Does anyone have a step-by-step set of instructions for configuring a Linux host as a tunnel subnet gateway for AMPRNet?
I'd like to have a proven list of all the commands that have to be entered to set one up.
I think it would be very helpful and I don't have such a document in my archives.
Thank you! - Brian
(PS: this is the first message through the new mailing list setup; if you encounter any difficulties please let me know.)
First of all, I agree with your decision to use mailman. Some of the best list software I've ever used, and I've done a good deal of digging through the python. They even said they'd take my contributions to the as-yet-unfinished Administration manual:
http://www.gnu.org/software/mailman/mailman-admin/
Second, I'd be happy to review and contribute patches to such a list of step-by-step instructions. I can contribute what few pieces I've got experience working with. My area of expertise includes bringing up L2 segments via OpenVPN and bridging them together with the Linux kernel's bridging hooks and the userspace tool, brctl.
http://linux.die.net/man/8/brctl
I've had good luck using bridged OpenVPN tunnels regionally here in Western Washington. I have also had good luck using routed OpenVPN tunnels with peers as far away as Europe, Japan and Australia back when I was working for MySQL, AB.
Let me know if I can help.
C.J.
On Tue, 2012-02-21 at 21:53 -0800, Brian Kantor wrote:
Does anyone have a step-by-step set of instructions for configuring a Linux host as a tunnel subnet gateway for AMPRNet?
I'd like to have a proven list of all the commands that have to be entered to set one up.
I think it would be very helpful and I don't have such a document in my archives.
Thank you!
- Brian
(PS: this is the first message through the new mailing list setup; if you encounter any difficulties please let me know.) _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Hello,
I post my working setup () with step by step instructions... Could be wrong (but it works)
Prerequisites and assumptions: - IPv4 network is working, usual routing is set up - external IP is in this example 89.122.215.236 please substitute with your real IP - local ampr address is 44.182.21.1, with a /24 local network, adjust as necessary - ampr tunneling interface is ampr0, rename if you like - my external netfork if is eth0, ip 89.122.215.236, use your proper one - default route of this machine is via 89.122.215.237 connected to eth0 - local ampr network is on eth1
1. add this to /etc/network/interfaces:
# IPIP tunnel
auto ampr0
iface ampr0 inet static
address 44.182.21.1
netmask 255.0.0.0
pre-up ip tun add ampr0 mode ipip local 89.122.215.236
up ip route add default via 169.228.66.251 dev ampr0 onlink table default
up ip rule add from 44.182.21.1 table default
up ip rule add from 44.182.21.1 to 44.0.0.0/8 table main
post-down ip tun del ampr0
2. bring up interface with "ifup ampr0"
3. create a script for starting the tunnel
#accept ipencap traffic iptables -A INPUT -p 4 -j ACCEPT
#to reduce traffic, drop neighbour discovery and smb on ampr0 iptables -A OUTPUT -o ampr0 -p udp --dport 10001 -j DROP
iptables -A OUTPUT -o ampr0 -p udp --dport 137:139 -j DROP
#drop all non-44net access if you like (I recommend this) #and accept 44net forwarding to local subnet iptables -A FORWARD -i ampr0 -p all ! -s 44.0.0.0/8 -j DROP
#kill the rip44 daemon if allready running TST=`ps -A | grep rip44d`
if [ "$TST" != "" ]; then
killall -SIGKILL rip44d
sleep 2
fi
# This will take all ampr traffic via internet if not set up as a tunnel, including 44.0.0.1 ip route add 44.0.0.1 via 89.122.215.237 dev eth0
# start the rip44 daemon, excluding your local IP /etc/network/scripts/rip44d -i ampr0 -p pLaInTeXtpAsSwD -a 89.122.215.236 > /dev/null &
4. Run the script, wait about 10 min so that you get the routes from the 44net routing daemon
5. Check if the routes had been propagated, entering ip route. This should give you a long lists of 44.x.x.x routes (about 275)
6. try to ping some 44net hosts other than your own. e.g. 44.182.21.1 :-)
7. Set up your system so the startup script should be run automatically, e.g. call it in rc.local.
This should do it. Please refine if you want.
