3 Nov
2021
3 Nov
'21
11:09 p.m.
I have been trying to configure the AMPRtunnel for a while without success. Could
someone please point me to the right direction.
I am running Debian 11 with public IP. I have configured the public IP in the AMPR portal
as gateway.
I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at Waiting for RIPv2
broadcasts... and never retrieve a password.
Here is what I have done so far.
in /etc/network/interfaces, I added
auto ens3:1
iface ens3:1 inet static
address 44.26.0.168
netmask 255.255.255.248
Then I created ipip tunnel using following commands
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
ip link set dev ampr0 up
ifconfig ampr0 multicast
ip rule add to 44.0.0.0/8 table 44 priority 44
ip rule add from 44.26.0.168/29 table 44 priority 45
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
ip route add 44.26.0.168/29 dev ens3 table 44
Then, I run ampr-ripd -d -v -i ens3 to get the password in order to plug into lat
command
ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p <SecretPassword>
However, the find_password.sh stopped at waiting for ripv2 broadcast. Here is the logs
for command
Using metric 0 for routes.
Using TCP window 840 for routes.
Using gateway 209.141.42.1 for direct 44net endpoints via interface ens3.
Waiting for RIPv2 broadcasts...
Any idea on what am I doing wrong?
Thanks
Kun
4 Nov
4 Nov
1:46 a.m.
I have configured the public IP in the AMPR portal as
gateway.
If you just did this, wait a while like a half hour.
When I try to run find_password.sh in ampr-ripd-2.4, I
am stopped at Waiting for RIPv2 broadcasts... and never retrieve a password.
You
don't need to run the find password script or specify a password
if you are using ampr-ripd above version 1.14 (its hardcoded in the
program). But I do believe even if you run that, it should retrieve
it.
I usually start off really stripped down, with all firewall stuff off
till I know I am receiving the protocol 4 rip broadcasts.
Do you see anything with tcpdump ?
tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
If not, then something upstream is blocking protocol 4 from reaching
you. Seems like it might be outside of your home if your configuring
the interface directly with a public IP
In the iptables world, here is the ipencap (protocol 4) syntax:
iptables -A INPUT -p 4 -j ACCEPT
On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net <44net(a)mailman.ampr.org> wrote:
I have been trying to configure the AMPRtunnel for a while without success. Could someone
please point me to the right direction.
I am running Debian 11 with public IP. I have configured the public IP in the AMPR portal
as gateway.
I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at Waiting for RIPv2
broadcasts... and never retrieve a password.
Here is what I have done so far.
in /etc/network/interfaces, I added
auto ens3:1
iface ens3:1 inet static
address 44.26.0.168
netmask 255.255.255.248
Then I created ipip tunnel using following commands
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
ip link set dev ampr0 up
ifconfig ampr0 multicast
ip rule add to 44.0.0.0/8 table 44 priority 44
ip rule add from 44.26.0.168/29 table 44 priority 45
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
ip route add 44.26.0.168/29 dev ens3 table 44
Then, I run ampr-ripd -d -v -i ens3 to get the password in order to plug into lat
command
ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p <SecretPassword>
However, the find_password.sh stopped at waiting for ripv2 broadcast. Here is the logs
for command
Using metric 0 for routes.
Using TCP window 840 for routes.
Using gateway 209.141.42.1 for direct 44net endpoints via interface ens3.
Waiting for RIPv2 broadcasts...
Any idea on what am I doing wrong?
Thanks
Kun
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
9:15 p.m.
Yes. I am trying this on a buyvm vps.
When I run sudo tcpdump -i ens3 -vvv host amprgw.ucsd.edu
This is what I got:
tcpdump: listening on ens3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
So it does look like something is blocking it?
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf of Steve L
via 44Net <44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
I have configured the public IP in the AMPR portal as
gateway.
If you just did this, wait a while like a half hour.
When I try to run find_password.sh in ampr-ripd-2.4, I
am stopped at Waiting for RIPv2 broadcasts... and never retrieve a password.
You
don't need to run the find password script or specify a password
if you are using ampr-ripd above version 1.14 (its hardcoded in the
program). But I do believe even if you run that, it should retrieve
it.
I usually start off really stripped down, with all firewall stuff off
till I know I am receiving the protocol 4 rip broadcasts.
