23 Jan
2021
23 Jan
'21
2:32 p.m.
Hello,
I have followed the instructions at
https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or…,
but am encountering an error when running the ampr.sh script.
line 28: /usr/sbin/ampr-ripd: cannot execute binary file
The binary file is executable and I am attempting to run it from root.
Line 28 has not been modified in the script:
ampr-ripd -s -t 44 -i tun44 -m 90
The instructions say only to modify if needed, and based on the info in the
Wiki I did not see a need to modify it, but I may be missing something. Any
ideas?
73,
Lee K5DAT
23 Jan
23 Jan
6:46 p.m.
Please disregard - I had downloaded the XRouter Lite version by mistake.
Lee K5DAT
On Sat, Jan 23, 2021 at 2:32 PM Lee D Bengston <kilo5dat(a)gmail.com> wrote:
Hello,
I have followed the instructions at
https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or…,
but am encountering an error when running the ampr.sh script.
line 28: /usr/sbin/ampr-ripd: cannot execute binary file
The binary file is executable and I am attempting to run it from root.
Line 28 has not been modified in the script:
ampr-ripd -s -t 44 -i tun44 -m 90
The instructions say only to modify if needed, and based on the info in
the Wiki I did not see a need to modify it, but I may be missing something.
Any ideas?
73,
Lee K5DAT
11:28 p.m.
Hi Lee,
Yes, that would happen if you get the wrong one since they use different
processors types :-)
Have fun with it,
Marius, YO2LOJ
On 24.01.2021 02:46, Lee D Bengston via 44Net wrote:
Please disregard - I had downloaded the XRouter Lite
version by mistake.
Lee K5DAT
On Sat, Jan 23, 2021 at 2:32 PM Lee D Bengston <kilo5dat(a)gmail.com> wrote:
Hello,
I have followed the instructions at
https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or…,
but am encountering an error when running the ampr.sh script.
line 28: /usr/sbin/ampr-ripd: cannot execute binary file
The binary file is executable and I am attempting to run it from root.
Line 28 has not been modified in the script:
ampr-ripd -s -t 44 -i tun44 -m 90
The instructions say only to modify if needed, and based on the info in
the Wiki I did not see a need to modify it, but I may be missing something.
Any ideas?
73,
Lee K5DAT
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
24 Jan
24 Jan
10:30 a.m.
On Sat, Jan 23, 2021 at 11:28 PM Marius Petrescu <marius(a)yo2loj.ro> wrote:
Hi Lee,
Yes, that would happen if you get the wrong one since they use different
processors types :-)
Have fun with it,
Marius, YO2LOJ
Hi Marius,
Yes, I'm having "fun" so far. :-) It's a nice little router, so
I'd love
to get the gateway working on it. I added the wizard you created - very
cool add-on by the way. It shows the daemon running with a PID number, but
there are no routes showing up under "AMPR Routes". I assume that means
the daemon is not getting the routes for some reason? I do have the tunnel
(tun44) configured, and I'm not seeing anything wrong with it. Isn't the
tunnel required for traffic to/from the various gateways as opposed to
receiving inbound RIP traffic sent from UCSD to my gateway?
One thing I noticed was in the Linux gateway instructions there's a need to
get the password and include that in the startup script. There's no mention
of that in the Ubiquiti instructions, so is that hard-coded in the
ampr-ripd application for the Edgerouters?
A packet capture on eth0 (WAN port) shows lines like this:
IP 169.228.34.84 > 70.101.238.162: IP 44.0.0.1.520 > 224.0.0.9.520: RIPv2,
Response, length: 504 (ipip-proto-4)
IP 169.228.34.84 > 70.101.238.162: IP 44.0.0.1.520 > 224.0.0.9.520: RIPv2,
Response, length: 504 (ipip-proto-4)
70.101.238.162 is the assigned static address from my ISP, and it's also
configured as the local IP for the tunnel (remote IP is 0.0.0.0).
44.92.0.81/32 is configured as the tunnel's address. My amprnet allocation
is 44.92.0.80/29. Also Eth0 (WAN port) on the Edgerouter is assigned
70.101.238.162 via DHCP.
Fyi there are NAT rules in place to forward ipencap to a host on my LAN
where XRouter is running. XRouter can run RIP and get the tunnel routes, so
I know the router forwards ipencap. I removed the NAT rules temporarily in
case they were causing a problem with ampr-ripd, but I still didn't see any
routes in the Wizard after an hour or so.
I'm open to suggestions - is there a debug mode for ampr-ripd or a log I
can look at? (didn't see one in /var/log in the router)
Thanks very much for the reply.
Lee K5DAT
11:30 p.m.
