13 Feb
2019
13 Feb
'19
5:51 p.m.
Greetings,
My gateway bit the dust and I need to start from scratch. I have two possible
approaches.
1. I have an older Edgerouter Lite. Has anyone cracked the nut on connectivity to other
AMPR nodes in the mesh?
2. I’m considering buying a new microtik router. Is there a suggested model?
Would like to get back on 44net but want to stay away from the “roll your own” Linux
system as Ubuntu has changed their network manager to netplan.
Suggestions welcome.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
13 Feb
13 Feb
7:09 p.m.
Tom,
Your EdgeRouter would be a nice experimentation platform, and a perfect
opportunity for a "howto" to get ampr-ripd to run on it.
It has basically all it needs and allows addition of third party
components...
On 13.02.2019 19:51, Tom Cardinal via 44Net wrote:
Greetings,
My gateway bit the dust and I need to start from scratch. I have two possible
approaches.
1. I have an older Edgerouter Lite. Has anyone cracked the nut on connectivity to other
AMPR nodes in the mesh?
2. I’m considering buying a new microtik router. Is there a suggested model?
Would like to get back on 44net but want to stay away from the “roll your own” Linux
system as Ubuntu has changed their network manager to netplan.
Suggestions welcome.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
10:08 p.m.
I’m willing to work to get the mesh portion of it working. I am fine with flashing
software but I do not know much about the software platform it sits on. I’ve only been in
the command line a few times.
I’ll follow the wiki guide to get it online and contact you when I have it going.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
On Feb 13, 2019, at 1:09 PM, Marius Petrescu
<marius(a)yo2loj.ro> wrote:
Tom,
Your EdgeRouter would be a nice experimentation platform, and a perfect opportunity for a
"howto" to get ampr-ripd to run on it.
It has basically all it needs and allows addition of third party components...
On 13.02.2019 19:51, Tom Cardinal via 44Net
wrote:
Greetings,
My gateway bit the dust and I need to start from scratch. I have two possible
approaches.
1. I have an older Edgerouter Lite. Has anyone cracked the nut on connectivity to other
AMPR nodes in the mesh?
2. I’m considering buying a new microtik router. Is there a suggested model?
Would like to get back on 44net but want to stay away from the “roll your own” Linux
system as Ubuntu has changed their network manager to netplan.
Suggestions welcome.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
14 Feb
14 Feb
5:27 p.m.
Excellent.
The processor on the Edgerouter light is a MIPS, and cross compile tools
are available.
There is also an option to install 3rd party add ons.
I will dig into this a little, but unfortunately I can not test since I
don't have a Edgerouter.
Maybe someone has more experience with this machines...
On 14.02.2019 00:08, Tom Cardinal via 44Net wrote:
I’m willing to work to get the mesh portion of it
working. I am fine with flashing software but I do not know much about the software
platform it sits on. I’ve only been in the command line a few times.
I’ll follow the wiki guide to get it online and contact you when I have it going.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
5:30 p.m.
The build environment to be used on the router itself can be set up like
this....
https://www.ntop.org/nprobe/running-nprobe-and-ntopng-on-ubiquity-edgeroute…
On 14.02.2019 19:27, Marius Petrescu wrote:
Excellent.
The processor on the Edgerouter light is a MIPS, and cross compile
tools are available.
There is also an option to install 3rd party add ons.
I will dig into this a little, but unfortunately I can not test since
I don't have a Edgerouter.
Maybe someone has more experience with this machines...
On 14.02.2019 00:08, Tom Cardinal via 44Net wrote:
I’m willing to work to get the mesh portion of it
working. I am fine
with flashing software but I do not know much about the software
platform it sits on. I’ve only been in the command line a few times.
I’ll follow the wiki guide to get it online and contact you when I
have it going.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
15 Feb
15 Feb
1:40 p.m.
Awesome,, but I’m out of pocket until Monday evening.
I have a basic ER setup installed in the DMZ of my pfSense which in the past NATed my ipip
traffic. I have not yet created the ipip tunnel to UCSD but will do so on Monday evening
or Tuesday.
I’m looking forward to this project.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
On Feb 14, 2019, at 11:30 AM, Marius Petrescu
<marius(a)yo2loj.ro> wrote:
The build environment to be used on the router itself can be set up like this....
https://www.ntop.org/nprobe/running-nprobe-and-ntopng-on-ubiquity-edgeroute…
On 14.02.2019 19:27, Marius Petrescu wrote:
Excellent.
The processor on the Edgerouter light is a MIPS, and cross compile tools are available.
There is also an option to install 3rd party add ons.
I will dig into this a little, but unfortunately I can not test since I don't have a
Edgerouter.
Maybe someone has more experience with this machines...
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net On 14.02.2019 00:08, Tom Cardinal via 44Net
wrote:
I’m willing to work to get the mesh portion of it working. I am fine with flashing
software but I do not know much about the software platform it sits on. I’ve only been in
the command line a few times.
I’ll follow the wiki guide to get it online and contact you when I have it going.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
9:09 p.m.
Hi guys,
I just ordered a Edgerouter Lite and it will probably arrive on Tuesday.
Next week is a little full, but after that, we're gone do this :-)
I will keep you up to date.
73s de Marius, YO2LOJ
On 15.02.2019 15:40, Tom Cardinal via 44Net wrote:
Awesome,, but I’m out of pocket until Monday evening.
I have a basic ER setup installed in the DMZ of my pfSense which in the past NATed my
ipip traffic. I have not yet created the ipip tunnel to UCSD but will do so on Monday
evening or Tuesday.
I’m looking forward to this project.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
17 Feb
17 Feb
3:55 a.m.
I ‘be been digging around and downloaded the Vyatta 6.3 docs. The forums at UBNT Community
suggest that the docs for Vyatta are the best out there and that the CLI interface for
EdgeOS I based on Vyatta...
Tuesday will be good for me to start. I brought my ERL with me on a weekend trip and I’m
working in the CLI.
—Tom
Sent from my iPad
On Feb 15, 2019, at 3:09 PM, Marius Petrescu
<marius(a)yo2loj.ro> wrote:
Hi guys,
I just ordered a Edgerouter Lite and it will probably arrive on Tuesday. Next week is a
little full, but after that, we're gone do this :-)
I will keep you up to date.
73s de Marius, YO2LOJ
On 15.02.2019 15:40, Tom Cardinal via 44Net
wrote:
Awesome,, but I’m out of pocket until Monday evening.