Do you see anything with tcpdump ?
tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
If not, then something upstream is blocking protocol 4 from reaching
you. Seems like it might be outside of your home if your configuring
the interface directly with a public IP
In the iptables world, here is the ipencap (protocol 4) syntax:
iptables -A INPUT -p 4 -j ACCEPT
On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net <44net(a)mailman.ampr.org> wrote:
I have been trying to configure the AMPRtunnel for a while without success. Could someone
please point me to the right direction.
I am running Debian 11 with public IP. I have configured the public IP in the AMPR portal
as gateway.
I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at Waiting for RIPv2
broadcasts... and never retrieve a password.
Here is what I have done so far.
in /etc/network/interfaces, I added
auto ens3:1
iface ens3:1 inet static
address 44.26.0.168
netmask 255.255.255.248
Then I created ipip tunnel using following commands
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
ip link set dev ampr0 up
ifconfig ampr0 multicast
ip rule add to 44.0.0.0/8 table 44 priority 44
ip rule add from 44.26.0.168/29 table 44 priority 45
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
ip route add 44.26.0.168/29 dev ens3 table 44
Then, I run ampr-ripd -d -v -i ens3 to get the password in order to plug into lat
command
ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p <SecretPassword>
However, the find_password.sh stopped at waiting for ripv2 broadcast. Here is the logs
for command
Using metric 0 for routes.
Using TCP window 840 for routes.
Using gateway 209.141.42.1 for direct 44net endpoints via interface ens3.
Waiting for RIPv2 broadcasts...
Any idea on what am I doing wrong?
Thanks
Kun
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
9:25 p.m.
Kun,
I think you got the whole concept wrong.
1. you need yo configure a network interface with your public IP
2. You need to register that public IP wit the portal
3. After 30 min or so, on that public IP you need to receive IP proto 4
traffic, at least the once every 5 minutes (the RIP broadcasts)
4. Next you need to set up a point to multipoint tunnel interface
5. You need to run ampr-ripd on that tunnel interface to receive the RIP
broadcasts. Ampr-ripd will set up all your additional routes as defined
in its command parameters
6. you need to setup a local networtk interface according to your
allocation, where the gateway will forward the 44-net trafic to local
machines
So in your case you may listen to ens3 as long as you wish.
The correct command to check for RIPv2 messages is:
ampr-ripd -d -v -i ampr0
The incoming ampr0 traffic is seen on the interface ampr0, not on
ens3... Ens3 in your setup is for connecting your local machines...
Marius, YO2LOJ
On 04/11/2021 23:15, KUN LIN via 44Net wrote:
Yes. I am trying this on a buyvm vps.
When I run sudo tcpdump -i ens3 -vvv host amprgw.ucsd.edu
This is what I got:
tcpdump: listening on ens3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
So it does look like something is blocking it?
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf of Steve L
via 44Net <44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
I have configured the public IP in the AMPR
portal as gateway.
If you just did this, wait a while like a half hour.
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at Waiting for RIPv2 broadcasts... and never retrieve a
password.
You don't need to run the find password script or specify a password
if you are using ampr-ripd above version 1.14 (its hardcoded in the
program). But I do believe even if you run that, it should retrieve
it.
I usually start off really stripped down, with all firewall stuff off
till I know I am receiving the protocol 4 rip broadcasts.
Do you see anything with tcpdump ?
tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
If not, then something upstream is blocking protocol 4 from reaching
you. Seems like it might be outside of your home if your configuring
the interface directly with a public IP
In the iptables world, here is the ipencap (protocol 4) syntax:
iptables -A INPUT -p 4 -j ACCEPT
On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net <44net(a)mailman.ampr.org> wrote:
> I have been trying to configure the AMPRtunnel for a while without success. Could
someone please point me to the right direction.
>
> I am running Debian 11 with public IP. I have configured the public IP in the AMPR
portal as gateway.
>
> I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
>
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at Waiting for RIPv2 broadcasts... and never retrieve a
password.
>
> Here is what I have done so far.
>
> in /etc/network/interfaces, I added
>
> auto ens3:1
> iface ens3:1 inet static
> address 44.26.0.168
> netmask 255.255.255.248
>
> Then I created ipip tunnel using following commands
>
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
> ip link set dev ampr0 up
> ifconfig ampr0 multicast
> ip rule add to 44.0.0.0/8 table 44 priority 44
> ip rule add from 44.26.0.168/29 table 44 priority 45
> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
> ip route add 44.26.0.168/29 dev ens3 table 44
>
> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to plug into lat
command
> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p <SecretPassword>
>
> However, the find_password.sh stopped at waiting for ripv2 broadcast. Here is the
logs for command
>
> Using metric 0 for routes.
