So the password is sent from UCSD and compered with the password i put locally and if they identical then the data is processed ?
one more thing i understand the data is sent from UCSD ... how often is it sent ?
I dont see any advertisement here do i need to define something in the portal ?
normal tunneling work well
Of course you need to have a gateway entry in the Portal. I.e. you need to have a subnet, and a gateway with external address and that subnet defined.
The RIP packets are sent every 5 minutes.
When you can manually make a tunnel and ping the remote, but you do not receive anything including RIP broadcasts, the cause often is a stateful firewall inside your internet modem/router. It accepts replies to outgoing packets, but it does not accept unsolicited incoming packets. This is designed as a security feature.
To use IPIP tunneling, your modem/router must be able to unconditionally forward protocol-4 traffic to your gateway system. In advanced modem/routers you can forward a protocol, but usually it is only possible to forward TCP and UDP ports. That is something different. It is useless to forward port 4, you have to forward protocol 4.
When that cannot be done you can often set a "DMZ host" that is said to get all incoming traffic, however there are examples of modem/routers where this does not work correctly. The DMZ host receives all TCP and UDP traffic but not all other traffic (including IPIP). It does receive (like any host) replies on its own IPIP traffic, but not the unsolicited incoming traffic.
When you have such a modem/router, and when it cannot be replaced (e.g. because your provider requires you to use this modem/router), you cannot use IPIP tunnels.
Rob
Dear Rob
I have a gateway entry at the protal
I have a working tunnel as well
all my 44 Net Hosts available from the outside world (you can ping the router IP at 44.138.1.1 or at 4z4zq-cam.no-ip.org) and you will get answers
I have tried to follow Marius setup for Mikrotik but i get no rip traffic ....
im not familiar with the rip broadcast mechanism and didnt knew what to expect for
now im a little bit more understand it I
suspected that maybe the password i need to enter is not correct (and i have no way to know it because i see the password locally as stars (and if we talk about it why a password needed to be entered for something that receive broadcast ? cant it ignore the password and get only the route info )?
I will describe my case briefly in a separate message and hope one of my experts will help me track the problem
Regards
Ronen-4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSitehttp://www.ronen.org/ www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
________________________________ From: 44Net 44net-bounces+ronenp=hotmail.com@hamradio.ucsd.edu on behalf of Rob Janssen pe1chl@amsat.org Sent: Thursday, September 8, 2016 1:08 AM To: 44net@hamradio.ucsd.edu Subject: Re: [44net] getting rip data fron the non ampr address of ucsd gw?
(Please trim inclusions from previous messages) _______________________________________________
So the password is sent from UCSD and compered with the password i put locally and if they identical then the data is processed ?
one more thing i understand the data is sent from UCSD ... how often is it sent ?
I dont see any advertisement here do i need to define something in the portal ?
normal tunneling work well
Of course you need to have a gateway entry in the Portal. I.e. you need to have a subnet, and a gateway with external address and that subnet defined.
The RIP packets are sent every 5 minutes.
When you can manually make a tunnel and ping the remote, but you do not receive anything including RIP broadcasts, the cause often is a stateful firewall inside your internet modem/router. It accepts replies to outgoing packets, but it does not accept unsolicited incoming packets. This is designed as a security feature.
To use IPIP tunneling, your modem/router must be able to unconditionally forward protocol-4 traffic to your gateway system. In advanced modem/routers you can forward a protocol, but usually it is only possible to forward TCP and UDP ports. That is something different. It is useless to forward port 4, you have to forward protocol 4.
When that cannot be done you can often set a "DMZ host" that is said to get all incoming traffic, however there are examples of modem/routers where this does not work correctly. The DMZ host receives all TCP and UDP traffic but not all other traffic (including IPIP). It does receive (like any host) replies on its own IPIP traffic, but not the unsolicited incoming traffic.
When you have such a modem/router, and when it cannot be replaced (e.g. because your provider requires you to use this modem/router), you cannot use IPIP tunnels.
Rob
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
No, you can not.
The password is there to prevent fake/spoofed/unwanted RIP traffic, not as a security feature, since one can get it from the RIP packet itself, being cleartext.
You can find it by either running ampr-ripd in debug mode without password or Hessus's rip44d script.
On 2016-09-08 11:50, R P wrote:
cant it ignore the password and get only the route info )?
-
Marius Petrescu -
R P -
Rob Janssen