On Jan 15, 2021, at 12:19, pete M via 44Net
<44net(a)mailman.ampr.org> wrote:
Thnaks Nate for the help.
# ip route show
default via 207.246.122.1 dev ens3
44.135.59.0/24 dev tun0 proto kernel scope link src 44.135.59.1
169.254.169.254 via 207.246.122.1 dev ens3
207.246.122.0/23 dev ens3 proto kernel scope link src 207.246.122.57
I have fixed the mixe up in the fact that ens3 and tun0 had the 44.135.59.0/24 assigned
to them both
traceroute from a windows 10 machine (french so dont worry about the strange words ;-)
tracert 8.8.8.8
Détermination de l’itinéraire vers 8.8.8.8 avec un maximum de 30 sauts.
1 20 ms 18 ms 21 ms 44.135.59.1
2 * * * Délai d’attente de la demande dépassé.
3 * * * Délai d’attente de la demande dépassé.
4 * * * Délai d’attente de la demande dépassé.
5 * * * Délai d’attente de la demande dépassé.
6 * * * Délai d’attente de la demande dépassé.
7 * * * Délai d’attente de la demande dépassé.
8 * * * Délai d’attente de la demande dépassé.
9 * * * Délai d’attente de la demande dépassé.
10 * * * Délai d’attente de la demande dépassé.
I have ipv4.ip_forward = 1 in /etc/sysctl.conf
________________________________________
De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de la part de Nate
Sales via 44Net <44net(a)mailman.ampr.org>
Envoyé : 15 janvier 2021 11:53
À : 44net(a)mailman.ampr.org
Cc : Nate Sales
Objet : Re: [44net] BGP/openvpn finally all ok.
By outside connectivity, do you mean egress only? In either case,
please provide a traceroute sourced from an address within your 44net
block so we can see where things are going wrong. Also, do a "ip route"
so we can check the routing table to make sure everything is in order.
Nate
KJ7DMC
On Fri, 2021-01-15 at 16:23 +0000, pete M via
44Net wrote:
Well It looks like I still have a problem.
When I connect to my openvpn server it works. BUT I have no
connection to the outside world.
here is my output of my iptable.
iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt
in out source destination
1937 332K ACCEPT udp
-- ens3 any anywhere anywhere udp
dpt:openvpn
3 180 ACCEPT all
-- tun0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt
in out source destination
979 94816 ACCEPT all
-- tun0 ens3 anywhere anywhere
0 0 ACCEPT all
-- ens3 tun0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt
in out source destination
and here is my network adress state:
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff
inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic
ens3
valid_lft 85194sec preferred_lft 85194sec
inet 44.135.59.1/32 brd 44.135.59.1 scope global ens3
valid_lft forever preferred_lft forever
inet6 fe80::5400:2ff:fefc:bdba/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq
state UNKNOWN group default qlen 100
link/none
inet 44.135.59.1/24 brd 44.135.59.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::cd3f:6e0a:55e:e9ac/64 scope link stable-privacy
valid_lft forever preferred_lft forever
Bird show my route advertised properly.
Anyone can help?
________________________________________
De : pete M <petem001(a)hotmail.com>
Envoyé : 15 décembre 2020 17:40
À : James Colderwood via 44Net
Objet : BGP/openvpn finally all ok.
I want to thanks all that helped with the setup of my vultr vps with
BGP and openvpn to distribute the /24 that was assigned to me.
I played a lot with the openvpn and wireguard software up to a point
I had to redo the whole install of the VPS.
here is the receipy I have been able to use for the task. I am
running a Debian10 that was updated to the latest software
First I have use the tutorial at
https://www.vultr.com/docs/configuring-bgp-on-vultr
Be aware that on my version of bird I was not able to open the
"/var/log/bird.log" files because of a propriatary right. the file
belongned to root and it was supposed to belong to bird it is a known
bug that I hope will be fixed soon.
this helped me create that information into my bird.conf
-------------------------------------------------------------------
-----------
log "/var/log/bird.log" all;
router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps
protocol device
{
scan time 60;
}
protocol static
{
route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned
/24 from ampr and the ipv4 from your vps
}
protocol bgp vultr
{
local as yyyyyyyyyyy; this is the private asn given to you by
vultr and availble on your dashboard on
myvultr.com for your vps
source address xxx.xxx.xxx.xxx;
import none;
export all;
graceful restart on;
next hop self;
multihop 2;
neighbor 169.254.169.254 as 64515;
password "YourSecretPassword" ;
}
-------------------------------------------------------------------
-----------
On the openvpn side of thing I have use the install script from
angristan available at
https://github.com/angristan/openvpn-install
just followed the instruction and all was good.
from there I changed some things on my network at
etc/network/interfaces
-------------------------------------------------------------------
-------
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto ens3
allow-hotplug ens3
iface ens3 inet dhcp
iface ens3 inet static
address 44.135.59.1/32
---------------------------------------------------------------------
the last line point at the first address of my /24 put yours into
your file.
then on the openvpn server I changed into the server.conf file only
one line
the file is at /etc/openvpn/server.conf
i switched the server line from
server 10.8.0.0 255.255.255.0
to
server 44.135.59.0 255.255.255.0
the 44 address is my /24 put yours if you follow my exemple.
that's it!
it was not that complicated. But I had to dig a bit to understand
the whole thing.
My next step will be to split my /24 in parts. one section will be
for the single connections like now, but I want to have connection
that are like blocks of /28 or /29.
I know I will have to make another instence of the openvpn server
That is the part that is the less clear for me yet. The conf file is
more clear. As I want to strat and stop each instence easily I will
have to make a new starting script for systemd And that is where I
will need to read more.
If this helps someone I will be happy!
If you see a problem with my setup please let me know!
Pierre
VE2PF
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org