> Using TCP window 840 for routes.
> Using gateway 209.141.42.1 for direct 44net endpoints via interface ens3.
> Waiting for RIPv2 broadcasts...
>
> Any idea on what am I doing wrong?
> Thanks
>
> Kun
>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
9:35 p.m.
See my comments below in bold. Thanks.
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf of Marius
Petrescu via 44Net <44net(a)mailman.ampr.org>
Sent: Thursday, November 4, 2021 14:25
To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org>
Cc: Marius Petrescu <marius(a)yo2loj.ro>
Subject: Re: [44net] Tunnel setup help: Debian 11
Kun,
I think you got the whole concept wrong.
1. you need yo configure a network interface with your public IP I am configuring it on
my public IP. Interface ens3 is the interface with public IP. I create an interface
ens3:1 with my AMPR IP
2. You need to register that public IP wit the portal I have setup my public IP with
amprportal
3. After 30 min or so, on that public IP you need to receive IP proto 4 The find_pass.sh
could receive the password bradcast now
traffic, at least the once every 5 minutes (the RIP broadcasts)
4. Next you need to set up a point to multipoint tunnel interface I have setup a script
to create the IPIP tunnel. Attached below. Let me know if something isn't right.
5. You need to run ampr-ripd on that tunnel interface to receive the RIP
broadcasts. Ampr-ripd will set up all your additional routes as defined
in its command parameters
6. you need to setup a local networtk interface according to your
allocation, where the gateway will forward the 44-net trafic to local
machines
So in your case you may listen to ens3 as long as you wish.
The correct command to check for RIPv2 messages is:
ampr-ripd -d -v -i ampr0 Where is the ampr0 interface come from. I could create one in
/etc/network/interface. I only have one network interface.
The incoming ampr0 traffic is seen on the interface ampr0, not on
ens3... Ens3 in your setup is for connecting your local machines...
Marius, YO2LOJ
-- rc.local
###
## Create AMPRNet Tunnel and routing
##
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.0.168/29 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at UCSD
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for <SecretPassword>
# Put your static IP you received from your ISP here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p <thepassword I received>
--/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens3
iface ens3 inet dhcp
auto ens3:1
iface ens3:1 inet static
address 44.26.0.168
netmask 255.255.255.248
On 04/11/2021 23:15, KUN LIN via 44Net wrote:
Yes. I am trying this on a buyvm vps.
When I run sudo tcpdump -i ens3 -vvv host amprgw.ucsd.edu
This is what I got:
tcpdump: listening on ens3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
So it does look like something is blocking it?
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf of Steve L
via 44Net <44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
I have configured the public IP in the AMPR
portal as gateway.
If you just did this, wait a while like a half hour.
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at Waiting for RIPv2 broadcasts... and never retrieve a
password.
You don't need to run the find password script or specify a password
if you are using ampr-ripd above version 1.14 (its hardcoded in the
program). But I do believe even if you run that, it should retrieve
it.
I usually start off really stripped down, with all firewall stuff off
till I know I am receiving the protocol 4 rip broadcasts.
Do you see anything with tcpdump ?
tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
If not, then something upstream is blocking protocol 4 from reaching
you. Seems like it might be outside of your home if your configuring
the interface directly with a public IP
In the iptables world, here is the ipencap (protocol 4) syntax:
iptables -A INPUT -p 4 -j ACCEPT
On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net <44net(a)mailman.ampr.org> wrote:
> I have been trying to configure the AMPRtunnel for a while without success. Could
someone please point me to the right direction.
>
> I am running Debian 11 with public IP. I have configured the public IP in the AMPR
portal as gateway.
>
> I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
>
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at Waiting for RIPv2 broadcasts... and never retrieve a
password.
>
> Here is what I have done so far.
