Hello All,
I've just implemented the newest version of Marius' Mikrotik script which enables accessing 44net IPs using a gateway in 44 address space, and was wondering if there is an IP which uses this configuration I can test my setup against. The network which Marius was originally tested with (44.130.120.0/24) seems to no longer be present in my routing table.
Cheers! Chris VE7ALB
I currently have 44.131.14.0/24 routed to 44.131.14.255, you should be able to ping 44.131.14.254 encapsulated.
Mike, M6XCV
On 4 May 2017 at 22:11, Christopher S. Munz-Michielin <christopher@ve7alb.ca
wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hello All,
I've just implemented the newest version of Marius' Mikrotik script which enables accessing 44net IPs using a gateway in 44 address space, and was wondering if there is an IP which uses this configuration I can test my setup against. The network which Marius was originally tested with ( 44.130.120.0/24) seems to no longer be present in my routing table.
Cheers! Chris VE7ALB
44Net mailing list 44Net@hamradio.ucsd.edu https://u4477715.ct.sendgrid.net/wf/click?upn=vS4GjSiF-2F5vYmfX5tr6ez81-2Fej...
Thanks for the reply Mike.
I've just tested and have been unsuccessful. I've done a packet capture and can see the IPIP packets leaving my router with source IP 208.110.114.235 and destination IP 44.131.14.255. Inside the tunnel I have source IP 44.135.193.130 and destination IP 44.131.14.254.
Can you confirm if you have routes for 44.135.193.0/24 destined to 208.110.114.235?
Cheers, Chris
On 5/4/2017 4:16 PM, M6XCV (Mike) wrote:
(Please trim inclusions from previous messages) _______________________________________________ I currently have 44.131.14.0/24 routed to 44.131.14.255, you should be able to ping 44.131.14.254 encapsulated.
Mike, M6XCV
On 4 May 2017 at 22:11, Christopher S. Munz-Michielin <christopher@ve7alb.ca
wrote: (Please trim inclusions from previous messages) _______________________________________________ Hello All,
I've just implemented the newest version of Marius' Mikrotik script which enables accessing 44net IPs using a gateway in 44 address space, and was wondering if there is an IP which uses this configuration I can test my setup against. The network which Marius was originally tested with ( 44.130.120.0/24) seems to no longer be present in my routing table.
Cheers! Chris VE7ALB
44Net mailing list 44Net@hamradio.ucsd.edu https://u4477715.ct.sendgrid.net/wf/click?upn=vS4GjSiF-2F5vYmfX5tr6ez81-2Fej...
Chris,
The test systems are still there and working. Also, your route is in the RIP and working (I can ping 44.135.193.1).
Please check in your router if you don't drop those 44 routes in Routing->Prefix Lists.
Also please take care to DROP 44.0.0.1 in your prefix list, since this will render the RIP receiving non-functional.
Also make sure you do not have another interface with 44.x.x.x/8 (netmask /8) assigned to any other interface.
Marius, YO2LOJ
On 2017-05-05 03:27, Christopher S. Munz-Michielin wrote:
(Please trim inclusions from previous messages) _______________________________________________ Thanks for the reply Mike.
I've just tested and have been unsuccessful. I've done a packet capture and can see the IPIP packets leaving my router with source IP 208.110.114.235 and destination IP 44.131.14.255. Inside the tunnel I have source IP 44.135.193.130 and destination IP 44.131.14.254.
Can you confirm if you have routes for 44.135.193.0/24 destined to 208.110.114.235?
Cheers, Chris
On 5/4/2017 4:16 PM, M6XCV (Mike) wrote:
(Please trim inclusions from previous messages) _______________________________________________ I currently have 44.131.14.0/24 routed to 44.131.14.255, you should be able to ping 44.131.14.254 encapsulated.