I have a basic ER setup installed in the DMZ of my pfSense which in the past NATed my
ipip traffic. I have not yet created the ipip tunnel to UCSD but will do so on Monday
evening or Tuesday.
I’m looking forward to this project.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net 
4:42 a.m.
If you can make it work on eth4 as the 44 net gateway and eth0 eth1 as a simple wan/lan
combo like on any normal home router this would be marvelous.
Envoyé de mon iPad
Le 16 févr. 2019 à 22:57, Tom Cardinal via 44Net
<44net(a)mailman.ampr.org> a écrit :
I ‘be been digging around and downloaded the Vyatta 6.3 docs. The forums at UBNT
Community suggest that the docs for Vyatta are the best out there and that the CLI
interface for EdgeOS I based on Vyatta...
Tuesday will be good for me to start. I brought my ERL with me on a weekend trip and I’m
working in the CLI.
—Tom
Sent from my iPad
On Feb 15, 2019, at 3:09 PM, Marius Petrescu
<marius(a)yo2loj.ro> wrote:
Hi guys,
I just ordered a Edgerouter Lite and it will probably arrive on Tuesday. Next week is a
little full, but after that, we're gone do this :-)
I will keep you up to date.
73s de Marius, YO2LOJ
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net On 15.02.2019 15:40, Tom Cardinal via 44Net
wrote:
Awesome,, but I’m out of pocket until Monday evening.
I have a basic ER setup installed in the DMZ of my pfSense which in the past NATed my
ipip traffic. I have not yet created the ipip tunnel to UCSD but will do so on Monday
evening or Tuesday.
I’m looking forward to this project.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
14 Feb
14 Feb
8:07 p.m.
I have 2 edgerouter at home.
I would be more then pleased to test any of your request.
I can even put one on line for you to log in either by ssh or web. From there I could even
put a small linux machine like a beagle bone black for you to ping or even ssh to.
Let me know
Petem001(a)hotmail.com
VE2PF
got a 400/50 connection, plenty of room to make any test.
________________________________
De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de la part de
Marius Petrescu <marius(a)yo2loj.ro>
Envoyé : 14 février 2019 12:27
À : 44net(a)mailman.ampr.org
Objet : Re: [44net] Dead gateway, looking for input
Excellent.
The processor on the Edgerouter light is a MIPS, and cross compile tools
are available.
There is also an option to install 3rd party add ons.
I will dig into this a little, but unfortunately I can not test since I
don't have a Edgerouter.
Maybe someone has more experience with this machines...
On 14.02.2019 00:08, Tom Cardinal via 44Net wrote:
I’m willing to work to get the mesh portion of it
working. I am fine with flashing software but I do not know much about the software
platform it sits on. I’ve only been in the command line a few times.
I’ll follow the wiki guide to get it online and contact you when I have it going.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
8:13 p.m.
And this router won't be used for anything else.
Télécharger Outlook pour Android<https://aka.ms/ghei36>
________________________________
From: 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> on behalf of pete
M via 44Net <44net(a)mailman.ampr.org>
Sent: Thursday, February 14, 2019 3:07:13 PM
To: Marius Petrescu; AMPRNet working group
Cc: pete M
Subject: Re: [44net] Dead gateway, looking for input
I have 2 edgerouter at home.
I would be more then pleased to test any of your request.
I can even put one on line for you to log in either by ssh or web. From there I could even
put a small linux machine like a beagle bone black for you to ping or even ssh to.
Let me know
Petem001(a)hotmail.com
VE2PF
got a 400/50 connection, plenty of room to make any test.
________________________________
De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de la part de
Marius Petrescu <marius(a)yo2loj.ro>
Envoyé : 14 février 2019 12:27
À : 44net(a)mailman.ampr.org
Objet : Re: [44net] Dead gateway, looking for input
Excellent.
The processor on the Edgerouter light is a MIPS, and cross compile tools
are available.
There is also an option to install 3rd party add ons.
I will dig into this a little, but unfortunately I can not test since I
don't have a Edgerouter.
Maybe someone has more experience with this machines...
On 14.02.2019 00:08, Tom Cardinal via 44Net wrote:
I’m willing to work to get the mesh portion of it
working. I am fine with flashing software but I do not know much about the software
platform it sits on. I’ve only been in the command line a few times.
I’ll follow the wiki guide to get it online and contact you when I have it going.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
9:07 p.m.
Hey All on list.
I just had our 44Net allocations assigned this past week. Getting this
routing on EdgeRouters is on my list of ToDo since all 3 sites I'll be
maintaining are on EdgeRouters.
Any hints as to technical details as to what/why would be handy to have
available.
Regards,
Jason Kendall
VE3YCA
On 2019-02-14 3:07 p.m., pete M via 44Net wrote:
I have 2 edgerouter at home.
I would be more then pleased to test any of your request.
I can even put one on line for you to log in either by ssh or web. From there I could
even put a small linux machine like a beagle bone black for you to ping or even ssh to.
Let me know
Petem001(a)hotmail.com
VE2PF
got a 400/50 connection, plenty of room to make any test.
________________________________
De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de la part de
Marius Petrescu <marius(a)yo2loj.ro>
Envoyé : 14 février 2019 12:27
À : 44net(a)mailman.ampr.org
Objet : Re: [44net] Dead gateway, looking for input
Excellent.
The processor on the Edgerouter light is a MIPS, and cross compile tools
are available.
There is also an option to install 3rd party add ons.
I will dig into this a little, but unfortunately I can not test since I
don't have a Edgerouter.
Maybe someone has more experience with this machines...
On 14.02.2019 00:08, Tom Cardinal via 44Net wrote:
I’m willing to work to get the mesh portion of it
working. I am fine with flashing software but I do not know much about the software
platform it sits on. I’ve only been in the command line a few times.
I’ll follow the wiki guide to get it online and contact you when I have it going.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
20 Feb
20 Feb
9:33 p.m.
New subject: EdgeRouter Lite (and probably others) full tunnel setup
Hello everyone there with some EdgeRouters available,
As promised, here the complete gateway setup for you to try :-)
At the moment, it is using ampr-ripd 1.15 (no support for BGP tunnel
endpoints in the 44net space, i will update in the bear future)...
It should also land in the Wiki, I assume...
Have fun,
Marius, YO2LOJ
EdgeRouter AMPR Configuration
Prerequisites:
- Make sure to upgrade to firmware 2.0.0 or later.