>
> in /etc/network/interfaces, I added
>
> auto ens3:1
> iface ens3:1 inet static
> address 44.26.0.168
> netmask 255.255.255.248
>
> Then I created ipip tunnel using following commands
>
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
> ip link set dev ampr0 up
> ifconfig ampr0 multicast
> ip rule add to 44.0.0.0/8 table 44 priority 44
> ip rule add from 44.26.0.168/29 table 44 priority 45
> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
> ip route add 44.26.0.168/29 dev ens3 table 44
>
> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to plug into lat
command
> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p <SecretPassword>
>
> However, the find_password.sh stopped at waiting for ripv2 broadcast. Here is the
logs for command
>
> Using metric 0 for routes.
> Using TCP window 840 for routes.
> Using gateway 209.141.42.1 for direct 44net endpoints via interface ens3.
> Waiting for RIPv2 broadcasts...
>
> Any idea on what am I doing wrong?
> Thanks
>
> Kun
>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
12 Nov
12 Nov
7:43 a.m.
At the beginning, this concept confused the heck out of me, so I'd like
to share some things I was not aware of.
I have worked with tunnels before, also ipip/ipencap ("proto 4")
tunnels. There is usually a concept like local end/remote end. But
"strangely" a remote end was never configured for ampr.
Now say your tunnel device is tunl0 which has *no* endpoint configured.
1.) When traffic is sent to your 44.x IP address, "someone else"
(possibly amprgw.ucsd.edu) will pack that entire IP Packet into another
IP packet and send it to your public, static IP, protocol 4. The network
stack removes the outer header and the original packet (with destination
IP) pops out of your tunl0 device
2.) But what when you send something? How is this processed in the
tunnel without remote endpoint? There is a property of "nexthop" on
Linux routes. When used in combination with a tunl device without
explicit endpoint, Linux will take the destination address of the
nexthop in the route.
So say you have a route in the system
ip route add 44.63.15.64/28 dev tunl0 nexthop 93.83.102.170
and you ping 44.63.15.65, Linux will wrap an outer IP packet (proto=4)
and destination IP 93.83.102.170 around it and just send that packet via
another route (most likely your normal default route over your normal
internet uplink).
What rip44d does is that it listens on the tunnel device for RIP packets
(acually, modified RIP packets) and then adds (via "ip route command")
all routes from the portal (44.xx pairs and the public IPs) to the
routing table.
I know you got your tunnel up now (great!) but just wanted to add this
if it helps understanding.
- KM6RDV
On 2021-11-04 14:25, Marius Petrescu via 44Net wrote:
Kun,
I think you got the whole concept wrong.
1. you need yo configure a network interface with your public IP
2. You need to register that public IP wit the portal
3. After 30 min or so, on that public IP you need to receive IP proto 4
traffic, at least the once every 5 minutes (the RIP broadcasts)
4. Next you need to set up a point to multipoint tunnel interface
5. You need to run ampr-ripd on that tunnel interface to receive the RIP
broadcasts. Ampr-ripd will set up all your additional routes as defined
in its command parameters
6. you need to setup a local networtk interface according to your
allocation, where the gateway will forward the 44-net trafic to local
machines
So in your case you may listen to ens3 as long as you wish.
The correct command to check for RIPv2 messages is:
ampr-ripd -d -v -i ampr0
The incoming ampr0 traffic is seen on the interface ampr0, not on
ens3... Ens3 in your setup is for connecting your local machines...
Marius, YO2LOJ
On 04/11/2021 23:15, KUN LIN via 44Net wrote:
Yes. I am trying this on a buyvm vps.
When I run sudo tcpdump -i ens3 -vvv host amprgw.ucsd.edu
This is what I got:
tcpdump: listening on ens3, link-type EN10MB (Ethernet), snapshot
length 262144 bytes
So it does look like something is blocking it?
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on
behalf of Steve L via 44Net <44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
I have configured the public IP in the AMPR
portal as gateway.
If you just did this, wait a while like a half hour.
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at
Waiting for RIPv2 broadcasts... and never retrieve a password.
You don't need
to run the find password script or specify a password
if you are using ampr-ripd above version 1.14 (its hardcoded in the
program). But I do believe even if you run that, it should retrieve
it.
I usually start off really stripped down, with all firewall stuff off
till I know I am receiving the protocol 4 rip broadcasts.
Do you see anything with tcpdump ?
tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
If not, then something upstream is blocking protocol 4 from reaching
you. Seems like it might be outside of your home if your configuring
the interface directly with a public IP
In the iptables world, here is the ipencap (protocol 4) syntax:
iptables -A INPUT -p 4 -j ACCEPT
On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net
<44net(a)mailman.ampr.org> wrote:
> I have been trying to configure the AMPRtunnel for a while without
> success. Could someone please point me to the right direction.
