Subject: Re: [44net] New Linux Boot Scripts for Testing From: Gustavo Ponza g.ponza@tin.it Date: 08/05/2015 01:52 AM
To: 44net@hamradio.ucsd.edu
The following is the routing situation seen from here; the 44.137 IPIP routes result correctly addressed toward the commercial GW IP addresses according to the above statements. The routes are collected from the gw.ampr.org and so only that setup there. Now, as per my understanding, all the whole 44.137 GWs should be setup on the same way of that (above) pingable GWs to be reached via tunl0.
root@ir0rm-7:/# route -n|grep 44.137 44.137.2.138 84.106.127.22 255.255.255.255 UGH 0 0 0 tunl0 44.137.24.1 88.159.160.228 255.255.255.255 UGH 0 0 0 tunl0 44.137.24.5 89.18.172.156 255.255.255.255 UGH 0 0 0 tunl0 44.137.25.62 88.159.83.58 255.255.255.255 UGH 0 0 0 tunl0 44.137.32.50 84.83.147.249 255.255.255.255 UGH 0 0 0 tunl0 44.137.0.49 77.175.246.216 255.255.255.255 UGH 0 0 0 tunl0 44.137.40.2 89.18.172.156 255.255.255.255 UGH 0 0 0 tunl0 44.137.40.1 89.18.172.156 255.255.255.255 UGH 0 0 0 tunl0 44.137.40.10 89.18.172.155 255.255.255.255 UGH 0 0 0 tunl0 44.137.40.20 89.18.172.155 255.255.255.255 UGH 0 0 0 tunl0 44.137.1.160 46.21.164.170 255.255.255.240 UG 0 0 0 tunl0 44.137.1.208 195.240.133.194 255.255.255.240 UG 0 0 0 tunl0 44.137.33.16 84.83.147.249 255.255.255.240 UG 0 0 0 tunl0 44.137.33.32 62.45.244.128 255.255.255.240 UG 0 0 0 tunl0 44.137.51.64 130.255.72.61 255.255.255.240 UG 0 0 0 tunl0 44.137.37.160 82.161.55.187 255.255.255.240 UG 0 0 0 tunl0 44.137.37.176 82.139.110.195 255.255.255.240 UG 0 0 0 tunl0 44.137.37.192 31.151.69.80 255.255.255.240 UG 0 0 0 tunl0 44.137.41.128 83.160.55.17 255.255.255.240 UG 0 0 0 tunl0 44.137.27.112 88.159.160.228 255.255.255.240 UG 0 0 0 tunl0 44.137.31.32 82.176.45.37 255.255.255.240 UG 0 0 0 tunl0 44.137.0.0 213.222.29.194 255.255.0.0 UG 0 0 0 tunl0
For example, 44.137.41.97 should be pingable via that endpoint. When doing a traceroute, you should see a couple more hops after the tunnel that are radio hops.
That IP address doesn't appear on the above list but it is positively pingable
That is correct, Gus. The above list except the last line are routes to individuals that are directly on the IPIP tunnel mesh. The last line is a route for everyone in NL that is not on the IPIP mesh, via a gateway system that is both on IPIP and BGP and also routes to radio networks inside the country. The address 44.137.41.97 is on such a radio network, so you get the route to 44.137.0.0 (because it does not appear in the list of more specific entries) and from there via 2 more hops to my station.
I think there is no problem with this routing, but the fact that I cannot reach some stations even though all routing is correct is caused by problems with home routers. Some people are behind NAT routers providerd by their ISP, and they have difficulty forwarding the IPIP packets we are using. Some of those routers incorrectly apply stateful firewall rules to (part of) the IPIP incoming traffic. When such a user sends traffic outward, the router puts the temporary rule in place that allows incoming traffic from the tunnel endpoint they route to, and the link works both ways. But when the first traffic is from outside, the IPIP packet never makes it through the router and there is no reply.
I have been trying to help a local user who has this problem, and it looks like IPIP is just not possible with them. At least not when the user wants to accept incoming connections.
The strange thing is that it appears to work from some systems, and not from others. I have not yet found a clue why this is. Others?
Rob
-
Rob Janssen