Lee,
First of all, the password is hardcoded and the option ist there to be
able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the proper
firewall rules to allow incoming IPIP from eth0 as described in 'Router
preparation' and a rule accepting incoming data from the tunnels (that
tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel interface.
That one was missing in the firewall setup instructions, I added it to
the instructions in the wiki.
Marius, YO2LOJ
30 Jan
30 Jan
8:46 a.m.
Hi Marius,
I just realized my previous reply didn't go to the list. I did add all of
the FW rules documented in the Wiki and also added the new one to
TUNNEL_LOCAL to allow UDP 520. After no luck I also added a rule to
WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need to specify
something using the -a parameter in the script. I'm not sure exactly what
the example does being that it is simply a comma separated list of
subnets. Do I need to exclude my own /29 subnet using this? (Below is the
example from the Wiki.)
-a 44.0.0.1/32,44.128.1.0/24,44.128.2.0/24,your.gw.com
Thanks,
Lee K5DAT
On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius(a)yo2loj.ro> wrote:
Lee,
First of all, the password is hardcoded and the option ist there to be
able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the proper
firewall rules to allow incoming IPIP from eth0 as described in 'Router
preparation' and a rule accepting incoming data from the tunnels (that
tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel interface.
That one was missing in the firewall setup instructions, I added it to
the instructions in the wiki.
Marius, YO2LOJ
9:07 a.m.
If your gw sits on the internet directly (e.g. one of the interfaces has
your public gateway IP), then it should work without the -a parameter.
If it is behind a router, you need to add your gateway ip or host name
to the -a list.
Also, to be able to ping/reach 44.0.0.1 correctly via the public
internet, you should also have 44.0.0.1/32 added to that.
To suppress other subnets, you may add the EXACT ip/prefix length
combination, as defined by the portal.
Marius, YO2LOJ
On 30.01.2021 16:46, Lee D Bengston wrote:
Hi Marius,
I just realized my previous reply didn't go to the list. I did add
all of the FW rules documented in the Wiki and also added the new one
to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a rule
to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need to
specify something using the -a parameter in the script. I'm not sure
exactly what the example does being that it is simply a comma
separated list of subnets. Do I need to exclude my own /29 subnet
using this? (Below is the example from the Wiki.)
-a44.0.0.1/32 <http://44.0.0.1/32>,44.128.1.0/24,44.128.2.0/24,your.gw.com
<http://44.128.1.0/24,44.128.2.0/24,your.gw.com>
Thanks,
Lee K5DAT
On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius(a)yo2loj.ro
<mailto:marius@yo2loj.ro>> wrote:
Lee,
First of all, the password is hardcoded and the option ist there
to be
able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the
proper
firewall rules to allow incoming IPIP from eth0 as described in
'Router
preparation' and a rule accepting incoming data from the tunnels
(that
tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel
interface.
That one was missing in the firewall setup instructions, I added
it to
the instructions in the wiki.
Marius, YO2LOJ
1:03 p.m.
I'm having a similar issue as Lee.
I'm wondering if all the steps are in the two wiki articles?
I've tried both using a single erX( with a public IP on WAN) and hanging
a 2nd erX off one of my NAT erX and I get the same issue.
When I do a traceroute I'm going through UCSD, my IP shows as my 44
subnet (using IPchicken etc), I can ping but the RIP routes do not seem
to populate the tables.
Either I'm misreading the instructions (which is probably and highly
possible) or I'm missing something.
I did notice in
<https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter>
that the WAN_IN & WAN_LOCAL rulesets seem off.
"There should be two rulesets
o WAN_IN
o WAN_LOCAL
For each rule, press the actions button on the right and select the
interfaces option.
• Press the + Add Interface button.
•_Select tun0 as the interface and select in as the direction._ <-- I
don't think the erX will allow tun0 to point to 'IN' for both WAN_IN &
WAN_LOCAL. (should it be WAN_IN --> IN, WAN_LOCAL --> LOCAL)
• Finish by pressing the Save Ruleset button."
When I run ampr.sh from the CLI I get the following error ' Error:
argument "fe80::5efe:c0a8:11e/64" is wrong: Failed to parse rule type'
converting that MAC gives me 192.168.1.30 which is the "DMZd" WAN IP of
the erX that ampr-rip is running on.
73, Andrew K1YMI
On 1/30/21 10:07 AM, Marius Petrescu via 44Net wrote:
If your gw sits on the internet directly (e.g. one of
the interfaces
has your public gateway IP), then it should work without the -a
parameter.
If it is behind a router, you need to add your gateway ip or host name
to the -a list.