>
> I am running Debian 11 with public IP. I have configured the public
> IP in the AMPR portal as gateway.
>
> I am trying to follow this document
> https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
>
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at
Waiting for RIPv2 broadcasts... and never retrieve a password.
>
> Here is what I have done so far.
>
> in /etc/network/interfaces, I added
>
> auto ens3:1
> iface ens3:1 inet static
> address 44.26.0.168
> netmask 255.255.255.248
>
> Then I created ipip tunnel using following commands
>
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
> ip link set dev ampr0 up
> ifconfig ampr0 multicast
> ip rule add to 44.0.0.0/8 table 44 priority 44
> ip rule add from 44.26.0.168/29 table 44 priority 45
> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
> ip route add 44.26.0.168/29 dev ens3 table 44
>
> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to
> plug into lat command
> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p <SecretPassword>
>
> However, the find_password.sh stopped at waiting for ripv2
> broadcast. Here is the logs for command
>
> Using metric 0 for routes.
> Using TCP window 840 for routes.
> Using gateway 209.141.42.1 for direct 44net endpoints via interface
> ens3.
> Waiting for RIPv2 broadcasts...
>
> Any idea on what am I doing wrong?
> Thanks
>
> Kun
>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
4 Nov
4 Nov
9:28 p.m.
Oh, when I run find_pass.sh again, I did get the ripv4 broadcast and found the password.
And then I proceed to setup rc.local as documented in that wiki article. However, I still
can't ping my AMPR IP from Internet.
-- rc.local
###
## Create AMPRNet Tunnel and routing
##
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.0.168/29 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at UCSD
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for <SecretPassword>
# Put your static IP you received from your ISP here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p <thepassword I received>
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf of Steve L
via 44Net <44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
I have configured the public IP in the AMPR portal as
gateway.
If you just did this, wait a while like a half hour.
When I try to run find_password.sh in ampr-ripd-2.4, I
am stopped at Waiting for RIPv2 broadcasts... and never retrieve a password.
You
don't need to run the find password script or specify a password
if you are using ampr-ripd above version 1.14 (its hardcoded in the
program). But I do believe even if you run that, it should retrieve
it.
I usually start off really stripped down, with all firewall stuff off
till I know I am receiving the protocol 4 rip broadcasts.
Do you see anything with tcpdump ?
tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
If not, then something upstream is blocking protocol 4 from reaching
you. Seems like it might be outside of your home if your configuring
the interface directly with a public IP
In the iptables world, here is the ipencap (protocol 4) syntax:
iptables -A INPUT -p 4 -j ACCEPT
On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net <44net(a)mailman.ampr.org> wrote:
I have been trying to configure the AMPRtunnel for a while without success. Could someone
please point me to the right direction.
I am running Debian 11 with public IP. I have configured the public IP in the AMPR portal
as gateway.
I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at Waiting for RIPv2
broadcasts... and never retrieve a password.
Here is what I have done so far.
in /etc/network/interfaces, I added
auto ens3:1
iface ens3:1 inet static
address 44.26.0.168
netmask 255.255.255.248
Then I created ipip tunnel using following commands
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
ip link set dev ampr0 up
ifconfig ampr0 multicast
ip rule add to 44.0.0.0/8 table 44 priority 44
ip rule add from 44.26.0.168/29 table 44 priority 45
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
ip route add 44.26.0.168/29 dev ens3 table 44
Then, I run ampr-ripd -d -v -i ens3 to get the password in order to plug into lat
command
ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p <SecretPassword>
However, the find_password.sh stopped at waiting for ripv2 broadcast. Here is the logs
for command
Using metric 0 for routes.
Using TCP window 840 for routes.
Using gateway 209.141.42.1 for direct 44net endpoints via interface ens3.
Waiting for RIPv2 broadcasts...
Any idea on what am I doing wrong?
Thanks
Kun
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
9:45 p.m.
That's because that setup does not allow that, because replies will go
out your main default route, from table main.
There should be another routing table, let's say 45, holding only a
single default route:
ip route add default dev ampr0 via 169.228.34.84 onlink table 45
And you need to connection mark any incoming new connection from ampr0
NOT in 44.0.0.0/9 or 44.128.0.0/10 with that connection mark, and then
mark any packet with that connection mark with routing mark 45.