Mike, M6XCV
On 4 May 2017 at 22:11, Christopher S. Munz-Michielin <christopher@ve7alb.ca
wrote: (Please trim inclusions from previous messages) _______________________________________________ Hello All,
I've just implemented the newest version of Marius' Mikrotik script which enables accessing 44net IPs using a gateway in 44 address space, and was wondering if there is an IP which uses this configuration I can test my setup against. The network which Marius was originally tested with ( 44.130.120.0/24) seems to no longer be present in my routing table.
Cheers! Chris VE7ALB
44Net mailing list 44Net@hamradio.ucsd.edu https://u4477715.ct.sendgrid.net/wf/click?upn=vS4GjSiF-2F5vYmfX5tr6ez81-2Fej...
Hi Marius,
Thanks for the reply, here's what I have in prefix lists: [ve7alb@ca-vic-cu-router02] > /routing prefix-lists print 0 chain=ampr prefix=44.0.0.1/32 prefix-length=0-32 invert-match=no action=discard 1 chain=ampr prefix=44.0.0.0/8 prefix-length=8-32 invert-match=no action=accept 2 chain=ampr prefix=0.0.0.0/0 prefix-length=0-32 invert-match=no action=discard
And here's what I have for assigned IP addresses: [ve7alb@ca-vic-cu-router02] > /ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 ;;; cipherkey WAN 208.110.114.235/29 208.110.114.232 ether2 1 44.135.193.129/8 44.0.0.0 ucsd-gw 2 ;;; 44.135.193 lan 44.135.192.33/29 44.135.192.32 ucsd-gw 3 44.135.193.18/32 44.135.193.18 ucsd-gw 4 44.135.193.130/32 44.135.193.130 ucsd-gw
It's very strange, when I ping Mark's IP I can see the IPIP packets going out, but nothing coming back and after examining the packet capture from Mark's end I can that he is sending IPIP packets to the correct router, but I never receive them.
I'll check firewall rules on my upstream router and see if there's something strange going on there.
On 5/4/2017 10:51 PM, Marius Petrescu wrote:
(Please trim inclusions from previous messages) _______________________________________________ Chris,
The test systems are still there and working. Also, your route is in the RIP and working (I can ping 44.135.193.1).
Please check in your router if you don't drop those 44 routes in Routing->Prefix Lists.
Also please take care to DROP 44.0.0.1 in your prefix list, since this will render the RIP receiving non-functional.
Also make sure you do not have another interface with 44.x.x.x/8 (netmask /8) assigned to any other interface.
Marius, YO2LOJ
On 2017-05-05 03:27, Christopher S. Munz-Michielin wrote:
(Please trim inclusions from previous messages) _______________________________________________ Thanks for the reply Mike.
I've just tested and have been unsuccessful. I've done a packet capture and can see the IPIP packets leaving my router with source IP 208.110.114.235 and destination IP 44.131.14.255. Inside the tunnel I have source IP 44.135.193.130 and destination IP 44.131.14.254.
Can you confirm if you have routes for 44.135.193.0/24 destined to 208.110.114.235?
Cheers, Chris
On 5/4/2017 4:16 PM, M6XCV (Mike) wrote:
(Please trim inclusions from previous messages) _______________________________________________ I currently have 44.131.14.0/24 routed to 44.131.14.255, you should be able to ping 44.131.14.254 encapsulated.
Mike, M6XCV
On 4 May 2017 at 22:11, Christopher S. Munz-Michielin <christopher@ve7alb.ca
wrote: (Please trim inclusions from previous messages) _______________________________________________ Hello All,
I've just implemented the newest version of Marius' Mikrotik script which enables accessing 44net IPs using a gateway in 44 address space, and was wondering if there is an IP which uses this configuration I can test my setup against. The network which Marius was originally tested with ( 44.130.120.0/24) seems to no longer be present in my routing table.
Cheers! Chris VE7ALB
44Net mailing list 44Net@hamradio.ucsd.edu https://u4477715.ct.sendgrid.net/wf/click?upn=vS4GjSiF-2F5vYmfX5tr6ez81-2Fej...
OK, found the issue. I had a policy route for 44/8 on my upstream router which was causing issues. Modified that and I can ping Mike's subnet no problem.
