I think the lack of multicast support in some Linux kernel builds makes the Perl rip44d fail for some users.
Linux 2.6 certainly supports multicast, it's been in the kernel for a long while (at least in kernel 1.2 it was there, and probably before that). Some distributions apparently haven't compiled in the multicast code.
If you're having problems with rip44d not receiving RIP packets, and you're not one of those having a NAT/DMZ router of some sort in front of the gateway, please check if your kernel has multicast enabled:
http://unix.stackexchange.com/questions/25872/how-can-i-know-if-ip-multicast...
I can probably add raw socket support to rip44d, mimicking what Marius did in his C version, to work around it, if this is indeed a problem. One alternative is to run the C daemon on those systems, of course!
- Hessu, OH7LZB
On Tue, Aug 6, 2013 at 2:08 AM, Brian Rogers n1uro@n1uro.ampr.org wrote:
On Sat, 2013-08-03 at 11:46 +0300, Marius Petrescu spake:
I added an option to use raw sockets instead of multicast to the daemon. This is needed on systems that do not support multicast properly. On system where it works, there is no need to upgrade.
Thank you Marius - it's definately now doing what it needs to do! Good job! With my 10 yr old system running a P-III I'm lucky to have a circa 2009 setup running. I don't know why on earth though this 2.6 kernel doesn't support multicast.
Hello Hessu (and list)
On Tue, 2013-08-06 at 13:04 +0300, Heikki Hannikainen spake:
I think the lack of multicast support in some Linux kernel builds makes the Perl rip44d fail for some users.
That's not the case here though. Multicast is enabled and the interfaces are also running multicast. I am however behind a NAT router (even though it should be moot since I do hear the broadcasts). I'm just completely at a loss on my specific issue. netstat -g shows:
tunl0 1 224.0.0.251 tunl0 1 all-systems.mcast.net
and ifconfig tunl0 shows: tunl0 Link encap:IPIP Tunnel HWaddr inet addr:44.88.0.9 Mask:255.255.255.0 UP RUNNING MULTICAST MTU:1480 Metric:1
Linux 2.6 certainly supports multicast, it's been in the kernel for a long while (at least in kernel 1.2 it was there, and probably before that). Some distributions apparently haven't compiled in the multicast code.
I'm using the stock kernel for the distro. If an error popped up for me I'd at least know where to look... but since there was no error, nothing ever was logged, it simply acted "deaf". Netcat verfied for me that the port was indeed open to the interface as well.
If you wish to make a switch to enable raw sockets I'll be willing to test it for you.
Double check your reverse path filtering setting? It is now on by default on newer kernels
This drove me nuts until I figured it out because I could see the multicast announcements when running tcpdump on the
tunnel interface, but rip44d didn't see them.
In ubuntu look in /etc/sysctl.conf for "rp_filter" settings.
-Neil
On Tue, Aug 6, 2013 at 6:56 AM, Brian Rogers n1uro@n1uro.ampr.org wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hello Hessu (and list)
On Tue, 2013-08-06 at 13:04 +0300, Heikki Hannikainen spake:
I think the lack of multicast support in some Linux kernel builds makes the Perl rip44d fail for some users.
That's not the case here though. Multicast is enabled and the interfaces are also running multicast. I am however behind a NAT router (even though it should be moot since I do hear the broadcasts). I'm just completely at a loss on my specific issue. netstat -g shows:
tunl0 1 224.0.0.251 tunl0 1 all-systems.mcast.net
and ifconfig tunl0 shows: tunl0 Link encap:IPIP Tunnel HWaddr inet addr:44.88.0.9 Mask:255.255.255.0 UP RUNNING MULTICAST MTU:1480 Metric:1
Linux 2.6 certainly supports multicast, it's been in the kernel for a long while (at least in kernel 1.2 it was there, and probably before that). Some distributions apparently haven't compiled in the multicast code.