This will ensure the replies coming from ampr0 go back the way they came
in...
So basically you need this:
iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j CONNMARK
--restore-mark
But be aware, this will get the door wide open from the internet to your
internal network, so setting up some firewall rules would be useful...
Marius, YO2LOJ
On 04/11/2021 23:28, KUN LIN via 44Net wrote:
Oh, when I run find_pass.sh again, I did get the ripv4
broadcast and found the password.
And then I proceed to setup rc.local as documented in that wiki article. However, I still
can't ping my AMPR IP from Internet.
-- rc.local
###
## Create AMPRNet Tunnel and routing
##
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.0.168/29 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at UCSD
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for <SecretPassword>
# Put your static IP you received from your ISP here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p <thepassword I received>
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf of Steve L
via 44Net <44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
I have configured the public IP in the AMPR
portal as gateway.
If you just did this, wait a while like a half hour.
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at Waiting for RIPv2 broadcasts... and never retrieve a
password.
You don't need to run the find password script or specify a password
if you are using ampr-ripd above version 1.14 (its hardcoded in the
program). But I do believe even if you run that, it should retrieve
it.
I usually start off really stripped down, with all firewall stuff off
till I know I am receiving the protocol 4 rip broadcasts.
Do you see anything with tcpdump ?
tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
If not, then something upstream is blocking protocol 4 from reaching
you. Seems like it might be outside of your home if your configuring
the interface directly with a public IP
In the iptables world, here is the ipencap (protocol 4) syntax:
iptables -A INPUT -p 4 -j ACCEPT
On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net <44net(a)mailman.ampr.org> wrote:
> I have been trying to configure the AMPRtunnel for a while without success. Could
someone please point me to the right direction.
>
> I am running Debian 11 with public IP. I have configured the public IP in the AMPR
portal as gateway.
>
> I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
>
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at Waiting for RIPv2 broadcasts... and never retrieve a
password.
>
> Here is what I have done so far.
>
> in /etc/network/interfaces, I added
>
> auto ens3:1
> iface ens3:1 inet static
> address 44.26.0.168
> netmask 255.255.255.248
>
> Then I created ipip tunnel using following commands
>
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
> ip link set dev ampr0 up
> ifconfig ampr0 multicast
> ip rule add to 44.0.0.0/8 table 44 priority 44
> ip rule add from 44.26.0.168/29 table 44 priority 45
> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
> ip route add 44.26.0.168/29 dev ens3 table 44
>
> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to plug into lat
command
> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p <SecretPassword>
>
> However, the find_password.sh stopped at waiting for ripv2 broadcast. Here is the
logs for command
>
> Using metric 0 for routes.
> Using TCP window 840 for routes.
> Using gateway 209.141.42.1 for direct 44net endpoints via interface ens3.
> Waiting for RIPv2 broadcasts...
>
> Any idea on what am I doing wrong?
> Thanks
>
> Kun
>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
9:59 p.m.
I still can't ping my AMPR IP: I could receive RIPv2 password
Here is a recap of all the configuration I did:
/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens3
iface ens3 inet dhcp
iface ens3 inet6 static
address 2605:6400:20:1920:8af7:f451:cb26:a3f8
netmask 48
gateway 2605:6400:20::1
auto ampr0
iface ampr0 inet static
address 44.26.0.168
netmask 255.255.255.248
/etc/rc.local
iptables -A INPUT -p 4 -j ACCEPT
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.0.168/29 table 44 priority 45
ip route add default dev ampr0 via 169.228.34.84 onlink table 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at UCSD
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for <SecretPassword>
# Put your static IP you received from your ISP here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p pLaInTeXtpAsSwD
iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j CONNMARK
--restore-mark
exit 0
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf of Marius
Petrescu via 44Net <44net(a)mailman.ampr.org>
Sent: Thursday, November 4, 2021 14:45
To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org>
Cc: Marius Petrescu <marius(a)yo2loj.ro>
Subject: Re: [44net] Tunnel setup help: Debian 11
That's because that setup does not allow that, because replies will go
out your main default route, from table main.
