[44net] IPIP mesh with VyOS on Vultr

I am attempting to get connected from VyOS, and I seem to have several pieces in place, but I am not able to ping any hosts across any IPIP tunnels.

I can ping amprgw.ucsd.edu across the public Internet. I have configured a `tun44` interface. I have ampr-ripd running, and it receives updates every five minutes. The resulting routes appear in my routing table, and if I do `ip route get` on 44-net hosts, it shows them routing through my `tun44` interface. But if I try to ping 44-net hosts or access them at all, I get timeouts.

What might I be missing?

My gateway public IP is 155.138.247.113. My allocated subnet is 44.31.64.1/27.

I created a firewall group named ALLOW-ALL with a default rule set to 'accept' just to rule that out for troubleshooting.

Tunnel interface configuration:

tunnel tun44 {

 address 44.31.64.1/32
 description AMPRNET
 disable-link-detect
 encapsulation ipip
 firewall {
     in {
         name ALLOW-ALL
     }
     local {
         name ALLOW-ALL
     }
     out {
         name ALLOW-ALL
     }
 }
 mtu 1450
 multicast enable
 remote 0.0.0.0
 source-address 155.138.247.113

}

ampr-ripd startup output:

root@vyos:/home/vyos# ampr-ripd -svd -i tun44

Using metric 0 for routes. Using TCP window 840 for routes. Using routing table 'main' (254). Loaded 738 entries from /var/lib/ampr-ripd/encap.txt Max list size: 1000 entries Detected tunnel interface address: 44.31.64.1 Interface detected: lo, IP: 127.0.0.1 Interface detected: eth0, IP: 155.138.247.113 Interface detected: tunl0, IP: 0.0.0.0 Interface detected: tun44, IP: 44.31.64.1 Assigned tunnel interface index: 5 Local IPs: 127.0.0.1 155.138.247.113 44.31.64.1 Using gateway 155.138.246.1 for direct 44net endpoints via interface eth0. Setting routes (738). Creating multicast RIP UDP listening socket. Setting up multicast interface. Waiting for RIPv2 broadcasts...

Broadcasts eventually start appearing.

Before I run ampr-ripd, here's the route I get for 44.0.0.1 — over the public Internet:

44.0.0.1 via 155.138.246.1 dev eth0 src 155.138.247.113 uid 0

And I can ping 44.0.0.1 in this state.

After I run ampr-ripd, here's the route to 44.0.0.1 — over the tunnel:

44.0.0.1 via 169.228.34.84 dev tun44 src 44.31.64.1 uid 1003

And I can no longer ping 44.0.0.1 — it just times out:

vyos@vyos:~$ ping 44.0.0.1 interface tun44

PING 44.0.0.1 (44.0.0.1) from 44.31.64.1 tun44: 56(84) bytes of data. ^C --- 44.0.0.1 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 88ms

This is all on VyOS 1.3 equuleus (Debian buster), hosted at Vultr.

Any ideas, or other troubleshooting suggestions?

Thanks very much!