3 Mar
2021
3 Mar
'21
2:36 p.m.
Hi Guys,
Boy!! I must be getting really old. Some of this stuff is just not
making any sense to me. Hi HI.
I finally have all my routing (/24) from the ISP to the 44 network
worked out. Matter of fact, I am
able to use the OpenVPN client with no issue on a windows box. It is
displaying the 44 address with no issues.
( I think I have it right.) I am able to access the internet with no
issues.
To the hard part. I am using an Ubiquiti EdgeRouter10X. I have been
able to get the Edge to connect to the
VPN server, but beyond that, I am unable to use a static address on any
of my other devices and be able to
access the internet.
Here is some of the errors I am getting. Some of the error messages I am
getting are :
Mar 3 13:23:23 ubnt openvpn[1839]: TCP/UDP: Preserving recently used
remote address: [AF_INET]44.108.2.2:1194
Mar 3 13:23:23 ubnt openvpn[1839]: Socket Buffers: R=[180224->180224]
S=[180224->180224]
Mar 3 13:23:23 ubnt openvpn[1839]: UDP link local: (not bound)
Mar 3 13:23:23 ubnt openvpn[1839]: UDP link remote:
[AF_INET]44.108.2.2:**** ( hinden )
Mar 3 13:23:23 ubnt openvpn[1839]: write UDP: Network is unreachable
(code=128)
Mar 3 13:23:23 ubnt openvpn[1839]: Network unreachable, restarting
Mar 3 13:23:23 ubnt openvpn[1839]: SIGUSR1[soft,network-unreachable]
received, process restarting
Mar 3 13:23:23 ubnt openvpn[1839]: Restart pause, 20 second(s)
The version of
The OS on the Edge is v.09 Hot fix. I am hoping to use some of the other
ports for other eth (1-8 ) ports on the switch for other devices on the
44 network. Allstar, DX cluster, BPQ, Winlink etc.
Guys, be gentle with me. I feel as dumb as a rock right now.
Any help would be appreciated.
Angelo
21 Mar
21 Mar
12:25 p.m.
I may be in somewhat of the same situation. I have my /24 subnet set up with VULTR and
have installed OpenVPN on my instance with them. I added by gateway address, 44.18.51.1 to
the NIC card on the VPS so can now ping that. The OpenVPN server assigns me an address
from the 44.18.51.x range however I cannot access other 44net services and others are not
seeing my OpenVPN assigned address when I am active. I note that when using
"whatismyip" I am still coming up with the VULTR public address rather than my
AMPR address or gateway address. Perhaps I have something configured wrong in OpenVPN
server or am I missing a series of DNS entries for each OpenVPN client instances?
Thank you,
Keith AI6BX
On 3/3/21, 11:36 AM, "44Net on behalf of Angelo via 44Net"
<44net-bounces+ai6bx=arrl.net(a)mailman.ampr.org on behalf of 44net(a)mailman.ampr.org>
wrote:
Hi Guys,
Boy!! I must be getting really old. Some of this stuff is just not
making any sense to me. Hi HI.
I finally have all my routing (/24) from the ISP to the 44 network
worked out. Matter of fact, I am
able to use the OpenVPN client with no issue on a windows box. It is
displaying the 44 address with no issues.
( I think I have it right.) I am able to access the internet with no
issues.
To the hard part. I am using an Ubiquiti EdgeRouter10X. I have been
able to get the Edge to connect to the
VPN server, but beyond that, I am unable to use a static address on any
of my other devices and be able to
access the internet.
Here is some of the errors I am getting. Some of the error messages I am
getting are :
Mar 3 13:23:23 ubnt openvpn[1839]: TCP/UDP: Preserving recently used
remote address: [AF_INET]44.108.2.2:1194
Mar 3 13:23:23 ubnt openvpn[1839]: Socket Buffers: R=[180224->180224]
S=[180224->180224]
Mar 3 13:23:23 ubnt openvpn[1839]: UDP link local: (not bound)
Mar 3 13:23:23 ubnt openvpn[1839]: UDP link remote:
[AF_INET]44.108.2.2:**** ( hinden )
Mar 3 13:23:23 ubnt openvpn[1839]: write UDP: Network is unreachable
(code=128)
Mar 3 13:23:23 ubnt openvpn[1839]: Network unreachable, restarting
Mar 3 13:23:23 ubnt openvpn[1839]: SIGUSR1[soft,network-unreachable]
received, process restarting
Mar 3 13:23:23 ubnt openvpn[1839]: Restart pause, 20 second(s)
The version of
The OS on the Edge is v.09 Hot fix. I am hoping to use some of the other
ports for other eth (1-8 ) ports on the switch for other devices on the
44 network. Allstar, DX cluster, BPQ, Winlink etc.
