3 Aug
2013
3 Aug
'13
9:32 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
You may re-use your gateway's internal AMPRnet address on the tunl0
interface but using a /32 netmask.
Let assume you have 3 interfaces eth0 (towards internet), eth1 (local
AMPRnet LAN), tunl0 (IPIP full mesh). Your local AMPRnet LAN uses the
network 44.a.b.0/24 and eth1 has been assigned 44.a.b.1/24. You may
then assign 44.a.b.1/32 to tunl0.
That way packets originating on your local gateway routed via then
tunl0 will have the origin 44.a.b.1/32 and other AMPRnet stations will
be able to reply to 44.a.b.1 .
The network 44.a.b.0/24 is routed to your gateway anyway, which cover
44.a.b.1/32.
As long as you don't bridge eth1 and tunl0 everything will be fine.
One of my startampr has these first lines:
########################################
### ENABLE IPIP TUNNEL INTERFACE tunl0 ###
### you must enable the tunnel before specifying routes using the
tunnel
modprobe ipip
ip addr add 44.161.229.1/32 dev tunl0
### gives tunnel its own TTL of 64 enabling traceroute over tunnel
ip tunnel change ttl 64 mode ipip tunl0
ip link set dev tunl0 up
My eth1 also uses that IP address:
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff
inet 44.161.229.1/25 brd 44.161.229.127 scope global eth1
73 de Marc, LX1DUC
On 03/08/2013 15:17, Marius Petrescu wrote:
(Please trim inclusions from previous messages)
_______________________________________________ Hi Lynwood,
The source address of the packages to be encapsulated has to be
your ampr address. Only the IPIP outer envelope is NAT-ed. NAT
doesn't care about the data content of the IP frame which in this
case is another IP frame. So a correct ipip frame is something
like this:
[Ip header from external interface/local interface to be nat-ed to
gateway proto 4][ip header from local ampr address to remote ampr
address proto 1, 6 or 17][tcp/udp/icmp header] ...payload...
[checksums]
This is what you should see on your external interface (nate-ed or
not).
Marius.
-----Original Message----- From:
44net-bounces+marius=yo2loj.ro(a)hamradio.ucsd.edu
[mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On
Behalf Of lleachii(a)aol.com Sent: Saturday, August 03, 2013 15:54
To: 44net(a)hamradio.ucsd.edu Subject: Re: [44net] ipip tunnel
(Please trim inclusions from previous messages)
_______________________________________________ Marius,
My tunl0 IP address is currently 44.60.44.2/24; please test and
update us.
You noted that you cannot reach http://44.60.44.13/startampr Is
that from the public Internet as well? It may help if you could
review the script, so we'll be discussing the same configuration.
Also, I've confirmed that my tunnel is encapsulating with the
correct source (192.168.x.x - which is NATed to my public IP) and
destination IP addresses (the destination 44Gateway in my route
table). My gateway DOESN'T use the tunl0 IP address unless I enter
'ping -i tunl0' on the console.
Thanks to all who troubleshoot, we've been trying to understand
why we have issues between some gateways for quite some time.
-Lynwood KB3VWG
On 08/02/2013 06:37 PM, marius(a)yo2loj.ro wrote:
------------------------------------------------------------------------
No matter the architecture (which I can not see because it doesn't
work) there shall either be a tunnel endpoint with a
44 source
address or a regular private route. Not a tunnel end point with a
private source address.
Marius.
-------------- next part -------------- An HTML attachment was
scrubbed... URL:
<http://hamradio.ucsd.edu/mailman/private/44net/attachments/20130803/47f501e
6/attachment.html>
_________________________________________ 44Net
mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
http://www.ampr.org/donate.html
_________________________________________ 44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
http://www.ampr.org/donate.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJR/QaDAAoJEHFIN1T8ZA8vCBMP/1vy0Q+SyGCo4jgd0XyXx5xc
UJln/WtxdZ4V/rw/fpuowjbAfBD7iLYjlmwyyYYNsc+vg+0SkAZwRGIYiUxFO3Ce
Wps/kFqiPV4pzZhg3JKzJjn5npQU/x5ITdeNop/IBQz0E27ot1tak8q9xfwH0xpE
E9CJrNI2kFVcThbeTNsfIHLIiJCoRGBzXus84L8MIHF9sVWjATrTWak1yd1CPpNm
aaQqFqQE36R+NwXXTqy7LZYsD/8Q0I2Bwt2RGJJUvRSVP2p/42lKq6x/aCzUJOHK
h4eH0wE2GPjtsf6mdgfgSpLABPTEP7bqlc16MCSxDcPZdvBJ4DO/lTEHpY1IhSHJ
r78YYeI77wMZZMZ68Sr3dDGZLV5mXhGamDe1jY/jCJPWIGN6dhq/Oo2bQ4UmafW0
YIMcCsplSCIeiJYr7SVE5GXmTmmYxHwbccFxzG7xCnVAZfl15YHlhWOjFGOPpDOr
Nk5PSkjKdhWZNtV4HBP5KAKl3DOG/q+dLwSW4tjxokXTE6pzLG9tK0+j6YFMWks9
nfE9+oXXvhqMROypSI+SFVivmgxQpUVJS/r8O0gPDjn11PUYuvSBjtphzBMHxBfg
PWjala+MiKnkYvdKAYAt5HGOrYnCPqKXqkMkdqfWJfidOtCOzEPcP0dWb1+/2ov7
FcffKNmzuexsCgjK/oA4
=ASp8
-----END PGP SIGNATURE-----