Re: [44net] EdgeRouter Lite (and probably others) full tunnel setup

On Feb 21, 2019, at 9:01 AM, Tom Cardinal &lt;tomc(a)gulfmail.net&gt; wrote: Please don’t take my edits as criticism, I’m trying to help and was not sure if my firmware version contained a different file system structure. I’ve used your scripts before and they are awesome. I told the system to use the stretch repository so I’m probably broken... I’ll do a system reset when I get home this evening and retry using the Jessie repository. I’m finally starting to get comfortable on this platform, avoided doing so in the past because I didn’t want to brick it. Thank you for working with me on this Marius. I’ll send an update before I turn in for the night. — tom Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+ > On Feb 21, 2019, at 1:52 AM, Marius Petrescu &lt;marius(a)yo2loj.ro&gt; wrote: > > Tnx Tom, > > I wrote up those tings partly fom memory. so errors are possible. > > Regarding 1.10.8: They updated from "jessie" to "stretch" when releasing 2.0.0. > > So there may be some differences, like in the installing of the services. In stretch, the service launches automatically on install. > > I also was not sure if ampr-ripd was in the jessie repository, but it seems it is, which makes this possible on 1.10.8, too. > > Question: did you use the stretch or the jessie repository for the update? > > > I will recheck the document and correct the information. > > >> On 21.02.2019 07:28, Tom Cardinal via 44Net wrote: >> Ok, I've run the steps and have some info to report... but first I'll give you my setup. >> >> 1. I'm on a NAT behind a pfSense. I do this to shield the AMPR external interface from brute forcers. It worked very well when I ran a linux gateway and it also worked well when I ran my gateway on a Raspberry Pi. >> >> 2. I have very old Edgerouter Lite. I bought it in the 2013 - 2014 timeframe. I tried to update firmware and I'm on 1.10.8 (Nov 2018). >> >> --- >> Info to pass: >> >> 1. At step two I had to change: >> >> Config Tree → system → repository → add “debian” → Update List >> >> To >> >> Config Tree → system→ package → repository → add “debian” → Update List >> >> 2. At step three >> >> I changed a couple of typos: >> >> apt-get install ampr-rip >> >> to >> >> apt-get install ampr-ripd >> >> Also. The killall ampr-ripd command produced no result. It gave me "Operation not supported". I ran ps-ax and fond ampr-ripd was not running. >> >> The service directory was /lib/systemd/service instead of /lib/system so I deleted the added service at /lib/systemd/service/ampr-ripd.service. >> >> I'm still experimenting here and will report back tomorrow evening central US time. >> >> --tom, n2xu >> >> On 2/20/19, 3:33 PM, "44Net on behalf of Marius Petrescu" &lt;44net-bounces+tomc=gulfmail.net(a)mailman.ampr.org on behalf of marius(a)yo2loj.ro&gt; wrote: >> >> Hello everyone there with some EdgeRouters available, >> As promised, here the complete gateway setup for you to try :-) >> At the moment, it is using ampr-ripd 1.15 (no support for BGP tunnel >> endpoints in the 44net space, i will update in the bear future)... >> It should also land in the Wiki, I assume... >> Have fun, >> Marius, YO2LOJ >> EdgeRouter AMPR Configuration >> Prerequisites: >> - Make sure to upgrade to firmware 2.0.0 or later. >> - You have a running, configured internet connection and full access to >> the router >> - Make sure to secure your router by setting appropriate firewall rules >> 1. Add tunnel interface >> - Config Tree → add tun44 → Update List >> - tun44: >> address: <your AMPR gw address>*/32* >> description: AMPR GW >> encapsulation: ipip >> local-ip: <your public gw IP> >> remote-ip: *0.0.0.0* >> - Press Preview ans Apply >> 2. Add debian stretch repository >> - Config Tree → system → repository → add “debian” → Update List >> - debian: >> components: main contrib non-free >> distribution: stretch >> url: http://http.us.debian.org/debian >> - Press Preview ans Apply >> 3. Install ampr-ripd >> Open CLI >> - become superuser: >> sudo su >> - update packets: >> apt-get update >> - install ampr-ripd: >> apt-get install ampr-rip >> - kill the now running daemon: >> killall ampr-ripd >> - delete the added service entry: >> cd /lib/systemd >> rm ampr-ripd.service >> - create the route cache folder: >> cd /var/lib >> mkdir ampr-ripd >> 4. Create the daemon startup script: >> cd /config/scripts/post-config.d >> touch ampr.sh >> chmod +x ampr.sh >> 5. Edit the created script using vi: >> vi ampr.sh >> (first press insert to go into edit mode) >> /#!/bin/sh/ >> // >> /MY_IP=`ip addr list dev tun44 | grep inet | awk '{print $2}'`/ >> // >> /ip rule add from $MY_IP table default/ >> // >> /ip rule add to 44.0.0.0/8 table default/ >> // >> /ampr-ripd -s -t default -i tun44 -m 90 -a 44.1.2.3/32/ >> (press ESC followed by :wq to save the file and exit vi) >> Important: if your router is connected via NAS you need to edit the -a >> parameter to suite your network to be excluded. If the router is >> directly connected, it will autodetect its IPs, so the parameter can be >> omitted. Also add any local networks to be excluded as you need. >> 6. run the script: >> ./ampr.sh >> To check, use >> ip route list table default >> You should get a lot of routes there... >> Now it is time to restart your router and check everything is ok. >> 7. Now you can add your needed subnets on vlans or a second interface. >> Enjoy. >> _________________________________________ >> 44Net mailing list >> 44Net(a)mailman.ampr.org >> https://mailman.ampr.org/mailman/listinfo/44net >> >> >> >> _________________________________________ >> 44Net mailing list >> 44Net(a)mailman.ampr.org >> https://mailman.ampr.org/mailman/listinfo/44net > _________________________________________ > 44Net mailing list > 44Net(a)mailman.ampr.org > https://mailman.ampr.org/mailman/listinfo/44net