I'm using the stock kernel for the distro. If an error popped up for me I'd at least know where to look... but since there was no error, nothing ever was logged, it simply acted "deaf". Netcat verfied for me that the port was indeed open to the interface as well.
If you wish to make a switch to enable raw sockets I'll be willing to test it for you.
-- 73 de Brian Rogers - N1URO email: n1uro@n1uro.ampr.org Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode AmprNet coordinator for: Connecticut, Delaware, Maine, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.
Now to get my creative spree going, here is my latest stuff.
I proudly announce a complete IPIP encapsulation daemon, which creates the tunnel interfaces autmoatically, and listens to the RIPv2 broadcasts internally. This completely replaces the ipip kernel driver and the ripd daemon and does not depend on any multicast capabilities. So a system should be up and running in 10 min with minimal effort. Basically 'make', check for errors (shouldn't be any), 'make install', edit the provided config file and startup script and launch.
As always, on www.yo2loj.ro under ham projects, or directly: http://www.yo2loj.ro/hamprojects/amprd-1.0.tgz
A test on some smaller systems, like those running openWRT would be nice...
Have fun. Marius, YO2LOJ
On Tue, Aug 6, 2013 at 10:44 PM, Marius Petrescu marius@yo2loj.ro wrote:
(Please trim inclusions from previous messages) _______________________________________________ Now to get my creative spree going, here is my latest stuff.
I proudly announce a complete IPIP encapsulation daemon, which creates the tunnel interfaces autmoatically, and listens to the RIPv2 broadcasts internally. This completely replaces the ipip kernel driver and the ripd daemon and does not depend on any multicast capabilities. So a system should be up and running in 10 min with minimal effort. Basically 'make', check for errors (shouldn't be any), 'make install', edit the provided config file and startup script and launch.
As always, on www.yo2loj.ro under ham projects, or directly: http://www.yo2loj.ro/hamprojects/amprd-1.0.tgz
A test on some smaller systems, like those running openWRT would be nice...
Have fun. Marius, YO2LOJ
Hey Marius,
Where have you been hiding this program all this time? Hi hi hi!!!
Any chance the program setting up a firewall too, in order to allow only AMPRnet connections?
Since the interfaces are tun adapters (basically virtual ethernet), any firewall solution would work. Just a 'iptables -A INPUT -I ampr0 ! -s 44.0.0.0/8 -j DROP' would do.
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Demetre SV1UY Sent: Tuesday, August 06, 2013 23:55 To: AMPRNet working group Subject: Re: [44net] Announcement: amprd 1.0 encapsulation daemon with RIPv2 processing
Hey Marius,
Where have you been hiding this program all this time? Hi hi hi!!!
Any chance the program setting up a firewall too, in order to allow only AMPRnet connections?
--
On Wed, Aug 7, 2013 at 12:31 AM, Marius Petrescu marius@yo2loj.ro wrote:
Since the interfaces are tun adapters (basically virtual ethernet), any firewall solution would work. Just a 'iptables -A INPUT -I ampr0 ! -s 44.0.0.0/8 -j DROP' would do.
Is this a -i or -l before interface ampr0 ? and after it an exclamation mark?
Oh I missed you at the CONVERS before, had gone to pick up my daughter.
What about support for Dynamic Gates Marius? Whenever you can be bothered please!
------------------------------ John D. Hays K7VE PO Box 1223, Edmonds, WA 98020-1223 http://k7ve.org/blog http://twitter.com/#!/john_hays http://www.facebook.com/john.d.hays
On Tue, Aug 6, 2013 at 3:06 PM, Demetre SV1UY demetre.sv1uy@gmail.comwrote:
(Please trim inclusions from previous messages) _______________________________________________ On Wed, Aug 7, 2013 at 12:31 AM, Marius Petrescu marius@yo2loj.ro wrote:
Since the interfaces are tun adapters (basically virtual ethernet), any firewall solution would work. Just a 'iptables -A INPUT -I ampr0 ! -s 44.0.0.0/8 -j DROP' would do.
