18 Jul
2022
18 Jul
'22
4:16 p.m.
Hello to the Group,
I have just upgraded my FIOS service in New Jersey and with it came a
new router - something called a CR1000A. It has a Verizon brand on it
but I suspect it is made under contract by someone else.
Has anyone on the group used this router and have been successful in
getting it to forward Protocol 4 packets? It does have a DMZ, but I'd
rather not use it if possible.
I think I have been able to define Protocol 4 into it but I am unable to
have it forward those packets to my ipip tunnel machine.
73, Mark, N2MH
n2mh.ampr.org
http://n2mh-web.n2mh.ampr.org
18 Jul
18 Jul
5:48 p.m.
Mark
Have you done a search for the devices FCC id? Then you would know if it was a rebranded
device. Do you get internet only or FIOS tv too? If internet only I believe you can use
your own router.
Liz
KI5PGJ
On July 18, 2022 9:16:06 AM MDT, "Mark Herson, N2MH via 44net"
<44net(a)mailman.ampr.org> wrote:
Hello to the Group,
I have just upgraded my FIOS service in New Jersey and with it came a new router -
something called a CR1000A. It has a Verizon brand on it but I suspect it is made under
contract by someone else.
Has anyone on the group used this router and have been successful in getting it to forward
Protocol 4 packets? It does have a DMZ, but I'd rather not use it if possible.
I think I have been able to define Protocol 4 into it but I am unable to have it forward
those packets to my ipip tunnel machine.
73, Mark, N2MH
n2mh.ampr.org
http://n2mh-web.n2mh.ampr.org
_______________________________________________
44net mailing list -- 44net(a)mailman.ampr.org
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
8:02 p.m.
When I had FiOS (first Verizon, later sold a couple of times - now Ziply),
I just had them switch it to passthrough/bridge mode and put my own router
(MikroTik) behind it to give me complete configuration control.
On Mon, Jul 18, 2022 at 9:48 AM KI5PGJ via 44net <44net(a)mailman.ampr.org>
wrote:
Mark
Have you done a search for the devices FCC id? Then you would know if it
was a rebranded device. Do you get internet only or FIOS tv too? If
internet only I believe you can use your own router.
Liz
KI5PGJ
On July 18, 2022 9:16:06 AM MDT, "Mark Herson, N2MH via 44net" <
44net(a)mailman.ampr.org> wrote:
--
John D. Hays
Kingston, WA
K7VE / WRJT-215
Hello to the Group,
I have just upgraded my FIOS service in New Jersey and with it came a new router -
something called a CR1000A. It has a Verizon brand on it but I suspect it is made under
contract by someone else.
Has anyone on the group used this router and have been successful in getting it to
forward Protocol 4 packets? It does have a DMZ, but I'd rather not use it if
possible.
I think I have been able to define Protocol 4 into it but I am unable to have it forward
those packets to my ipip tunnel machine.
73, Mark, N2MH
n2mh.ampr.org
http://n2mh-web.n2mh.ampr.org
------------------------------
44net mailing list -- 44net(a)mailman.ampr.org
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
_______________________________________________
44net mailing list --
44net(a)mailman.ampr.org
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
8:20 p.m.
I don't run on Verizon personally, but it looks like the CR1000A unit is a
whitebox (private branded product) by Wistron:
https://fcc.report/FCC-ID/NKR-LVSK-R2
-J / W6WUF
On Mon, Jul 18, 2022 at 9:48 AM KI5PGJ via 44net <44net(a)mailman.ampr.org>
wrote:
Mark
Have you done a search for the devices FCC id? Then you would know if it
was a rebranded device. Do you get internet only or FIOS tv too? If
internet only I believe you can use your own router.
Liz
KI5PGJ
On July 18, 2022 9:16:06 AM MDT, "Mark Herson, N2MH via 44net" <
44net(a)mailman.ampr.org> wrote:
Hello to the Group,
I have just upgraded my FIOS service in New Jersey and with it came a new router -
something called a CR1000A. It has a Verizon brand on it but I suspect it is made under
contract by someone else.
Has anyone on the group used this router and have been successful in getting it to
forward Protocol 4 packets? It does have a DMZ, but I'd rather not use it if
possible.
I think I have been able to define Protocol 4 into it but I am unable to have it forward
those packets to my ipip tunnel machine.
73, Mark, N2MH
n2mh.ampr.org
http://n2mh-web.n2mh.ampr.org
------------------------------
44net mailing list -- 44net(a)mailman.ampr.org
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
_______________________________________________
44net mailing list --
44net(a)mailman.ampr.org
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
19 Jul
19 Jul
6:48 p.m.
Thanks to everyone who replied.
Nobody actually directly answered the question that I posed of having
actually used this router and/or having some experience with it. Thus,
I'll take that as a collective "no".
Several replies mentioned looking at the FCC Part 15 submissiion and one
person was kind enough to supply a link to that document. The user
manual in that document was pretty sparse and not even as good as the
docs that came with the router.
The rest of the replies came down to bypassing the router completely and
either a) building my own firewall, or b) obtaining some other piece of
equipment to do the same.
My previous router from Verizon *did* support Proto 4 forwarding. I was
hoping that this new one would do the same and permit me to do a simple
plug and play swap. Apparently, this is not the case. Thus, I am down to
choosing either a) or b).