Guys, be gentle with me. I feel as dumb as a rock right now.
Any help would be appreciated.
Angelo
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
1:26 p.m.
You need to add at least two outgoing static routes to force using 44.18.51.1 as your
source.
ip route add 0.0.0.0/1 via 44.18.51.1 dev ens3 (or whatever your interface is called
ip route add 128.0.0.0/1 via 44.18.51.1 dev ens3
The reason this works, is because the netmask (/1) is longer than the mask of the default
route (/0)
You can add post-up instructions to /etc/network/interfaces, so this is always in place.
Also make sure you have disabled any NAT. Most OpenVPN instruction sets, assume you want
to NAT your clients to the server address. You do not want that.
--
Dave K9DC
Indianapolis
5:15 p.m.
Yep, I have the two instances however will have to look at the NAT to see if that is
disabled in OpenVPN as that is not something I looked at upon set up.
On 3/21/21, 10:26 AM, "44Net on behalf of Dave Gingrich via 44Net"
<44net-bounces+ai6bx=arrl.net(a)mailman.ampr.org on behalf of 44net(a)mailman.ampr.org>
wrote:
You need to add at least two outgoing static routes to force using 44.18.51.1 as your
source.
ip route add 0.0.0.0/1 via 44.18.51.1 dev ens3 (or whatever your interface is called
ip route add 128.0.0.0/1 via 44.18.51.1 dev ens3
The reason this works, is because the netmask (/1) is longer than the mask of the
default route (/0)
You can add post-up instructions to /etc/network/interfaces, so this is always in
place.
Also make sure you have disabled any NAT. Most OpenVPN instruction sets, assume you
want to NAT your clients to the server address. You do not want that.
--
Dave K9DC
Indianapolis
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
23 Mar
23 Mar
11:02 p.m.
Dave,
Probably a dumb question but want to clarify before making the edits:
Do you lines below go in the interfaces file where I currently have -
auto lo
iface lo inet loopback
allow-hotplug ens3
iface ens3 inet dhcp
iface ens3 inet6 auto
or do I drop these in the bird.conf file where I have -
protocol static
{
route 44.18.51.0/24 via 149.28.84.243;
route 44.18.51.1/32 via 149.28.84.243;
I am thinking the latter based on my original set up scripting.
Thanks,
Keith
On 3/21/21, 10:26 AM, "44Net on behalf of Dave Gingrich via 44Net"
<44net-bounces+ai6bx=arrl.net(a)mailman.ampr.org on behalf of 44net(a)mailman.ampr.org>
wrote:
You need to add at least two outgoing static routes to force using 44.18.51.1 as your
source.
ip route add 0.0.0.0/1 via 44.18.51.1 dev ens3 (or whatever your interface is called
ip route add 128.0.0.0/1 via 44.18.51.1 dev ens3
The reason this works, is because the netmask (/1) is longer than the mask of the
default route (/0)
You can add post-up instructions to /etc/network/interfaces, so this is always in
place.
Also make sure you have disabled any NAT. Most OpenVPN instruction sets, assume you
want to NAT your clients to the server address. You do not want that.
--
Dave K9DC
Indianapolis
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
21 Mar
21 Mar
1:53 p.m.
Is your BIRD setup to import default route or are you using a static one?
You can set a src ip either way. I do it in bird.conf like so
protocol kernel {
learn;
scan time 10;
import all;
export filter {
if source = RTS_STATIC then reject;
if is_self_net() then reject;
krt_prefsrc = 44.18.51.1;
accept;
};
}
The is_self_net() is custom function to be sure I don't import my own
routes and can be left out.
That's for the routers preferred ip. The problem with openvpn clients is
likely iptables setup to do NAT. You'll want to remove or restrict the
MASQUERADE to not match that subnet which you route. I'd start with
removing it unless you had other reasons for it.
Regards,
Scott
On Sun, Mar 21, 2021, 12:28 PM Keith Kasin via 44Net <44net(a)mailman.ampr.org>
wrote:
1520
days inactive
1541
days old
5 comments
4 participants
participants (4)
-
Angelo -
Dave Gingrich -
Keith Kasin -
Scott Nicholas