Here is what is working great for me at vultr, for IRLP repeaters. I am doing this twice, using OpenVPN. Once in Chicago for North America, and a second instance in Sydney (North America and Australia have the bulk of the IRLP network).
My Sydney interfaces file and routing table below.
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo iface lo inet loopback
allow-hotplug ens3 iface ens3 inet dhcp #iface ens3 inet6 auto up /sbin/ip addr add 44.136.33.1/24 dev ens3 up /sbin/ip route add 0.0.0.0/1 via 44.136.33.1 dev ens3 up /sbin/ip route add 128.0.0.0/1 via 44.136.33.1 dev ens3
iface ens3:1 inet static iface ens3:2 inet static up /sbin/ip addr add 192.168.168.1/32 dev ens3:1 up /sbin/ip addr add 172.23.168.1/32 dev ens3:2
root@server4:~# ifconfig ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 149.28.163.64 netmask 255.255.254.0 broadcast 149.28.163.255 inet6 fe80::5400:2ff:fe4e:dcb1 prefixlen 64 scopeid 0x20<link> ether 56:00:02:4e:dc:b1 txqueuelen 1000 (Ethernet) RX packets 613089025 bytes 92170994578 (85.8 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 392296914 bytes 89720106151 (83.5 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens3:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.168.1 netmask 255.255.255.255 broadcast 192.168.168.255 ether 56:00:02:4e:dc:b1 txqueuelen 1000 (Ethernet)
ens3:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.23.168.1 netmask 255.255.255.255 broadcast 172.23.255.255 ether 56:00:02:4e:dc:b1 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 74751 bytes 4597613 (4.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 74751 bytes 4597613 (4.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 44.136.33.1 netmask 255.255.255.255 destination 44.136.33.2 inet6 fe80::e299:1a4f:9831:8248 prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC) RX packets 103033849 bytes 17211100391 (16.0 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 347861887 bytes 46690629693 (43.4 GiB) TX errors 0 dropped 39777 overruns 0 carrier 0 collisions 0
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface44.136.33.0 149.28.162.0 0.0.0.0 255.255.254.0 U 0 0 0 ens3 44.136.33.2 0.0.0.0 255.255.255.0 UG 0 0 0 tun0 44.136.33.0 0.0.0.0 255.255.255.0 U 0 0 0 ens3 44.136.33.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 0.0.0.0 44.136.33.1 128.0.0.0 UG 0 0 0 ens3 128.0.0.0 44.136.33.1 128.0.0.0 UG 0 0 0 ens3 0.0.0.0 149.28.162.1 0.0.0.0 UG 0 0 0 ens3 169.254.169.254 149.28.162.1 255.255.255.255 UGH 0 0 0 ens3
(I edited the order of the routes above, for easier read)
The two private addresses (192.168.168.1 and 172.23.168.1) were added so our users could configure a test to determine if their tunnel was still up. All the public addresses are accessible with or without the tunnel operating. The only way you can get to either one of private addresses though, is over a working tunnel.
Regarding OpenVPN, take a look at https://pivpn.io. PiVPN was designed to run on a Raspberry Pi, but it works fine on any Debian 9. It makes managing key assignments a real snap.
We have roughly 250 repeaters around the world using this solution to keep their repeaters in the network, most often using cellular for Internet access.
-Dave K9DC Indianapolis
On Nov 22, 2020, at 20:55, pete M via 44Net 44net@mailman.ampr.org wrote:
Hi I finally got my bpg annonce working, bird do works i have 2 interface on the machine,
when I list my route I have this:
route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 207.246.122.1 0.0.0.0 UG 0 0 0 ens3 44.135.59.0 0.0.0.0 255.255.255.0 U 0 0 0 dummy1 169.254.169.254 207.246.122.1 255.255.255.255 UGH 0 0 0 ens3 207.246.122.0 0.0.0.0 255.255.254.0 U 0 0 0 ens3
Now my next thing is to have an openvpn server so that the client can use address from the /24 as there ip adress to the world. (openvpn is a vpn solution, but if you have other/better solution I am open).
one little other thing. will the connection by the vpn be limited to one ip address by tunel or can I specify the number of address available by client configuration?
one other thing, is there a dashboard to control/monitor by a web interface a server like openvpn?
thanks
Pierre VE2PF
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net