I am interested in something simple. I am not interested in creating a Linux box to do my routing, as I see no need for it. It's almost worse than having a network that is vendor specific!! I don't tell you how to run your internet.. you don't tell me what router I have to use. I use Mikrotik for my edge technology, just because it's what I am familiar with. For me it's easy enough. I am interested in creating some links with others, hopefully in the NW towards the Seattle area. I have my own system design that I am planning on implementing starting early this fall. I have no interest however in trying to use some script (nice work on it though..) to make it work, but would rather have some common assembly of networks that can connect to each other. Unfortunatley, until this is done in a large enough fashion, it looks like i am talking static routes to and from some other networks.
My intention is not to rock the boat of what has been done here, but it seem like there is little direction of how the network is assembled and coming to a common point of presence. until one person or gorup comes up and offers some stability of how to route the network accordingly, I fear my use of AMPR is only for some of it's tunneling ability with the use of our 44/8 addressing. I had no intentions of it before, so if I end up not using them later, now loss on my end.
Let me know if anyone is interested in creating some more static links, and / or trying to do some sort of edge router that can have an open communications standard, and not a customized (could otherwise spelled proprietary) protocol in the middle.
Thanks to you all and have a great day!
On 20.08.13. 04:32, Rod Ekholm wrote:
Let me know if anyone is interested in creating some more static links, and / or trying to do some sort of edge router that can have an open communications standard, and not a customized (could otherwise spelled proprietary) protocol in the middle.
Count me in. I am in the same boat as you are :)
I am also waiting to see if there would some easy-for-human-to-implement solution to activate my subnet.
Although I did not manage to connect my network to AMPR due to unusual routing I think I do understand what is the problem.
Thing is 44/8 is maintained as one verz large PRIVATE network. It is router to public, or better, some portions are routed but not all.
This leads to a problem: we cannot simply route to other 44/8 subnets as they are not reachable through Internet. We have to establish VPNs to them to be able to route. As there are not some aggregating routing points, we have to make VPN for (almost) each subnet.
I guess that is the reason for odd routing procedure: you do not have to crate just a route but VPN too...
I guess that is a problem which is not easy to resolve.
I agree with you that pinning service on something like customized RIP protocol unknown to any router in wide use. I already suggested that ampr.org should offer not just encap.txt file bit also pre-generated scripts for routers which are commonly in use, like Mikrotik, you mentioned, and which, I also use.
I agree it is not the nicest approach we can have, but it is at least easy to implement and most important, it would allow humans to be able to get at least involved.
Pedja YT9TP
I'm running Mikrotik RouterOS on a machine directly connected to the Internet (it has a public IP, no NAT, no Firewall except it's own). I runs smoothly so far. I'm using a Python script from https://github.com/kd7lxl/hamwan_scripts/tree/master/amprupdate (I made a few customisations to address a issues with my specific setup) to create the IPIP interfaces, add routes and some routing policy rules (customisation).
The AMPR fullmesh works almost as well on Mikrotik as on Linux. I haven't had any issues with the IPIP fullmesh so far (on Linux and Mikrotik RouterOS).
We are using this Mikrotik machine in LX to connect some sites to the AMPR which are behind NAT and which cannot run their own IPIP interfaces. The NATted sites use OpenVPN (may we'll add SSTP) to connect to the Mikrotik machine. Within AMPR all the subnets are routed to the Mikrotik machine which routes them via the OpenVPN links to the remote sites.
I have installed a reference site at my home, connected via OpenVPN to the Mikrotik machine. To demonstrate the performance I'm accessing several major video streaming sites without any connection issues. Packet flow is steady with acceptable jitter for HAM usage. The runtime is around 200ms (RTT ~400ms), which is higher than normal but remains unnoticed for HAM usage. I'm even running some VoIP and IM systems on 44net addresses, latency depends on the uplinks and distance between the sites. Within the nodes connected to my Mikrotik machines I have a latency of 30 to 200ms (30ms is DSL on both ends and 200ms is GPRS on both ends) which remains completely unnoticed even with VoIP services (unless you're calling the person standing next to you).
So I have to disagree with your opinion. I can reach around 400 AMPR subnets of different size directly via the IPIP fullmesh (respectively with the help of my Mikrotik machine used as a tunnel server). My AMPR subnets can also access the Internet and they are fully accessible from the Internet. Access to the Internet and from the Internet is not activated by default and you have to create a DNS entry for each AMPR IP address which should be able to access the Internet respectively be accessed from the Internet.
I intend to "open" my Mikrotik machine to other HAMs around the world having issues with NAT or ISP/University Firewall and hence cannot connect to the IPIP Fullmesh directly but I need to do some upgrades first (RAM, CPU, bandwidth).
73 de Marc, LX1DUC
Quoting YT9TP - Pedja yt9tp@uzice.net:
(Please trim inclusions from previous messages) _______________________________________________ On 20.08.13. 04:32, Rod Ekholm wrote:
Let me know if anyone is interested in creating some more static links, and / or trying to do some sort of edge router that can have an open communications standard, and not a customized (could otherwise spelled proprietary) protocol in the middle.
Count me in. I am in the same boat as you are :)
I am also waiting to see if there would some easy-for-human-to-implement solution to activate my subnet.
Although I did not manage to connect my network to AMPR due to unusual routing I think I do understand what is the problem.
Thing is 44/8 is maintained as one verz large PRIVATE network. It is router to public, or better, some portions are routed but not all.
This leads to a problem: we cannot simply route to other 44/8 subnets as they are not reachable through Internet. We have to establish VPNs to them to be able to route. As there are not some aggregating routing points, we have to make VPN for (almost) each subnet.
