Hello,
I have followed the instructions at https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or_...,
but am encountering an error when running the ampr.sh script.
line 28: /usr/sbin/ampr-ripd: cannot execute binary file
The binary file is executable and I am attempting to run it from root. Line 28 has not been modified in the script:
ampr-ripd -s -t 44 -i tun44 -m 90
The instructions say only to modify if needed, and based on the info in the Wiki I did not see a need to modify it, but I may be missing something. Any ideas?
73, Lee K5DAT
Please disregard - I had downloaded the XRouter Lite version by mistake.
Lee K5DAT
On Sat, Jan 23, 2021 at 2:32 PM Lee D Bengston kilo5dat@gmail.com wrote:
Hello,
I have followed the instructions at https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or_...,
but am encountering an error when running the ampr.sh script.
line 28: /usr/sbin/ampr-ripd: cannot execute binary file
The binary file is executable and I am attempting to run it from root. Line 28 has not been modified in the script:
ampr-ripd -s -t 44 -i tun44 -m 90
The instructions say only to modify if needed, and based on the info in the Wiki I did not see a need to modify it, but I may be missing something. Any ideas?
73, Lee K5DAT
Hi Lee,
Yes, that would happen if you get the wrong one since they use different processors types :-) Have fun with it,
Marius, YO2LOJ
On 24.01.2021 02:46, Lee D Bengston via 44Net wrote:
Please disregard - I had downloaded the XRouter Lite version by mistake.
Lee K5DAT
On Sat, Jan 23, 2021 at 2:32 PM Lee D Bengston kilo5dat@gmail.com wrote:
Hello,
I have followed the instructions at https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or_...,
but am encountering an error when running the ampr.sh script.
line 28: /usr/sbin/ampr-ripd: cannot execute binary file
The binary file is executable and I am attempting to run it from root. Line 28 has not been modified in the script:
ampr-ripd -s -t 44 -i tun44 -m 90
The instructions say only to modify if needed, and based on the info in the Wiki I did not see a need to modify it, but I may be missing something. Any ideas?
73, Lee K5DAT
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
On Sat, Jan 23, 2021 at 11:28 PM Marius Petrescu marius@yo2loj.ro wrote:
Hi Lee,
Yes, that would happen if you get the wrong one since they use different processors types :-) Have fun with it,
Marius, YO2LOJ
Hi Marius,
Yes, I'm having "fun" so far. :-) It's a nice little router, so I'd love to get the gateway working on it. I added the wizard you created - very cool add-on by the way. It shows the daemon running with a PID number, but there are no routes showing up under "AMPR Routes". I assume that means the daemon is not getting the routes for some reason? I do have the tunnel (tun44) configured, and I'm not seeing anything wrong with it. Isn't the tunnel required for traffic to/from the various gateways as opposed to receiving inbound RIP traffic sent from UCSD to my gateway?
One thing I noticed was in the Linux gateway instructions there's a need to get the password and include that in the startup script. There's no mention of that in the Ubiquiti instructions, so is that hard-coded in the ampr-ripd application for the Edgerouters?
A packet capture on eth0 (WAN port) shows lines like this:
IP 169.228.34.84 > 70.101.238.162: IP 44.0.0.1.520 > 224.0.0.9.520: RIPv2, Response, length: 504 (ipip-proto-4)
IP 169.228.34.84 > 70.101.238.162: IP 44.0.0.1.520 > 224.0.0.9.520: RIPv2, Response, length: 504 (ipip-proto-4)
70.101.238.162 is the assigned static address from my ISP, and it's also configured as the local IP for the tunnel (remote IP is 0.0.0.0). 44.92.0.81/32 is configured as the tunnel's address. My amprnet allocation is 44.92.0.80/29. Also Eth0 (WAN port) on the Edgerouter is assigned 70.101.238.162 via DHCP.