If I choose version a), I will have to become an iptables expert, which
I am not. I am more knowledgeable about the telephony voip side of
things, not detailed routing or filtering. If I choose selection b), I
will now have to spend some $$$ for a piece of equipment that I
previously did not need and which is now included in the service. No
more month-to-month billing.
As far as being an expert in iptables, there are at least 3 different
approaches that I found on the Internet all building some sort of
AMPRnet firewall. All of them take a different approach and some
actually have errors in their command syntax.
At the end of the day, I am more interested in providing services than
learning the finer details of filtering. For me, the end-game is not
mastering routing but to do things with the bandwidth and ip address
space that I have.
73, Mark, N2MH
On 7/18/22 3:16 PM, Mark Herson, N2MH wrote:
Hello to the Group,
I have just upgraded my FIOS service in New Jersey and with it came a
new router - something called a CR1000A. It has a Verizon brand on it
but I suspect it is made under contract by someone else.
Has anyone on the group used this router and have been successful in
getting it to forward Protocol 4 packets? It does have a DMZ, but I'd
rather not use it if possible.
I think I have been able to define Protocol 4 into it but I am unable to
have it forward those packets to my ipip tunnel machine.
73, Mark, N2MH
n2mh.ampr.org
http://n2mh-web.n2mh.ampr.org
7:16 p.m.
I hope that, rather sooner than later, we can offer a new connectivity option for AMPRnet
that does not require tricks in your router, does not depend on a static address, works
with CGNAT, etc.
The objective is to use a modern standard VPN instead of IPIP (wireguard, openvpn,
l2tp/ipsec or whatever) to connect to a relatively local point of presence that will
handle the further routing towards other users and the internet for you, with good latency
and reliability.
That will end the continuous battling with the IPIP mesh that unfortunately is the reality
of today.
Software would run on a standard router (not the router from your ISP, more like a
MikroTik or UBNT or openwrt device), or e.g. a Raspberry Pi.
We need to lower the bar for making connections. Like you, most people want to put
applications online rather than fighting with protocols that are not easy to deploy
anymore.
Rob
On 7/19/22 19:48, Mark Herson, N2MH via 44net wrote:
Thanks to everyone who replied.
Nobody actually directly answered the question that I posed of having actually used this
router and/or having some experience with it. Thus, I'll take that as a collective
"no".
7:41 p.m.
Here on the East Coast of the US we are offering VPN connections using
Wireguard. We can support single IP's or entire subnets. We have
significantly lowered the access bar in this way.I would suggest that N2MH
contacts N2NOV for further details on this VPN.
On Tue, Jul 19, 2022 at 2:16 PM Rob PE1CHL via 44net <44net(a)mailman.ampr.org>
wrote:
I hope that, rather sooner than later, we can offer a
new connectivity
option for AMPRnet that does not require tricks in your router, does not
depend on a static address, works with CGNAT, etc.
The objective is to use a modern standard VPN instead of IPIP (wireguard,
openvpn, l2tp/ipsec or whatever) to connect to a relatively local point of
presence that will handle the further routing towards other users and the
internet for you, with good latency and reliability.
That will end the continuous battling with the IPIP mesh that
unfortunately is the reality of today.
Software would run on a standard router (not the router from your ISP,
more like a MikroTik or UBNT or openwrt device), or e.g. a Raspberry Pi.
We need to lower the bar for making connections. Like you, most people
want to put applications online rather than fighting with protocols that
are not easy to deploy anymore.
Rob
On 7/19/22 19:48, Mark Herson, N2MH via 44net wrote:
Thanks to everyone who replied.
Nobody actually directly answered the question that I posed of having
actually
used this router and/or having some experience with it. Thus, I'll
take that as a collective "no".
_______________________________________________
44net mailing list -- 44net(a)mailman.ampr.org
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
8:18 p.m.
On 7/19/22 2:16 PM, Rob PE1CHL via 44net wrote:
I hope that, rather sooner than later, we can offer a
new connectivity
option for AMPRnet that does not require tricks in your router, does not
depend on a static address, works with CGNAT, etc.
We did this here in Tampa. It works across NAT44444 (yes 5 nats), and even
across another hamwan remote.
https://wiki.w9cr.net/index.php/HamWAN_Remote_Site
If anyone wants a connection, hit me up directly. The hub is
tampa-vpn.tampa.flscg.org, give it a ping/traceroute and see if it's close to
you.
The objective is to use a modern standard VPN instead
of IPIP (wireguard,
openvpn, l2tp/ipsec or whatever) to connect to a relatively local point of
presence that will handle the further routing towards other users and the
internet for you, with good latency and reliability.
The IP mesh doesn't work well, it's got the same issues that all the SDWAN
vendors have for direct connections.
HamWAN Tampa announces our IP space, from a single point, but we could
actually install multiple head end routers and spread this out.
We need to lower the bar for making connections. Like
you, most people
want to put applications online rather than fighting with protocols that
are not easy to deploy anymore.
Well for anything less than a /24, yes. If it's a /24, do BGP.
--
Bryan Fields
727-409-1194 - Voice
http://bryanfields.net
654
days inactive
655
days old
7 comments
7 participants
participants (7)
-
Bryan Fields -
Jason Mills -
John D. Hays -
KI5PGJ -
Mark Herson, N2MH -
Mark Phillips -
Rob PE1CHL