I guess that is the reason for odd routing procedure: you do not have to crate just a route but VPN too...
I guess that is a problem which is not easy to resolve.
I agree with you that pinning service on something like customized RIP protocol unknown to any router in wide use. I already suggested that ampr.org should offer not just encap.txt file bit also pre-generated scripts for routers which are commonly in use, like Mikrotik, you mentioned, and which, I also use.
I agree it is not the nicest approach we can have, but it is at least easy to implement and most important, it would allow humans to be able to get at least involved.
Pedja YT9TP
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
On 20.8.2013 20:46, Marc, LX1DUC wrote:
I'm running Mikrotik RouterOS on a machine directly connected to the Internet (it has a public IP, no NAT, no Firewall except it's own). I runs smoothly so far. I'm using a Python script from https://github.com/kd7lxl/hamwan_scripts/tree/master/amprupdate (I made a few customisations to address a issues with my specific setup) to create the IPIP interfaces, add routes and some routing policy rules (customisation).
The AMPR fullmesh works almost as well on Mikrotik as on Linux. I haven't had any issues with the IPIP fullmesh so far (on Linux and Mikrotik RouterOS).
We are using this Mikrotik machine in LX to connect some sites to the AMPR which are behind NAT and which cannot run their own IPIP interfaces. The NATted sites use OpenVPN (may we'll add SSTP) to connect to the Mikrotik machine. Within AMPR all the subnets are routed to the Mikrotik machine which routes them via the OpenVPN links to the remote sites.
One correction. You are not using just Mikrotik, but Mikrotik + Linux machine that fills it in with settings.
Appropriate solution I was talking about is using Mikrotik alone. If I have to set up Linux machine just to fill in Mikrotik settings that is something basically wrong with that requirement from my point of view.
That is why I suggested that, as that Python script runs fine and produces fine results, it could be good idea to run it on ampr.org site to create script file that sets up IPIP interfaces and routing, so we can download that script using Mikrotik device and run it within Mikrotik device to set up all things properly without need to set up external Linux machine to do the job.
I asked few times if anyone is using Mikrotik and is willing to export IPIP interface and routing settings to sent it to me to examine and see how this can be used in general. Noone responded.
So I have to disagree with your opinion. I can reach around 400 AMPR subnets of different size directly via the IPIP fullmesh (respectively with the help of my Mikrotik machine used as a tunnel server).
Networking is not an issue when routing works. We have hard time setting up routing for 44/8.
I intend to "open" my Mikrotik machine to other HAMs around the world having issues with NAT or ISP/University Firewall and hence cannot connect to the IPIP Fullmesh directly but I need to do some upgrades first (RAM, CPU, bandwidth).
That is very kind and generous but that means you would have to deal with additional traffic as routes for others will go through your router and internet connection.
By making us able to easily route 44/8 by ourselves then there is no need that we have to use other's resources.
Again, networking is not an issue. Problem is that we are actually forced to use special setup and additional hardware for 44/8 network.
Pedja YT9TP
Please explain by providing further details:
1) We have hard time setting up routing for 44/8. 2) By making us able to easily route 44/8 by ourselves then there is no need that we have to use other's resources.
73 de Marc, LX1DUC
Quoting YT9TP Pedja yt9tp@uzice.net:
(Please trim inclusions from previous messages) _______________________________________________ On 20.8.2013 20:46, Marc, LX1DUC wrote:
I'm running Mikrotik RouterOS on a machine directly connected to the Internet (it has a public IP, no NAT, no Firewall except it's own). I runs smoothly so far. I'm using a Python script from https://github.com/kd7lxl/hamwan_scripts/tree/master/amprupdate (I made a few customisations to address a issues with my specific setup) to create the IPIP interfaces, add routes and some routing policy rules (customisation).
The AMPR fullmesh works almost as well on Mikrotik as on Linux. I haven't had any issues with the IPIP fullmesh so far (on Linux and Mikrotik RouterOS).
We are using this Mikrotik machine in LX to connect some sites to the AMPR which are behind NAT and which cannot run their own IPIP interfaces. The NATted sites use OpenVPN (may we'll add SSTP) to connect to the Mikrotik machine. Within AMPR all the subnets are routed to the Mikrotik machine which routes them via the OpenVPN links to the remote sites.
One correction. You are not using just Mikrotik, but Mikrotik + Linux machine that fills it in with settings.
Appropriate solution I was talking about is using Mikrotik alone. If I have to set up Linux machine just to fill in Mikrotik settings that is something basically wrong with that requirement from my point of view.
That is why I suggested that, as that Python script runs fine and produces fine results, it could be good idea to run it on ampr.org site to create script file that sets up IPIP interfaces and routing, so we can download that script using Mikrotik device and run it within Mikrotik device to set up all things properly without need to set up external Linux machine to do the job.
I asked few times if anyone is using Mikrotik and is willing to export IPIP interface and routing settings to sent it to me to examine and see how this can be used in general. Noone responded.
So I have to disagree with your opinion. I can reach around 400 AMPR subnets of different size directly via the IPIP fullmesh (respectively with the help of my Mikrotik machine used as a tunnel server).
Networking is not an issue when routing works. We have hard time setting up routing for 44/8.
I intend to "open" my Mikrotik machine to other HAMs around the world having issues with NAT or ISP/University Firewall and hence cannot connect to the IPIP Fullmesh directly but I need to do some upgrades first (RAM, CPU, bandwidth).
That is very kind and generous but that means you would have to deal with additional traffic as routes for others will go through your router and internet connection.
By making us able to easily route 44/8 by ourselves then there is no need that we have to use other's resources.
Again, networking is not an issue. Problem is that we are actually forced to use special setup and additional hardware for 44/8 network.