- You have a running, configured internet connection and full access to
the router
- Make sure to secure your router by setting appropriate firewall rules
1. Add tunnel interface
- Config Tree → add tun44 → Update List
- tun44:
address: <your AMPR gw address>*/32*
description: AMPR GW
encapsulation: ipip
local-ip: <your public gw IP>
remote-ip: *0.0.0.0*
- Press Preview ans Apply
2. Add debian stretch repository
- Config Tree → system → repository → add “debian” → Update List
- debian:
components: main contrib non-free
distribution: stretch
url: http://http.us.debian.org/debian
- Press Preview ans Apply
3. Install ampr-ripd
Open CLI
- become superuser:
sudo su
- update packets:
apt-get update
- install ampr-ripd:
apt-get install ampr-rip
- kill the now running daemon:
killall ampr-ripd
- delete the added service entry:
cd /lib/systemd
rm ampr-ripd.service
- create the route cache folder:
cd /var/lib
mkdir ampr-ripd
4. Create the daemon startup script:
cd /config/scripts/post-config.d
touch ampr.sh
chmod +x ampr.sh
5. Edit the created script using vi:
vi ampr.sh
(first press insert to go into edit mode)
/#!/bin/sh/
//
/MY_IP=`ip addr list dev tun44 | grep inet | awk '{print $2}'`/
//
/ip rule add from $MY_IP table default/
//
/ip rule add to 44.0.0.0/8 table default/
//
/ampr-ripd -s -t default -i tun44 -m 90 -a 44.1.2.3/32/
(press ESC followed by :wq to save the file and exit vi)
Important: if your router is connected via NAS you need to edit the -a
parameter to suite your network to be excluded. If the router is
directly connected, it will autodetect its IPs, so the parameter can be
omitted. Also add any local networks to be excluded as you need.
6. run the script:
./ampr.sh
To check, use
ip route list table default
You should get a lot of routes there...
Now it is time to restart your router and check everything is ok.
7. Now you can add your needed subnets on vlans or a second interface.
Enjoy.
9:54 p.m.
New subject: EdgeRouter Lite (and probably others) full tunnel setup
Ok,
I'll try again, now using a linked document, since that's unreadable...
http://www.yo2loj.ro/hamprojects/EdgeRouter_AMPR_setup.rtf
http://yo2tm.ampr.org/hamprojects/EdgeRouter_AMPR_setup.rtf
Have fun,
Marius, YO2LOJ
21 Feb
21 Feb
2 a.m.
New subject: EdgeRouter Lite (and probably others) full tunnel setup
That sound very fine
the only draw back is that I have an edgerouter x ( in fact 2, one in production, the
other on test) and cant update them to 2.00 or more as that firmware is really buggy on
the ER-X..
will wait for ubiquity to release ver 2 firmware before testing this.
Thanks a lot for the write up. I hope it will get to the wiki ;-)
________________________________
De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de la part de
Marius Petrescu <marius(a)yo2loj.ro>
Envoyé : 20 février 2019 16:54
À : 44net(a)mailman.ampr.org
Objet : Re: [44net] EdgeRouter Lite (and probably others) full tunnel setup
Ok,
I'll try again, now using a linked document, since that's unreadable...
http://www.yo2loj.ro/hamprojects/EdgeRouter_AMPR_setup.rtf
http://yo2tm.ampr.org/hamprojects/EdgeRouter_AMPR_setup.rtf
Have fun,
Marius, YO2LOJ
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-anima…
Garanti sans virus.
www.avast.com<https://www.avast.com/sig-email?utm_medium=email&utm_s…
25 Feb
25 Feb
3:37 a.m.
New subject: EdgeRouter Lite (and probably others) full tunnel setup
Hi every one..
been fiddling with my spare edgerouter X for the last hours.
I was able to upgrade it to firmware 2.0 and all was well.
I then followed the howto from Marius.
There are some minor typos in the how to. but nothing too complicated to fix. Nice job
Marius, with out that I would have been totally lost.
Now I am at the step where you run the script the first time.
I have that answer:
./ampr.sh
Error: any valid prefix is expected rather than "table".
Before doing anything more I think the problem is here in the script:
ip rule add from $MY_IP table default
changed to:
ip rule add from $MY_IP default
then no more error.
but still no joy. no route showing at all..
I also wanted to feed all the traffic from the tun44 interface to eth4 but I dont get
where to do this.. do I need a bridge? could I also use a dhcp server to configure the
client connecting to eth4. need to fiddle some more..
________________________________
De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de la part de
Marius Petrescu <marius(a)yo2loj.ro>
Envoyé : 20 février 2019 16:54
À : 44net(a)mailman.ampr.org
Objet : Re: [44net] EdgeRouter Lite (and probably others) full tunnel setup
Ok,
I'll try again, now using a linked document, since that's unreadable...
http://www.yo2loj.ro/hamprojects/EdgeRouter_AMPR_setup.rtf
http://yo2tm.ampr.org/hamprojects/EdgeRouter_AMPR_setup.rtf
Have fun,
Marius, YO2LOJ
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
21 Feb
21 Feb
5:28 a.m.
New subject: EdgeRouter Lite (and probably others) full tunnel setup
Ok, I've run the steps and have some info to report... but first I'll give you my
setup.
1. I'm on a NAT behind a pfSense. I do this to shield the AMPR external interface
from brute forcers. It worked very well when I ran a linux gateway and it also worked
well when I ran my gateway on a Raspberry Pi.
2. I have very old Edgerouter Lite. I bought it in the 2013 - 2014 timeframe. I tried
to update firmware and I'm on 1.10.8 (Nov 2018).
---
Info to pass:
1. At step two I had to change:
Config Tree → system → repository → add “debian” → Update List
To
Config Tree → system→ package → repository → add “debian” → Update List
2. At step three
I changed a couple of typos:
apt-get install ampr-rip
to
apt-get install ampr-ripd
Also. The killall ampr-ripd command produced no result. It gave me "Operation not
supported". I ran ps-ax and fond ampr-ripd was not running.
The service directory was /lib/systemd/service instead of /lib/system so I deleted the
added service at /lib/systemd/service/ampr-ripd.service.
I'm still experimenting here and will report back tomorrow evening central US time.
--tom, n2xu
On 2/20/19, 3:33 PM, "44Net on behalf of Marius Petrescu"
<44net-bounces+tomc=gulfmail.net(a)mailman.ampr.org on behalf of marius(a)yo2loj.ro>
wrote:
Hello everyone there with some EdgeRouters available,
As promised, here the complete gateway setup for you to try :-)
At the moment, it is using ampr-ripd 1.15 (no support for BGP tunnel
endpoints in the 44net space, i will update in the bear future)...
