I am attempting to get connected from VyOS, and I seem to have several
pieces in place, but I am not able to ping any hosts across any IPIP
tunnels.
I can ping
amprgw.ucsd.edu across the public Internet. I have configured a
`tun44` interface. I have ampr-ripd running, and it receives updates every
five minutes. The resulting routes appear in my routing table, and if I do
`ip route get` on 44-net hosts, it shows them routing through my `tun44`
interface. But if I try to ping 44-net hosts or access them at all, I get
timeouts.
What might I be missing?
My gateway public IP is 155.138.247.113. My allocated subnet is
44.31.64.1/27.
I created a firewall group named ALLOW-ALL with a default rule set to
'accept' just to rule that out for troubleshooting.
Tunnel interface configuration:
tunnel tun44 {
address 44.31.64.1/32
description AMPRNET
disable-link-detect
encapsulation ipip
firewall {
in {
name ALLOW-ALL
}
local {
name ALLOW-ALL
}
out {
name ALLOW-ALL
}
}
mtu 1450
multicast enable
remote 0.0.0.0
source-address 155.138.247.113
}
ampr-ripd startup output:
root@vyos:/home/vyos# ampr-ripd -svd -i tun44
Using metric 0 for routes.
Using TCP window 840 for routes.
Using routing table 'main' (254).
Loaded 738 entries from /var/lib/ampr-ripd/encap.txt
Max list size: 1000 entries
Detected tunnel interface address: 44.31.64.1
Interface detected: lo, IP: 127.0.0.1
Interface detected: eth0, IP: 155.138.247.113
Interface detected: tunl0, IP: 0.0.0.0
Interface detected: tun44, IP: 44.31.64.1
Assigned tunnel interface index: 5
Local IPs:
127.0.0.1
155.138.247.113
44.31.64.1
Using gateway 155.138.246.1 for direct 44net endpoints via interface eth0.
Setting routes (738).
Creating multicast RIP UDP listening socket.
Setting up multicast interface.
Waiting for RIPv2 broadcasts...
Broadcasts eventually start appearing.
Before I run ampr-ripd, here's the route I get for 44.0.0.1 — over the
public Internet:
44.0.0.1 via 155.138.246.1 dev eth0 src 155.138.247.113 uid 0
And I can ping 44.0.0.1 in this state.
After I run ampr-ripd, here's the route to 44.0.0.1 — over the tunnel:
44.0.0.1 via 169.228.34.84 dev tun44 src 44.31.64.1 uid 1003
And I can no longer ping 44.0.0.1 — it just times out:
vyos@vyos:~$ ping 44.0.0.1 interface tun44
PING 44.0.0.1 (44.0.0.1) from 44.31.64.1 tun44: 56(84)
bytes of data.
^C
--- 44.0.0.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 88ms
This is all on VyOS 1.3 equuleus (Debian buster), hosted at Vultr.
Any ideas, or other troubleshooting suggestions?
Thanks very much!