Pedja YT9TP
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
On 21.08.13. 14:15, Marc, LX1DUC wrote:
Please explain by providing further details:
- We have hard time setting up routing for 44/8.
There is no detailed explanation how it works and what actually has to be set up.
There are instructions how to set things blindly, as recipe what to install and set in predefined environment and hope it wil work.
If one uses different environment (different os, router or else) he is left blank. No info how routing system within 44/8 works and what actually has to be done so that one may try to set his routing up on his own.
For example, the best I got is recommended python script that is suppose d to connect to my Mikrotik router and set it up. In my case it di not work (produced just syntax errors) so I was unable to see some example configuration at least.
During the time, by following this list I guessed out what actually has to be done and I tried to set up routing manually without success. It might be I did not understand something well, or I tried to set up routes to some networks that actually do not work, or something else. Anyways, all is just guessing.
- By making us able to easily route 44/8 by ourselves then there is no
need that we have to use other's resources.
If I use offer to route my traffic though some other 44/8 subnet via dedicated VPN then all my 44/8 traffic goes through that subnet router and Internet link using their resources.
If I can route by myself, then traffic goes just through my connections and directly to targeted 44/8 subnets.
I'm not sure how you could reliably export (at least) your interface list and route list, upload to some service and finally download a personalised update script for your Mikrotik.
I am pretty sure it is very easy and nothing more complicated and nothing more reliable than producing encap.txt
I am also sure, if I just could set up my Mikrotik to route 44/8 I would already have that done so anyone with Mikrotik would be able to set it up simply and efficiently.
But this still requires an additional machine, although it won't be yours.
Shure, the very same machine that generates encap.txt. It's the same thing, just other format of text within a file.
My point is that there would not be requirement for anyone else to set up whole Linux system just to be able to download encap.txt and convert it to Mikrotik (or some other) format as it could be done just once at the same time encap.txt is created.
Pedja
On Thu, Aug 22, 2013 at 05:19:09PM +0200, YT9TP - Pedja wrote:
There is no detailed explanation how it works and what actually has to be set up.
You're right, of course. I can only explain that we did have some documents explaining the network architecture and what the requirements for connection are, but they were lost when the former ampr-gateways wiki went down and was not recoverable.
I and others are in the process of writing documents and/or attempting to recover the lost documents from web caches and other places and getting them into the new ampr wiki. It's slow work and we've not made the progress I'd hoped for.
I'd like to put out a call to all the subscribers to this mailing list (really, to all AMPR experimenters) to write up your experiences and add your comments to the wiki so that others may benefit from what you've learned. - Brian
Hello Brian,
http://en.wikipedia.org/wiki/AMPRNet
Is this the place you're talking about, please?
Best regards. Tom - sp2lob
On Thu, Aug 22, 2013 at 08:52:40PM +0200, sp2lob@tlen.pl wrote:
http://en.wikipedia.org/wiki/AMPRNet Is this the place you're talking about, please?
No,please see
- Brian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
There is no detailed explanation how it works and what actually has to be set up.
There are instructions how to set things blindly, as recipe what to install and set in predefined environment and hope it wil work.
Sometimes learning within experimental environments is different. There are no books, no lessons and no exercises you can follow. But in this case you can use the work of others, use it and try to understand it, start tweaking it to your needs etc etc. Some may call this reverse-engineering or another kind of learning.
If one uses different environment (different os, router or else) he is left blank. No info how routing system within 44/8 works and what actually has to be done so that one may try to set his routing up on his own.
Start with howtos for known environments to learn, then adapt the learned stuff to whatever environment you're using.
For example, the best I got is recommended python script that is suppose d to connect to my Mikrotik router and set it up. In my case it di not work (produced just syntax errors) so I was unable to see some example configuration at least.
Well a god starting point would have been to ask the author or the list over here for some assistance, providing the error messages, your config etc.
During the time, by following this list I guessed out what actually has to be done and I tried to set up routing manually without success. It might be I did not understand something well, or I tried to set up routes to some networks that actually do not work, or something else. Anyways, all is just guessing.
Again, a god starting point would have been to for help here, providing your results and error messages so far.
- By making us able to easily route 44/8 by ourselves then there
is no need that we have to use other's resources.
My point is that there would not be requirement for anyone else to set up whole Linux system just to be able to download encap.txt and convert it to Mikrotik (or some other) format as it could be done just once at the same time encap.txt is created.
You have a serious design flaw here! The encap file is a generic list, but Mikrotik needs something very very (platform) specific, the AMPR portal can only provide generic lists.
73 de Marc
The mikrotik scripting support is quite limited as far I remember, please correct me if I remember incorrectly.
I'm not sure how you could reliably export (at least) your interface list and route list, upload to some service and finally download a personalised update script for your Mikrotik. But this still requires an additional machine, although it won't be yours. But IMHO it's unfair to blame the community for a limitation introduced by choice (first Mikrotik's choice to not implement and second your choice to use Mikrotik).
OTOH Amateur Radio is about experimenting and do-it-yourself and learning and studying, I'm not sure that there should be an off-the-shelf product/service/script for everything. I personally enjoy learning new things, as an example I didn't really know much about Python before I started customising the python script available.
IMHO the way AMPR and the IPIP fullmesh is implemented right now allows the largest possible freedom to the implementer, we can use almost any tool, machine, etc etc to implement the IPIP fullmesh. I think that's the way Amateur Radio is meant to be.
