30 Jan
2021
30 Jan
'21
1:03 p.m.
I'm having a similar issue as Lee.
I'm wondering if all the steps are in the two wiki articles?
I've tried both using a single erX( with a public IP on WAN) and hanging
a 2nd erX off one of my NAT erX and I get the same issue.
When I do a traceroute I'm going through UCSD, my IP shows as my 44
subnet (using IPchicken etc), I can ping but the RIP routes do not seem
to populate the tables.
Either I'm misreading the instructions (which is probably and highly
possible) or I'm missing something.
I did notice in
<https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter>
that the WAN_IN & WAN_LOCAL rulesets seem off.
"There should be two rulesets
o WAN_IN
o WAN_LOCAL
For each rule, press the actions button on the right and select the
interfaces option.
• Press the + Add Interface button.
•_Select tun0 as the interface and select in as the direction._ <-- I
don't think the erX will allow tun0 to point to 'IN' for both WAN_IN &
WAN_LOCAL. (should it be WAN_IN --> IN, WAN_LOCAL --> LOCAL)
• Finish by pressing the Save Ruleset button."
When I run ampr.sh from the CLI I get the following error ' Error:
argument "fe80::5efe:c0a8:11e/64" is wrong: Failed to parse rule type'
converting that MAC gives me 192.168.1.30 which is the "DMZd" WAN IP of
the erX that ampr-rip is running on.
73, Andrew K1YMI
On 1/30/21 10:07 AM, Marius Petrescu via 44Net wrote:
If your gw sits on the internet directly (e.g. one of
the interfaces
has your public gateway IP), then it should work without the -a
parameter.
If it is behind a router, you need to add your gateway ip or host name
to the -a list.
Also, to be able to ping/reach 44.0.0.1 correctly via the public
internet, you should also have 44.0.0.1/32 added to that.
To suppress other subnets, you may add the EXACT ip/prefix length
combination, as defined by the portal.
Marius, YO2LOJ
On 30.01.2021 16:46, Lee D Bengston wrote:
Hi Marius,
I just realized my previous reply didn't go to the list. I did add
all of the FW rules documented in the Wiki and also added the new one
to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a rule
to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need to
specify something using the -a parameter in the script. I'm not sure
exactly what the example does being that it is simply a comma
separated list of subnets. Do I need to exclude my own /29 subnet
using this? (Below is the example from the Wiki.)
-a44.0.0.1/32
<http://44.0.0.1/32>,44.128.1.0/24,44.128.2.0/24,your.gw.com
<http://44.128.1.0/24,44.128.2.0/24,your.gw.com>
Thanks,
Lee K5DAT
On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius(a)yo2loj.ro
<mailto:marius@yo2loj.ro>> wrote:
Lee,
First of all, the password is hardcoded and the option ist there
to be
able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the
proper
firewall rules to allow incoming IPIP from eth0 as described in
'Router
preparation' and a rule accepting incoming data from the tunnels
(that
tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel
interface.
That one was missing in the firewall setup instructions, I added
it to
the instructions in the wiki.
Marius, YO2LOJ
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net