Also, to be able to ping/reach 44.0.0.1 correctly via the public
internet, you should also have 44.0.0.1/32 added to that.
To suppress other subnets, you may add the EXACT ip/prefix length
combination, as defined by the portal.
Marius, YO2LOJ
On 30.01.2021 16:46, Lee D Bengston wrote:
Hi Marius,
I just realized my previous reply didn't go to the list. I did add
all of the FW rules documented in the Wiki and also added the new one
to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a rule
to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need to
specify something using the -a parameter in the script. I'm not sure
exactly what the example does being that it is simply a comma
separated list of subnets. Do I need to exclude my own /29 subnet
using this? (Below is the example from the Wiki.)
-a44.0.0.1/32
<http://44.0.0.1/32>,44.128.1.0/24,44.128.2.0/24,your.gw.com
<http://44.128.1.0/24,44.128.2.0/24,your.gw.com>
Thanks,
Lee K5DAT
On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius(a)yo2loj.ro
<mailto:marius@yo2loj.ro>> wrote:
Lee,
First of all, the password is hardcoded and the option ist there
to be
able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the
proper
firewall rules to allow incoming IPIP from eth0 as described in
'Router
preparation' and a rule accepting incoming data from the tunnels
(that
tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel
interface.
That one was missing in the firewall setup instructions, I added
it to
the instructions in the wiki.
Marius, YO2LOJ
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
7:54 p.m.
It may be wrong, since part of it was written from memory.
I will revise all the data in the wiki page.
Marius, YO2LOJ
On 30.01.2021 21:03, Andrew Pepper via 44Net wrote:
I'm having a similar issue as Lee.
I'm wondering if all the steps are in the two wiki articles?
I've tried both using a single erX( with a public IP on WAN) and
hanging a 2nd erX off one of my NAT erX and I get the same issue.
When I do a traceroute I'm going through UCSD, my IP shows as my 44
subnet (using IPchicken etc), I can ping but the RIP routes do not
seem to populate the tables.
Either I'm misreading the instructions (which is probably and highly
possible) or I'm missing something.
I did notice in
<https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter>
that the WAN_IN & WAN_LOCAL rulesets seem off.
"There should be two rulesets
o WAN_IN
o WAN_LOCAL
For each rule, press the actions button on the right and select the
interfaces option.
• Press the + Add Interface button.
•_Select tun0 as the interface and select in as the
direction._ <-- I don't think the erX will allow tun0 to point to
'IN' for both WAN_IN & WAN_LOCAL. (should it be WAN_IN --> IN,
WAN_LOCAL --> LOCAL)
• Finish by pressing the Save Ruleset button."
When I run ampr.sh from the CLI I get the following error ' Error:
argument "fe80::5efe:c0a8:11e/64" is wrong: Failed to parse rule type'
converting that MAC gives me 192.168.1.30 which is the "DMZd" WAN IP
of the erX that ampr-rip is running on.
73, Andrew K1YMI
On 1/30/21 10:07 AM, Marius Petrescu via 44Net wrote:
If your gw sits on the internet directly (e.g.
one of the interfaces
has your public gateway IP), then it should work without the -a
parameter.
If it is behind a router, you need to add your gateway ip or host
name to the -a list.
Also, to be able to ping/reach 44.0.0.1 correctly via the public
internet, you should also have 44.0.0.1/32 added to that.
To suppress other subnets, you may add the EXACT ip/prefix length
combination, as defined by the portal.
Marius, YO2LOJ
On 30.01.2021 16:46, Lee D Bengston wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net Hi Marius,
I just realized my previous reply didn't go to the list. I did add
all of the FW rules documented in the Wiki and also added the new
one to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a
rule to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need to
specify something using the -a parameter in the script. I'm not
sure exactly what the example does being that it is simply a comma
separated list of subnets. Do I need to exclude my own /29 subnet
using this? (Below is the example from the Wiki.)
-a44.0.0.1/32
<http://44.0.0.1/32>,44.128.1.0/24,44.128.2.0/24,your.gw.com
<http://44.128.1.0/24,44.128.2.0/24,your.gw.com>
Thanks,
Lee K5DAT
On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius(a)yo2loj.ro
<mailto:marius@yo2loj.ro>> wrote:
Lee,
First of all, the password is hardcoded and the option ist there
to be
able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the
proper
firewall rules to allow incoming IPIP from eth0 as described in
'Router
preparation' and a rule accepting incoming data from the tunnels
(that
tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel
interface.
That one was missing in the firewall setup instructions, I added
it to
the instructions in the wiki.
Marius, YO2LOJ
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
8:07 p.m.
Marius,
Thanks for looking at it.
