Re: [44net] EdgeRouter Lite (and probably others) full tunnel setup

Ok, I've run the steps and have some info to report... but first I'll give you my setup. 1. I'm on a NAT behind a pfSense. I do this to shield the AMPR external interface from brute forcers. It worked very well when I ran a linux gateway and it also worked well when I ran my gateway on a Raspberry Pi. 2. I have very old Edgerouter Lite. I bought it in the 2013 - 2014 timeframe. I tried to update firmware and I'm on 1.10.8 (Nov 2018). --- Info to pass: 1. At step two I had to change: Config Tree → system → repository → add “debian” → Update List To Config Tree → system→ package → repository → add “debian” → Update List 2. At step three I changed a couple of typos: apt-get install ampr-rip to apt-get install ampr-ripd Also. The killall ampr-ripd command produced no result. It gave me "Operation not supported". I ran ps-ax and fond ampr-ripd was not running. The service directory was /lib/systemd/service instead of /lib/system so I deleted the added service at /lib/systemd/service/ampr-ripd.service. I'm still experimenting here and will report back tomorrow evening central US time. --tom, n2xu On 2/20/19, 3:33 PM, "44Net on behalf of Marius Petrescu" &lt;44net-bounces+tomc=gulfmail.net(a)mailman.ampr.org on behalf of marius(a)yo2loj.ro&gt; wrote: Hello everyone there with some EdgeRouters available, As promised, here the complete gateway setup for you to try :-) At the moment, it is using ampr-ripd 1.15 (no support for BGP tunnel endpoints in the 44net space, i will update in the bear future)... It should also land in the Wiki, I assume... Have fun, Marius, YO2LOJ EdgeRouter AMPR Configuration Prerequisites: - Make sure to upgrade to firmware 2.0.0 or later. - You have a running, configured internet connection and full access to the router - Make sure to secure your router by setting appropriate firewall rules 1. Add tunnel interface - Config Tree → add tun44 → Update List - tun44: address: <your AMPR gw address>*/32* description: AMPR GW encapsulation: ipip local-ip: <your public gw IP> remote-ip: *0.0.0.0* - Press Preview ans Apply 2. Add debian stretch repository - Config Tree → system → repository → add “debian” → Update List - debian: components: main contrib non-free distribution: stretch url: http://http.us.debian.org/debian - Press Preview ans Apply 3. Install ampr-ripd Open CLI - become superuser: sudo su - update packets: apt-get update - install ampr-ripd: apt-get install ampr-rip - kill the now running daemon: killall ampr-ripd - delete the added service entry: cd /lib/systemd rm ampr-ripd.service - create the route cache folder: cd /var/lib mkdir ampr-ripd 4. Create the daemon startup script: cd /config/scripts/post-config.d touch ampr.sh chmod +x ampr.sh 5. Edit the created script using vi: vi ampr.sh (first press insert to go into edit mode) /#!/bin/sh/ // /MY_IP=`ip addr list dev tun44 | grep inet | awk '{print $2}'`/ // /ip rule add from $MY_IP table default/ // /ip rule add to 44.0.0.0/8 table default/ // /ampr-ripd -s -t default -i tun44 -m 90 -a 44.1.2.3/32/ (press ESC followed by :wq to save the file and exit vi) Important: if your router is connected via NAS you need to edit the -a parameter to suite your network to be excluded. If the router is directly connected, it will autodetect its IPs, so the parameter can be omitted. Also add any local networks to be excluded as you need. 6. run the script: ./ampr.sh To check, use ip route list table default You should get a lot of routes there... Now it is time to restart your router and check everything is ok. 7. Now you can add your needed subnets on vlans or a second interface. Enjoy. _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net