31 Jan
2021
31 Jan
'21
3:07 a.m.
Andrew,
I never took the IPv6 into consideration, since all tunnels use only
IPv4, and need a fixed WAN IP allocation (because of the mandatory fixed
tunnel endpoint), so there is no actual need to support any IPv6 on the
WAN port.
I assume that for a dynamic GW ip there could be some internal NAT based
solution but I did not check further.
Marius, YO2LOJ
On 31.01.2021 04:07, Andrew Pepper wrote:
Marius,
Thanks for looking at it.
One thing I just found is in the ampr.sh script. When it does the grep
for "inet" if the erX is enabled for ipv4 and ipv6 enabled it greps both.
The grep produces a response for "inet" & "inet6". I changed the
grep
to [grep -w "inet"] which causes it to only respond with the inet IP.
That removed the "failed to parse rule" error I was getting when the
script was ran. Still no routes .. but another step closer... maybe.
73 Andrew K1YMI
On 1/30/21 8:54 PM, Marius Petrescu wrote:
It may be wrong, since part of it was written
from memory.
I will revise all the data in the wiki page.
Marius, YO2LOJ
On 30.01.2021 21:03, Andrew Pepper via 44Net wrote:
> I'm having a similar issue as Lee.
>
> I'm wondering if all the steps are in the two wiki articles?
>
> I've tried both using a single erX( with a public IP on WAN) and
> hanging a 2nd erX off one of my NAT erX and I get the same issue.
>
> When I do a traceroute I'm going through UCSD, my IP shows as my 44
> subnet (using IPchicken etc), I can ping but the RIP routes do not
> seem to populate the tables.
>
> Either I'm misreading the instructions (which is probably and highly
> possible) or I'm missing something.
>
>
> I did notice in
> <https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter>
> that the WAN_IN & WAN_LOCAL rulesets seem off.
>
> "There should be two rulesets
>
> o WAN_IN
> o WAN_LOCAL
>
> For each rule, press the actions button on the right and select the
> interfaces option.
>
> • Press the + Add Interface button.
> •_Select tun0 as the interface and select in as the
> direction._ <-- I don't think the erX will allow tun0 to point to
> 'IN' for both WAN_IN & WAN_LOCAL. (should it be WAN_IN --> IN,
> WAN_LOCAL --> LOCAL)
> • Finish by pressing the Save Ruleset button."
>
>
> When I run ampr.sh from the CLI I get the following error ' Error:
> argument "fe80::5efe:c0a8:11e/64" is wrong: Failed to parse rule type'
>
> converting that MAC gives me 192.168.1.30 which is the "DMZd" WAN IP
> of the erX that ampr-rip is running on.
>
>
> 73, Andrew K1YMI
>
>
> On 1/30/21 10:07 AM, Marius Petrescu via 44Net wrote:
>> If your gw sits on the internet directly (e.g. one of the
>> interfaces has your public gateway IP), then it should work without
>> the -a parameter.
>>
>> If it is behind a router, you need to add your gateway ip or host
>> name to the -a list.
>>
>> Also, to be able to ping/reach 44.0.0.1 correctly via the public
>> internet, you should also have 44.0.0.1/32 added to that.
>>
>> To suppress other subnets, you may add the EXACT ip/prefix length
>> combination, as defined by the portal.
>>
>> Marius, YO2LOJ
>>
>> On 30.01.2021 16:46, Lee D Bengston wrote:
>>> Hi Marius,
>>>
>>> I just realized my previous reply didn't go to the list. I did add
>>> all of the FW rules documented in the Wiki and also added the new
>>> one to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a
>>> rule to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need
>>> to specify something using the -a parameter in the script. I'm
>>> not sure exactly what the example does being that it is simply a
>>> comma separated list of subnets. Do I need to exclude my own /29
>>> subnet using this? (Below is the example from the Wiki.)
>>> -a44.0.0.1/32
>>> <http://44.0.0.1/32>,44.128.1.0/24,44.128.2.0/24,your.gw.com
>>> <http://44.128.1.0/24,44.128.2.0/24,your.gw.com>
>>> Thanks,
>>> Lee K5DAT
>>>
>>> On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius(a)yo2loj.ro
>>> <mailto:marius@yo2loj.ro>> wrote:
>>>
>>> Lee,
>>>
>>> First of all, the password is hardcoded and the option ist there
>>> to be
>>> able to change it should it be ever required.
>>>
>>> But regarding the RIP packets and the routes: did you create the
>>> proper
>>> firewall rules to allow incoming IPIP from eth0 as described in
>>> 'Router
>>> preparation' and a rule accepting incoming data from the tunnels
>>> (that
>>> tunnel_local part)?
>>>
>>> At least a firewall rule to accept RIP is needed for the tunnel
>>> interface.
>>>
>>> That one was missing in the firewall setup instructions, I added
>>> it to
>>> the instructions in the wiki.
>>>
>>> Marius, YO2LOJ
>>>
>>>
>> _________________________________________
>> 44Net mailing list
>> 44Net(a)mailman.ampr.org
>> https://mailman.ampr.org/mailman/listinfo/44net
>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net