Hello to the Group,
I have just upgraded my FIOS service in New Jersey and with it came a new router - something called a CR1000A. It has a Verizon brand on it but I suspect it is made under contract by someone else.
Has anyone on the group used this router and have been successful in getting it to forward Protocol 4 packets? It does have a DMZ, but I'd rather not use it if possible.
I think I have been able to define Protocol 4 into it but I am unable to have it forward those packets to my ipip tunnel machine.
73, Mark, N2MH n2mh.ampr.org http://n2mh-web.n2mh.ampr.org
Mark
Have you done a search for the devices FCC id? Then you would know if it was a rebranded device. Do you get internet only or FIOS tv too? If internet only I believe you can use your own router.
Liz KI5PGJ
On July 18, 2022 9:16:06 AM MDT, "Mark Herson, N2MH via 44net" 44net@mailman.ampr.org wrote:
Hello to the Group,
I have just upgraded my FIOS service in New Jersey and with it came a new router - something called a CR1000A. It has a Verizon brand on it but I suspect it is made under contract by someone else.
Has anyone on the group used this router and have been successful in getting it to forward Protocol 4 packets? It does have a DMZ, but I'd rather not use it if possible.
I think I have been able to define Protocol 4 into it but I am unable to have it forward those packets to my ipip tunnel machine.
73, Mark, N2MH n2mh.ampr.org http://n2mh-web.n2mh.ampr.org _______________________________________________ 44net mailing list -- 44net@mailman.ampr.org To unsubscribe send an email to 44net-leave@mailman.ampr.org
When I had FiOS (first Verizon, later sold a couple of times - now Ziply), I just had them switch it to passthrough/bridge mode and put my own router (MikroTik) behind it to give me complete configuration control.
On Mon, Jul 18, 2022 at 9:48 AM KI5PGJ via 44net 44net@mailman.ampr.org wrote:
Mark
Have you done a search for the devices FCC id? Then you would know if it was a rebranded device. Do you get internet only or FIOS tv too? If internet only I believe you can use your own router.
Liz KI5PGJ
On July 18, 2022 9:16:06 AM MDT, "Mark Herson, N2MH via 44net" < 44net@mailman.ampr.org> wrote:
Hello to the Group,
I have just upgraded my FIOS service in New Jersey and with it came a new router - something called a CR1000A. It has a Verizon brand on it but I suspect it is made under contract by someone else.
Has anyone on the group used this router and have been successful in getting it to forward Protocol 4 packets? It does have a DMZ, but I'd rather not use it if possible.
I think I have been able to define Protocol 4 into it but I am unable to have it forward those packets to my ipip tunnel machine.
73, Mark, N2MH n2mh.ampr.org http://n2mh-web.n2mh.ampr.org
44net mailing list -- 44net@mailman.ampr.org To unsubscribe send an email to 44net-leave@mailman.ampr.org
44net mailing list -- 44net@mailman.ampr.org To unsubscribe send an email to 44net-leave@mailman.ampr.org
I don't run on Verizon personally, but it looks like the CR1000A unit is a whitebox (private branded product) by Wistron:
https://fcc.report/FCC-ID/NKR-LVSK-R2
-J / W6WUF
On Mon, Jul 18, 2022 at 9:48 AM KI5PGJ via 44net 44net@mailman.ampr.org wrote:
Mark
Have you done a search for the devices FCC id? Then you would know if it was a rebranded device. Do you get internet only or FIOS tv too? If internet only I believe you can use your own router.
Liz KI5PGJ
On July 18, 2022 9:16:06 AM MDT, "Mark Herson, N2MH via 44net" < 44net@mailman.ampr.org> wrote:
Hello to the Group,
I have just upgraded my FIOS service in New Jersey and with it came a new router - something called a CR1000A. It has a Verizon brand on it but I suspect it is made under contract by someone else.
Has anyone on the group used this router and have been successful in getting it to forward Protocol 4 packets? It does have a DMZ, but I'd rather not use it if possible.
I think I have been able to define Protocol 4 into it but I am unable to have it forward those packets to my ipip tunnel machine.
73, Mark, N2MH n2mh.ampr.org http://n2mh-web.n2mh.ampr.org
44net mailing list -- 44net@mailman.ampr.org To unsubscribe send an email to 44net-leave@mailman.ampr.org
44net mailing list -- 44net@mailman.ampr.org To unsubscribe send an email to 44net-leave@mailman.ampr.org
Thanks to everyone who replied.
Nobody actually directly answered the question that I posed of having actually used this router and/or having some experience with it. Thus, I'll take that as a collective "no".
Several replies mentioned looking at the FCC Part 15 submissiion and one person was kind enough to supply a link to that document. The user manual in that document was pretty sparse and not even as good as the docs that came with the router.
The rest of the replies came down to bypassing the router completely and either a) building my own firewall, or b) obtaining some other piece of equipment to do the same.
My previous router from Verizon *did* support Proto 4 forwarding. I was hoping that this new one would do the same and permit me to do a simple plug and play swap. Apparently, this is not the case. Thus, I am down to choosing either a) or b).