One thing I just found is in the ampr.sh script. When it does the grep
for "inet" if the erX is enabled for ipv4 and ipv6 enabled it greps both.
The grep produces a response for "inet" & "inet6". I changed the
grep to
[grep -w "inet"] which causes it to only respond with the inet IP.
That removed the "failed to parse rule" error I was getting when the
script was ran. Still no routes .. but another step closer... maybe.
73 Andrew K1YMI
On 1/30/21 8:54 PM, Marius Petrescu wrote:
It may be wrong, since part of it was written from
memory.
I will revise all the data in the wiki page.
Marius, YO2LOJ
On 30.01.2021 21:03, Andrew Pepper via 44Net wrote:
> I'm having a similar issue as Lee.
>
> I'm wondering if all the steps are in the two wiki articles?
>
> I've tried both using a single erX( with a public IP on WAN) and
> hanging a 2nd erX off one of my NAT erX and I get the same issue.
>
> When I do a traceroute I'm going through UCSD, my IP shows as my 44
> subnet (using IPchicken etc), I can ping but the RIP routes do not
> seem to populate the tables.
>
> Either I'm misreading the instructions (which is probably and highly
> possible) or I'm missing something.
>
>
> I did notice in
> <https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter>
> that the WAN_IN & WAN_LOCAL rulesets seem off.
>
> "There should be two rulesets
>
> o WAN_IN
> o WAN_LOCAL
>
> For each rule, press the actions button on the right and select the
> interfaces option.
>
> • Press the + Add Interface button.
> •_Select tun0 as the interface and select in as the
> direction._ <-- I don't think the erX will allow tun0 to point to
> 'IN' for both WAN_IN & WAN_LOCAL. (should it be WAN_IN --> IN,
> WAN_LOCAL --> LOCAL)
> • Finish by pressing the Save Ruleset button."
>
>
> When I run ampr.sh from the CLI I get the following error ' Error:
> argument "fe80::5efe:c0a8:11e/64" is wrong: Failed to parse rule type'
>
> converting that MAC gives me 192.168.1.30 which is the "DMZd" WAN IP
> of the erX that ampr-rip is running on.
>
>
> 73, Andrew K1YMI
>
>
> On 1/30/21 10:07 AM, Marius Petrescu via 44Net wrote:
>> If your gw sits on the internet directly (e.g. one of the interfaces
>> has your public gateway IP), then it should work without the -a
>> parameter.
>>
>> If it is behind a router, you need to add your gateway ip or host
>> name to the -a list.
>>
>> Also, to be able to ping/reach 44.0.0.1 correctly via the public
>> internet, you should also have 44.0.0.1/32 added to that.
>>
>> To suppress other subnets, you may add the EXACT ip/prefix length
>> combination, as defined by the portal.
>>
>> Marius, YO2LOJ
>>
>> On 30.01.2021 16:46, Lee D Bengston wrote:
>>> Hi Marius,
>>>
>>> I just realized my previous reply didn't go to the list. I did add
>>> all of the FW rules documented in the Wiki and also added the new
>>> one to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a
>>> rule to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need
>>> to specify something using the -a parameter in the script. I'm not
>>> sure exactly what the example does being that it is simply a comma
>>> separated list of subnets. Do I need to exclude my own /29 subnet
>>> using this? (Below is the example from the Wiki.)
>>> -a44.0.0.1/32
>>> <http://44.0.0.1/32>,44.128.1.0/24,44.128.2.0/24,your.gw.com
>>> <http://44.128.1.0/24,44.128.2.0/24,your.gw.com>
>>> Thanks,
>>> Lee K5DAT
>>>
>>> On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius(a)yo2loj.ro
>>> <mailto:marius@yo2loj.ro>> wrote:
>>>
>>> Lee,
>>>
>>> First of all, the password is hardcoded and the option ist there
>>> to be
>>> able to change it should it be ever required.
>>>
>>> But regarding the RIP packets and the routes: did you create the
>>> proper
>>> firewall rules to allow incoming IPIP from eth0 as described in
>>> 'Router
>>> preparation' and a rule accepting incoming data from the tunnels
>>> (that
>>> tunnel_local part)?
>>>
>>> At least a firewall rule to accept RIP is needed for the tunnel
>>> interface.
>>>
>>> That one was missing in the firewall setup instructions, I added
>>> it to
>>> the instructions in the wiki.
>>>
>>> Marius, YO2LOJ
>>>
>>>
>> _________________________________________
>> 44Net mailing list
>> 44Net(a)mailman.ampr.org
>> https://mailman.ampr.org/mailman/listinfo/44net
>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
--
Andrew
K1YMI / GM1YMI
BBS: Telnet://cosmikdebris.ddns.net:2323
31 Jan
31 Jan
3:07 a.m.