Marius: I'm still not seeing a route for 44.130.120.0/24 in my routing table and am not seeing it in the latest encap.txt file either.
Cheers, Chris
On 5/5/2017 7:33 AM, Christopher S. Munz-Michielin wrote:
[This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing]
(Please trim inclusions from previous messages) _______________________________________________ Hi Marius,
Thanks for the reply, here's what I have in prefix lists: [ve7alb@ca-vic-cu-router02] > /routing prefix-lists print 0 chain=ampr prefix=44.0.0.1/32 prefix-length=0-32 invert-match=no action=discard 1 chain=ampr prefix=44.0.0.0/8 prefix-length=8-32 invert-match=no action=accept 2 chain=ampr prefix=0.0.0.0/0 prefix-length=0-32 invert-match=no action=discard
And here's what I have for assigned IP addresses: [ve7alb@ca-vic-cu-router02] > /ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 ;;; cipherkey WAN 208.110.114.235/29 208.110.114.232 ether2 1 44.135.193.129/8 44.0.0.0 ucsd-gw 2 ;;; 44.135.193 lan 44.135.192.33/29 44.135.192.32 ucsd-gw 3 44.135.193.18/32 44.135.193.18 ucsd-gw 4 44.135.193.130/32 44.135.193.130 ucsd-gw
It's very strange, when I ping Mark's IP I can see the IPIP packets going out, but nothing coming back and after examining the packet capture from Mark's end I can that he is sending IPIP packets to the correct router, but I never receive them.
I'll check firewall rules on my upstream router and see if there's something strange going on there.
On 5/4/2017 10:51 PM, Marius Petrescu wrote:
(Please trim inclusions from previous messages) _______________________________________________ Chris,
The test systems are still there and working. Also, your route is in the RIP and working (I can ping 44.135.193.1).
Please check in your router if you don't drop those 44 routes in Routing->Prefix Lists.
Also please take care to DROP 44.0.0.1 in your prefix list, since this will render the RIP receiving non-functional.
Also make sure you do not have another interface with 44.x.x.x/8 (netmask /8) assigned to any other interface.
Marius, YO2LOJ
On 2017-05-05 03:27, Christopher S. Munz-Michielin wrote:
(Please trim inclusions from previous messages) _______________________________________________ Thanks for the reply Mike.
I've just tested and have been unsuccessful. I've done a packet capture and can see the IPIP packets leaving my router with source IP 208.110.114.235 and destination IP 44.131.14.255. Inside the tunnel I have source IP 44.135.193.130 and destination IP 44.131.14.254.
Can you confirm if you have routes for 44.135.193.0/24 destined to 208.110.114.235?
Cheers, Chris
On 5/4/2017 4:16 PM, M6XCV (Mike) wrote:
(Please trim inclusions from previous messages) _______________________________________________ I currently have 44.131.14.0/24 routed to 44.131.14.255, you should be able to ping 44.131.14.254 encapsulated.
Mike, M6XCV
On 4 May 2017 at 22:11, Christopher S. Munz-Michielin <christopher@ve7alb.ca
wrote: (Please trim inclusions from previous messages) _______________________________________________ Hello All,
I've just implemented the newest version of Marius' Mikrotik script which enables accessing 44net IPs using a gateway in 44 address space, and was wondering if there is an IP which uses this configuration I can test my setup against. The network which Marius was originally tested with ( 44.130.120.0/24) seems to no longer be present in my routing table.
Cheers! Chris VE7ALB
44Net mailing list 44Net@hamradio.ucsd.edu https://u4477715.ct.sendgrid.net/wf/click?upn=vS4GjSiF-2F5vYmfX5tr6ez81-2Fej...
FYI I can not get to you from here...please note my windows get's NATted to a 44.56.53.3 address before it goes out.
C:>tracert 44.131.14.255
Tracing route to gateway.as206671 [44.131.14.255] over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms xtm520.wa4zlw.homedns.org [10.161.51.3] 2 1 ms <1 ms <1 ms core100.wa4zlw.ampr.org [44.56.53.1] 3 br0.core100.wa4zlw.homedns.org [10.4.0.2] reports: Destination host unreachable.
