Here is what I email out to my new AMPR users in the Silicon Valley region to help users do initial testing to confirm things will work or not. Give these testing steps a try and see if it works for you.
--David
-- Hello first name / callsign,
Welcome to AMPR! I have assigned you:
Subnet - 44.4.x.y/z
44.4.x.x : network 44.4.x.y-94 : host IPs 44.4.x.z : broadcast
You should receive an email shortly of this official acceptance from the AMPR Portal itself.
At this point, there are a few more things you to do before things will start working:
1. If you are going to use IPIP tunneling, You need to log into the AMPR portal and configure a gateway IP address. This IP address is your EXTERNALLY facing IPv4 address given to you by your ISP that will be used to route your AMPR IP or AMPR subnet via IPIP encapsulation. This will ideally be a static IP address from your service provider. IPIP (protocol 4) over IPv4 is the only supported encapsulation today and supported protocol today from the native AMPR system. If your ISP does not pass protocol-4 traffic or your ISP-provided hardware blocks this traffic (aka Comcast cablemodems, some consumer Wifi "routers", etc), you can configure your AMPR traffic to be received via other transports provided by other helpful HAMs. Some of these alternative transports include IPSEC, GRE, and PPTP.
2. If you wish to have your AMPR IPs or subnets able to receive periodic dynamic route updates to other AMPR IPIP-enabled station subnets (RIP routing) *or* directly receive traffic from the Internet to your AMPR IPs, additional action is required. Dynamic routing is an alternative to using static routes via the the encap_[date].txt file or loading the nexthop IP addresses yourself. You *must* create DNS records for the AMPR IPs that have been allocated to you to receive both the RIP updates as well as allow any traffic from Internet to reach your AMPR IPs. To get DNS entries created, reply to this email with a list of your AMPR IPs and your desired hostnames and/or other DNS records and I will configure them on your behalf. You CANNOT create / update / delete DNS entries yourself at this time due to AMPR portal limitations. For example, here is what you could email me for DNS entries though valid IPv4 or IPv6 records (A, AAAA, CNAME, MX, DKIM, TXT HINFO, etc). Here is an example of setting "bbs-n0call" and "backup-bbs-n0call" for the 44.4.10.280 and 44.4.10.281 IP addresses:
Record MX IP type weight hostname ------------:-------:------:----------------------- 44.4.10.280 : A : : bbs-n0call.ampr.org 44.4.10.280 : MX : 10 : bbs-n0call.ampr.org gw-n0call : CNAME : : bbs-n0call.ampr.org 44.4.10.281 : A : : backup-bbs-n0call.ampr.org
Please note: ------------ As mentioned above, DNS changes *CANNOT* be made by endusers via the AMPR portal or any other AMPR mechanism today. Only AMPR coordinators can do this at the moment. Please email me at amprgw@trinnet.net with what you want in your DNS records (example is above) and I'll configure that shortly.
3. If you're looking for some working AMPR IP addresses to ping or use other AMPR troubleshooting tools to help you get / confirm things are working, see the AMPR Services wiki (available via the Internet as well) at http://wiki.ampr.org/wiki/Services
4. IPIP tunneling: Many AMPR systems are only available via the IPIP tunneling mesh which is available to many systems including:
- Any Linux, FreeBSD based systems - NOSes like JNOS, BPQ32, etc. - Routers like Mikrotik, Cisco, Juniper, etc
See https://wiki.ampr.org/wiki/Main_Page for other device examples
5. Example IPIP compatibility testing with a Linux computer: Consider you want to see if your ISP does or doesn't block protocol 4 / IPIP traffic.
a. REQUIRED: Update the AMPR portal with the correct Internet IP address that will be terminating your IPIP tunnel.
b. RECOMMENDED: Send me (your AMPR coordinator) a hostname for at least one AMPR IP address you will want to receive traffic. I will enter these names into the reserve DNS interface.