73! Marius, YO2LOJ
On Wed, 22 Feb 2012, Marius Petrescu wrote:
I post my working setup () with step by step instructions... Could be wrong (but it works)
That's pretty good, especially how it uses the standard /etc/network/interfaces file for configuration. Marius, do you mind if I convert that to Wiki format on http://wiki.ampr-gateways.org/ ? I'd make a separate page for the /etc/network/interfaces config and tune the Rip44d install guide a bit based on that.
Brian, the rip44d guide currently does contain all of the necessary bits to get amprnet routing up, the only downside is that it does everything in /etc/rc.local instead of a proper init script or /etc/network/interfaces usage. /etc/network/interfaces configuration allows ifup/ifdown usage for bringing the interface up or down.
http://wiki.ampr-gateways.org/index.php?title=Rip44d
- Hessu
Marius, do you mind if I convert that to Wiki format on http://wiki.ampr-gateways.org/ ? I'd make a separate page for the /etc/network/interfaces config and tune the
Rip44d
install guide a bit based on that.
Hessu, please feel free to use it as you like. And such a page would be a great enhancement since it takes some time to figure all out.
Marius, YO2LOJ
On Wed, 2012-02-22 at 09:55 +0200, Heikki Hannikainen wrote:
On Wed, 22 Feb 2012, Marius Petrescu wrote:
I post my working setup () with step by step instructions... Could be wrong (but it works)
That's pretty good, especially how it uses the standard /etc/network/interfaces file for configuration. Marius, do you mind if I convert that to Wiki format on http://wiki.ampr-gateways.org/ ? I'd make a separate page for the /etc/network/interfaces config and tune the Rip44d install guide a bit based on that.
Brian, the rip44d guide currently does contain all of the necessary bits to get amprnet routing up, the only downside is that it does everything in /etc/rc.local instead of a proper init script or /etc/network/interfaces usage. /etc/network/interfaces configuration allows ifup/ifdown usage for bringing the interface up or down.
http://wiki.ampr-gateways.org/index.php?title=Rip44d
- Hessu
Do keep in mind that /etc/network/interfaces is debian-centric and only works on debian-derived systems. I am a debian guy, and this is what I use, but I know there are Other Ways of doing things. IMHO, rip44d should not assume /etc/network/interfaces is the One True Way until redhat, suse and *bsd also adopt it.
bash + iproute2 is a pretty good bet on most modern linux-based distros
sh + ifconfig is pretty common across most linux, freebsd, OS X, solaris and openbsd setups.
cmd + netsh might work on windows
C.J. Adams-Collier KF7BMP wrote:
Do keep in mind that /etc/network/interfaces is debian-centric and only works on debian-derived systems. I am a debian guy, and this is what I use, but I know there are Other Ways of doing things.
This is what makes the original question "not so easy to answer", I'm afraid. There is no such thing as standard Linux, and thus there is no way to write an example configuration that will work on all Linux systems.
Not only are the network config files different for every distribution and most every version number, but also there have been several ways to do the tunneling over time, and there is difference between systems regarding what is supported now. Even for things like "ip rule" you may need to install an optional "advanced routing" package, whose name of course differs between distributions.
It is hard to admit, but Linux is lacking in this area. The proponents of this "diversity" usually call it advantageous and not a problem for them, but it really is a hindrance when trying to write simple cookbooks for getting something done.
On my SUSE system I have written a /etc/init.d script that brings up the tunneling, I think I have posted it on the list before, but it also won't work on other distributions.
Rob
Greetings Brian,
On Tue, 21 Feb 2012, Brian Kantor wrote:
Does anyone have a step-by-step set of instructions for configuring a Linux host as a tunnel subnet gateway for AMPRNet?