Trace complete.
C:>tracert 44.131.14.254
Tracing route to Gateway.AS206671 [44.131.14.254] over a maximum of 30 hops:
1 1 ms <1 ms 1 ms xtm520.wa4zlw.homedns.org [10.161.51.3] 2 1 ms <1 ms 1 ms core100.wa4zlw.ampr.org [44.56.53.1] 3 * * * Request timed out. 4 * * * Request timed out. 5 * * ^C C:>tracert 44.131.14.10
Tracing route to 44.131.14.10 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms xtm520.wa4zlw.homedns.org [10.161.51.3] 2 1 ms <1 ms <1 ms core100.wa4zlw.ampr.org [44.56.53.1] 3 br0.core100.wa4zlw.homedns.org [10.4.0.2] reports: Destination host unreachable.
Trace complete.
C:>tracert 44.131.56.241
Tracing route to 44.131.56.241 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms xtm520.wa4zlw.homedns.org [10.161.51.3] 2 3 ms 1 ms 1 ms core100.wa4zlw.ampr.org [44.56.53.1] 3 * * * Request timed out. 4 * * * Request timed out. 5 ^C C:>tracert yo2tm.ampr.org
Tracing route to yo2tm.ampr.org [44.182.21.1] over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms xtm520.wa4zlw.homedns.org [10.161.51.3] 2 2 ms 1 ms 1 ms core100.wa4zlw.ampr.org [44.56.53.1] 3 138 ms 139 ms 143 ms router.yo2loj.ampr.org [44.182.21.254] 4 136 ms 134 ms 136 ms yo2tm.ampr.org [44.182.21.1]
Trace complete.
C:>ping 44.131.56.10
Pinging 44.131.56.10 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out.
Ping statistics for 44.131.56.10: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:>ping 44.131.56.254
Pinging 44.131.56.254 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out.
Ping statistics for 44.131.56.254: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:>
On 5/5/2017 12:00 PM, Christopher S. Munz-Michielin wrote:
(Please trim inclusions from previous messages) _______________________________________________ OK, found the issue. I had a policy route for 44/8 on my upstream router which was causing issues. Modified that and I can ping Mike's subnet no problem.
Marius: I'm still not seeing a route for 44.130.120.0/24 in my routing table and am not seeing it in the latest encap.txt file either.
Cheers, Chris
On 5/5/2017 7:33 AM, Christopher S. Munz-Michielin wrote:
[This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing]
(Please trim inclusions from previous messages) _______________________________________________ Hi Marius,
Thanks for the reply, here's what I have in prefix lists: [ve7alb@ca-vic-cu-router02] > /routing prefix-lists print 0 chain=ampr prefix=44.0.0.1/32 prefix-length=0-32 invert-match=no action=discard 1 chain=ampr prefix=44.0.0.0/8 prefix-length=8-32 invert-match=no action=accept 2 chain=ampr prefix=0.0.0.0/0 prefix-length=0-32 invert-match=no action=discard
And here's what I have for assigned IP addresses: [ve7alb@ca-vic-cu-router02] > /ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 ;;; cipherkey WAN 208.110.114.235/29 208.110.114.232 ether2 1 44.135.193.129/8 44.0.0.0 ucsd-gw 2 ;;; 44.135.193 lan 44.135.192.33/29 44.135.192.32 ucsd-gw 3 44.135.193.18/32 44.135.193.18 ucsd-gw 4 44.135.193.130/32 44.135.193.130 ucsd-gw
It's very strange, when I ping Mark's IP I can see the IPIP packets going out, but nothing coming back and after examining the packet capture from Mark's end I can that he is sending IPIP packets to the correct router, but I never receive them.
I'll check firewall rules on my upstream router and see if there's something strange going on there.