Andrew,
I never took the IPv6 into consideration, since all tunnels use only
IPv4, and need a fixed WAN IP allocation (because of the mandatory fixed
tunnel endpoint), so there is no actual need to support any IPv6 on the
WAN port.
I assume that for a dynamic GW ip there could be some internal NAT based
solution but I did not check further.
Marius, YO2LOJ
On 31.01.2021 04:07, Andrew Pepper wrote:
Marius,
Thanks for looking at it.
One thing I just found is in the ampr.sh script. When it does the grep
for "inet" if the erX is enabled for ipv4 and ipv6 enabled it greps both.
The grep produces a response for "inet" & "inet6". I changed the
grep
to [grep -w "inet"] which causes it to only respond with the inet IP.
That removed the "failed to parse rule" error I was getting when the
script was ran. Still no routes .. but another step closer... maybe.
73 Andrew K1YMI
On 1/30/21 8:54 PM, Marius Petrescu wrote:
It may be wrong, since part of it was written
from memory.
I will revise all the data in the wiki page.
Marius, YO2LOJ
On 30.01.2021 21:03, Andrew Pepper via 44Net wrote:
> I'm having a similar issue as Lee.
>
> I'm wondering if all the steps are in the two wiki articles?
>
> I've tried both using a single erX( with a public IP on WAN) and
> hanging a 2nd erX off one of my NAT erX and I get the same issue.
>
> When I do a traceroute I'm going through UCSD, my IP shows as my 44
> subnet (using IPchicken etc), I can ping but the RIP routes do not
> seem to populate the tables.
>
> Either I'm misreading the instructions (which is probably and highly
> possible) or I'm missing something.
>
>
> I did notice in
> <https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter>
> that the WAN_IN & WAN_LOCAL rulesets seem off.
>
> "There should be two rulesets
>
> o WAN_IN
> o WAN_LOCAL
>
> For each rule, press the actions button on the right and select the
> interfaces option.
>
> • Press the + Add Interface button.
> •_Select tun0 as the interface and select in as the
> direction._ <-- I don't think the erX will allow tun0 to point to
> 'IN' for both WAN_IN & WAN_LOCAL. (should it be WAN_IN --> IN,
> WAN_LOCAL --> LOCAL)
> • Finish by pressing the Save Ruleset button."
>
>
> When I run ampr.sh from the CLI I get the following error ' Error:
> argument "fe80::5efe:c0a8:11e/64" is wrong: Failed to parse rule type'
>
> converting that MAC gives me 192.168.1.30 which is the "DMZd" WAN IP
> of the erX that ampr-rip is running on.
>
>
> 73, Andrew K1YMI
>
>
> On 1/30/21 10:07 AM, Marius Petrescu via 44Net wrote:
>> If your gw sits on the internet directly (e.g. one of the
>> interfaces has your public gateway IP), then it should work without
>> the -a parameter.
>>
>> If it is behind a router, you need to add your gateway ip or host
>> name to the -a list.
>>
>> Also, to be able to ping/reach 44.0.0.1 correctly via the public
>> internet, you should also have 44.0.0.1/32 added to that.
>>
>> To suppress other subnets, you may add the EXACT ip/prefix length
>> combination, as defined by the portal.
>>
>> Marius, YO2LOJ
>>
>> On 30.01.2021 16:46, Lee D Bengston wrote:
>>> Hi Marius,
>>>
>>> I just realized my previous reply didn't go to the list. I did add
>>> all of the FW rules documented in the Wiki and also added the new
>>> one to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a
>>> rule to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need
>>> to specify something using the -a parameter in the script. I'm
>>> not sure exactly what the example does being that it is simply a
>>> comma separated list of subnets. Do I need to exclude my own /29
>>> subnet using this? (Below is the example from the Wiki.)
>>> -a44.0.0.1/32
>>> <http://44.0.0.1/32>,44.128.1.0/24,44.128.2.0/24,your.gw.com
>>> <http://44.128.1.0/24,44.128.2.0/24,your.gw.com>
>>> Thanks,
>>> Lee K5DAT
>>>
>>> On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius(a)yo2loj.ro
>>> <mailto:marius@yo2loj.ro>> wrote:
>>>
>>> Lee,
>>>
>>> First of all, the password is hardcoded and the option ist there
>>> to be
>>> able to change it should it be ever required.
>>>
>>> But regarding the RIP packets and the routes: did you create the
>>> proper
>>> firewall rules to allow incoming IPIP from eth0 as described in
>>> 'Router
>>> preparation' and a rule accepting incoming data from the tunnels
>>> (that
>>> tunnel_local part)?