73 de Marc
Quoting YT9TP Pedja yt9tp@uzice.net:
(Please trim inclusions from previous messages) _______________________________________________ On 20.8.2013 20:46, Marc, LX1DUC wrote:
I'm running Mikrotik RouterOS on a machine directly connected to the Internet (it has a public IP, no NAT, no Firewall except it's own). I runs smoothly so far. I'm using a Python script from https://github.com/kd7lxl/hamwan_scripts/tree/master/amprupdate (I made a few customisations to address a issues with my specific setup) to create the IPIP interfaces, add routes and some routing policy rules (customisation).
The AMPR fullmesh works almost as well on Mikrotik as on Linux. I haven't had any issues with the IPIP fullmesh so far (on Linux and Mikrotik RouterOS).
We are using this Mikrotik machine in LX to connect some sites to the AMPR which are behind NAT and which cannot run their own IPIP interfaces. The NATted sites use OpenVPN (may we'll add SSTP) to connect to the Mikrotik machine. Within AMPR all the subnets are routed to the Mikrotik machine which routes them via the OpenVPN links to the remote sites.
One correction. You are not using just Mikrotik, but Mikrotik + Linux machine that fills it in with settings.
Appropriate solution I was talking about is using Mikrotik alone. If I have to set up Linux machine just to fill in Mikrotik settings that is something basically wrong with that requirement from my point of view.
That is why I suggested that, as that Python script runs fine and produces fine results, it could be good idea to run it on ampr.org site to create script file that sets up IPIP interfaces and routing, so we can download that script using Mikrotik device and run it within Mikrotik device to set up all things properly without need to set up external Linux machine to do the job.
I asked few times if anyone is using Mikrotik and is willing to export IPIP interface and routing settings to sent it to me to examine and see how this can be used in general. Noone responded.
So I have to disagree with your opinion. I can reach around 400 AMPR subnets of different size directly via the IPIP fullmesh (respectively with the help of my Mikrotik machine used as a tunnel server).
Networking is not an issue when routing works. We have hard time setting up routing for 44/8.
I intend to "open" my Mikrotik machine to other HAMs around the world having issues with NAT or ISP/University Firewall and hence cannot connect to the IPIP Fullmesh directly but I need to do some upgrades first (RAM, CPU, bandwidth).
That is very kind and generous but that means you would have to deal with additional traffic as routes for others will go through your router and internet connection.
By making us able to easily route 44/8 by ourselves then there is no need that we have to use other's resources.
Again, networking is not an issue. Problem is that we are actually forced to use special setup and additional hardware for 44/8 network.
Pedja YT9TP
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
On Wed, Aug 21, 2013 at 4:10 AM, YT9TP Pedja yt9tp@uzice.net wrote:
One correction. You are not using just Mikrotik, but Mikrotik + Linux machine that fills it in with settings.
Appropriate solution I was talking about is using Mikrotik alone. If I have to set up Linux machine just to fill in Mikrotik settings that is something basically wrong with that requirement from my point of view.
That is why I suggested that, as that Python script runs fine and produces fine results, it could be good idea to run it on ampr.org site to create script file that sets up IPIP interfaces and routing, so we can download that script using Mikrotik device and run it within Mikrotik device to set up all things properly without need to set up external Linux machine to do the job.
I asked few times if anyone is using Mikrotik and is willing to export IPIP interface and routing settings to sent it to me to examine and see how this can be used in general. Noone responded.
The script relies on reading your router's configuration to determine what needs to be updated. If someone provided a static script, every time you ran the script it would create 300+ IPIP interfaces, and there would be no mechanism for deleting orphaned interfaces and routes. One of the parameters to create the IPIP interface is your local IP, so simply exporting someone else's configuration isn't going to work either. It is critical that the script interacts with your router.
You could implement this in something other than Python if you want, like Mikrotik's native scripting language. I'm not very familiar with Mikrotik's scripting language so I was not able to implement this myself. I chose Python because I knew I could get it working quickly and move on to something else.
I don't see occasional reliance on an external Linux server to be a problem. AMPR routes do not change very often. If the Linux server goes down for a few days the worst that is going to happen is you might have a few routes go stale. To improve reliability, you could run the Linux server on the same network as the Mikrotik router. You could even run the Python script from Openwrt in a MetaROUTER running on your primary Mikrotik router.
There are so many options here that simply asking someone else to do it for you is not appropriate. Go forth and experiment!
Tom KD7LXL
On 21.8.2013 18:23, Tom Hayward wrote:
The script relies on reading your router's configuration to determine what needs to be updated. If someone provided a static script, every time you ran the script it would create 300+ IPIP interfaces, and there would be no mechanism for deleting orphaned interfaces and routes. One of the parameters to create the IPIP interface is your local IP, so simply exporting someone else's configuration isn't going to work either. It is critical that the script interacts with your router.
I need export from working Mikrotik router set to route 44/8 subnet as an example, so I can learn how it works and hopefully create Mikrotik script that does what is necessary to make it applicable to any Mikrotik router.
Can you provide me that example? It is just an export of IPIP settings and routing table.
I do not expect problems with handling replacements or orphan settings.
You could implement this in something other than Python if you want, like Mikrotik's native scripting language. I'm not very familiar with Mikrotik's scripting language so I was not able to implement this myself. I chose Python because I knew I could get it working quickly and move on to something else.
I have some experience with Mikrotik scripting and I can try, but I need something to start from as I was unsuccessful to create such example myself. Python script that is offered does not work here and I have not enough Python and Linux knowledge to be able to make it work.
I don't see occasional reliance on an external Linux server to be a problem.
I do. First, I dislike my routers to depend on third parties, and second, I do not have Linux server that can run that script.
You could even run the Python script from Openwrt in a MetaROUTER running on your primary Mikrotik router.
This is not available on all Mikrotik based routers. My guess is that, at least in my area, most Mikrotik routers used would not have this as an option.
There are so many options here that simply asking someone else to do it for you is not appropriate. Go forth and experiment!
