Dave I am not redacting anything at all.
The only thing I removed was the list of error that were the same from 10 to 30 in the
traceroute
________________________________________
De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de la part de Dave
Gingrich via 44Net <44net(a)mailman.ampr.org>
Envoyé : 15 janvier 2021 12:22
À : AMPRNet working group
Cc : Dave Gingrich
Objet : Re: [44net] BGP/openvpn finally all ok.
Your redactions are inhibiting anyone from helping you. Please send again with all your
IP address information intact (removing the BGP password is ok). The exact IPs are
critical to understanding your setup. Also please include the kernel routing table.
FWIW, you are not advertising anything. 44.135.59.0/24 is being routed through San Diego.
You also might need to open a ticket with Vultr. I had trouble bringing the service up in
Sydney, so I briefly brought my AU network to Chicago, which worked fine. It turned out
they had a filter misconfigured in Sydney.
--
Dave K9DC
On Jan 15, 2021, at 11:23, pete M via 44Net
<44net(a)mailman.ampr.org> wrote:
Well It looks like I still have a problem.
When I connect to my openvpn server it works. BUT I have no connection to the outside
world.
here is my output of my iptable.
iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1937 332K ACCEPT udp -- ens3 any anywhere anywhere
udp dpt:openvpn
3 180 ACCEPT all -- tun0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
979 94816 ACCEPT all -- tun0 ens3 anywhere anywhere
0 0 ACCEPT all -- ens3 tun0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
and here is my network adress state:
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default
qlen 1000
link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff
inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic ens3
valid_lft 85194sec preferred_lft 85194sec
inet 44.135.59.1/32 brd 44.135.59.1 scope global ens3
valid_lft forever preferred_lft forever
inet6 fe80::5400:2ff:fefc:bdba/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq state UNKNOWN
group default qlen 100
link/none
inet 44.135.59.1/24 brd 44.135.59.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::cd3f:6e0a:55e:e9ac/64 scope link stable-privacy
valid_lft forever preferred_lft forever
Bird show my route advertised properly.
Anyone can help?
________________________________________
De : pete M <petem001(a)hotmail.com>
Envoyé : 15 décembre 2020 17:40
À : James Colderwood via 44Net
Objet : BGP/openvpn finally all ok.
I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to
distribute the /24 that was assigned to me.
I played a lot with the openvpn and wireguard software up to a point I had to redo the
whole install of the VPS.
here is the receipy I have been able to use for the task. I am running a Debian10 that
was updated to the latest software
First I have use the tutorial at
https://www.vultr.com/docs/configuring-bgp-on-vultr
Be aware that on my version of bird I was not able to open the
"/var/log/bird.log" files because of a propriatary right. the file belongned to
root and it was supposed to belong to bird it is a known bug that I hope will be fixed
soon.
this helped me create that information into my bird.conf
------------------------------------------------------------------------------
log "/var/log/bird.log" all;
router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps
protocol device
{
scan time 60;
}
protocol static
{
route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the
ipv4 from your vps
}
protocol bgp vultr
{
local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on
your dashboard on
myvultr.com for your vps
source address xxx.xxx.xxx.xxx;
import none;
export all;
graceful restart on;
next hop self;
multihop 2;
neighbor 169.254.169.254 as 64515;
password "YourSecretPassword" ;
}
------------------------------------------------------------------------------
On the openvpn side of thing I have use the install script from angristan available at
https://github.com/angristan/openvpn-install
just followed the instruction and all was good.
from there I changed some things on my network at etc/network/interfaces
--------------------------------------------------------------------------
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto ens3
allow-hotplug ens3
iface ens3 inet dhcp
iface ens3 inet static
address 44.135.59.1/32
---------------------------------------------------------------------
the last line point at the first address of my /24 put yours into your file.
then on the openvpn server I changed into the server.conf file only one line
the file is at /etc/openvpn/server.conf
i switched the server line from
server 10.8.0.0 255.255.255.0
to
server 44.135.59.0 255.255.255.0
the 44 address is my /24 put yours if you follow my exemple.
that's it!
it was not that complicated. But I had to dig a bit to understand the whole thing.
My next step will be to split my /24 in parts. one section will be for the single
connections like now, but I want to have connection that are like blocks of /28 or /29.
I know I will have to make another instence of the openvpn server That is the part that
is the less clear for me yet. The conf file is more clear. As I want to strat and stop
each instence easily I will have to make a new starting script for systemd And that is
where I will need to read more.
If this helps someone I will be happy!
If you see a problem with my setup please let me know!
Pierre
VE2PF
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org