Is this a -i or -l before interface ampr0 ? and after it an exclamation mark?
Oh I missed you at the CONVERS before, had gone to pick up my daughter.
What about support for Dynamic Gates Marius? Whenever you can be bothered please!
-- 73 de SV1UY Demetre Ch. Valaris IP Coordinator for AMPRnet in Greece e-mail: demetre.sv1uy@gmail.com Radio e-mail: sv1uy@winlink.org (to use my radio e-mail put //WL2K in the beginning of the subject line) http://www.qsl.net/sv1uy _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
How do you propose the other gateways know about your dynamic, encapsulating, IP address? Unless new gateway records are generated and distributed automatically every time there is a dynamic IP address change, it will unidirectional.
One of the reasons I propose going to VPNs (which can handle dynamic IP on clients) going to static routers with BGP, let the Internet routing tables keep it all straight.
------------------------------ John D. Hays K7VE PO Box 1223, Edmonds, WA 98020-1223 http://k7ve.org/blog http://twitter.com/#!/john_hays http://www.facebook.com/john.d.hays
On Tue, Aug 6, 2013 at 3:06 PM, Demetre SV1UY demetre.sv1uy@gmail.comwrote:
What about support for Dynamic Gates Marius? Whenever you can be bothered please!
-- 73 de SV1UY Demetre Ch. Valaris IP Coordinator for AMPRnet in Greece e-mail: demetre.sv1uy@gmail.com Radio e-mail: sv1uy@winlink.org (to use my radio e-mail put //WL2K in the beginning of the subject line) http://www.qsl.net/sv1uy ___
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
How do you propose the other gateways know about your dynamic, encapsulating, IP address? Unless new gateway records are generated and distributed automatically every time there is a dynamic IP address change, it will unidirectional.
The AMPRnet portal allows to provide a hostname instead of a public static IP for your IPIP tunnel endpoint. The hostname is resolved by the UCSD router to your current IP. The RIP daemon will take care to distribute the IP to AMPRnet via RIPv2.
73 de Marc, LX1DUC
On Wed, Aug 7, 2013 at 1:47 AM, Marc, LX1DUC lx1duc@rlx.lu wrote:
The AMPRnet portal allows to provide a hostname instead of a public static IP for your IPIP tunnel endpoint. The hostname is resolved by the UCSD router to your current IP. The RIP daemon will take care to distribute the IP to AMPRnet via RIPv2.
73 de Marc, LX1DUC
Exactly what I do.
Me too!
On Tue, Aug 6, 2013 at 11:41 PM, Demetre SV1UY demetre.sv1uy@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ On Wed, Aug 7, 2013 at 1:47 AM, Marc, LX1DUC lx1duc@rlx.lu wrote:
The AMPRnet portal allows to provide a hostname instead of a public static IP for your IPIP tunnel endpoint. The hostname is resolved by the UCSD router to your current IP. The RIP daemon will take care to distribute the IP to AMPRnet via RIPv2.
73 de Marc, LX1DUC
Exactly what I do.
-- 73 de SV1UY Demetre Ch. Valaris IP Coordinator for AMPRnet in Greece e-mail: demetre.sv1uy@gmail.com Radio e-mail: sv1uy@winlink.org (to use my radio e-mail put //WL2K in the beginning of the subject line) http://www.qsl.net/sv1uy _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
The hostname is resolved by the UCSD router to your current IP.
Minor correction: the hostname is resolved to an address by the portal so that the IP address in the encap file is up to date too. I think it does this periodically, perhaps every hour. - Brian
On Wed, Aug 7, 2013 at 6:50 AM, Brian Kantor Brian@ucsd.edu wrote:
Minor correction: the hostname is resolved to an address by the portal so that the IP address in the encap file is up to date too. I think it does this periodically, perhaps every hour. - Brian
Yes indeed Brian,
I noticed this 1 hour delay when I had to reboot my broadband router a few times during the past few days.