This is rude and unnecessary approach. I did not ask anyone to do work for me. All I asked was export from already set Mikrotik router so I can have example I can work on to create necessary tools.
I already have several offers to simply establish VPN to other AMPR subnets and they will do all the routing for me. I decided to first try to make it on my own.
It seems that you do not understand that I do not need 44/8 subnet addresses as they are just like any other private IP network. All I want to do I can do fine using any other private IP subnet.
I want to use 44/8 to spread the word and help others to get involved. And I am not alone.
When people see how things are complicated they simply turn in the other way. Do you want me to do the same or to try to reach my goal to make it simpler, and easier to implement, at least in the area where I have some experience - Mikrotik routers.
Ok, message received, and it does explain a bit why there is not so much people involved in AMPRNet.
Best wishes, Pedja YT9TP
There ara alot of clues in the amprupdate python script.
https://github.com/kd7lxl/hamwan_scripts/blob/master/amprupdate/amprupdate.p...
Especially on line 159 and 160.
commands.append("/interface ipip add local-address=%s name=ampr-%s remote-address=%s" % (wan_router_ip, interface, interface)) commands.append("/ip route add dst-address=%s gateway=ampr-%s" % (dstaddress, interface))
In this case "wan_router_ip" is the IP of the WAN interface of your Mikrotik router (the interface which gives access to the internet.)
"interface" is the remote gateway's public IP address.
"dstaddress" is the remote AMPR subnet.
Assuming that your "wan_router_ip" (see definition above) is 192.0.2.2.
Assuming that encap.txt only contains the following 2 entries:
route addprivate 44.128/19 encap 198.51.100.1 route addprivate 44.128.210/24 encap 203.0.113.1
this is what your script needs to produce:
/interface ipip add local-address=192.0.2.2 name=ampr-198.51.100.1 remote-address=198.51.100.1 /interface ipip add local-address=192.0.2.2 name=ampr-203.0.113.1 remote-address=203.0.113.1 /ip route add dst-address=44.128.0.0/19 gateway=ampr-198.51.100.1 /ip route add dst-address=44.128.210.0/24 gateway=ampr-203.0.113.1
As you see you will need to expand 44.128/19 to 44.128.0.0/19.
Depending on your setup, you may want to use routing-marks and routing tables and routing rules etc.
73 de Marc, LX1DUC
Quoting YT9TP Pedja yt9tp@uzice.net:
(Please trim inclusions from previous messages) _______________________________________________ On 21.8.2013 18:23, Tom Hayward wrote:
The script relies on reading your router's configuration to determine what needs to be updated. If someone provided a static script, every time you ran the script it would create 300+ IPIP interfaces, and there would be no mechanism for deleting orphaned interfaces and routes. One of the parameters to create the IPIP interface is your local IP, so simply exporting someone else's configuration isn't going to work either. It is critical that the script interacts with your router.
I need export from working Mikrotik router set to route 44/8 subnet as an example, so I can learn how it works and hopefully create Mikrotik script that does what is necessary to make it applicable to any Mikrotik router.
Can you provide me that example? It is just an export of IPIP settings and routing table.
I do not expect problems with handling replacements or orphan settings.
You could implement this in something other than Python if you want, like Mikrotik's native scripting language. I'm not very familiar with Mikrotik's scripting language so I was not able to implement this myself. I chose Python because I knew I could get it working quickly and move on to something else.
I have some experience with Mikrotik scripting and I can try, but I need something to start from as I was unsuccessful to create such example myself. Python script that is offered does not work here and I have not enough Python and Linux knowledge to be able to make it work.
I don't see occasional reliance on an external Linux server to be a problem.
I do. First, I dislike my routers to depend on third parties, and second, I do not have Linux server that can run that script.
You could even run the Python script from Openwrt in a MetaROUTER running on your primary Mikrotik router.
This is not available on all Mikrotik based routers. My guess is that, at least in my area, most Mikrotik routers used would not have this as an option.
There are so many options here that simply asking someone else to do it for you is not appropriate. Go forth and experiment!
This is rude and unnecessary approach. I did not ask anyone to do work for me. All I asked was export from already set Mikrotik router so I can have example I can work on to create necessary tools.
I already have several offers to simply establish VPN to other AMPR subnets and they will do all the routing for me. I decided to first try to make it on my own.
It seems that you do not understand that I do not need 44/8 subnet addresses as they are just like any other private IP network. All I want to do I can do fine using any other private IP subnet.
I want to use 44/8 to spread the word and help others to get involved. And I am not alone.
When people see how things are complicated they simply turn in the other way. Do you want me to do the same or to try to reach my goal to make it simpler, and easier to implement, at least in the area where I have some experience - Mikrotik routers.
Ok, message received, and it does explain a bit why there is not so much people involved in AMPRNet.
Best wishes, Pedja YT9TP
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
On 22.08.13. 12:58, Marc, LX1DUC wrote:
There ara alot of clues in the amprupdate python script.
https://github.com/kd7lxl/hamwan_scripts/blob/master/amprupdate/amprupdate.p...
Especially on line 159 and 160.
commands.append("/interface ipip add local-address=%s name=ampr-%s remote-address=%s" % (wan_router_ip, interface, interface)) commands.append("/ip route add dst-address=%s gateway=ampr-%s" % (dstaddress, interface))
In this case "wan_router_ip" is the IP of the WAN interface of your Mikrotik router (the interface which gives access to the internet.)
"interface" is the remote gateway's public IP address.
"dstaddress" is the remote AMPR subnet.
Assuming that your "wan_router_ip" (see definition above) is 192.0.2.2.
