Hi,
I joined to ampr network recently, set up IPIP tunnel on Cisco router and directly connected Raspberry Pi 3 (44.165.1.50/28) to one of its interfaces (44.165.1.49). It works great, I can ping and connect to and from this Pi device from outside. The problem is that I cannot ping this Cisco's 44.165.1.49/28 interface from outside. It should work as 44 packet leaves a tunnel, finds this internal interface and should get back to tunnel. I have PBR route who directs all packets from this interface directly to tunell. Each host has a valid 44 DNS address.
Interfaces:
Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 91.199.89.253 YES NVRAM up up FastEthernet2/0 44.165.1.49 YES manual up up Tunnel0 unassigned YES unset up up
Routing table: 44.0.0.0/8 is variably subnetted, 244 subnets, 12 masks C 44.165.1.48/28 is directly connected, FastEthernet2/0 L 44.165.1.49/32 is directly connected, FastEthernet2/0
Config:
interface Tunnel0 no ip address tunnel source GigabitEthernet0/0 tunnel mode ipip tunnel destination 169.228.34.84
route-map AMPR-ROUTE permit 10 match ip address 11 set default interface Tunnel0
access-list 11 permit 44.165.1.48 0.0.0.15
ARP:
Protocol Address Age (min) Hardware Addr Type Interface Internet 44.165.1.49 - 001e.f7af.4cd9 ARPA FastEthernet2/0 Internet 44.165.1.50 27 b827.eb7e.840a ARPA FastEthernet2/0
Any ideas?
Regards, Tomek
Are you running rip to tell the amprgw of your prefix?
On Wed, Sep 25, 2019 at 2:14 PM hf8n via 44Net 44net@mailman.ampr.org wrote:
Hi,
I joined to ampr network recently, set up IPIP tunnel on Cisco router and directly connected Raspberry Pi 3 (44.165.1.50/28) to one of its interfaces (44.165.1.49). It works great, I can ping and connect to and from this Pi device from outside. The problem is that I cannot ping this Cisco's 44.165.1.49/28 interface from outside. It should work as 44 packet leaves a tunnel, finds this internal interface and should get back to tunnel. I have PBR route who directs all packets from this interface directly to tunell. Each host has a valid 44 DNS address.
Interfaces:
Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 91.199.89.253 YES NVRAM up up FastEthernet2/0 44.165.1.49 YES manual up up Tunnel0 unassigned YES unset up up
Routing table: 44.0.0.0/8 is variably subnetted, 244 subnets, 12 masks C 44.165.1.48/28 is directly connected, FastEthernet2/0 L 44.165.1.49/32 is directly connected, FastEthernet2/0
Config:
interface Tunnel0 no ip address tunnel source GigabitEthernet0/0 tunnel mode ipip tunnel destination 169.228.34.84
route-map AMPR-ROUTE permit 10 match ip address 11 set default interface Tunnel0
access-list 11 permit 44.165.1.48 0.0.0.15
ARP:
Protocol Address Age (min) Hardware Addr Type Interface Internet 44.165.1.49 - 001e.f7af.4cd9 ARPA FastEthernet2/0 Internet 44.165.1.50 27 b827.eb7e.840a ARPA FastEthernet2/0
Any ideas?
Regards, Tomek
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
On Wed, Sep 25, 2019 at 02:23:06PM +0100, Alistair Mackenzie via 44Net wrote:
Are you running rip to tell the amprgw of your prefix?
Amprgw doesn't listen for RIP. All its routing information comes from the encap file published by the portal, which contains the route 44.165.1.48/28 via 91.199.89.253
However, only the addresses 44.165.1.49 and 44.165.1.50 are entered in the DNS, so only they will be pingable from outside 44net. Any other address on that subnet will not due to /32-level filtering on amprgw. If it is desired to be able to ping 44.165.1.48, for example, there must be an entry in the DNS for it to enable the ingress filter. - Brian
It seems PBR doesn't apply by default to locally generated traffic. Have you tried to use "ip local policy route-map AMPR-ROUTE"
If this doesn't help could you give device model and software release for others trying to help.
Regards, Scott
On Wed, Sep 25, 2019, 9:15 AM hf8n via 44Net 44net@mailman.ampr.org wrote:
Hi,
I joined to ampr network recently, set up IPIP tunnel on Cisco router and directly connected Raspberry Pi 3 (44.165.1.50/28) to one of its interfaces (44.165.1.49). It works great, I can ping and connect to and from this Pi device from outside. The problem is that I cannot ping this Cisco's 44.165.1.49/28 interface from outside. It should work as 44 packet leaves a tunnel, finds this internal interface and should get back to tunnel. I have PBR route who directs all packets from this interface directly to tunell. Each host has a valid 44 DNS address.
Interfaces:
Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 91.199.89.253 YES NVRAM up up FastEthernet2/0 44.165.1.49 YES manual up up Tunnel0 unassigned YES unset up up
Routing table: 44.0.0.0/8 is variably subnetted, 244 subnets, 12 masks C 44.165.1.48/28 is directly connected, FastEthernet2/0 L 44.165.1.49/32 is directly connected, FastEthernet2/0
Config:
interface Tunnel0 no ip address tunnel source GigabitEthernet0/0 tunnel mode ipip tunnel destination 169.228.34.84
route-map AMPR-ROUTE permit 10 match ip address 11 set default interface Tunnel0
access-list 11 permit 44.165.1.48 0.0.0.15
ARP:
Protocol Address Age (min) Hardware Addr Type Interface Internet 44.165.1.49 - 001e.f7af.4cd9 ARPA FastEthernet2/0 Internet 44.165.1.50 27 b827.eb7e.840a ARPA FastEthernet2/0
Any ideas?
Regards, Tomek
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
-
Alistair Mackenzie -
Brian Kantor -
HF8N@winlink.org -
Scott Nicholas