>>>
>>> At least a firewall rule to accept RIP is needed for the tunnel
>>> interface.
>>>
>>> That one was missing in the firewall setup instructions, I added
>>> it to
>>> the instructions in the wiki.
>>>
>>> Marius, YO2LOJ
>>>
>>>
>> _________________________________________
>> 44Net mailing list
>> 44Net(a)mailman.ampr.org
>> https://mailman.ampr.org/mailman/listinfo/44net
>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
6:32 a.m.
When you do the "basic setup" wizard to get the router into a firewall,
single switch 1 LAN etc. IPv6 Firewall is automatically enabled.
I'll try disabling that during setup and see what happens.
Andrew, K1YMI
On 1/31/21 4:07 AM, Marius Petrescu wrote:
Andrew,
I never took the IPv6 into consideration, since all tunnels use only
IPv4, and need a fixed WAN IP allocation (because of the mandatory
fixed tunnel endpoint), so there is no actual need to support any IPv6
on the WAN port.
I assume that for a dynamic GW ip there could be some internal NAT
based solution but I did not check further.
Marius, YO2LOJ
On 31.01.2021 04:07, Andrew Pepper wrote:
> Marius,
>
> Thanks for looking at it.
>
> One thing I just found is in the ampr.sh script. When it does the
> grep for "inet" if the erX is enabled for ipv4 and ipv6 enabled it
> greps both.
>
> The grep produces a response for "inet" & "inet6". I changed
the grep
> to [grep -w "inet"] which causes it to only respond with the inet IP.
>
> That removed the "failed to parse rule" error I was getting when the
> script was ran. Still no routes .. but another step closer... maybe.
>
> 73 Andrew K1YMI
>
>
>
> On 1/30/21 8:54 PM, Marius Petrescu wrote:
>> It may be wrong, since part of it was written from memory.
>>
>> I will revise all the data in the wiki page.
>>
>> Marius, YO2LOJ
>>
>>
>> On 30.01.2021 21:03, Andrew Pepper via 44Net wrote:
>>> I'm having a similar issue as Lee.
>>>
>>> I'm wondering if all the steps are in the two wiki articles?
>>>
>>> I've tried both using a single erX( with a public IP on WAN) and
>>> hanging a 2nd erX off one of my NAT erX and I get the same issue.
>>>
>>> When I do a traceroute I'm going through UCSD, my IP shows as my 44
>>> subnet (using IPchicken etc), I can ping but the RIP routes do not
>>> seem to populate the tables.
>>>
>>> Either I'm misreading the instructions (which is probably and
>>> highly possible) or I'm missing something.
>>>
>>>
>>> I did notice in
>>>
<https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter>
>>> that the WAN_IN & WAN_LOCAL rulesets seem off.
>>>
>>> "There should be two rulesets
>>>
>>> o WAN_IN
>>> o WAN_LOCAL
>>>
>>> For each rule, press the actions button on the right and select the
>>> interfaces option.
>>>
>>> • Press the + Add Interface button.
>>> •_Select tun0 as the interface and select in as the
>>> direction._ <-- I don't think the erX will allow tun0 to point to
>>> 'IN' for both WAN_IN & WAN_LOCAL. (should it be WAN_IN --> IN,
>>> WAN_LOCAL --> LOCAL)
>>> • Finish by pressing the Save Ruleset button."
>>>
>>>
>>> When I run ampr.sh from the CLI I get the following error ' Error:
>>> argument "fe80::5efe:c0a8:11e/64" is wrong: Failed to parse rule
type'
>>>
>>> converting that MAC gives me 192.168.1.30 which is the "DMZd" WAN
>>> IP of the erX that ampr-rip is running on.
>>>
>>>
>>> 73, Andrew K1YMI
>>>
>>>
>>> On 1/30/21 10:07 AM, Marius Petrescu via 44Net wrote:
>>>> If your gw sits on the internet directly (e.g. one of the
>>>> interfaces has your public gateway IP), then it should work
>>>> without the -a parameter.
>>>>
>>>> If it is behind a router, you need to add your gateway ip or host
>>>> name to the -a list.
>>>>
>>>> Also, to be able to ping/reach 44.0.0.1 correctly via the public
>>>> internet, you should also have 44.0.0.1/32 added to that.
>>>>
>>>> To suppress other subnets, you may add the EXACT ip/prefix length
>>>> combination, as defined by the portal.