Assuming that encap.txt only contains the following 2 entries:
route addprivate 44.128/19 encap 198.51.100.1 route addprivate 44.128.210/24 encap 203.0.113.1
this is what your script needs to produce:
/interface ipip add local-address=192.0.2.2 name=ampr-198.51.100.1 remote-address=198.51.100.1 /interface ipip add local-address=192.0.2.2 name=ampr-203.0.113.1 remote-address=203.0.113.1 /ip route add dst-address=44.128.0.0/19 gateway=ampr-198.51.100.1 /ip route add dst-address=44.128.210.0/24 gateway=ampr-203.0.113.1
As you see you will need to expand 44.128/19 to 44.128.0.0/19.
Depending on your setup, you may want to use routing-marks and routing tables and routing rules etc.
Something like this is the first thing I tried but was unable to set it up to have routing work.
Thanks for an example. This is much more informative than digging through that python script. Will let you know what I got.
Pedja YT9TP
Mark, using your example, I did some work.
Here in attachment is Mikrotik script that loads and parses encap.txt file, and then creates IPIP interfaces and routes according to this file.
If attachment does not go through, source is available at http://wireless.uzice.net/ampr/mikrotik-ampr-update.txt
This is work in progress. There are some stuff to add but basically it works. It can:
- download encap.txt from remote site (i've put example encap.txt available for download so script can be tested)
- parses encap.txt
- creates IPIP interfaces according to encap.txt
- sets static routes according to ecnap.txt
- it handles duplicate or obsolete interfaces and routes
- there are options for setting parameters to be applied to both interfaces and routes on their creation so user can customize them fully.
I tested syntax of created interfaces and routes but not if routing actually works as I still do not have working environment to do so. I expect anyne who already has Mikrotik used for ampr routing can review and see if all is done right, or maybe test on his router.
Pay attention: example enc.txt does not contain full 44/8 network info, just few routes for testing puprose.
This is not exactly what I meant to accomplish but is good enough as an example.
Pedja YT9TP
On Thu, Aug 22, 2013 at 3:49 PM, YT9TP - Pedja yt9tp@uzice.net wrote:
(Please trim inclusions from previous messages) _______________________________________________ Mark, using your example, I did some work.
Here in attachment is Mikrotik script that loads and parses encap.txt file, and then creates IPIP interfaces and routes according to this file.
If attachment does not go through, source is available at http://wireless.uzice.net/ampr/mikrotik-ampr-update.txt
This is work in progress. There are some stuff to add but basically it works. It can:
- download encap.txt from remote site (i've put example encap.txt available
for download so script can be tested)
What encap file did you test with? I thought Mikrotik had a 4KB limit for reading text files.
Tom KD7LXL
On 23.8.2013 0:55, Tom Hayward wrote:
What encap file did you test with? I thought Mikrotik had a 4KB limit for reading text files.
I used encap.txt trimmed to just few lines to easy debugging.
I did not realize there is such a limit. DOH! That makes my script unusable.
Well, at least I tried and I got proof of concept :)
Now, I will have to use another approach.
Pedja YT9TP
I have a simpler mikrotik script working. It isn't pretty but it updates the router every day.
If your interested I can explain it.
My linux box downloads encap.txt from ftp site and processes it every night. It then uploads a txt file with the commands in it to the router by ftp.
A simple script on the mickrotik the runs the commands within.
It works but isn't technical.
Best Regards, Hugh Golding TEQ Systems Limited
T +44 7841 749345 + hugh@teqsys.co.uk
-----Original Message----- From: 44net-bounces+hugh=teqsys.net@hamradio.ucsd.edu [mailto:44net-bounces+hugh=teqsys.net@hamradio.ucsd.edu] On Behalf Of YT9TP Pedja Sent: 23 August 2013 09:20 To: AMPRNet working group Subject: Re: [44net] Something simple
(Please trim inclusions from previous messages) _______________________________________________ On 23.8.2013 0:55, Tom Hayward wrote:
What encap file did you test with? I thought Mikrotik had a 4KB limit for reading text files.
I used encap.txt trimmed to just few lines to easy debugging.
I did not realize there is such a limit. DOH! That makes my script unusable.
Well, at least I tried and I got proof of concept :)
Now, I will have to use another approach.