It should also land in the Wiki, I assume...
Have fun,
Marius, YO2LOJ
EdgeRouter AMPR Configuration
Prerequisites:
- Make sure to upgrade to firmware 2.0.0 or later.
- You have a running, configured internet connection and full access to
the router
- Make sure to secure your router by setting appropriate firewall rules
1. Add tunnel interface
- Config Tree → add tun44 → Update List
- tun44:
address: <your AMPR gw address>*/32*
description: AMPR GW
encapsulation: ipip
local-ip: <your public gw IP>
remote-ip: *0.0.0.0*
- Press Preview ans Apply
2. Add debian stretch repository
- Config Tree → system → repository → add “debian” → Update List
- debian:
components: main contrib non-free
distribution: stretch
url: http://http.us.debian.org/debian
- Press Preview ans Apply
3. Install ampr-ripd
Open CLI
- become superuser:
sudo su
- update packets:
apt-get update
- install ampr-ripd:
apt-get install ampr-rip
- kill the now running daemon:
killall ampr-ripd
- delete the added service entry:
cd /lib/systemd
rm ampr-ripd.service
- create the route cache folder:
cd /var/lib
mkdir ampr-ripd
4. Create the daemon startup script:
cd /config/scripts/post-config.d
touch ampr.sh
chmod +x ampr.sh
5. Edit the created script using vi:
vi ampr.sh
(first press insert to go into edit mode)
/#!/bin/sh/
//
/MY_IP=`ip addr list dev tun44 | grep inet | awk '{print $2}'`/
//
/ip rule add from $MY_IP table default/
//
/ip rule add to 44.0.0.0/8 table default/
//
/ampr-ripd -s -t default -i tun44 -m 90 -a 44.1.2.3/32/
(press ESC followed by :wq to save the file and exit vi)
Important: if your router is connected via NAS you need to edit the -a
parameter to suite your network to be excluded. If the router is
directly connected, it will autodetect its IPs, so the parameter can be
omitted. Also add any local networks to be excluded as you need.
6. run the script:
./ampr.sh
To check, use
ip route list table default
You should get a lot of routes there...
Now it is time to restart your router and check everything is ok.
7. Now you can add your needed subnets on vlans or a second interface.
Enjoy.
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
7:52 a.m.
New subject: EdgeRouter Lite (and probably others) full tunnel setup
Tnx Tom,
I wrote up those tings partly fom memory. so errors are possible.
Regarding 1.10.8: They updated from "jessie" to "stretch" when
releasing
2.0.0.
So there may be some differences, like in the installing of the
services. In stretch, the service launches automatically on install.
I also was not sure if ampr-ripd was in the jessie repository, but it
seems it is, which makes this possible on 1.10.8, too.
Question: did you use the stretch or the jessie repository for the update?
I will recheck the document and correct the information.
On 21.02.2019 07:28, Tom Cardinal via 44Net wrote:
Ok, I've run the steps and have some info to
report... but first I'll give you my setup.
1. I'm on a NAT behind a pfSense. I do this to shield the AMPR external interface
from brute forcers. It worked very well when I ran a linux gateway and it also worked
well when I ran my gateway on a Raspberry Pi.
2. I have very old Edgerouter Lite. I bought it in the 2013 - 2014 timeframe. I tried
to update firmware and I'm on 1.10.8 (Nov 2018).
---
Info to pass:
1. At step two I had to change:
Config Tree → system → repository → add “debian” → Update List
To
Config Tree → system→ package → repository → add “debian” → Update List
2. At step three
I changed a couple of typos:
apt-get install ampr-rip
to
apt-get install ampr-ripd
Also. The killall ampr-ripd command produced no result. It gave me "Operation not
supported". I ran ps-ax and fond ampr-ripd was not running.
The service directory was /lib/systemd/service instead of /lib/system so I deleted the
added service at /lib/systemd/service/ampr-ripd.service.
I'm still experimenting here and will report back tomorrow evening central US time.
--tom, n2xu
On 2/20/19, 3:33 PM, "44Net on behalf of Marius Petrescu"
<44net-bounces+tomc=gulfmail.net(a)mailman.ampr.org on behalf of marius(a)yo2loj.ro>
wrote:
Hello everyone there with some EdgeRouters available,
As promised, here the complete gateway setup for you to try :-)
At the moment, it is using ampr-ripd 1.15 (no support for BGP tunnel
endpoints in the 44net space, i will update in the bear future)...
It should also land in the Wiki, I assume...
Have fun,
Marius, YO2LOJ
EdgeRouter AMPR Configuration
Prerequisites:
- Make sure to upgrade to firmware 2.0.0 or later.
- You have a running, configured internet connection and full access to
the router
- Make sure to secure your router by setting appropriate firewall rules
1. Add tunnel interface
- Config Tree → add tun44 → Update List
- tun44:
address: <your AMPR gw address>*/32*
description: AMPR GW
encapsulation: ipip
local-ip: <your public gw IP>
remote-ip: *0.0.0.0*
- Press Preview ans Apply
2. Add debian stretch repository
- Config Tree → system → repository → add “debian” → Update List
- debian:
components: main contrib non-free
distribution: stretch
url: http://http.us.debian.org/debian
- Press Preview ans Apply
3. Install ampr-ripd
Open CLI
- become superuser:
sudo su
- update packets:
apt-get update
- install ampr-ripd:
apt-get install ampr-rip
- kill the now running daemon:
killall ampr-ripd
- delete the added service entry:
cd /lib/systemd
rm ampr-ripd.service
- create the route cache folder:
cd /var/lib
mkdir ampr-ripd
4. Create the daemon startup script:
cd /config/scripts/post-config.d
touch ampr.sh
chmod +x ampr.sh
5. Edit the created script using vi:
vi ampr.sh
(first press insert to go into edit mode)
/#!/bin/sh/
//
/MY_IP=`ip addr list dev tun44 | grep inet | awk '{print $2}'`/
//
/ip rule add from $MY_IP table default/
//
/ip rule add to 44.0.0.0/8 table default/
//
/ampr-ripd -s -t default -i tun44 -m 90 -a 44.1.2.3/32/
(press ESC followed by :wq to save the file and exit vi)
Important: if your router is connected via NAS you need to edit the -a
parameter to suite your network to be excluded. If the router is
directly connected, it will autodetect its IPs, so the parameter can be
omitted. Also add any local networks to be excluded as you need.