I'd like to have a proven list of all the commands that have to be entered to set one up.
I think it would be very helpful and I don't have such a document in my archives.
Here is the snippett from the /NOS/AUTOEXEC.NOS where it sets up the TUN0 interface. Below that, I show the output of IFCONFIG and ROUTE on the Linux box, for your reference.
In this example, 192.168.0.5 is the address of the Linux ethernet card and 192.168.0.44 is the address of the JNOS application running on Linux. BOTH address "appear" to exist on your LAN as if they were two independent machines.
# -------------------------- # - TUN0 Configuration - # -------------------------- # NOTE: Remember to turn on IPv4 Forwarding in the kernel !!!! # echo 1 > /proc/sys/net/ipv4/ip_forward # attach tun tun0 1500 0 # # Whenever any host on your ethernet sends an ARP asking "Who-Has # 192.168.0.44", the ethernet in the Linux box will respond that it knows # how to reach this address. This 'feature' negates the need to assign an # Alias address to the Linux box's Eth0 interface (eth0:44), nor the need # to put anything special in the Linux route table :) # ifconfig tun0 ipaddress 192.168.0.44 ifconfig tun0 netmask 255.255.255.0 ifconfig tun0 mtu 1500 ifconfig tun0 description "TUN0 to Ethernet" # shell ifconfig tun0 192.168.0.5 pointopoint 192.168.0.44 mtu 1500 up # # Shouldn't be any need to ARP on a Point-to-Point link # so this has been commented out. # Note: The MAC addr would be that of the Linux eth card ##shell arp -s 192.168.0.44 00:11:43:c4:b3:48 pub # echo ***** TUN0 Configuration Complete ***** pause 2 # #
All done!
# ifconfig eth0 Link encap:Ethernet HWaddr 00:11:43:c4:b3:48 inet addr:192.168.0.5 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::211:43ff:fec4:b348/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:60 errors:0 dropped:0 overruns:0 frame:0 TX packets:54 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:14669 (14.3 KB) TX bytes:7099 (6.9 KB) Interrupt:16
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:192.168.0.5 P-t-P:192.168.0.44 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:7 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:392 (392.0 B) TX bytes:526 (526.0 B)
# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.6 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 eth0
On your gateway router remember to port forward (to 192.168.0.44) Telnet, Finger, and any other 'services' you want to reach on your JNOS application from the Internet. I do *not* recomend forwarding SMTP unless you have a solid way to prevent spam from the public Internet getting out onto your RF network.
If your JNOS application is running the ENCAP.TXT route table and uses the 'encap' interface, DO NOT PORT FORWARD ANYTHING! Instead, define the 192.168.0.5 ip address of the JNOS application as your "DMZ Host" so that ALL protocols (TCP, IPIP Protocol-4, and others) will be automatically routed to the JNOS application where JNOS'es 'ip access' and 'tcp access' firewall rules will decide what gets through for processing/routing.
Hope this helps! --- Jay Nugent WB8TKL o Chair, ARRL Michigan Section "Digital Radio Group" (DRG) [www.MI-DRG.org]
() ascii ribbon campaign in /\ support of plain text e-mail +------------------------------------------------------------------------+ | Jay Nugent jjn@nuge.com (734)484-5105 (734)649-0850/Cell | | Nugent Telecommunications [www.nuge.com] | | Internet Consulting/Linux SysAdmin/Engineering & Design/ISP Reseller | | ISP Monitoring [www.ispmonitor.org] ISP & Modem Performance Monitoring | | Web-Pegasus [www.webpegasus.com] Web Hosting/DNS Hosting/Shell Accts| +------------------------------------------------------------------------+ 02:01:01 up 170 days, 8:39, 3 users, load average: 0.07, 0.14, 0.06
-
Brian Kantor -
C.J. Adams-Collier KF7BMP -
Heikki Hannikainen -
Jay Nugent -
Marius Petrescu -
marius@yo2loj.ro
-
Rob Janssen