c. Wait roughly 60 minutes until the IPIP mesh gets new routes for your information to propagate through the AMPR mesh network
d. On your intended system that will be the AMPR IPIP endpoint, run the command:
#Assuming eth0 is your uplink port tcpdump -nni eth0 proto 4
e. While tcpdump is running in one window on your Linux machine, open up a web browser using your standard Internet connection to:
http://yo2tm.ampr.org/nettools.php
Enter in the desired AMPR IP host address (not subnet address) you're using to terminate your IPIP connection and click on "IPv4 ping". If your ISP is properly forwarding you IPIP traffic, your AMPR gateway should see something like the following on the tcpdump window: -- 13:12:15.876817 IP 89.122.215.236 > 96.78.144.186: IP 44.182.21.1 > 44.4.10.40: ICMP echo request, id 37699, seq 1, length 64 (ipip-proto-4) 13:12:15.877272 IP 96.78.144.186 > 89.122.215.236: IP 44.4.10.40 > 44.182.21.1: ICMP echo reply, id 37699, seq 1, length 64 (ipip-proto-4) 13:12:16.876362 IP 89.122.215.236 > 96.78.144.186: IP 44.182.21.1 > 44.4.10.40: ICMP echo request, id 37699, seq 2, length 64 (ipip-proto-4) 13:12:16.876788 IP 96.78.144.186 > 89.122.215.236: IP 44.4.10.40 > 44.182.21.1: ICMP echo reply, id 37699, seq 2, length 64 (ipip-proto-4) 13:12:17.876889 IP 89.122.215.236 > 96.78.144.186: IP 44.182.21.1 > 44.4.10.40: ICMP echo request, id 37699, seq 3, length 64 (ipip-proto-4) -- ^^^^^^^^^^^^^^ ^^^^^^^^^^^^^ ^^^^^^^^^^^ ^^^^^^^^^^ yo2tm's public your public yo2tm's your Internet addr Internet addr AMPR addr AMPR addr
If you don't see traffic like that, you either probably didn't set your Internet gateway IP address on the AMPR portal correctly. Alternatively, your ISP is blocking IPIP traffic which isn't all that uncommon. There are ways around this with VPNs and what not so see the AMPR Wiki (details below).
4. If your AMPR IPs will be interacting with systems on the Internet, consider reaching out to GeoIP vendors like Maxmind and other vendors to get your new AMPR subnet properly located to your specific geographical region. Many systems on the Internet use GeoIP lookups to point you to the nearest systems for the best performance, lowest latency, etc.
5. It's recommended to join the AMPR email alias get updates on the network, any upcoming changes, maintenance windows, as well as be the best place to ask questions, etc. This is a low volume email list:
https://mailman.ampr.org/mailman/listinfo/44net
6. Once a year, you will receive an email requesting you to log into the AMPR portal just to confirm you want to keep your AMPR allocation. If you do not so, your allocation will eventually be released and put back into the available AMPR IP allocation pool.
Good luck and again, welcome to the AMPR system!
--David KI6ZHD Silicon Valley, CA AMPR Coordinator
--
On 09/27/2022 04:01 PM, Harold Kinchelow via 44net wrote:
Is there any easy way to see ipip is working in my ISP’s network?
One thing I did find is IPIP was not installed on my Debian 11 machine.
Thanks
Harold
K7ILO
*From: *Marius Petrescu marius@yo2loj.ro *Date: *Tuesday, September 27, 2022 at 2:21 PM *To: *k7ilo@outlook.com k7ilo@outlook.com, 44net@mailman.ampr.org 44net@mailman.ampr.org *Subject: *Re: [44net] ftp access to encap.txt
Harold,
Since the RIPv2 packets are sent IPIP encapsulated from amprgw to your registered gateway, it has nothing to do with your ISP blocking that port.
If your IPIP tunnels are working, so will the RIP delivery. On the other hand, if your ISP blocks IPIP (IP protocol 4), none of the tunnels will work and all efforts are futile.
Marius, YO2LOJ
On 28/09/2022 00:02, Harold via 44net wrote:
Hey gang. Kinda new here for Ive been dabbling with this for a few
years though. I have been trying to use the ampr-ripd daemon without any luck and have come to the conclusion that my ISP blocks port 520 which I believe is the port used.
With that said, i have also come to the conclusion that at this
time, the encap.txt file is still accessible via ftp from the portal.ampr.org.
Is "wget ftp://USER:PASSWORD@portal.ampr.org/encap.txt"
ftp://USER:PASSWORD@portal.ampr.org/encap.txt%22 a valid ftp solution and if so where is the USER:PASSWORD derived from?
Is it our user:password into the portal?
Thanks all
Harold K7ILO _______________________________________________ 44net mailing list -- 44net@mailman.ampr.org To unsubscribe send an email to 44net-leave@mailman.ampr.org
44net mailing list -- 44net@mailman.ampr.org To unsubscribe send an email to 44net-leave@mailman.ampr.org