Fyi there are NAT rules in place to forward ipencap to a host on my LAN where XRouter is running. XRouter can run RIP and get the tunnel routes, so I know the router forwards ipencap. I removed the NAT rules temporarily in case they were causing a problem with ampr-ripd, but I still didn't see any routes in the Wizard after an hour or so.
I'm open to suggestions - is there a debug mode for ampr-ripd or a log I can look at? (didn't see one in /var/log in the router)
Thanks very much for the reply. Lee K5DAT
Lee,
First of all, the password is hardcoded and the option ist there to be able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the proper firewall rules to allow incoming IPIP from eth0 as described in 'Router preparation' and a rule accepting incoming data from the tunnels (that tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel interface.
That one was missing in the firewall setup instructions, I added it to the instructions in the wiki.
Marius, YO2LOJ
Hi Marius,
I just realized my previous reply didn't go to the list. I did add all of the FW rules documented in the Wiki and also added the new one to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a rule to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need to specify something using the -a parameter in the script. I'm not sure exactly what the example does being that it is simply a comma separated list of subnets. Do I need to exclude my own /29 subnet using this? (Below is the example from the Wiki.)
-a 44.0.0.1/32,44.128.1.0/24,44.128.2.0/24,your.gw.com
Thanks, Lee K5DAT
On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu marius@yo2loj.ro wrote:
Lee,
First of all, the password is hardcoded and the option ist there to be able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the proper firewall rules to allow incoming IPIP from eth0 as described in 'Router preparation' and a rule accepting incoming data from the tunnels (that tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel interface.
That one was missing in the firewall setup instructions, I added it to the instructions in the wiki.
Marius, YO2LOJ
If your gw sits on the internet directly (e.g. one of the interfaces has your public gateway IP), then it should work without the -a parameter.
If it is behind a router, you need to add your gateway ip or host name to the -a list.
Also, to be able to ping/reach 44.0.0.1 correctly via the public internet, you should also have 44.0.0.1/32 added to that.
To suppress other subnets, you may add the EXACT ip/prefix length combination, as defined by the portal.
Marius, YO2LOJ
On 30.01.2021 16:46, Lee D Bengston wrote:
Hi Marius,
I just realized my previous reply didn't go to the list. I did add all of the FW rules documented in the Wiki and also added the new one to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a rule to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need to specify something using the -a parameter in the script. I'm not sure exactly what the example does being that it is simply a comma separated list of subnets. Do I need to exclude my own /29 subnet using this? (Below is the example from the Wiki.) -a44.0.0.1/32 http://44.0.0.1/32,44.128.1.0/24,44.128.2.0/24,your.gw.com http://44.128.1.0/24,44.128.2.0/24,your.gw.com Thanks, Lee K5DAT
On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius@yo2loj.ro mailto:marius@yo2loj.ro> wrote:
Lee, First of all, the password is hardcoded and the option ist there to be able to change it should it be ever required. But regarding the RIP packets and the routes: did you create the proper firewall rules to allow incoming IPIP from eth0 as described in 'Router preparation' and a rule accepting incoming data from the tunnels (that tunnel_local part)? At least a firewall rule to accept RIP is needed for the tunnel interface. That one was missing in the firewall setup instructions, I added it to the instructions in the wiki. Marius, YO2LOJ
I'm having a similar issue as Lee.
I'm wondering if all the steps are in the two wiki articles?
I've tried both using a single erX( with a public IP on WAN) and hanging a 2nd erX off one of my NAT erX and I get the same issue.
When I do a traceroute I'm going through UCSD, my IP shows as my 44 subnet (using IPchicken etc), I can ping but the RIP routes do not seem to populate the tables.
Either I'm misreading the instructions (which is probably and highly possible) or I'm missing something.
I did notice in https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter that the WAN_IN & WAN_LOCAL rulesets seem off.
"There should be two rulesets
o WAN_IN o WAN_LOCAL
For each rule, press the actions button on the right and select the interfaces option.
