30 Jan
2021
30 Jan
'21
9:07 a.m.
If your gw sits on the internet directly (e.g. one of the interfaces has
your public gateway IP), then it should work without the -a parameter.
If it is behind a router, you need to add your gateway ip or host name
to the -a list.
Also, to be able to ping/reach 44.0.0.1 correctly via the public
internet, you should also have 44.0.0.1/32 added to that.
To suppress other subnets, you may add the EXACT ip/prefix length
combination, as defined by the portal.
Marius, YO2LOJ
On 30.01.2021 16:46, Lee D Bengston wrote:
Hi Marius,
I just realized my previous reply didn't go to the list. I did add
all of the FW rules documented in the Wiki and also added the new one
to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a rule
to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need to
specify something using the -a parameter in the script. I'm not sure
exactly what the example does being that it is simply a comma
separated list of subnets. Do I need to exclude my own /29 subnet
using this? (Below is the example from the Wiki.)
-a44.0.0.1/32 <http://44.0.0.1/32>,44.128.1.0/24,44.128.2.0/24,your.gw.com
<http://44.128.1.0/24,44.128.2.0/24,your.gw.com>
Thanks,
Lee K5DAT
On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius(a)yo2loj.ro
<mailto:marius@yo2loj.ro>> wrote:
Lee,
First of all, the password is hardcoded and the option ist there
to be
able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the
proper
firewall rules to allow incoming IPIP from eth0 as described in
'Router
preparation' and a rule accepting incoming data from the tunnels
(that
tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel
interface.
That one was missing in the firewall setup instructions, I added
it to
the instructions in the wiki.
Marius, YO2LOJ