If I choose version a), I will have to become an iptables expert, which I am not. I am more knowledgeable about the telephony voip side of things, not detailed routing or filtering. If I choose selection b), I will now have to spend some $$$ for a piece of equipment that I previously did not need and which is now included in the service. No more month-to-month billing.
As far as being an expert in iptables, there are at least 3 different approaches that I found on the Internet all building some sort of AMPRnet firewall. All of them take a different approach and some actually have errors in their command syntax.
At the end of the day, I am more interested in providing services than learning the finer details of filtering. For me, the end-game is not mastering routing but to do things with the bandwidth and ip address space that I have.
73, Mark, N2MH
On 7/18/22 3:16 PM, Mark Herson, N2MH wrote:
Hello to the Group,
I have just upgraded my FIOS service in New Jersey and with it came a new router - something called a CR1000A. It has a Verizon brand on it but I suspect it is made under contract by someone else.
Has anyone on the group used this router and have been successful in getting it to forward Protocol 4 packets? It does have a DMZ, but I'd rather not use it if possible.
I think I have been able to define Protocol 4 into it but I am unable to have it forward those packets to my ipip tunnel machine.
73, Mark, N2MH n2mh.ampr.org http://n2mh-web.n2mh.ampr.org
I hope that, rather sooner than later, we can offer a new connectivity option for AMPRnet that does not require tricks in your router, does not depend on a static address, works with CGNAT, etc. The objective is to use a modern standard VPN instead of IPIP (wireguard, openvpn, l2tp/ipsec or whatever) to connect to a relatively local point of presence that will handle the further routing towards other users and the internet for you, with good latency and reliability. That will end the continuous battling with the IPIP mesh that unfortunately is the reality of today. Software would run on a standard router (not the router from your ISP, more like a MikroTik or UBNT or openwrt device), or e.g. a Raspberry Pi.
We need to lower the bar for making connections. Like you, most people want to put applications online rather than fighting with protocols that are not easy to deploy anymore.
Rob
On 7/19/22 19:48, Mark Herson, N2MH via 44net wrote:
Thanks to everyone who replied.
Nobody actually directly answered the question that I posed of having actually used this router and/or having some experience with it. Thus, I'll take that as a collective "no".
Here on the East Coast of the US we are offering VPN connections using Wireguard. We can support single IP's or entire subnets. We have significantly lowered the access bar in this way.I would suggest that N2MH contacts N2NOV for further details on this VPN.
On Tue, Jul 19, 2022 at 2:16 PM Rob PE1CHL via 44net 44net@mailman.ampr.org wrote:
I hope that, rather sooner than later, we can offer a new connectivity option for AMPRnet that does not require tricks in your router, does not depend on a static address, works with CGNAT, etc. The objective is to use a modern standard VPN instead of IPIP (wireguard, openvpn, l2tp/ipsec or whatever) to connect to a relatively local point of presence that will handle the further routing towards other users and the internet for you, with good latency and reliability. That will end the continuous battling with the IPIP mesh that unfortunately is the reality of today. Software would run on a standard router (not the router from your ISP, more like a MikroTik or UBNT or openwrt device), or e.g. a Raspberry Pi.
We need to lower the bar for making connections. Like you, most people want to put applications online rather than fighting with protocols that are not easy to deploy anymore.
Rob
On 7/19/22 19:48, Mark Herson, N2MH via 44net wrote:
Thanks to everyone who replied.
Nobody actually directly answered the question that I posed of having
actually used this router and/or having some experience with it. Thus, I'll take that as a collective "no".
44net mailing list -- 44net@mailman.ampr.org To unsubscribe send an email to 44net-leave@mailman.ampr.org
On 7/19/22 2:16 PM, Rob PE1CHL via 44net wrote:
I hope that, rather sooner than later, we can offer a new connectivity option for AMPRnet that does not require tricks in your router, does not depend on a static address, works with CGNAT, etc.
We did this here in Tampa. It works across NAT44444 (yes 5 nats), and even across another hamwan remote. https://wiki.w9cr.net/index.php/HamWAN_Remote_Site
If anyone wants a connection, hit me up directly. The hub is tampa-vpn.tampa.flscg.org, give it a ping/traceroute and see if it's close to you.
The objective is to use a modern standard VPN instead of IPIP (wireguard, openvpn, l2tp/ipsec or whatever) to connect to a relatively local point of presence that will handle the further routing towards other users and the internet for you, with good latency and reliability.
The IP mesh doesn't work well, it's got the same issues that all the SDWAN vendors have for direct connections.
HamWAN Tampa announces our IP space, from a single point, but we could actually install multiple head end routers and spread this out.
We need to lower the bar for making connections. Like you, most people want to put applications online rather than fighting with protocols that are not easy to deploy anymore.
Well for anything less than a /24, yes. If it's a /24, do BGP.
-
Bryan Fields -
Jason Mills -
John D. Hays -
KI5PGJ -
Mark Herson, N2MH -
Mark Phillips -
Rob PE1CHL