There should be another routing table, let's say 45, holding only a
single default route:
ip route add default dev ampr0 via 169.228.34.84 onlink table 45
And you need to connection mark any incoming new connection from ampr0
NOT in 44.0.0.0/9 or 44.128.0.0/10 with that connection mark, and then
mark any packet with that connection mark with routing mark 45.
This will ensure the replies coming from ampr0 go back the way they came
in...
So basically you need this:
iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j CONNMARK
--restore-mark
But be aware, this will get the door wide open from the internet to your
internal network, so setting up some firewall rules would be useful...
Marius, YO2LOJ
On 04/11/2021 23:28, KUN LIN via 44Net wrote:
Oh, when I run find_pass.sh again, I did get the ripv4
broadcast and found the password.
And then I proceed to setup rc.local as documented in that wiki article. However, I still
can't ping my AMPR IP from Internet.
-- rc.local
###
## Create AMPRNet Tunnel and routing
##
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.0.168/29 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at UCSD
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for <SecretPassword>
# Put your static IP you received from your ISP here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p <thepassword I received>
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf of Steve L
via 44Net <44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
I have configured the public IP in the AMPR
portal as gateway.
If you just did this, wait a while like a half hour.
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at Waiting for RIPv2 broadcasts... and never retrieve a
password.
You don't need to run the find password script or specify a password
if you are using ampr-ripd above version 1.14 (its hardcoded in the
program). But I do believe even if you run that, it should retrieve
it.
I usually start off really stripped down, with all firewall stuff off
till I know I am receiving the protocol 4 rip broadcasts.
Do you see anything with tcpdump ?
tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
If not, then something upstream is blocking protocol 4 from reaching
you. Seems like it might be outside of your home if your configuring
the interface directly with a public IP
In the iptables world, here is the ipencap (protocol 4) syntax:
iptables -A INPUT -p 4 -j ACCEPT
On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net <44net(a)mailman.ampr.org> wrote:
> I have been trying to configure the AMPRtunnel for a while without success. Could
someone please point me to the right direction.
>
> I am running Debian 11 with public IP. I have configured the public IP in the AMPR
portal as gateway.
>
> I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
>
When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at Waiting for RIPv2 broadcasts... and never retrieve a
password.
>
> Here is what I have done so far.
>
> in /etc/network/interfaces, I added
>
> auto ens3:1
> iface ens3:1 inet static
> address 44.26.0.168
> netmask 255.255.255.248
>
> Then I created ipip tunnel using following commands
>
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
> ip link set dev ampr0 up
> ifconfig ampr0 multicast
> ip rule add to 44.0.0.0/8 table 44 priority 44
> ip rule add from 44.26.0.168/29 table 44 priority 45
> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
> ip route add 44.26.0.168/29 dev ens3 table 44
>
> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to plug into lat
command
> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p <SecretPassword>
>
> However, the find_password.sh stopped at waiting for ripv2 broadcast. Here is the
logs for command
>
> Using metric 0 for routes.
> Using TCP window 840 for routes.
> Using gateway 209.141.42.1 for direct 44net endpoints via interface ens3.
> Waiting for RIPv2 broadcasts...
>
> Any idea on what am I doing wrong?
> Thanks
>
> Kun
>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
5 Nov
5 Nov
12:53 a.m.
https://wiki.ampr.org/wiki/FAQ
*What is the AmprGW?*
The AmprGW is a server run by Brian Kantor at UCSD as part of a
long-running Internet research project. It has a number of functions:
a) It provides a selective gateway between non-AMPRNet internet devices and
the IPIP (mesh) AMPRNet. For this traffic, it filters at the per-host(/32)
level. Each host which is to receive traffic from the Internet into AMPRNet
must individually be listed in the permissions file, which is built from
the AMPR.ORG DNS 'A' records. If there is no DNS A record for a tunneled
amprnet destination host, the traffic is not forwarded in either direction.
Therefore, if you want hosts on your subnet to be able to communicate with
the Internet, you will need to have your local coordinator add them to the
AMPR.ORG DNS for you.
