I have two Windows hosts that will be roaming onto other networks. I have been using a /32 tunnelled address and OpenVPN. Looks like OpenVPN is the easiest to reply on the client (Windows) side.
The idea is to use interior routing where possible and resort to tunnelling only for the few sites that are not on the same network.
Still, I am having trouble getting the IPIP tunnels to come up. I am not sure if this is because of the fact that I am also BGP routed, or whether this is because I am doing something wrong.
Sorry this is rather lengthy, I did truncate command output to limit to what’s relevant. My assigned address space is 44.135.197.0/24, the gateway public IP is 64.184.193.14. I created a gateway in the portal for that with both “direct” and “ipip” checked off.
This what I am doing to get IPIP up on Linux:
ip tunnel add ampr0 mode ipip local 64.184.193.14 ttl 255 ip link set dev ampr0 up ifconfig ampr0 multicast ip addr add 44.135.197.253/32 dev ampr0 ip rule add to 44.0.0.0/8 table 44 priority 44 ip rule add from 44.0.0.0/8 table 44 priority 45 ./ampr-ripd -t 44 -i ampr0 -d -v -p <secret pwd>
Ifconfig shows my ampr0 interface properly
ampr0 Link encap:IPIP Tunnel HWaddr inet addr:44.135.197.253 Mask:255.255.255.255 UP RUNNING NOARP MULTICAST MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
My routing table looks ok, not sure why the 44.0.0.0/8 source route would be needed, but the few example I’ve seen all have it.
root@amprnetgw:~# ip rule show 0: from all lookup local 44: from all to 44.0.0.0/8 lookup 44 45: from 44.0.0.0/8 lookup 44 32766: from all lookup main 32767: from all lookup default
The ripd daemon populated the table
root@amprnetgw:~# ip route show table 44 | head -5 44.2.2.0/24 via 24.52.189.1 dev ampr0 proto 44 onlink window 840 44.2.5.0/25 via 176.183.139.74 dev ampr0 proto 44 onlink window 840 44.2.10.0/29 via 104.49.12.130 dev ampr0 proto 44 onlink window 840 44.2.14.0/29 via 50.79.156.221 dev ampr0 proto 44 onlink window 840 44.2.50.0/29 via 75.140.109.173 dev ampr0 proto 44 onlink window 840
Bt no go pinging various amor.org hosts:
root@amprnetgw:~# ping -c 3 f4gve.ampr.org PING f4gve.ampr.org (44.151.74.102) 56(84) bytes of data.
--- f4gve.ampr.org ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2015ms
Looking at what’s happening with tcpdump, I see packets going out via ampr0, but it almost looks like something unrecognizable coming back???
On ampr0 I see packet going out and “defective” replies:
root@amprnetgw:~/ampr_tun_docs/src# tcpdump -i ampr0 -n tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ampr0, link-type RAW (Raw IP), capture size 262144 bytes 08:41:16.537532 IP truncated-ip - 26540 bytes missing! 151.80.196.50 > 169.228.66.251: ip-proto-4 08:41:17.396730 IP 44.135.197.253 > 44.151.74.102: ICMP echo request, id 9059, seq 23, length 64 08:41:17.545379 IP truncated-ip - 26540 bytes missing! 151.80.196.50 > 169.228.66.251: ip-proto-4 08:41:18.404691 IP 44.135.197.253 > 44.151.74.102: ICMP echo request, id 9059, seq 24, length 64
On eth0 I see replies
root@amprnetgw:~/ampr_tun_docs/src# tcpdump -i eth0 -n host 169.228.66.251 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 08:40:59.409308 IP 169.228.66.251 > 64.184.193.14: IP truncated-ip - 26540 bytes missing! 151.80.196.50 > 169.228.66.251: ip-proto-4 (ipip-proto-4) 08:41:00.417480 IP 169.228.66.251 > 64.184.193.14: IP truncated-ip - 26540 bytes missing! 151.80.196.50 > 169.228.66.251: ip-proto-4 (ipip-proto-4) 08:41:01.416735 IP 169.228.66.251 > 64.184.193.14: IP truncated-ip - 26540 bytes missing! 151.80.196.50 > 169.228.66.251: ip-proto-4 (ipip-proto-4)
It almost looks like I am seeing encapsulated packets coming in over the tunnel interface? Per routing table 151.80.196.50 is the gateway for f4gve.ampr.org/44.151.74.102.
root@amprnetgw:~# ip route show table 44 | grep 151.80.196.50 44.151.74.102 via 151.80.196.50 dev ampr0 proto 44 onlink window 840
Thanks, Adi VA3ADI