Dave I am not redacting anything at all.
The only thing I removed was the list of error that were the same from 10 to 30 in the traceroute
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Dave Gingrich via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 12:22 À : AMPRNet working group Cc : Dave Gingrich Objet : Re: [44net] BGP/openvpn finally all ok.
Your redactions are inhibiting anyone from helping you. Please send again with all your IP address information intact (removing the BGP password is ok). The exact IPs are critical to understanding your setup. Also please include the kernel routing table.
FWIW, you are not advertising anything. 44.135.59.0/24 is being routed through San Diego.
You also might need to open a ticket with Vultr. I had trouble bringing the service up in Sydney, so I briefly brought my AU network to Chicago, which worked fine. It turned out they had a filter misconfigured in Sydney.
-- Dave K9DC
On Jan 15, 2021, at 11:23, pete M via 44Net 44net@mailman.ampr.org wrote:
Well It looks like I still have a problem. When I connect to my openvpn server it works. BUT I have no connection to the outside world.
here is my output of my iptable.
iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1937 332K ACCEPT udp -- ens3 any anywhere anywhere udp dpt:openvpn 3 180 ACCEPT all -- tun0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 979 94816 ACCEPT all -- tun0 ens3 anywhere anywhere 0 0 ACCEPT all -- ens3 tun0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
and here is my network adress state:
# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic ens3 valid_lft 85194sec preferred_lft 85194sec inet 44.135.59.1/32 brd 44.135.59.1 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5400:2ff:fefc:bdba/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq state UNKNOWN group default qlen 100 link/none inet 44.135.59.1/24 brd 44.135.59.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::cd3f:6e0a:55e:e9ac/64 scope link stable-privacy valid_lft forever preferred_lft forever
Bird show my route advertised properly.
Anyone can help?
De : pete M petem001@hotmail.com Envoyé : 15 décembre 2020 17:40 À : James Colderwood via 44Net Objet : BGP/openvpn finally all ok.
I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to distribute the /24 that was assigned to me.
I played a lot with the openvpn and wireguard software up to a point I had to redo the whole install of the VPS.
here is the receipy I have been able to use for the task. I am running a Debian10 that was updated to the latest software
First I have use the tutorial at https://www.vultr.com/docs/configuring-bgp-on-vultr
Be aware that on my version of bird I was not able to open the "/var/log/bird.log" files because of a propriatary right. the file belongned to root and it was supposed to belong to bird it is a known bug that I hope will be fixed soon.
this helped me create that information into my bird.conf
log "/var/log/bird.log" all;
router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps
protocol device { scan time 60; }
protocol static { route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the ipv4 from your vps }
protocol bgp vultr { local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on your dashboard on myvultr.com for your vps source address xxx.xxx.xxx.xxx; import none; export all; graceful restart on; next hop self; multihop 2; neighbor 169.254.169.254 as 64515; password "YourSecretPassword" ; }
On the openvpn side of thing I have use the install script from angristan available at https://github.com/angristan/openvpn-install
just followed the instruction and all was good.
from there I changed some things on my network at etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo iface lo inet loopback
auto ens3 allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet static address 44.135.59.1/32
the last line point at the first address of my /24 put yours into your file.
then on the openvpn server I changed into the server.conf file only one line
the file is at /etc/openvpn/server.conf
i switched the server line from server 10.8.0.0 255.255.255.0 to server 44.135.59.0 255.255.255.0
the 44 address is my /24 put yours if you follow my exemple.
that's it!
it was not that complicated. But I had to dig a bit to understand the whole thing.
My next step will be to split my /24 in parts. one section will be for the single connections like now, but I want to have connection that are like blocks of /28 or /29.
I know I will have to make another instence of the openvpn server That is the part that is the less clear for me yet. The conf file is more clear. As I want to strat and stop each instence easily I will have to make a new starting script for systemd And that is where I will need to read more.
If this helps someone I will be happy!
If you see a problem with my setup please let me know!
Pierre VE2PF
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net