Here is what I email out to my new AMPR users in the Silicon Valley region to help users do initial testing to confirm things will work or not.  Give these testing steps a try and see if it works for you.

--David


--
Hello first name / callsign,

Welcome to AMPR!  I have assigned you:

   Subnet - 44.4.x.y/z

   44.4.x.x    : network
   44.4.x.y-94 : host IPs
   44.4.x.z    : broadcast


You should receive an email shortly of this official acceptance from the AMPR Portal itself.

At this point, there are a few more things you to do before things will start working:

   1. If you are going to use IPIP tunneling, You need to log into the AMPR portal and
configure a gateway IP address.  This IP address is your EXTERNALLY facing IPv4 address
given to you by your ISP that will be used to route your AMPR IP or AMPR subnet via IPIP
encapsulation.  This will ideally be a static IP address from your service provider.
IPIP (protocol 4) over IPv4 is the only supported encapsulation today and supported
protocol today from the native AMPR system.  If your ISP does not pass protocol-4 traffic
or your ISP-provided hardware blocks this traffic (aka Comcast cablemodems, some consumer
Wifi "routers", etc), you can configure your AMPR traffic to be received via other
transports provided by other helpful HAMs.  Some of these alternative transports include
IPSEC, GRE, and PPTP.


   2. If you wish to have your AMPR IPs or subnets able to receive periodic dynamic route updates
to other AMPR IPIP-enabled station subnets (RIP routing) *or* directly receive traffic from the
Internet to your AMPR IPs, additional action is required.  Dynamic routing is an alternative to
using static routes via the the encap_[date].txt file or loading the nexthop IP addresses yourself.
You *must* create DNS records for the AMPR IPs that have been allocated to you to receive both the
RIP updates as well as allow any traffic from Internet to reach your AMPR IPs.  To get DNS entries
created, reply to this email with a list of your AMPR IPs and your desired hostnames and/or other
DNS records and I will configure them on your behalf.  You CANNOT create / update / delete DNS entries
yourself at this time due to AMPR portal limitations.  For example, here is what you could email me for
DNS entries though valid IPv4 or IPv6 records (A, AAAA, CNAME, MX, DKIM, TXT HINFO, etc).  Here is an
example of setting "bbs-n0call" and "backup-bbs-n0call" for the 44.4.10.280 and 44.4.10.281 IP addresses:

                 Record  MX
   IP            type    weight  hostname
   ------------:-------:------:-----------------------
   44.4.10.280 : A     :      : bbs-n0call.ampr.org
   44.4.10.280 : MX    :  10  : bbs-n0call.ampr.org
   gw-n0call   : CNAME :      : bbs-n0call.ampr.org
   44.4.10.281 : A     :      : backup-bbs-n0call.ampr.org



Please note:
------------
As mentioned above, DNS changes *CANNOT* be made by endusers via the AMPR portal or any other AMPR
mechanism today.  Only AMPR coordinators can do this at the moment.  Please email me at amprgw@trinnet.net
with what you want in your DNS records (example is above) and I'll configure that shortly.


   3. If you're looking for some working AMPR IP addresses to ping or use other AMPR troubleshooting tools
      to help you get / confirm things are working, see the AMPR Services wiki (available via
      the Internet as well) at http://wiki.ampr.org/wiki/Services


   4. IPIP tunneling:  Many AMPR systems are only available via the IPIP tunneling mesh which is available
      to many systems including:

         - Any Linux, FreeBSD based systems
         - NOSes like JNOS, BPQ32, etc.
         - Routers like Mikrotik, Cisco, Juniper, etc

      See https://wiki.ampr.org/wiki/Main_Page for other device examples


   5. Example IPIP compatibility testing with a Linux computer: Consider you want to see if your ISP does or
      doesn't block protocol 4 / IPIP traffic.

         a. REQUIRED: Update the AMPR portal with the correct Internet IP address that will be terminating
                      your IPIP tunnel.

         b. RECOMMENDED: Send me (your AMPR coordinator) a hostname for at least one AMPR IP address you will
            want to receive traffic.  I will enter these names into the reserve DNS interface.

         c. Wait roughly 60 minutes until the IPIP mesh gets new routes for your information to propagate
            through the AMPR mesh network

         d. On your intended system that will be the AMPR IPIP endpoint, run the command:

