardcoded in the
program). But I do believe even if you run that, it should retrieve
it.
I usually start off really stripped down, with all firewall stuff off
till I know I am receiving the protocol 4 rip broadcasts.
Do you see anything with tcpdump ?
tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
If not, then something upstream is blocking protocol 4 from reaching
you. Seems like it might be outside of your home if your configuring
the interface directly with a public IP
In the iptables world, here is the ipencap (protocol 4) syntax:
iptables -A INPUT -p 4 -j ACCEPT
On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net <44net(a)mailman.ampr.org> wrote:
> I have been trying to configure the AMPRtunnel for a while without success. Could
someone please point me to the right direction.
>
> I am running Debian 11 with public IP. I have configured the public IP in the AMPR
portal as gateway.
>
> I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
>
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at Waiting for RIPv2 broadcasts... and never retrieve a
password.
>
> Here is what I have done so far.
>
> in /etc/network/interfaces, I added
>
> auto ens3:1
> iface ens3:1 inet static
> address 44.26.0.168
> netmask 255.255.255.248
>
> Then I created ipip tunnel using following commands
>
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
> ip link set dev ampr0 up
> ifconfig ampr0 multicast
> ip rule add to 44.0.0.0/8 table 44 priority 44
> ip rule add from 44.26.0.168/29 table 44 priority 45
> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
> ip route add 44.26.0.168/29 dev ens3 table 44
>
> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to plug into lat
command
> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p <SecretPassword>
>
> However, the find_password.sh stopped at waiting for ripv2 broadcast. Here is the
logs for command
>
> Using metric 0 for routes.
> Using TCP window 840 for routes.
> Using gateway 209.141.42.1 for direct 44net endpoints via interface ens3.
> Waiting for RIPv2 broadcasts...
>
> Any idea on what am I doing wrong?
> Thanks
>
> Kun
>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net