• Press the + Add Interface button. •_Select tun0 as the interface and select in as the direction._ <-- I don't think the erX will allow tun0 to point to 'IN' for both WAN_IN & WAN_LOCAL. (should it be WAN_IN --> IN, WAN_LOCAL --> LOCAL) • Finish by pressing the Save Ruleset button."
When I run ampr.sh from the CLI I get the following error ' Error: argument "fe80::5efe:c0a8:11e/64" is wrong: Failed to parse rule type'
converting that MAC gives me 192.168.1.30 which is the "DMZd" WAN IP of the erX that ampr-rip is running on.
73, Andrew K1YMI
On 1/30/21 10:07 AM, Marius Petrescu via 44Net wrote:
If your gw sits on the internet directly (e.g. one of the interfaces has your public gateway IP), then it should work without the -a parameter.
If it is behind a router, you need to add your gateway ip or host name to the -a list.
Also, to be able to ping/reach 44.0.0.1 correctly via the public internet, you should also have 44.0.0.1/32 added to that.
To suppress other subnets, you may add the EXACT ip/prefix length combination, as defined by the portal.
Marius, YO2LOJ
On 30.01.2021 16:46, Lee D Bengston wrote:
Hi Marius,
I just realized my previous reply didn't go to the list. I did add all of the FW rules documented in the Wiki and also added the new one to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a rule to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need to specify something using the -a parameter in the script. I'm not sure exactly what the example does being that it is simply a comma separated list of subnets. Do I need to exclude my own /29 subnet using this? (Below is the example from the Wiki.) -a44.0.0.1/32 http://44.0.0.1/32,44.128.1.0/24,44.128.2.0/24,your.gw.com http://44.128.1.0/24,44.128.2.0/24,your.gw.com Thanks, Lee K5DAT
On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius@yo2loj.ro mailto:marius@yo2loj.ro> wrote:
Lee,
First of all, the password is hardcoded and the option ist there to be able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the proper firewall rules to allow incoming IPIP from eth0 as described in 'Router preparation' and a rule accepting incoming data from the tunnels (that tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel interface.
That one was missing in the firewall setup instructions, I added it to the instructions in the wiki.
Marius, YO2LOJ
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
It may be wrong, since part of it was written from memory.
I will revise all the data in the wiki page.
Marius, YO2LOJ
On 30.01.2021 21:03, Andrew Pepper via 44Net wrote:
I'm having a similar issue as Lee.
I'm wondering if all the steps are in the two wiki articles?
I've tried both using a single erX( with a public IP on WAN) and hanging a 2nd erX off one of my NAT erX and I get the same issue.
When I do a traceroute I'm going through UCSD, my IP shows as my 44 subnet (using IPchicken etc), I can ping but the RIP routes do not seem to populate the tables.
Either I'm misreading the instructions (which is probably and highly possible) or I'm missing something.
I did notice in https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter that the WAN_IN & WAN_LOCAL rulesets seem off.
"There should be two rulesets
o WAN_IN o WAN_LOCAL
For each rule, press the actions button on the right and select the interfaces option.
• Press the + Add Interface button. •_Select tun0 as the interface and select in as the direction._ <-- I don't think the erX will allow tun0 to point to 'IN' for both WAN_IN & WAN_LOCAL. (should it be WAN_IN --> IN, WAN_LOCAL --> LOCAL) • Finish by pressing the Save Ruleset button."
When I run ampr.sh from the CLI I get the following error ' Error: argument "fe80::5efe:c0a8:11e/64" is wrong: Failed to parse rule type'
converting that MAC gives me 192.168.1.30 which is the "DMZd" WAN IP of the erX that ampr-rip is running on.
73, Andrew K1YMI
On 1/30/21 10:07 AM, Marius Petrescu via 44Net wrote:
If your gw sits on the internet directly (e.g. one of the interfaces has your public gateway IP), then it should work without the -a parameter.
If it is behind a router, you need to add your gateway ip or host name to the -a list.