6. run the script:
./ampr.sh
To check, use
ip route list table default
You should get a lot of routes there...
Now it is time to restart your router and check everything is ok.
7. Now you can add your needed subnets on vlans or a second interface.
Enjoy.
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
3:01 p.m.
New subject: EdgeRouter Lite (and probably others) full tunnel setup
Please don’t take my edits as criticism, I’m trying to help and was not sure if my
firmware version contained a different file system structure. I’ve used your scripts
before and they are awesome.
I told the system to use the stretch repository so I’m probably broken... I’ll do a system
reset when I get home this evening and retry using the Jessie repository. I’m finally
starting to get comfortable on this platform, avoided doing so in the past because I
didn’t want to brick it.
Thank you for working with me on this Marius. I’ll send an update before I turn in for the
night.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
On Feb 21, 2019, at 1:52 AM, Marius Petrescu
<marius(a)yo2loj.ro> wrote:
Tnx Tom,
I wrote up those tings partly fom memory. so errors are possible.
Regarding 1.10.8: They updated from "jessie" to "stretch" when
releasing 2.0.0.
So there may be some differences, like in the installing of the services. In stretch, the
service launches automatically on install.
I also was not sure if ampr-ripd was in the jessie repository, but it seems it is, which
makes this possible on 1.10.8, too.
Question: did you use the stretch or the jessie repository for the update?
I will recheck the document and correct the information.
On 21.02.2019 07:28, Tom Cardinal via 44Net
wrote:
Ok, I've run the steps and have some info to report... but first I'll give you
my setup.
1. I'm on a NAT behind a pfSense. I do this to shield the AMPR external interface
from brute forcers. It worked very well when I ran a linux gateway and it also worked
well when I ran my gateway on a Raspberry Pi.
2. I have very old Edgerouter Lite. I bought it in the 2013 - 2014 timeframe. I tried
to update firmware and I'm on 1.10.8 (Nov 2018).
---
Info to pass:
1. At step two I had to change:
Config Tree → system → repository → add “debian” → Update List
To
Config Tree → system→ package → repository → add “debian” → Update List
2. At step three
I changed a couple of typos:
apt-get install ampr-rip
to
apt-get install ampr-ripd
Also. The killall ampr-ripd command produced no result. It gave me "Operation not
supported". I ran ps-ax and fond ampr-ripd was not running.
The service directory was /lib/systemd/service instead of /lib/system so I deleted the
added service at /lib/systemd/service/ampr-ripd.service.
I'm still experimenting here and will report back tomorrow evening central US time.
--tom, n2xu
On 2/20/19, 3:33 PM, "44Net on behalf of Marius Petrescu"
<44net-bounces+tomc=gulfmail.net(a)mailman.ampr.org on behalf of marius(a)yo2loj.ro>
wrote:
Hello everyone there with some EdgeRouters available,
As promised, here the complete gateway setup for you to try :-)
At the moment, it is using ampr-ripd 1.15 (no support for BGP tunnel
endpoints in the 44net space, i will update in the bear future)...
It should also land in the Wiki, I assume...
Have fun,
Marius, YO2LOJ
EdgeRouter AMPR Configuration
Prerequisites:
- Make sure to upgrade to firmware 2.0.0 or later.
- You have a running, configured internet connection and full access to
the router
- Make sure to secure your router by setting appropriate firewall rules
1. Add tunnel interface
- Config Tree → add tun44 → Update List
- tun44:
address: <your AMPR gw address>*/32*
description: AMPR GW
encapsulation: ipip
local-ip: <your public gw IP>
remote-ip: *0.0.0.0*
- Press Preview ans Apply
2. Add debian stretch repository
- Config Tree → system → repository → add “debian” → Update List
- debian:
components: main contrib non-free
distribution: stretch
url: http://http.us.debian.org/debian
- Press Preview ans Apply
3. Install ampr-ripd
Open CLI
- become superuser:
sudo su
- update packets:
apt-get update
- install ampr-ripd:
apt-get install ampr-rip
- kill the now running daemon:
killall ampr-ripd
- delete the added service entry:
cd /lib/systemd
rm ampr-ripd.service
- create the route cache folder:
cd /var/lib
mkdir ampr-ripd
4. Create the daemon startup script:
cd /config/scripts/post-config.d
touch ampr.sh
chmod +x ampr.sh
5. Edit the created script using vi:
vi ampr.sh
(first press insert to go into edit mode)
/#!/bin/sh/
//
/MY_IP=`ip addr list dev tun44 | grep inet | awk '{print $2}'`/
//
/ip rule add from $MY_IP table default/
//
/ip rule add to 44.0.0.0/8 table default/
//
/ampr-ripd -s -t default -i tun44 -m 90 -a 44.1.2.3/32/
(press ESC followed by :wq to save the file and exit vi)
Important: if your router is connected via NAS you need to edit the -a
parameter to suite your network to be excluded. If the router is
directly connected, it will autodetect its IPs, so the parameter can be
omitted. Also add any local networks to be excluded as you need.
6. run the script:
./ampr.sh
To check, use
ip route list table default
You should get a lot of routes there...
Now it is time to restart your router and check everything is ok.
7. Now you can add your needed subnets on vlans or a second interface.
Enjoy.
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
22 Feb
22 Feb
4:23 a.m.
New subject: EdgeRouter Lite (and probably others) full tunnel setup
No success, you were right when you said ampr-ripd wasn’t in the repository but I’m not
lost, I’ll look and see what else is out there. amprd might work and I might even try and
write something myself as a learning exercise...
I’m not sure the hardware will support the 2.x firmware and might buy a new copy of the
Edgerouter.
—tom
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
On Feb 21, 2019, at 9:01 AM, Tom Cardinal
<tomc(a)gulfmail.net> wrote:
Please don’t take my edits as criticism, I’m trying to help and was not sure if my
firmware version contained a different file system structure. I’ve used your scripts
before and they are awesome.
I told the system to use the stretch repository so I’m probably broken... I’ll do a
system reset when I get home this evening and retry using the Jessie repository. I’m
finally starting to get comfortable on this platform, avoided doing so in the past because
I didn’t want to brick it.