If one is in a hurry, they can always go to the portal and update the portal with his/her new GATEWAY Public IP address manually. This way he/she can speed things up to 1 hour.
I prefer to keep them separate, this should be one tool which is part of a chain of tools. One can using iptables or other firewall tools to manage outside of routing table updates.
For example, one might setup a website on the 44.x.x.x net that should be accessible from any Internet address, but you might want to only allow 44.x.x.x sourced traffic on a radio port. Or if we start moving things like D-STAR / Winlink gateways onto 44.x.x.x addresses there will be some that operate on public Internet addresses for updates and interconnection, though traffic such as D-STAR DD (ethernet over D-STAR) might send 44.x.x.x traffic only through designated paths.
------------------------------ John D. Hays K7VE PO Box 1223, Edmonds, WA 98020-1223 http://k7ve.org/blog http://twitter.com/#!/john_hays http://www.facebook.com/john.d.hays
On Tue, Aug 6, 2013 at 1:55 PM, Demetre SV1UY demetre.sv1uy@gmail.comwrote:
(Please trim inclusions from previous messages)
Any chance the program setting up a firewall too, in order to allow only AMPRnet connections?
-- 73 de SV1UY Demetre Ch. Valaris IP Coordinator for AMPRnet in Greece e-mail: demetre.sv1uy@gmail.com Radio e-mail: sv1uy@winlink.org (to use my radio e-mail put //WL2K in the beginning of the subject line) http://www.qsl.net/sv1uy _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
On Tue, Aug 6, 2013 at 10:44 PM, Marius Petrescu marius@yo2loj.ro wrote:
Now to get my creative spree going, here is my latest stuff.
I proudly announce a complete IPIP encapsulation daemon, which creates the tunnel interfaces autmoatically, and listens to the RIPv2 broadcasts internally. This completely replaces the ipip kernel driver and the ripd daemon and does not depend on any multicast capabilities. So a system should be up and running in 10 min with minimal effort. Basically 'make', check for errors (shouldn't be any), 'make install', edit the provided config file and startup script and launch.
As always, on www.yo2loj.ro under ham projects, or directly: http://www.yo2loj.ro/hamprojects/amprd-1.0.tgz
A test on some smaller systems, like those running openWRT would be nice...
Have fun. Marius, YO2LOJ
Can it also support Dynamic IP Gateways?
Marius,
Just rebooted my Raspberry Pi! Will watch eagerly...
Best regards. Tom - sp2lob
Marius,
Bravo, Bravissimo!!! It simply... W O R K S ! ! ! It took less than 2 minutes to get new routing table!
Best regards Tom -sp2lob
Marius,
Just noticed, that ampr0 interface has got nice unique HWaddr as well!
Best regards. Tom - sp2lob
That one is automatically generated on tunnel start. Not my fault :-)
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of sp2lob@tlen.pl Sent: Wednesday, August 07, 2013 00:40 To: AMPRNet working group Subject: Re: [44net] Announcement: amprd 1.0 encapsulation daemon with RIPv2processing
(Please trim inclusions from previous messages) _______________________________________________ Marius,
Just noticed, that ampr0 interface has got nice unique HWaddr as well!
Best regards. Tom - sp2lob
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
Ahh, and don't count on it. It will change every time.
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of sp2lob@tlen.pl Sent: Wednesday, August 07, 2013 00:40 To: AMPRNet working group Subject: Re: [44net] Announcement: amprd 1.0 encapsulation daemon with RIPv2processing
(Please trim inclusions from previous messages) _______________________________________________ Marius,
Just noticed, that ampr0 interface has got nice unique HWaddr as well!
Best regards. Tom - sp2lob
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
-
Brian Kantor -
Brian Rogers -
Demetre SV1UY -
Heikki Hannikainen -
John D. Hays -
Marc, LX1DUC -
Marius Petrescu -
Mark Phillips -
Neil Johnson -
sp2lob@tlen.pl