Also, to be able to ping/reach 44.0.0.1 correctly via the public internet, you should also have 44.0.0.1/32 added to that.
To suppress other subnets, you may add the EXACT ip/prefix length combination, as defined by the portal.
Marius, YO2LOJ
On 30.01.2021 16:46, Lee D Bengston wrote:
Hi Marius,
I just realized my previous reply didn't go to the list. I did add all of the FW rules documented in the Wiki and also added the new one to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a rule to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need to specify something using the -a parameter in the script. I'm not sure exactly what the example does being that it is simply a comma separated list of subnets. Do I need to exclude my own /29 subnet using this? (Below is the example from the Wiki.) -a44.0.0.1/32 http://44.0.0.1/32,44.128.1.0/24,44.128.2.0/24,your.gw.com http://44.128.1.0/24,44.128.2.0/24,your.gw.com Thanks, Lee K5DAT
On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius@yo2loj.ro mailto:marius@yo2loj.ro> wrote:
Lee,
First of all, the password is hardcoded and the option ist there to be able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the proper firewall rules to allow incoming IPIP from eth0 as described in 'Router preparation' and a rule accepting incoming data from the tunnels (that tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel interface.
That one was missing in the firewall setup instructions, I added it to the instructions in the wiki.
Marius, YO2LOJ
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Marius,
Thanks for looking at it.
One thing I just found is in the ampr.sh script. When it does the grep for "inet" if the erX is enabled for ipv4 and ipv6 enabled it greps both.
The grep produces a response for "inet" & "inet6". I changed the grep to [grep -w "inet"] which causes it to only respond with the inet IP.
That removed the "failed to parse rule" error I was getting when the script was ran. Still no routes .. but another step closer... maybe.
73 Andrew K1YMI
On 1/30/21 8:54 PM, Marius Petrescu wrote:
It may be wrong, since part of it was written from memory.
I will revise all the data in the wiki page.
Marius, YO2LOJ
On 30.01.2021 21:03, Andrew Pepper via 44Net wrote:
I'm having a similar issue as Lee.
I'm wondering if all the steps are in the two wiki articles?
I've tried both using a single erX( with a public IP on WAN) and hanging a 2nd erX off one of my NAT erX and I get the same issue.
When I do a traceroute I'm going through UCSD, my IP shows as my 44 subnet (using IPchicken etc), I can ping but the RIP routes do not seem to populate the tables.
Either I'm misreading the instructions (which is probably and highly possible) or I'm missing something.
I did notice in https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter that the WAN_IN & WAN_LOCAL rulesets seem off.
"There should be two rulesets
o WAN_IN o WAN_LOCAL
For each rule, press the actions button on the right and select the interfaces option.
• Press the + Add Interface button. •_Select tun0 as the interface and select in as the direction._ <-- I don't think the erX will allow tun0 to point to 'IN' for both WAN_IN & WAN_LOCAL. (should it be WAN_IN --> IN, WAN_LOCAL --> LOCAL) • Finish by pressing the Save Ruleset button."
When I run ampr.sh from the CLI I get the following error ' Error: argument "fe80::5efe:c0a8:11e/64" is wrong: Failed to parse rule type'
converting that MAC gives me 192.168.1.30 which is the "DMZd" WAN IP of the erX that ampr-rip is running on.
73, Andrew K1YMI
On 1/30/21 10:07 AM, Marius Petrescu via 44Net wrote:
If your gw sits on the internet directly (e.g. one of the interfaces has your public gateway IP), then it should work without the -a parameter.
If it is behind a router, you need to add your gateway ip or host name to the -a list.
Also, to be able to ping/reach 44.0.0.1 correctly via the public internet, you should also have 44.0.0.1/32 added to that.
To suppress other subnets, you may add the EXACT ip/prefix length combination, as defined by the portal.