Thank you for working with me on this Marius. I’ll send an update before I turn in for
the night.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
> On Feb 21, 2019, at 1:52 AM, Marius Petrescu <marius(a)yo2loj.ro> wrote:
>
> Tnx Tom,
>
> I wrote up those tings partly fom memory. so errors are possible.
>
> Regarding 1.10.8: They updated from "jessie" to "stretch" when
releasing 2.0.0.
>
> So there may be some differences, like in the installing of the services. In stretch,
the service launches automatically on install.
>
> I also was not sure if ampr-ripd was in the jessie repository, but it seems it is,
which makes this possible on 1.10.8, too.
>
> Question: did you use the stretch or the jessie repository for the update?
>
>
> I will recheck the document and correct the information.
>
>
>> On 21.02.2019 07:28, Tom Cardinal via 44Net wrote:
>> Ok, I've run the steps and have some info to report... but first I'll
give you my setup.
>>
>> 1. I'm on a NAT behind a pfSense. I do this to shield the AMPR external
interface from brute forcers. It worked very well when I ran a linux gateway and it also
worked well when I ran my gateway on a Raspberry Pi.
>>
>> 2. I have very old Edgerouter Lite. I bought it in the 2013 - 2014 timeframe.
I tried to update firmware and I'm on 1.10.8 (Nov 2018).
>>
>> ---
>> Info to pass:
>>
>> 1. At step two I had to change:
>>
>> Config Tree → system → repository → add “debian” → Update List
>>
>> To
>>
>> Config Tree → system→ package → repository → add “debian” → Update List
>>
>> 2. At step three
>>
>> I changed a couple of typos:
>>
>> apt-get install ampr-rip
>>
>> to
>>
>> apt-get install ampr-ripd
>>
>> Also. The killall ampr-ripd command produced no result. It gave me
"Operation not supported". I ran ps-ax and fond ampr-ripd was not running.
>>
>> The service directory was /lib/systemd/service instead of /lib/system so I
deleted the added service at /lib/systemd/service/ampr-ripd.service.
>>
>> I'm still experimenting here and will report back tomorrow evening central US
time.
>>
>> --tom, n2xu
>>
>> On 2/20/19, 3:33 PM, "44Net on behalf of Marius Petrescu"
<44net-bounces+tomc=gulfmail.net(a)mailman.ampr.org on behalf of marius(a)yo2loj.ro>
wrote:
>>
>> Hello everyone there with some EdgeRouters available,
>> As promised, here the complete gateway setup for you to try :-)
>> At the moment, it is using ampr-ripd 1.15 (no support for BGP tunnel
>> endpoints in the 44net space, i will update in the bear future)...
>> It should also land in the Wiki, I assume...
>> Have fun,
>> Marius, YO2LOJ
>> EdgeRouter AMPR Configuration
>> Prerequisites:
>> - Make sure to upgrade to firmware 2.0.0 or later.
>> - You have a running, configured internet connection and full access to
>> the router
>> - Make sure to secure your router by setting appropriate firewall rules
>> 1. Add tunnel interface
>> - Config Tree → add tun44 → Update List
>> - tun44:
>> address: <your AMPR gw address>*/32*
>> description: AMPR GW
>> encapsulation: ipip
>> local-ip: <your public gw IP>
>> remote-ip: *0.0.0.0*
>> - Press Preview ans Apply
>> 2. Add debian stretch repository
>> - Config Tree → system → repository → add “debian” → Update List
>> - debian:
>> components: main contrib non-free
>> distribution: stretch
>> url: http://http.us.debian.org/debian
>> - Press Preview ans Apply
>> 3. Install ampr-ripd
>> Open CLI
>> - become superuser:
>> sudo su
>> - update packets:
>> apt-get update
>> - install ampr-ripd:
>> apt-get install ampr-rip
>> - kill the now running daemon:
>> killall ampr-ripd
>> - delete the added service entry:
>> cd /lib/systemd
>> rm ampr-ripd.service
>> - create the route cache folder:
>> cd /var/lib
>> mkdir ampr-ripd
>> 4. Create the daemon startup script:
>> cd /config/scripts/post-config.d
>> touch ampr.sh
>> chmod +x ampr.sh
>> 5. Edit the created script using vi:
>> vi ampr.sh
>> (first press insert to go into edit mode)
>> /#!/bin/sh/
>> //
>> /MY_IP=`ip addr list dev tun44 | grep inet | awk '{print $2}'`/
>> //
>> /ip rule add from $MY_IP table default/
>> //
>> /ip rule add to 44.0.0.0/8 table default/
>> //
>> /ampr-ripd -s -t default -i tun44 -m 90 -a 44.1.2.3/32/
>> (press ESC followed by :wq to save the file and exit vi)
>> Important: if your router is connected via NAS you need to edit the -a
>> parameter to suite your network to be excluded. If the router is
>> directly connected, it will autodetect its IPs, so the parameter can be
>> omitted. Also add any local networks to be excluded as you need.
>> 6. run the script:
>> ./ampr.sh
>> To check, use
>> ip route list table default
>> You should get a lot of routes there...
>> Now it is time to restart your router and check everything is ok.
>> 7. Now you can add your needed subnets on vlans or a second
interface.
>> Enjoy.
>> _________________________________________
>> 44Net mailing list
>> 44Net(a)mailman.ampr.org
>> https://mailman.ampr.org/mailman/listinfo/44net
>>
>>
>>
>> _________________________________________
>> 44Net mailing list
>> 44Net(a)mailman.ampr.org
>> https://mailman.ampr.org/mailman/listinfo/44net
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
6:56 a.m.
New subject: EdgeRouter Lite (and probably others) full tunnel setup
Tom,
I would not jump to conclusions. As I understand, the only difference
between te old and the new ER Lite is the housing, which changed from
plastic to metal. Otherwise it is the same hardware.
Just try an update from here:
https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-softw…
GL!
Marius, YO2LOJ
On 22.02.2019 06:23, Tom Cardinal via 44Net wrote:
No success, you were right when you said ampr-ripd
wasn’t in the repository but I’m not lost, I’ll look and see what else is out there. amprd
might work and I might even try and write something myself as a learning exercise...
I’m not sure the hardware will support the 2.x firmware and might buy a new copy of the
Edgerouter.
—tom
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
25 Feb
25 Feb
7:25 a.m.
New subject: EdgeRouter Lite (and probably others) full tunnel setup
Hi everyone,
Please hold your horses on this, since the 2.0.0 FW seems quite buggy.
I created a test version based on ampr-ripd 2.4 which I am testing.
