-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
You may re-use your gateway's internal AMPRnet address on the tunl0 interface but using a /32 netmask.
Let assume you have 3 interfaces eth0 (towards internet), eth1 (local AMPRnet LAN), tunl0 (IPIP full mesh). Your local AMPRnet LAN uses the network 44.a.b.0/24 and eth1 has been assigned 44.a.b.1/24. You may then assign 44.a.b.1/32 to tunl0.
That way packets originating on your local gateway routed via then tunl0 will have the origin 44.a.b.1/32 and other AMPRnet stations will be able to reply to 44.a.b.1 .
The network 44.a.b.0/24 is routed to your gateway anyway, which cover 44.a.b.1/32.
As long as you don't bridge eth1 and tunl0 everything will be fine.
One of my startampr has these first lines:
######################################## ### ENABLE IPIP TUNNEL INTERFACE tunl0 ### ### you must enable the tunnel before specifying routes using the tunnel modprobe ipip ip addr add 44.161.229.1/32 dev tunl0 ### gives tunnel its own TTL of 64 enabling traceroute over tunnel ip tunnel change ttl 64 mode ipip tunl0 ip link set dev tunl0 up
My eth1 also uses that IP address:
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff inet 44.161.229.1/25 brd 44.161.229.127 scope global eth1
73 de Marc, LX1DUC
On 03/08/2013 15:17, Marius Petrescu wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hi Lynwood,
The source address of the packages to be encapsulated has to be your ampr address. Only the IPIP outer envelope is NAT-ed. NAT doesn't care about the data content of the IP frame which in this case is another IP frame. So a correct ipip frame is something like this:
[Ip header from external interface/local interface to be nat-ed to gateway proto 4][ip header from local ampr address to remote ampr address proto 1, 6 or 17][tcp/udp/icmp header] ...payload... [checksums]
This is what you should see on your external interface (nate-ed or not).
Marius.
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of lleachii@aol.com Sent: Saturday, August 03, 2013 15:54 To: 44net@hamradio.ucsd.edu Subject: Re: [44net] ipip tunnel
(Please trim inclusions from previous messages) _______________________________________________ Marius,
My tunl0 IP address is currently 44.60.44.2/24; please test and update us.
You noted that you cannot reach http://44.60.44.13/startampr Is that from the public Internet as well? It may help if you could review the script, so we'll be discussing the same configuration.
Also, I've confirmed that my tunnel is encapsulating with the correct source (192.168.x.x - which is NATed to my public IP) and destination IP addresses (the destination 44Gateway in my route table). My gateway DOESN'T use the tunl0 IP address unless I enter 'ping -i tunl0' on the console.
Thanks to all who troubleshoot, we've been trying to understand why we have issues between some gateways for quite some time.
-Lynwood KB3VWG
On 08/02/2013 06:37 PM, marius@yo2loj.ro wrote:
No matter the architecture (which I can not see because it doesn't
work) there shall either be a tunnel endpoint with a 44 source address or a regular private route. Not a tunnel end point with a private source address.
Marius.
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://hamradio.ucsd.edu/mailman/private/44net/attachments/20130803/47f501e
6/attachment.html>
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html