Marius, YO2LOJ
On 30.01.2021 16:46, Lee D Bengston wrote:
Hi Marius,
I just realized my previous reply didn't go to the list. I did add all of the FW rules documented in the Wiki and also added the new one to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a rule to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need to specify something using the -a parameter in the script. I'm not sure exactly what the example does being that it is simply a comma separated list of subnets. Do I need to exclude my own /29 subnet using this? (Below is the example from the Wiki.) -a44.0.0.1/32 http://44.0.0.1/32,44.128.1.0/24,44.128.2.0/24,your.gw.com http://44.128.1.0/24,44.128.2.0/24,your.gw.com Thanks, Lee K5DAT
On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius@yo2loj.ro mailto:marius@yo2loj.ro> wrote:
Lee,
First of all, the password is hardcoded and the option ist there to be able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the proper firewall rules to allow incoming IPIP from eth0 as described in 'Router preparation' and a rule accepting incoming data from the tunnels (that tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel interface.
That one was missing in the firewall setup instructions, I added it to the instructions in the wiki.
Marius, YO2LOJ
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Andrew,
I never took the IPv6 into consideration, since all tunnels use only IPv4, and need a fixed WAN IP allocation (because of the mandatory fixed tunnel endpoint), so there is no actual need to support any IPv6 on the WAN port. I assume that for a dynamic GW ip there could be some internal NAT based solution but I did not check further.
Marius, YO2LOJ
On 31.01.2021 04:07, Andrew Pepper wrote:
Marius,
Thanks for looking at it.
One thing I just found is in the ampr.sh script. When it does the grep for "inet" if the erX is enabled for ipv4 and ipv6 enabled it greps both.
The grep produces a response for "inet" & "inet6". I changed the grep to [grep -w "inet"] which causes it to only respond with the inet IP.
That removed the "failed to parse rule" error I was getting when the script was ran. Still no routes .. but another step closer... maybe.
73 Andrew K1YMI
On 1/30/21 8:54 PM, Marius Petrescu wrote:
It may be wrong, since part of it was written from memory.
I will revise all the data in the wiki page.
Marius, YO2LOJ
On 30.01.2021 21:03, Andrew Pepper via 44Net wrote:
I'm having a similar issue as Lee.
I'm wondering if all the steps are in the two wiki articles?
I've tried both using a single erX( with a public IP on WAN) and hanging a 2nd erX off one of my NAT erX and I get the same issue.
When I do a traceroute I'm going through UCSD, my IP shows as my 44 subnet (using IPchicken etc), I can ping but the RIP routes do not seem to populate the tables.
Either I'm misreading the instructions (which is probably and highly possible) or I'm missing something.
I did notice in https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter that the WAN_IN & WAN_LOCAL rulesets seem off.
"There should be two rulesets
o WAN_IN o WAN_LOCAL
For each rule, press the actions button on the right and select the interfaces option.
• Press the + Add Interface button. •_Select tun0 as the interface and select in as the direction._ <-- I don't think the erX will allow tun0 to point to 'IN' for both WAN_IN & WAN_LOCAL. (should it be WAN_IN --> IN, WAN_LOCAL --> LOCAL) • Finish by pressing the Save Ruleset button."
When I run ampr.sh from the CLI I get the following error ' Error: argument "fe80::5efe:c0a8:11e/64" is wrong: Failed to parse rule type'
converting that MAC gives me 192.168.1.30 which is the "DMZd" WAN IP of the erX that ampr-rip is running on.
73, Andrew K1YMI
On 1/30/21 10:07 AM, Marius Petrescu via 44Net wrote:
If your gw sits on the internet directly (e.g. one of the interfaces has your public gateway IP), then it should work without the -a parameter.
If it is behind a router, you need to add your gateway ip or host name to the -a list.
Also, to be able to ping/reach 44.0.0.1 correctly via the public internet, you should also have 44.0.0.1/32 added to that.
To suppress other subnets, you may add the EXACT ip/prefix length combination, as defined by the portal.