>>>>
>>>> Marius, YO2LOJ
>>>>
>>>> On 30.01.2021 16:46, Lee D Bengston wrote:
>>>>> Hi Marius,
>>>>>
>>>>> I just realized my previous reply didn't go to the list. I did
>>>>> add all of the FW rules documented in the Wiki and also added the
>>>>> new one to TUNNEL_LOCAL to allow UDP 520. After no luck I also
>>>>> added a rule to WAN_LOCAL to accept UDP 520. Still no joy.
>>>>> Perhaps I need to specify something using the -a parameter in the
>>>>> script. I'm not sure exactly what the example does being that it
>>>>> is simply a comma separated list of subnets. Do I need to
>>>>> exclude my own /29 subnet using this? (Below is the example from
>>>>> the Wiki.)
>>>>> -a44.0.0.1/32
>>>>> <http://44.0.0.1/32>,44.128.1.0/24,44.128.2.0/24,your.gw.com
>>>>> <http://44.128.1.0/24,44.128.2.0/24,your.gw.com>
>>>>> Thanks,
>>>>> Lee K5DAT
>>>>>
>>>>> On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu
>>>>> <marius(a)yo2loj.ro <mailto:marius@yo2loj.ro>> wrote:
>>>>>
>>>>> Lee,
>>>>>
>>>>> First of all, the password is hardcoded and the option ist there
>>>>> to be
>>>>> able to change it should it be ever required.
>>>>>
>>>>> But regarding the RIP packets and the routes: did you create the
>>>>> proper
>>>>> firewall rules to allow incoming IPIP from eth0 as described in
>>>>> 'Router
>>>>> preparation' and a rule accepting incoming data from the
tunnels
>>>>> (that
>>>>> tunnel_local part)?
>>>>>
>>>>> At least a firewall rule to accept RIP is needed for the tunnel
>>>>> interface.
>>>>>
>>>>> That one was missing in the firewall setup instructions, I added
>>>>> it to
>>>>> the instructions in the wiki.
>>>>>
>>>>> Marius, YO2LOJ
>>>>>
>>>>>
>>>> _________________________________________
>>>> 44Net mailing list
>>>> 44Net(a)mailman.ampr.org
>>>> https://mailman.ampr.org/mailman/listinfo/44net
>>>
>>> _________________________________________
>>> 44Net mailing list
>>> 44Net(a)mailman.ampr.org
>>> https://mailman.ampr.org/mailman/listinfo/44net
>
--
Andrew
K1YMI / GM1YMI
BBS: Telnet://cosmikdebris.ddns.net:2323
30 Jan
30 Jan
8:56 p.m.
On Sat, Jan 30, 2021 at 1:05 PM Andrew Pepper via 44Net <
44net(a)mailman.ampr.org> wrote:
I'm having a similar issue as Lee.
I'm wondering if all the steps are in the two wiki articles?
I've tried both using a single erX( with a public IP on WAN) and hanging
a 2nd erX off one of my NAT erX and I get the same issue.
When I do a traceroute I'm going through UCSD, my IP shows as my 44
subnet (using IPchicken etc), I can ping but the RIP routes do not seem
to populate the tables.
Either I'm misreading the instructions (which is probably and highly
possible) or I'm missing something.
I did notice in
<https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter>
that the WAN_IN & WAN_LOCAL rulesets seem off.
I skipped the instructions available via that link - only applied the
instructions at this one:
https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or…
I thought about doing both, but I wasn't sure if two tunnel interfaces were
really needed. Perhaps the first one is just for sending default traffic
to UCSD that is not covered by the tunnel routes?
I'm not sure if it was needed, but in addition to adding a rule to allow
UDP 520 to the TUNNEL_LOCAL ruleset I added an equivalent rule to the
WAN_LOCAL ruleset. Doing a packet capture I could see the RIP packets
coming in on the WAN port (eth0), so I thought perhaps they needed to be
sent locally from there for the ampr-ripd instance to receive them.
-----<snip>----
73,
Lee K5DAT
31 Jan
31 Jan
3:09 a.m.
Yes, you are right.
The instructions in "setting up a gateway on Ubiquiti EdgeRouter" refer
only to a simple tunnel installation and have nothing to do with the
second one (and are not my creation).
The ones described in "Installing ampr-ripd on a Ubiquiti EdgeRouter or
EdgeRouter X" are let's say kind of complete, not related to the first
ones, and could be conflicting.
These describe a complete gateway set-up to my best knowledge, as tested
by myself on my ER3 and ER-X, so this is the one I am referring.
Marius, YO2LOJ
On 31.01.2021 04:56, Lee D Bengston via 44Net wrote:
On Sat, Jan 30, 2021 at 1:05 PM Andrew Pepper via
44Net <
44net(a)mailman.ampr.org> wrote:
I'm having a similar issue as Lee.