If it checks out, I will make it public.
Just a little patience.
Marius, YO2LOJ
27 Feb
27 Feb
8:03 a.m.
New subject: Update: EdgeRouter Lite (and probably others) full tunnel setup
Hi everyone,
I updated the instructions for setting up an EdgeRouter as a full AMPR
gateway.
1. Add tunnel interface
- Config Tree → add tun44 → Update List
- tun44:
address: <your AMPR gw address>*/32*
description: AMPR GW
encapsulation: ipip
local-ip: <your public gw IP>
remote-ip: *0.0.0.0*
- Press Preview ans Apply
2. Download your packages from here:
Find the EdgeRouter setup package here:
http://www.yo2loj.ro/hamprojects/Ampr_EdgeRouter.tgz<http://www.yo2loj.r…
(mips64)
For the EdgeRouterX setup use this one:
http://www.yo2loj.ro/hamprojects/Ampr_EdgeRouterX.tgz (mipsel)
Inside those archives, there is a setup.txt file explaining the next steps.
NOTE: THE SETUP SCRIPT DOES NOT SECURE YOUR ROUTER. YOU NEED TO SET UP
FIREWALL ROUTES YOURSELF.
3. Optionally you can install a status page in the wizzard section.
Download here: http://www.yo2loj.ro/hamprojects/Ampr_Status_Wizard.tar
I hope this is useful,
Marius, YO2LOJ
28 Feb
28 Feb
9:13 p.m.
New subject: Update: EdgeRouter Lite (and probably others) full tunnel setup
Hi Marius, I have a few question and I will ask them in line
1. Add tunnel interface
- Config Tree → add tun44 → Update List
- tun44:
address: <your AMPR gw address>*/32* My allocation is 44.135.51.0/26 So
From what you are telling here I should use: 44.135.51.0/32 ??
description: AMPR GW
encapsulation: ipip
local-ip: <your public gw IP> Is that the IP adress that my ISP provide
me? or is it the IP adress that I want to show to the internet? like 44.135.51.1 in my
case??
remote-ip: *0.0.0.0*
- Press Preview ans Apply
THanks!!
Pierre VE2PF
________________________________
De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de la part de
Marius Petrescu <marius(a)yo2loj.ro>
Envoyé : 27 février 2019 03:03
À : 44net(a)mailman.ampr.org
Objet : [44net] Update: EdgeRouter Lite (and probably others) full tunnel setup
Hi everyone,
I updated the instructions for setting up an EdgeRouter as a full AMPR
gateway.
1. Add tunnel interface
- Config Tree → add tun44 → Update List
- tun44:
address: <your AMPR gw address>*/32*
description: AMPR GW
encapsulation: ipip
local-ip: <your public gw IP>
remote-ip: *0.0.0.0*
- Press Preview ans Apply
2. Download your packages from here:
Find the EdgeRouter setup package here:
http://www.yo2loj.ro/hamprojects/Ampr_EdgeRouter.tgz<http://www.yo2loj.r…
(mips64)
For the EdgeRouterX setup use this one:
http://www.yo2loj.ro/hamprojects/Ampr_EdgeRouterX.tgz (mipsel)
Inside those archives, there is a setup.txt file explaining the next steps.
NOTE: THE SETUP SCRIPT DOES NOT SECURE YOUR ROUTER. YOU NEED TO SET UP
FIREWALL ROUTES YOURSELF.
3. Optionally you can install a status page in the wizzard section.
Download here: http://www.yo2loj.ro/hamprojects/Ampr_Status_Wizard.tar
I hope this is useful,
Marius, YO2LOJ
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
10:25 p.m.
New subject: Update: EdgeRouter Lite (and probably others) full tunnel setup
Hi all,
It seems that there is some confusion and I'll try to respond as a small
tutorial so others may benefit from it.
1. Interface IPs and netmasks
An IP defines the local address of an interface, that means the address
to which a packet must be sent to reach that interface.
The netmask on the other hand describes which other addresses can be
reached DIRECTLY from that interface (in network terms, which
destination sit on the same network segment - the subnet in case of an
IP network).
Let's take an example...
On a local network we have an allocation of 44.128.1.0/24
That means that one of those IPs need to be alocated to the device
(let's assume 44.128.1.1).
Now the prefix length/netmask is 24. That means that the first 24 bits
of that address represent the network, while the rest up to 32 could be
usable as individual addresses.
This means that valid addresses on this network are 44.128.1.0 to
44.128.1.255. There are 2 exceptions of usability here. The first
address, 44.128.1.0, which represents the network, and 44.128.1.255,
which is the broadcast address of this network.
So we can use as individual IPs 44.128.1.1 to 44.128.1.254. If we assign
now 44.128.1.1 with a netmask of /24 (or 255.255.255.0 - it is just the
same these numbers have the bits representing the network set to 1, the
rest to 0), this means that all other addresses of this network can be
directly reached by sending them out via that interface.
So we have now our local network, as assigned in the portal.
Let's see how this tunnel interface is exactly described.
It has a local and a remote address, defining its endpoints as a tunnel,
and creates a virtual interface, which will have a network assigned to
it, just like a regular interface.
Lets' say our public IP of our router, provided by our ISP is 1.2.3.4
and we want to reach ampr_gw, which has a public address of 169.228.34.84.
So we need to set our local ip to 1.2.3.4 and the remote ip to
169.228.34.84. This will encapsulate all the virtual interface traffic
as IPIP and send it to 169.228.34.84, and all encapsulated traffic from
169.228.34.84 will appear on our virtual tunnel interface.
Now, the exact same logic of IP and netmask applies to the virtual
tunnel interface.
We could see this in 2 different ways: We could see the ampr-gw
interface as the whole ampr address space, and that means that all 44
addresses could be reached that way, and we could use a netmask of /8
(or 255.0.0.0) or we could consider this interface not able to reach
anything, and we could use a prefix of /32
The difference of these 2 approache is the automatically generated
route, which in the first case would send all 44.x.y.z traffic to the
tunnel, assuming that all destinations are reachable (which is not the
case), or we assume the latter case, that nothing is reachable directly,
and we need a /32 prefix, and we will rely on routing for data forwarding.
So, to cope with our network configuration, we need a /32 netmask for
that specific tunnel interface: only 44.128.1.1 is directly reachable.
Now, let's com back to the routes for the tunnel interface. In the
example, I used 169.228.34.84 as the remote tunnel endpoint. But if we
use 0.0.0.0 as the remote address, the tunnel interface will work point
to multipoint (P2MP) as described below.