Marius, YO2LOJ
On 30.01.2021 16:46, Lee D Bengston wrote:
Hi Marius,
I just realized my previous reply didn't go to the list. I did add all of the FW rules documented in the Wiki and also added the new one to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a rule to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need to specify something using the -a parameter in the script. I'm not sure exactly what the example does being that it is simply a comma separated list of subnets. Do I need to exclude my own /29 subnet using this? (Below is the example from the Wiki.) -a44.0.0.1/32 http://44.0.0.1/32,44.128.1.0/24,44.128.2.0/24,your.gw.com http://44.128.1.0/24,44.128.2.0/24,your.gw.com Thanks, Lee K5DAT
On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius@yo2loj.ro mailto:marius@yo2loj.ro> wrote:
Lee,
First of all, the password is hardcoded and the option ist there to be able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the proper firewall rules to allow incoming IPIP from eth0 as described in 'Router preparation' and a rule accepting incoming data from the tunnels (that tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel interface.
That one was missing in the firewall setup instructions, I added it to the instructions in the wiki.
Marius, YO2LOJ
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
When you do the "basic setup" wizard to get the router into a firewall, single switch 1 LAN etc. IPv6 Firewall is automatically enabled.
I'll try disabling that during setup and see what happens.
Andrew, K1YMI
On 1/31/21 4:07 AM, Marius Petrescu wrote:
Andrew,
I never took the IPv6 into consideration, since all tunnels use only IPv4, and need a fixed WAN IP allocation (because of the mandatory fixed tunnel endpoint), so there is no actual need to support any IPv6 on the WAN port. I assume that for a dynamic GW ip there could be some internal NAT based solution but I did not check further.
Marius, YO2LOJ
On 31.01.2021 04:07, Andrew Pepper wrote:
Marius,
Thanks for looking at it.
One thing I just found is in the ampr.sh script. When it does the grep for "inet" if the erX is enabled for ipv4 and ipv6 enabled it greps both.
The grep produces a response for "inet" & "inet6". I changed the grep to [grep -w "inet"] which causes it to only respond with the inet IP.
That removed the "failed to parse rule" error I was getting when the script was ran. Still no routes .. but another step closer... maybe.
73 Andrew K1YMI
On 1/30/21 8:54 PM, Marius Petrescu wrote:
It may be wrong, since part of it was written from memory.
I will revise all the data in the wiki page.
Marius, YO2LOJ
On 30.01.2021 21:03, Andrew Pepper via 44Net wrote:
I'm having a similar issue as Lee.
I'm wondering if all the steps are in the two wiki articles?
I've tried both using a single erX( with a public IP on WAN) and hanging a 2nd erX off one of my NAT erX and I get the same issue.
When I do a traceroute I'm going through UCSD, my IP shows as my 44 subnet (using IPchicken etc), I can ping but the RIP routes do not seem to populate the tables.
Either I'm misreading the instructions (which is probably and highly possible) or I'm missing something.
I did notice in https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter that the WAN_IN & WAN_LOCAL rulesets seem off.
"There should be two rulesets
o WAN_IN o WAN_LOCAL
For each rule, press the actions button on the right and select the interfaces option.
• Press the + Add Interface button. •_Select tun0 as the interface and select in as the direction._ <-- I don't think the erX will allow tun0 to point to 'IN' for both WAN_IN & WAN_LOCAL. (should it be WAN_IN --> IN, WAN_LOCAL --> LOCAL) • Finish by pressing the Save Ruleset button."
When I run ampr.sh from the CLI I get the following error ' Error: argument "fe80::5efe:c0a8:11e/64" is wrong: Failed to parse rule type'
converting that MAC gives me 192.168.1.30 which is the "DMZd" WAN IP of the erX that ampr-rip is running on.
73, Andrew K1YMI
On 1/30/21 10:07 AM, Marius Petrescu via 44Net wrote:
If your gw sits on the internet directly (e.g. one of the interfaces has your public gateway IP), then it should work without the -a parameter.