            #Assuming eth0 is your uplink port
            tcpdump -nni eth0 proto 4

         e. While tcpdump is running in one window on your Linux machine, open up a web browser using your
            standard Internet connection to:

               http://yo2tm.ampr.org/nettools.php


            Enter in the desired AMPR IP host address (not subnet address) you're using to terminate your
            IPIP connection and click on "IPv4 ping".  If your ISP is properly forwarding you IPIP traffic,
            your AMPR gateway should see something like the following on the tcpdump window:
            --
            13:12:15.876817 IP 89.122.215.236 > 96.78.144.186: IP 44.182.21.1 > 44.4.10.40: ICMP echo request, id 37699, seq 1, length 64 (ipip-proto-4)
            13:12:15.877272 IP 96.78.144.186 > 89.122.215.236: IP 44.4.10.40 > 44.182.21.1: ICMP echo reply, id 37699, seq 1, length 64 (ipip-proto-4)
            13:12:16.876362 IP 89.122.215.236 > 96.78.144.186: IP 44.182.21.1 > 44.4.10.40: ICMP echo request, id 37699, seq 2, length 64 (ipip-proto-4)
            13:12:16.876788 IP 96.78.144.186 > 89.122.215.236: IP 44.4.10.40 > 44.182.21.1: ICMP echo reply, id 37699, seq 2, length 64 (ipip-proto-4)
            13:12:17.876889 IP 89.122.215.236 > 96.78.144.186: IP 44.182.21.1 > 44.4.10.40: ICMP echo request, id 37699, seq 3, length 64 (ipip-proto-4)
            --
                               ^^^^^^^^^^^^^^   ^^^^^^^^^^^^^     ^^^^^^^^^^^   ^^^^^^^^^^
                               yo2tm's public   your public       yo2tm's       your
                               Internet addr    Internet addr     AMPR addr     AMPR addr

            If you don't see traffic like that, you either probably didn't set your Internet gateway IP
            address on the AMPR portal correctly.  Alternatively, your ISP is blocking IPIP traffic which
            isn't all that uncommon.  There are ways around this with VPNs and what not so see the AMPR
            Wiki (details below).


   4. If your AMPR IPs will be interacting with systems on the Internet, consider reaching out
      to GeoIP vendors like Maxmind and other vendors to get your new AMPR subnet properly located to
      your specific geographical region.  Many systems on the Internet use GeoIP lookups to
      point you to the nearest systems for the best performance, lowest latency, etc.


   5. It's recommended to join the AMPR email alias get updates on the network, any upcoming
      changes, maintenance windows, as well as be the best place to ask questions, etc.  This
      is a low volume email list:

         https://mailman.ampr.org/mailman/listinfo/44net


   6. Once a year, you will receive an email requesting you to log into the AMPR portal just
      to confirm you want to keep your AMPR allocation.  If you do not so, your allocation
      will eventually be released and put back into the available AMPR IP allocation pool.


Good luck and again, welcome to the AMPR system!

--David
KI6ZHD
Silicon Valley, CA AMPR Coordinator

--


On 09/27/2022 04:01 PM, Harold Kinchelow via 44net wrote:

Is there any easy way to see ipip is working in my ISP’s network?

One thing I did find is IPIP was not installed on my Debian 11 machine.

 

Thanks

 

Harold

K7ILO

 

From: Marius Petrescu <marius@yo2loj.ro>
Date: Tuesday, September 27, 2022 at 2:21 PM
To: k7ilo@outlook.com <k7ilo@outlook.com>, 44net@mailman.ampr.org <44net@mailman.ampr.org>
Subject: Re: [44net] ftp access to encap.txt

Harold,

Since the RIPv2 packets are sent IPIP encapsulated from amprgw to your
registered gateway, it has nothing to do with your ISP blocking that port.

If your IPIP tunnels are working, so will the RIP delivery. On the other
hand, if your ISP blocks IPIP (IP protocol 4), none of the tunnels will
work and all efforts are futile.

Marius, YO2LOJ


On 28/09/2022 00:02, Harold via 44net wrote:
> Hey gang.  Kinda new here for Ive been dabbling with this for a few years though.  I have been trying to use the ampr-ripd daemon without any luck and have come to the conclusion that my ISP blocks port 520 which I believe is the port used.
>
> With that said, i have also come to the conclusion that at this time, the encap.txt file is still accessible via ftp from the portal.ampr.org.
> Is "wget ftp://USER:PASSWORD@portal.ampr.org/encap.txt" a valid ftp solution and if so where is the USER:PASSWORD derived from?
> Is it our user:password into the portal?
>
> Thanks all
>
> Harold K7ILO
> _______________________________________________
> 44net mailing list -- 44net@mailman.ampr.org
> To unsubscribe send an email to 44net-leave@mailman.ampr.org



_______________________________________________
44net mailing list -- 44net@mailman.ampr.org
To unsubscribe send an email to 44net-leave@mailman.ampr.org