[44net] Problems with ampr-ripd on EdgeRouter X

Hello! Here's my setup and problem. I originally setup my ER-X (successfully) using the "Setting up a gateway on Ubiquiti EdgeRouter" instructions. I was able to interact with the AMPR gateway, but discovered that I of course couldn't access the various other 44net subnets. So I decided to switch to the instructions under "Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X". I believe I did a good job of "unrolling" the changes from the first instructions. I removed my previous 'tun0' interface, associated firewall rules, etc (basically, anything I created in the first set of instructions, I removed, and have verified via the ER-X config tree). Then I created my IP-IP tunnel setup using the second set of instructions. Here's what I have: My modem to the outside world is my AT&T Uverse DSL modem. I have it in DMZplus mode where the ER-X (which lives 'behind' the modem) is actually assigned the external IP of 23.118.163.99. All traffic for any port should get pushed to the ER-X. eth0 on the ER-X is the WAN connection to the modem. eth1/3/4 go to various other home network VLANs. eth2 is configured for my 44net subnet (44.46.1.56/29). The router is 44.46.1.57. I have one host (a Raspberry Pi) on the subnet at 44.46.1.62. DNS for kc4upr.ampr.org is mapped to 44.46.1.62; I do not have a DNS entry for the router itself (don't know if that's a problem???). tun44 is setup per the instructions, with the address as 44.46.1.57/29, the local-ip as 23.118.163.99, the remote-ip as 0.0.0.0, and encapsulation as ipip. I have the firewall rules configured per the instructions. I downloaded and installed ampr-ripd; the only tweak I made to the ampr.sh script was to add "-L KC4UPR@EM48qr" (I did not add any -a entries). I also installed the status wizard. Checking the status wizard, I see that the ripd daemon is running, and there are 737 routes. I see 4 sensible static routes, 5 bypass routes that I assume make sense, and then a bunch of AMPR routes that look similar to what comes out of the encap.txt file. I do see that my status and location show up correctly at http://www.yo2loj.ro/ampr-map/, and that my status is updating every 5 minutes per the ampr-ripd daemon. I looked at the source code, and verified that the way that the script "phones home" is via IP 44.182.21.1. So "something" on my system must be able to actually access 44net, right??? Here are my problem observations, however: - I cannot seem to access anything on 44net, whether via my Raspberry Pi or directly from the router. Pings never return, and traceroute all ends at the router (44.46.1.57). - Looking at my firewall policies, reviewing the stats, 0 packets/bytes have been processed by my "allow ipip from wan" rule for the wan-local policy (it's the first rule). Zero (0) packets whatsoever have been processed by either my 44Net-in or 44Net-local policies. So clearly something is not right there... - I ran 'show ip route' on the router. There are 4 routes associated with 44Net: 1 for my subnet, connected to eth2. One for the router itself, connected to tun44. The other two routes are for 44.0.0.0/9 and 44.128.0.0/10, both via 169.228.34.84; both marked 'inactive' (is that a problem?). - I also ran 'show interfaces tunnel tun44'. It shows lots of TX bytes, but 0 RX bytes. - Also, I noticed that on the ER-X 'Routing' page, I can filter on 'RIP'. There are no routes under RIP... should it be that way? Obviously my tunnel isn't working (even though I somehow still update location???). Any thoughts? Thanks, Rob KC4UPR -- scrape.sdf.org