Pedja YT9TP
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
Linux Script File 1 :-
wget -O encap.txt -N /root/encap https://portal.ampr.org/getdata.php?t=encap
/root/encap/process-encap-router.sh > /root/encap/router.raw.txt
ftp -n -i YOUR_ROUTER_EXTERNAL_ADDRESS <<EOF user USERNAME PASSWORD put /root/encap/router.txt encap.rsc quit EOF
**************************************************************************** ************************* Linux Script file 2 (process-encap-router.sh) :-
cat /root/encap/encap.txt | grep "^route" | grep -v " XXX.XXX.XXX.XXX" | \ awk '{ split($3, s, "/") split(s[1], n,".") if (n[1] == "") n[1]="0" if (n[2] == "") n[2]="0" if (n[3] == "") n[3]="0" if (n[4] == "") n[4]="0" if (s[2] == "1") mask="128.0.0.0" else if (s[2] == "2") mask="192.0.0.0" else if (s[2] == "3") mask="224.0.0.0" else if (s[2] == "4") mask="240.0.0.0" else if (s[2] == "5") mask="248.0.0.0" else if (s[2] == "6") mask="252.0.0.0" else if (s[2] == "7") mask="254.0.0.0" else if (s[2] == "8") mask="255.0.0.0" else if (s[2] == "9") mask="255.128.0.0" else if (s[2] == "10") mask="255.192.0.0" else if (s[2] == "11") mask="255.224.0.0" else if (s[2] == "12") mask="255.240.0.0" else if (s[2] == "13") mask="255.248.0.0" else if (s[2] == "14") mask="255.252.0.0" else if (s[2] == "15") mask="255.254.0.0" else if (s[2] == "16") mask="255.255.0.0" else if (s[2] == "17") mask="255.255.128.0" else if (s[2] == "18") mask="255.255.192.0" else if (s[2] == "19") mask="255.255.224.0" else if (s[2] == "20") mask="255.255.240.0" else if (s[2] == "21") mask="255.255.248.0" else if (s[2] == "22") mask="255.255.252.0" else if (s[2] == "23") mask="255.255.254.0" else if (s[2] == "24") mask="255.255.255.0" else if (s[2] == "25") mask="255.255.255.128" else if (s[2] == "26") mask="255.255.255.192" else if (s[2] == "27") mask="255.255.255.224" else if (s[2] == "28") mask="255.255.255.240" else if (s[2] == "29") mask="255.255.255.248" else if (s[2] == "30") mask="255.255.255.252" else if (s[2] == "31") mask="255.255.255.254" else mask="255.255.255.255"
if ($5 == "YOUR_ROUTER_EXTERNAL_ADDRESS") printf ""
else printf "interface ipip add name=ipip-ampr-%s local-address=YOUR_ROUTER_EXTERNAL_ADDRESS remote-address=%s disabled=no\r\nip address add address=YOUR_ROUTER_44_IP interface=ipip-ampr-%s\r\n",$5,$5,$5
}'
cat /root/encap/encap.txt | grep "^route" | grep -v " XXX.XXX.XXX.XXX" | \ awk '{ split($3, s, "/") split(s[1], n,".") if (n[1] == "") n[1]="0" if (n[2] == "") n[2]="0" if (n[3] == "") n[3]="0" if (n[4] == "") n[4]="0" if (s[2] == "1") mask="128.0.0.0" else if (s[2] == "2") mask="192.0.0.0" else if (s[2] == "3") mask="224.0.0.0" else if (s[2] == "4") mask="240.0.0.0" else if (s[2] == "6") mask="252.0.0.0" else if (s[2] == "7") mask="254.0.0.0" else if (s[2] == "8") mask="255.0.0.0" else if (s[2] == "9") mask="255.128.0.0" else if (s[2] == "10") mask="255.192.0.0" else if (s[2] == "11") mask="255.224.0.0" else if (s[2] == "12") mask="255.240.0.0" else if (s[2] == "13") mask="255.248.0.0" else if (s[2] == "14") mask="255.252.0.0" else if (s[2] == "15") mask="255.254.0.0" else if (s[2] == "16") mask="255.255.0.0" else if (s[2] == "17") mask="255.255.128.0" else if (s[2] == "18") mask="255.255.192.0" else if (s[2] == "19") mask="255.255.224.0" else if (s[2] == "20") mask="255.255.240.0" else if (s[2] == "21") mask="255.255.248.0" else if (s[2] == "22") mask="255.255.252.0" else if (s[2] == "23") mask="255.255.254.0" else if (s[2] == "24") mask="255.255.255.0" else if (s[2] == "25") mask="255.255.255.128" else if (s[2] == "26") mask="255.255.255.192" else if (s[2] == "27") mask="255.255.255.224" else if (s[2] == "28") mask="255.255.255.240" else if (s[2] == "29") mask="255.255.255.248" else if (s[2] == "30") mask="255.255.255.252" else if (s[2] == "31") mask="255.255.255.254" else mask="255.255.255.255"
if ($5 == "YOUR_ROUTER_EXTERNAL_ADDRESS") printf ""
else if (s[2] == "") printf "ip route add dst-address=%s.%s.%s.%s gateway=ipip-ampr-%s\r\n",n[1],n[2],n[3],n[4],$5
else printf "ip route add dst-address=%s.%s.%s.%s/%s gateway=ipip-ampr-%s\r\n",n[1],n[2],n[3],n[4],s[2],$5
}'
awk '!x[$0]++' /root/encap/router.raw.txt > /root/encap/router.txt
**************************************************************************** ************************* Router Script file :-
/ip address remove [/ip address find where interface~"ipip-ampr-"] ; ;delay 3s ; /ip address remove [/ip address find where interface~"unknown"] ; ;delay 3s ; /ip route remove [/ip route find where gateway~"ipip-ampr-"] ; ;delay 3s ; /interface ipip remove [/interface ipip find where name~"ipip-ampr-"] ; ;delay 3s ; /ip route remove [/ip route find where gateway~"unknown"] ; ;delay 3s ; /import encap.rsc
Best Regards, Hugh Golding TEQ Systems Limited
T +44 7841 749345 + hugh@teqsys.co.uk
-----Original Message----- From: 44net-bounces+hugh=teqsys.net@hamradio.ucsd.edu [mailto:44net-bounces+hugh=teqsys.net@hamradio.ucsd.edu] On Behalf Of Hugh Golding Sent: 23 August 2013 09:31 To: 'AMPRNet working group' Subject: Re: [44net] Something simple
(Please trim inclusions from previous messages) _______________________________________________ I have a simpler mikrotik script working. It isn't pretty but it updates the router every day.
If your interested I can explain it.
My linux box downloads encap.txt from ftp site and processes it every night. It then uploads a txt file with the commands in it to the router by ftp.
A simple script on the mickrotik the runs the commands within.
It works but isn't technical.
Best Regards, Hugh Golding TEQ Systems Limited
T +44 7841 749345 + hugh@teqsys.co.uk
-----Original Message----- From: 44net-bounces+hugh=teqsys.net@hamradio.ucsd.edu [mailto:44net-bounces+hugh=teqsys.net@hamradio.ucsd.edu] On Behalf Of YT9TP Pedja Sent: 23 August 2013 09:20 To: AMPRNet working group Subject: Re: [44net] Something simple
(Please trim inclusions from previous messages) _______________________________________________ On 23.8.2013 0:55, Tom Hayward wrote:
What encap file did you test with? I thought Mikrotik had a 4KB limit for reading text files.