I'm wondering if all the steps are in the two wiki articles?
I've tried both using a single erX( with a public IP on WAN) and hanging
a 2nd erX off one of my NAT erX and I get the same issue.
When I do a traceroute I'm going through UCSD, my IP shows as my 44
subnet (using IPchicken etc), I can ping but the RIP routes do not seem
to populate the tables.
Either I'm misreading the instructions (which is probably and highly
possible) or I'm missing something.
I did notice in
<https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter>
that the WAN_IN & WAN_LOCAL rulesets seem off.
I skipped the instructions available via that link - only applied the
instructions at this one:
https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or…
I thought about doing both, but I wasn't sure if two tunnel interfaces were
really needed. Perhaps the first one is just for sending default traffic
to UCSD that is not covered by the tunnel routes?
I'm not sure if it was needed, but in addition to adding a rule to allow
UDP 520 to the TUNNEL_LOCAL ruleset I added an equivalent rule to the
WAN_LOCAL ruleset. Doing a packet capture I could see the RIP packets
coming in on the WAN port (eth0), so I thought perhaps they needed to be
sent locally from there for the ampr-ripd instance to receive them.
-----<snip>----
73,
Lee K5DAT
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
7:23 a.m.
Ok, I updated the ampr.sh script in the packages to fit the described
issue and also to use 44.0.0.0/9, 44.128.0.0/10 and temporary
44.224.0.0/15 instead of 44.0.0/8.
Marius, YO2LOJ
On 31.01.2021 11:09, Marius Petrescu wrote:
Yes, you are right.
The instructions in "setting up a gateway on Ubiquiti EdgeRouter"
refer only to a simple tunnel installation and have nothing to do with
the second one (and are not my creation).
The ones described in "Installing ampr-ripd on a Ubiquiti EdgeRouter
or EdgeRouter X" are let's say kind of complete, not related to the
first ones, and could be conflicting.
These describe a complete gateway set-up to my best knowledge, as
tested by myself on my ER3 and ER-X, so this is the one I am referring.
Marius, YO2LOJ
On 31.01.2021 04:56, Lee D Bengston via 44Net wrote:
> On Sat, Jan 30, 2021 at 1:05 PM Andrew Pepper via 44Net <
> 44net(a)mailman.ampr.org> wrote:
>
>> I'm having a similar issue as Lee.
>>
>> I'm wondering if all the steps are in the two wiki articles?
>>
>> I've tried both using a single erX( with a public IP on WAN) and
>> hanging
>> a 2nd erX off one of my NAT erX and I get the same issue.
>>
>> When I do a traceroute I'm going through UCSD, my IP shows as my 44
>> subnet (using IPchicken etc), I can ping but the RIP routes do not seem
>> to populate the tables.
>>
>> Either I'm misreading the instructions (which is probably and highly
>> possible) or I'm missing something.
>>
>> I did notice in
>> <https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter>
>>
>> that the WAN_IN & WAN_LOCAL rulesets seem off.
>>
> I skipped the instructions available via that link - only applied the
> instructions at this one:
>
https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or…
>
>
> I thought about doing both, but I wasn't sure if two tunnel
> interfaces were
> really needed. Perhaps the first one is just for sending default
> traffic
> to UCSD that is not covered by the tunnel routes?
>
> I'm not sure if it was needed, but in addition to adding a rule to allow
> UDP 520 to the TUNNEL_LOCAL ruleset I added an equivalent rule to the
> WAN_LOCAL ruleset. Doing a packet capture I could see the RIP packets
> coming in on the WAN port (eth0), so I thought perhaps they needed to be
> sent locally from there for the ampr-ripd instance to receive them.
>
> -----<snip>----
>
> 73,
> Lee K5DAT
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
8:20 a.m.
Thanks!
I'm now showing 781 routes and showing on the Map. The script is also no
longer producing an error on the inet6 response.
I was following both sets of instructions in the wiki ... which as you
mentioned would/did cause issues mixing the two instructions.
Thanks for the help, I'll see if I can get the rest of my project
working now.
Andrew, K1YMI
On 1/31/21 8:23 AM, Marius Petrescu via 44Net wrote:
Ok, I updated the ampr.sh script in the packages to
fit the described
issue and also to use 44.0.0.0/9, 44.128.0.0/10 and temporary
44.224.0.0/15 instead of 44.0.0/8.
Marius, YO2LOJ
--
Andrew
K1YMI / GM1YMI
BBS: Telnet://cosmikdebris.ddns.net:2323
1393
days inactive
1401
days old
15 comments
3 participants
participants (3)
-
Andrew Pepper -
Lee D Bengston -
Marius Petrescu