A route has 4 components (not necessary all visible to the user):
A network address, a netmask, a gateway and a interface.
The network address and netmask specifies what is routed, the gateway
specifies where it has to be sent to, and the interface via which
network interface to do it.
In case of regular interfaces, this is quite simple.
e.g. route 192.168.2.0/24 via 192.168.1.1 dev eth0 will send all trafic
with destination 192.168.2.0 to 192.168.2.255 to the router having
address 192.168.1.1 and is reachable on the interface eth0
This behavior is different on a linux IPIP tunnel interface. In the case
of the tunnel, the gateway address of the P2MP tunnel describes the
remote endpoint of the tunnel connection for that specific subnet,
allowing us to use a single interface for all 44net tunnels.
So, having our local IP 1.2.3.4 and remote IP 0.0.0.0, we can have
routes like this:
44.128.2.0/24 via 2.3.4.5 dev tun44
44.128.3.0/24 via 3.4.5.6 dev tun44
44.128.0.0/16 via 8.9.10.11 dev tun44
Translation:
- All traffic to 44.128.2.0-44.128.2.255 goes to the tunnel and is
encapsulated to 2.3.4.5
- All traffic to 44.128.3.0-44.128.3.255 goes to the tunnel and is
encapsulated to 3.4.5.6
- All traffic not covered by the previous routes, but falling into the
44.128.0.0-44.128.255.255 range is encapsulated to 8.9.10.11
Please observe that the route chosen is the one which defines most
precisely the destination (has the destination in range and has the
biggest prefix length/mask).
These routes are a lot of them, one route for each tunnel, and is the
job of ampr-ripd to receive them via RIP and set them accordingly, in an
automated fashion.
On Mikrotik routers, where there are no P2MP tunnels, each endpoint has
its own tunnel interface with a fixed local and remote address, and are
managed by a script.
So, back to Pierre's question:
- Yes, no mater what your allocation, the tunnel IP needs an IP from
your allocated range and a netmask of /32 (255.255.255.255)
- Yes and No, this local address of the tunnel should be the one of your
router's external interface.
If your router faces the internet directly, the local address of your
tunnel endpoint needs to be your public address assigned by your ISP.
If you are behind NAT (including in a DMZ), this local address should be
the one of your gateway's external interface, ant it will be NATed by
your main router to the public IP.
I hope this clarifies a lot of questions...
Marius, YO2LOJ
On 28.02.2019 23:13, pete M via 44Net wrote:
Hi Marius, I have a few question and I will ask them
in line
1. Add tunnel interface
- Config Tree → add tun44 → Update List
- tun44:
address: <your AMPR gw address>*/32* My allocation is 44.135.51.0/26 So
From what you are telling here I should use: 44.135.51.0/32 ??
description: AMPR GW
encapsulation: ipip
local-ip: <your public gw IP> Is that the IP adress that my ISP provide
me? or is it the IP adress that I want to show to the internet? like 44.135.51.1 in my
case??
remote-ip: *0.0.0.0*
- Press Preview ans Apply
THanks!!
Pierre VE2PF
________________________________
De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de la part de
Marius Petrescu <marius(a)yo2loj.ro>
Envoyé : 27 février 2019 03:03
À : 44net(a)mailman.ampr.org
Objet : [44net] Update: EdgeRouter Lite (and probably others) full tunnel setup
Hi everyone,
I updated the instructions for setting up an EdgeRouter as a full AMPR
gateway.
1. Add tunnel interface
- Config Tree → add tun44 → Update List
- tun44:
address: <your AMPR gw address>*/32*
description: AMPR GW
encapsulation: ipip
local-ip: <your public gw IP>
remote-ip: *0.0.0.0*
- Press Preview ans Apply
2. Download your packages from here:
Find the EdgeRouter setup package here:
http://www.yo2loj.ro/hamprojects/Ampr_EdgeRouter.tgz (mips64)
For the EdgeRouterX setup use this one:
http://www.yo2loj.ro/hamprojects/Ampr_EdgeRouterX.tgz (mipsel)
Inside those archives, there is a setup.txt file explaining the next steps.
NOTE: THE SETUP SCRIPT DOES NOT SECURE YOUR ROUTER. YOU NEED TO SET UP
FIREWALL ROUTES YOURSELF.
3. Optionally you can install a status page in the wizzard section.
Download here: http://www.yo2loj.ro/hamprojects/Ampr_Status_Wizard.tar
I hope this is useful,
Marius, YO2LOJ
1 Mar
1 Mar
5:21 p.m.
New subject: Update: EdgeRouter Lite (and probably others) full tunnel setup
Just a small update...
Due to a issue on startup on the Edgerouter, I had to move the startup
script to /etc and the actual startup call to rc.local.
The startup from /config/scripts/post-config.d did not ensure the
creation of the bypass routes for gws with a 44 endpoint.
So, those that already installed the packages, please download and
unpack again and execute the install script again (this will undo the
previous startup settings and create the new ones, don't worry about
'file exists' warnings, the binary hasn't changed).
Those that did not install it yet, just be sure to get fresh packages
and just follow the instructions as below.
Sorry for any inconvenience,
Marius, YO2LOJ
I updated the instructions for setting up an
EdgeRouter as a full AMPR
gateway.
1. Add tunnel interface
- Config Tree → add tun44 → Update List
- tun44:
address: <your AMPR gw address>*/32*
description: AMPR GW
encapsulation: ipip
local-ip: <your public gw IP>
remote-ip: *0.0.0.0*
- Press Preview ans Apply
2. Download your packages from here:
Find the EdgeRouter setup package here:
http://www.yo2loj.ro/hamprojects/Ampr_EdgeRouter.tgz (mips64)
For the EdgeRouterX setup use this one:
http://www.yo2loj.ro/hamprojects/Ampr_EdgeRouterX.tgz (mipsel)
Inside those archives, there is a setup.txt file explaining the next
steps.
NOTE: THE SETUP SCRIPT DOES NOT SECURE YOUR ROUTER. YOU NEED TO SET UP
FIREWALL ROUTES YOURSELF.
3. Optionally you can install a status page in the wizzard section.
Download here: http://www.yo2loj.ro/hamprojects/Ampr_Status_Wizard.tar
2105
days inactive
2121
days old
25 comments
4 participants
participants (4)
-
Jason Kendall -
Marius Petrescu -
pete M -
Tom Cardinal