Thank you for the testing. I think I have a routing problem. When I run traceroute for example whatismyip.ampr.org I got this:
traceroute to whatismyip.ampr.org (44.60.44.10), 30 hops max, 38 byte packets 1 1-140-80-80.filibe.net (80.80.140.1) 0.743 ms 0.693 ms 0.404 ms 2 GSR-core-2GE-600.langame.net (80.80.129.2) 0.753 ms 0.733 ms 0.677 ms 3 503.te4-2.cr1.pld1.evolink.net (85.14.14.137) 0.720 ms 0.695 ms 0.709 ms 4 85.14.12.121 (85.14.12.121) 3.002 ms 2.895 ms 2.950 ms 5 15.xe-0-0-0.br2.sof2.evolink.net (85.14.2.135) 2.435 ms 2.714 ms 2.974 ms 6 tge5-3.fr3.frf.llnw.net (80.81.192.221) 42.927 ms 33.891 ms 37.181 ms 7 tge14-4.fr4.ams.llnw.net (69.28.171.55) 40.161 ms tge1-2.fr4.ams.llnw.net (69.28.171.53) 39.632 ms tge14-4.fr4.ams.llnw.net (69.28.171.55) 52.890 ms 8 tge2-6.fr4.lga.llnw.net (69.28.189.49) 140.439 ms 136.071 ms 141.537 ms 9 tge1-2.fr4.ord.llnw.net (69.28.172.198) 155.376 ms 157.388 ms 149.420 ms 10 tge1-3.fr4.sjc.llnw.net (69.28.172.77) 204.094 ms 197.802 ms 199.940 ms 11 paix-px1--limelight-10ge.cenic.net (198.32.251.193) 206.979 ms 199.706 ms 205.965 ms 12 dc-lax-agg6--svl-agg4-100ge.cenic.net (137.164.11.0) 216.512 ms 210.496 ms 216.994 ms 13 dc-tus-agg3--lax-agg6-100ge.cenic.net (137.164.11.7) 204.699 ms 209.634 ms 202.669 ms 14 dc-sdg-agg4--tus-agg3-100ge.cenic.net (137.164.11.9) 216.637 ms 210.749 ms 217.236 ms 15 ucsd--sdg-agg4-10g-2.cenic.net (137.164.23.178) 211.123 ms 217.369 ms 211.643 ms 16 mcore-flow-bypass-mx0-p2p.ucsd.edu (132.239.254.61) 216.642 ms 221.172 ms 222.782 ms 17 ebu3b-6509-nodem-core-interconnect-vl910-bcast-255-131.ucsd.edu (132.239.255.131) 217.621 ms 211.944 ms 217.987 ms 18 amprgw.sysnet.ucsd.edu (169.228.66.251) 208.285 ms 214.444 ms 214.106 ms 19 * * * 20 * * * 21 * * * 22 kb3vwg-010.ampr.org (44.60.44.10) 282.457 ms 287.966 ms 280.894 ms
Routing table: #route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 1-140-80-80.fil 0.0.0.0 UG 0 0 0 eth0.2 44.185.22.0 * 255.255.255.224 U 0 0 0 br-amprlan 80.80.140.0 * 255.255.255.0 U 0 0 0 eth0.2 192.168.13.0 * 255.255.255.0 U 0 0 0 br-lan
I have done this setup on the openwrt device:
Custom Rules:
tunnel add tunl0 ip tunnel change tunl0 mode ipip ttl 64 pmtudisc ip link set tunl0 mtu 1480 up ip route add default dev tunl0 via 169.228.66.251 onlink proto 44 table 44 ./etc/config/ampr-ripd -p "password_is_here" -t 44 -a 44.185.22.0/27 #OPTIONAL LAN ### #ip rule add from 44.185.22.0/27 to 192.168.13.0/24 table main priority 22 #ADD A RULE FOR EVERY LOCAL AMPR SUBNET, RENUMBER 44-4X ACCORDINGLY) ip rule add to 44.185.22.0/27 table main priority 44 ###Add this after you create the AMPRLAN bridge, this ensures all traffic from AMPRLAN uses table 44 ip rule add dev br-amprlan table 44 priority 45 ### This ensures all traffic received on tunl0 uses table 44 ip rule add dev tunl0 table 44 priority 46 ### You must add an IP rule for all 44net IPs residing on the device ip rule add from 44.185.22.0/27 table 44 priority 47 ## Allows traceroute to respond using 44net IP of tunl0 or br-amprlan ## echo 1 > /proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr
I have:
"amprwan" device - unmanaged, it doesn't bring up on boot. It has its own firewall zone "ampr_wan" Input: Drop Output: Drop Forward: Drop connection tracking is on
"amprlan"device - bridge to VLAN eth0.3, static ip 44.185.22.1, netmask 255.255.255.224. Firewall zone ampr_lan Input: Accept Output: Accept Forward: Reject Allow forwarding to ampr_wan zone.
On traffic rules:
Accept Input: Any IP-ENCAP From any host in wan To any router IP on this device
Accept Input: Any UDP From IP 44.0.0.1 in ampr_wan with source port 520 To IP 224.0.0.9 at port 520 on this device
One of the ports of the switch is configured for VLAN eth0.3
Maybe I miss something and it would be nice if someone helps me.
Daff