If it is behind a router, you need to add your gateway ip or host name to the -a list.
Also, to be able to ping/reach 44.0.0.1 correctly via the public internet, you should also have 44.0.0.1/32 added to that.
To suppress other subnets, you may add the EXACT ip/prefix length combination, as defined by the portal.
Marius, YO2LOJ
On 30.01.2021 16:46, Lee D Bengston wrote:
Hi Marius,
I just realized my previous reply didn't go to the list. I did add all of the FW rules documented in the Wiki and also added the new one to TUNNEL_LOCAL to allow UDP 520. After no luck I also added a rule to WAN_LOCAL to accept UDP 520. Still no joy. Perhaps I need to specify something using the -a parameter in the script. I'm not sure exactly what the example does being that it is simply a comma separated list of subnets. Do I need to exclude my own /29 subnet using this? (Below is the example from the Wiki.) -a44.0.0.1/32 http://44.0.0.1/32,44.128.1.0/24,44.128.2.0/24,your.gw.com http://44.128.1.0/24,44.128.2.0/24,your.gw.com Thanks, Lee K5DAT
On Sun, Jan 24, 2021 at 11:30 PM Marius Petrescu <marius@yo2loj.ro mailto:marius@yo2loj.ro> wrote:
Lee,
First of all, the password is hardcoded and the option ist there to be able to change it should it be ever required.
But regarding the RIP packets and the routes: did you create the proper firewall rules to allow incoming IPIP from eth0 as described in 'Router preparation' and a rule accepting incoming data from the tunnels (that tunnel_local part)?
At least a firewall rule to accept RIP is needed for the tunnel interface.
That one was missing in the firewall setup instructions, I added it to the instructions in the wiki.
Marius, YO2LOJ
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
On Sat, Jan 30, 2021 at 1:05 PM Andrew Pepper via 44Net < 44net@mailman.ampr.org> wrote:
I'm having a similar issue as Lee.
I'm wondering if all the steps are in the two wiki articles?
I've tried both using a single erX( with a public IP on WAN) and hanging a 2nd erX off one of my NAT erX and I get the same issue.
When I do a traceroute I'm going through UCSD, my IP shows as my 44 subnet (using IPchicken etc), I can ping but the RIP routes do not seem to populate the tables.
Either I'm misreading the instructions (which is probably and highly possible) or I'm missing something.
I did notice in https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter that the WAN_IN & WAN_LOCAL rulesets seem off.
I skipped the instructions available via that link - only applied the instructions at this one: https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or_...
I thought about doing both, but I wasn't sure if two tunnel interfaces were really needed. Perhaps the first one is just for sending default traffic to UCSD that is not covered by the tunnel routes?
I'm not sure if it was needed, but in addition to adding a rule to allow UDP 520 to the TUNNEL_LOCAL ruleset I added an equivalent rule to the WAN_LOCAL ruleset. Doing a packet capture I could see the RIP packets coming in on the WAN port (eth0), so I thought perhaps they needed to be sent locally from there for the ampr-ripd instance to receive them.
-----<snip>----
73, Lee K5DAT
Yes, you are right.
The instructions in "setting up a gateway on Ubiquiti EdgeRouter" refer only to a simple tunnel installation and have nothing to do with the second one (and are not my creation).
The ones described in "Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X" are let's say kind of complete, not related to the first ones, and could be conflicting. These describe a complete gateway set-up to my best knowledge, as tested by myself on my ER3 and ER-X, so this is the one I am referring.
Marius, YO2LOJ
On 31.01.2021 04:56, Lee D Bengston via 44Net wrote:
On Sat, Jan 30, 2021 at 1:05 PM Andrew Pepper via 44Net < 44net@mailman.ampr.org> wrote:
I'm having a similar issue as Lee.
I'm wondering if all the steps are in the two wiki articles?