On 5/4/2017 10:51 PM, Marius Petrescu wrote:
(Please trim inclusions from previous messages) _______________________________________________ Chris,
The test systems are still there and working. Also, your route is in the RIP and working (I can ping 44.135.193.1).
Please check in your router if you don't drop those 44 routes in Routing->Prefix Lists.
Also please take care to DROP 44.0.0.1 in your prefix list, since this will render the RIP receiving non-functional.
Also make sure you do not have another interface with 44.x.x.x/8 (netmask /8) assigned to any other interface.
Marius, YO2LOJ
On 2017-05-05 03:27, Christopher S. Munz-Michielin wrote:
(Please trim inclusions from previous messages) _______________________________________________ Thanks for the reply Mike.
I've just tested and have been unsuccessful. I've done a packet capture and can see the IPIP packets leaving my router with source IP 208.110.114.235 and destination IP 44.131.14.255. Inside the tunnel I have source IP 44.135.193.130 and destination IP 44.131.14.254.
Can you confirm if you have routes for 44.135.193.0/24 destined to 208.110.114.235?
Cheers, Chris
On 5/4/2017 4:16 PM, M6XCV (Mike) wrote:
(Please trim inclusions from previous messages) _______________________________________________ I currently have 44.131.14.0/24 routed to 44.131.14.255, you should be able to ping 44.131.14.254 encapsulated.
Mike, M6XCV
On 4 May 2017 at 22:11, Christopher S. Munz-Michielin <christopher@ve7alb.ca
wrote: (Please trim inclusions from previous messages) _______________________________________________ Hello All,
I've just implemented the newest version of Marius' Mikrotik script which enables accessing 44net IPs using a gateway in 44 address space, and was wondering if there is an IP which uses this configuration I can test my setup against. The network which Marius was originally tested with ( 44.130.120.0/24) seems to no longer be present in my routing table.
Cheers! Chris VE7ALB
44Net mailing list 44Net@hamradio.ucsd.edu https://u4477715.ct.sendgrid.net/wf/click?upn=vS4GjSiF-2F5vYmfX5tr6ez81-2Fej...
Hi,
Sorry for the delay, I just had a look and I am able to ping 44.135.193.1 but not .130. I am going out as .254 inside source .255 outsource source. However, .1 replies back to .254 without encapsulation. I get no response from .130.
https://u4477715.ct.sendgrid.net/wf/click?upn=MJaTQVDJZogYIZySndf7y-2BCWLgZM...
root@newjersey:~# ip route get 44.135.193.130 44.135.193.130 via 208.110.114.235 dev tunl0 src 44.131.14.254 cache root@newjersey:~# ip route get 44.135.193.1 44.135.193.1 via 208.110.114.235 dev tunl0 src 44.131.14.254 cache root@newjersey:~# ip route get 208.110.114.235 208.110.114.235 via 45.63.20.1 dev eth0 src 44.131.14.255 cache root@newjersey:~# ping -w 3 44.135.193.1 PING 44.135.193.1 (44.135.193.1) 56(84) bytes of data. 64 bytes from 44.135.193.1: icmp_seq=1 ttl=51 time=108 ms 64 bytes from 44.135.193.1: icmp_seq=2 ttl=51 time=108 ms 64 bytes from 44.135.193.1: icmp_seq=3 ttl=51 time=107 ms
--- 44.135.193.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 107.470/107.997/108.355/0.380 ms root@newjersey:~# ping -w 3 44.135.193.130 PING 44.135.193.130 (44.135.193.130) 56(84) bytes of data.
--- 44.135.193.130 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2008ms
Thanks, Mike, M6XCV
On 5 May 2017 at 01:27, Christopher S. Munz-Michielin <christopher@ve7alb.ca
wrote:
(Please trim inclusions from previous messages) _______________________________________________ Thanks for the reply Mike.
I've just tested and have been unsuccessful. I've done a packet capture and can see the IPIP packets leaving my router with source IP 208.110.114.235 and destination IP 44.131.14.255. Inside the tunnel I have source IP 44.135.193.130 and destination IP 44.131.14.254.