I used encap.txt trimmed to just few lines to easy debugging.
I did not realize there is such a limit. DOH! That makes my script unusable.
Well, at least I tried and I got proof of concept :)
Now, I will have to use another approach.
Pedja YT9TP
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
On 23.8.2013 10:31, Hugh Golding wrote:
I have a simpler mikrotik script working. It isn't pretty but it updates the router every day.
If your interested I can explain it.
My linux box downloads encap.txt from ftp site and processes it every night. It then uploads a txt file with the commands in it to the router by ftp.
A simple script on the mickrotik the runs the commands within.
It works but isn't technical.
My idea is to use PHP script which can be easily put on any web server.
Script will just produce Mikrotik script which could be downloaded by Mikrotik and then executed.
That way, specific set Linux box will not be needed at all, and moreover, the same script will run on any Mikrotik so anyone who uses Mikrotik and wants to get connected in AMPRnet will be able to do so easily.
Pedja YT9TP
If there is no linux server avail I can happily upload the command txt file to anyones mikrotik if I have an ftp login.
You need only run the mikrotik script then.
Best Regards, Hugh Golding TEQ Systems Limited
T +44 7841 749345 + hugh@teqsys.co.uk
-----Original Message----- From: 44net-bounces+hugh=teqsys.net@hamradio.ucsd.edu [mailto:44net-bounces+hugh=teqsys.net@hamradio.ucsd.edu] On Behalf Of YT9TP Pedja Sent: 23 August 2013 09:53 To: AMPRNet working group Subject: Re: [44net] Something simple
(Please trim inclusions from previous messages) _______________________________________________ On 23.8.2013 10:31, Hugh Golding wrote:
I have a simpler mikrotik script working. It isn't pretty but it updates the router every day.
If your interested I can explain it.
My linux box downloads encap.txt from ftp site and processes it every
night.
It then uploads a txt file with the commands in it to the router by ftp.
A simple script on the mickrotik the runs the commands within.
It works but isn't technical.
My idea is to use PHP script which can be easily put on any web server.
Script will just produce Mikrotik script which could be downloaded by Mikrotik and then executed.
That way, specific set Linux box will not be needed at all, and moreover, the same script will run on any Mikrotik so anyone who uses Mikrotik and wants to get connected in AMPRnet will be able to do so easily.
Pedja YT9TP
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
I've been busy so another attempt to solve a problem had to wait a bit. But here it is.
I've set up PHP script that loads encap.txt, parses it and then can generate encap data in various formats. For testing two formats are available:
simple: contains coma delimited network and gateway. This reduces file size significantly
Example: http://www.uzice.net/ampr/encap/?format=simple
mikrotik45: contains Mikrotik version 4.5 script that sets IPIP interfaces and routes. Mikrotik version is specified as I developed script on RouterBoard with that version and I am not sure if it will run on newer versions.
http://www.uzice.net/ampr/encap/?format=mikrotik45
It is easy to add other formats as needed.
Idea is to have cashing for generated data, so it is not created on each user call, but only when there are changes. As generated data is not user specific (the same file works for all users), cashe should be refreshed only if encap.txt changes. That would keep server resource usage at minimum.
Users could be instructed to download generated files directly so they would not even run script. Script should run via cron, then.
...
For Mikrotik, generated script is universal, meaning, the same script can be run on any Mikrotik and it will set up what is needed.
As there is some customization needed, this script should not be executed directly but via other Mikrotik script that is set up locally on Mikrotik router. That script should set custom parameters and then download and execute encap script.
Here is an example of local script:
{ ####################################### # # AMPRNet Route Loader for Mikrotik 5.4 # version 0.0.2 # # # by YT9TP, Pedja, http://yt9tp.iz.rs # ####################################### # PARAMETERS #######################################
# download url for enc.txt file :local downloadURL "http://www.uzice.net/ampr/encap/index-mikrotik54.php";
# local public IP address of AMPR gateway :global localAddr "192.168.1.1" ;
# custom contents fora a comment on created IPIP tunnel interface :global ipipComment "";
# custom parameters to add to /interface add command :global ipipCustomParams "";
# custom contents fora a comment on created route :global routeComment "";
# custom parameters to add to /ip route add command :global routeCustomParams "routing-mark=amprs";
# identificator to be added to comments or names which is used to identify settings added by this script (to be auto deleted when needed) :global scriptIdentificator "amprs-d";
######################################## ######################################## # DO NOT EDIT BELOW THIS LINE !!! ########################################
:put ("\n\rAMPRNet route loader \n\r");
# download cmd file :put ("\n\rDownloading file " . $downloadURL . "\n\r"); /tool fetch url=$downloadURL dst-path=amprnet.rsc mode=http
:delay 5 ;
/import file-name=amprnet.rsc
}
There are some limitations. As encap contains lot of information, genereted script end up pretty large. Mikrotik router has to have enough free space to save downloaded file before execution. I guess PC with large hard disk or RouterBoard with additional memory card is required.
I have everything packed in one ZIP file for those who would like to check it out or try on their own: https://dl.dropboxusercontent.com/u/12258621/hamradio/amprnet/simplified-enc...
Pedja YT9TP
-
Brian Kantor -
Hugh Golding -
Marc, LX1DUC -
Rod Ekholm -
sp2lob@tlen.pl -
Tom Hayward -
YT9TP - Pedja -
YT9TP Pedja