I've tried both using a single erX( with a public IP on WAN) and hanging a 2nd erX off one of my NAT erX and I get the same issue.
When I do a traceroute I'm going through UCSD, my IP shows as my 44 subnet (using IPchicken etc), I can ping but the RIP routes do not seem to populate the tables.
Either I'm misreading the instructions (which is probably and highly possible) or I'm missing something.
I did notice in https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter that the WAN_IN & WAN_LOCAL rulesets seem off.
I skipped the instructions available via that link - only applied the instructions at this one: https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or_...
I thought about doing both, but I wasn't sure if two tunnel interfaces were really needed. Perhaps the first one is just for sending default traffic to UCSD that is not covered by the tunnel routes?
I'm not sure if it was needed, but in addition to adding a rule to allow UDP 520 to the TUNNEL_LOCAL ruleset I added an equivalent rule to the WAN_LOCAL ruleset. Doing a packet capture I could see the RIP packets coming in on the WAN port (eth0), so I thought perhaps they needed to be sent locally from there for the ampr-ripd instance to receive them.
-----<snip>----
73, Lee K5DAT _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Ok, I updated the ampr.sh script in the packages to fit the described issue and also to use 44.0.0.0/9, 44.128.0.0/10 and temporary 44.224.0.0/15 instead of 44.0.0/8.
Marius, YO2LOJ
On 31.01.2021 11:09, Marius Petrescu wrote:
Yes, you are right.
The instructions in "setting up a gateway on Ubiquiti EdgeRouter" refer only to a simple tunnel installation and have nothing to do with the second one (and are not my creation).
The ones described in "Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X" are let's say kind of complete, not related to the first ones, and could be conflicting. These describe a complete gateway set-up to my best knowledge, as tested by myself on my ER3 and ER-X, so this is the one I am referring.
Marius, YO2LOJ
On 31.01.2021 04:56, Lee D Bengston via 44Net wrote:
On Sat, Jan 30, 2021 at 1:05 PM Andrew Pepper via 44Net < 44net@mailman.ampr.org> wrote:
I'm having a similar issue as Lee.
I'm wondering if all the steps are in the two wiki articles?
I've tried both using a single erX( with a public IP on WAN) and hanging a 2nd erX off one of my NAT erX and I get the same issue.
When I do a traceroute I'm going through UCSD, my IP shows as my 44 subnet (using IPchicken etc), I can ping but the RIP routes do not seem to populate the tables.
Either I'm misreading the instructions (which is probably and highly possible) or I'm missing something.
I did notice in https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter
that the WAN_IN & WAN_LOCAL rulesets seem off.
I skipped the instructions available via that link - only applied the instructions at this one: https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or_...
I thought about doing both, but I wasn't sure if two tunnel interfaces were really needed. Perhaps the first one is just for sending default traffic to UCSD that is not covered by the tunnel routes?
I'm not sure if it was needed, but in addition to adding a rule to allow UDP 520 to the TUNNEL_LOCAL ruleset I added an equivalent rule to the WAN_LOCAL ruleset. Doing a packet capture I could see the RIP packets coming in on the WAN port (eth0), so I thought perhaps they needed to be sent locally from there for the ampr-ripd instance to receive them.
-----<snip>----
73, Lee K5DAT _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Thanks!
I'm now showing 781 routes and showing on the Map. The script is also no longer producing an error on the inet6 response.
I was following both sets of instructions in the wiki ... which as you mentioned would/did cause issues mixing the two instructions.
Thanks for the help, I'll see if I can get the rest of my project working now.
Andrew, K1YMI
On 1/31/21 8:23 AM, Marius Petrescu via 44Net wrote:
Ok, I updated the ampr.sh script in the packages to fit the described issue and also to use 44.0.0.0/9, 44.128.0.0/10 and temporary 44.224.0.0/15 instead of 44.0.0/8.
Marius, YO2LOJ
-
Andrew Pepper -
Lee D Bengston -
Marius Petrescu