Can you confirm if you have routes for 44.135.193.0/24 destined to 208.110.114.235?
Cheers, Chris
On 5/4/2017 4:16 PM, M6XCV (Mike) wrote:
(Please trim inclusions from previous messages) _______________________________________________ I currently have 44.131.14.0/24 routed to 44.131.14.255, you should be able to ping 44.131.14.254 encapsulated.
Mike, M6XCV
On 4 May 2017 at 22:11, Christopher S. Munz-Michielin < christopher@ve7alb.ca
wrote: (Please trim inclusions from previous messages) _______________________________________________ Hello All,
I've just implemented the newest version of Marius' Mikrotik script which enables accessing 44net IPs using a gateway in 44 address space, and was wondering if there is an IP which uses this configuration I can test my setup against. The network which Marius was originally tested with ( 44.130.120.0/24) seems to no longer be present in my routing table.
Cheers! Chris VE7ALB
44Net mailing list 44Net@hamradio.ucsd.edu https://u4477715.ct.sendgrid.net/wf/click?upn=Ki4chJONuNfM0VomxEE-2BoYpt2g-2... mfX5tr6ez81-2Fejubm4weNAlQoytz2H-2BHtaS0meDwSnNgU-2BpImERKh3 ZrCub-2BbADpbbQ6OyRAEg-3D-3D_hzVA6CorwLLoBNMa4L2WJ-2FCatrCa3 3kwc-2F5ZLK3-2BWtKN60lvXrgkJHMidNOzydqe6GLLkaSSRPwCwQ4-2BPNs kl1nCGQ4MjajdweM7LaMpTJq7WtQ49sxIAGbx-2BlOeGDetfgBjhqDLSpTqU dX01MwCPthge1tzAGigEWl2cd1iF65W8z7-2Fs2QuqXebVpfclUiIiMUjIID tO7mgQ0pxYvfC-2FFyYUmM9CmGOpLMiJT2uLcU-3D
Mike,
Here are the results of: http://44.60.44.10/tools/trace/php-trace44.php?host=44.131.14.254&submit...
Trace Output:
traceroute to 44.131.14.254 (44.131.14.254), 30 hops max, 60 byte packets 1 kb3vwg-001.ampr.org (44.60.44.1) 0.668 ms 0.717 ms 1.017 ms 2 Gateway.AS206671 (44.131.14.254) 10.711 ms 11.027 ms 11.019 ms
done ...
root@router:~# ip route get 44.131.14.254 from 44.60.44.1 44.131.14.254 from 44.60.44.1 via 44.131.14.255 dev tunl0 table 44 cache window 840
root@router:~# ip route get 44.131.14.255 from 44.60.44.1 44.131.14.255 from 44.60.44.1 via 71.163.58.1 dev eth0.2 table 44
73,
- Lynwood KB3VWG
I should note:
- eth0.2 is masqueraded-NAT, because of BCP38 (44.60.44.1, changes to my ISP-assigned Gateway Public IP, and forwarded to the BGBed 44 IP), kudos to Marius who also configured this in ampr-ripd (let me know when 1.16.4 is online. I can then remove the default route, if I choose, and reach AMPRGW on tunl0. - in the archives, I noted the firewall forward rule that permits this (as on LEDE/OpenWRT, this is a different firewall zone, on a zone-based firewall - and doesn't work with the iptables configs in the Wiki) - I'll work on documenting and editing
- KB3VWG
All,
If you are using OpenWRT/LEDE - in order to reach 44 IP with 44 subnets, do the following:
- if you only assign an IP to you local bridge (per the Wiki), facing your local allocation; - add 'WAN' to you general firewall rules allowing AMPRLAN to forward, in addition to the existing 'AMPRWAN' zone - you can remove the custom forward rule I sent to the reflector archives a few day ago - reboot - once back online, you should still be able to reach Mike
73,
- Lynwood KB3VWG
-
Christopher S. Munz-Michielin -
Leon Zetekoff -
lleachii@aol.com -
M6XCV (Mike) -
Marius Petrescu