On Thu, Nov 4, 2021, 5:01 PM KUN LIN via 44Net <44net(a)mailman.ampr.org>
wrote:
I still can't ping my AMPR IP: I could receive
RIPv2 password
Here is a recap of all the configuration I did:
/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens3
iface ens3 inet dhcp
iface ens3 inet6 static
address 2605:6400:20:1920:8af7:f451:cb26:a3f8
netmask 48
gateway 2605:6400:20::1
auto ampr0
iface ampr0 inet static
address 44.26.0.168
netmask 255.255.255.248
/etc/rc.local
iptables -A INPUT -p 4 -j ACCEPT
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.0.168/29 table 44 priority 45
ip route add default dev ampr0 via 169.228.34.84 onlink table 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at UCSD
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet
here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for <SecretPassword>
# Put your static IP you received from your ISP here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p pLaInTeXtpAsSwD
iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
--restore-mark
iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
CONNMARK --restore-mark
exit 0
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
of Marius Petrescu via 44Net <44net(a)mailman.ampr.org>
Sent: Thursday, November 4, 2021 14:45
To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org>
Cc: Marius Petrescu <marius(a)yo2loj.ro>
Subject: Re: [44net] Tunnel setup help: Debian 11
That's because that setup does not allow that, because replies will go
out your main default route, from table main.
There should be another routing table, let's say 45, holding only a
single default route:
ip route add default dev ampr0 via 169.228.34.84 onlink table 45
And you need to connection mark any incoming new connection from ampr0
NOT in 44.0.0.0/9 or 44.128.0.0/10 with that connection mark, and then
mark any packet with that connection mark with routing mark 45.
This will ensure the replies coming from ampr0 go back the way they came
in...
So basically you need this:
iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
--restore-mark
iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
CONNMARK --restore-mark
But be aware, this will get the door wide open from the internet to your
internal network, so setting up some firewall rules would be useful...
Marius, YO2LOJ
On 04/11/2021 23:28, KUN LIN via 44Net wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
Oh, when I run find_pass.sh again, I did get the
ripv4 broadcast and
found the password.
And then I proceed to setup rc.local as documented in that wiki article.
However,
I still can't ping my AMPR IP from Internet.
-- rc.local
###
## Create AMPRNet Tunnel and routing
##
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.0.168/29 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at
UCSD
ip route add default dev ampr0 via 169.228.34.84
onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet
here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for
<SecretPassword>
# Put your static IP you received from your ISP
here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p <thepassword I
received>
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
of
Steve L via 44Net <44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
Waiting
for RIPv2 broadcasts... and never retrieve a password.
I have configured the public IP in the AMPR
portal as gateway.
If you just did this, wait a while like a half hour.
> When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at You don't need to run the find password
script or specify a password
if you are using ampr-ripd above version 1.14 (its hardcoded in the
program). But I do believe even if you run that, it should retrieve
it.
I usually start off really stripped down, with all firewall stuff off
till I know I am receiving the protocol 4 rip broadcasts.
Do you see anything with tcpdump ?
tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
If not, then something upstream is blocking protocol 4 from reaching
you. Seems like it might be outside of your home if your configuring
the interface directly with a public IP
In the iptables world, here is the ipencap (protocol 4) syntax:
iptables -A INPUT -p 4 -j ACCEPT
On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net <44net(a)mailman.ampr.org>
wrote:
> I have been trying to configure the
AMPRtunnel for a while without
success. Could someone please point me to the right
direction.
>
> I am running Debian 11 with public IP. I have configured the public IP
in the
AMPR portal as gateway.
>
> I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
>
> When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at
Waiting
for RIPv2 broadcasts... and never retrieve a password.
>
> Here is what I have done so far.
>
> in /etc/network/interfaces, I added
>
> auto ens3:1
> iface ens3:1 inet static
> address 44.26.0.168
> netmask 255.255.255.248
>
> Then I created ipip tunnel using following commands
>
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
> ip link set dev ampr0 up
> ifconfig ampr0 multicast
> ip rule add to 44.0.0.0/8 table 44 priority 44
> ip rule add from 44.26.0.168/29 table 44 priority 45
> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
> ip route add 44.26.0.168/29 dev ens3 table 44
>
> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to
plug
into lat command
> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p
<SecretPassword>
>
> However, the find_password.sh stopped at waiting for ripv2 broadcast.
Here is
the logs for command
>
> Using metric 0 for routes.
> Using TCP window 840 for routes.
> Using gateway 209.141.42.1 for direct 44net endpoints via interface
ens3.
Waiting
for RIPv2 broadcasts...
Any idea on what am I doing wrong?
Thanks
Kun
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
4:18 p.m.
So, for my allocation 44.26.0.168/29, in order to use them, I will have to ask for a A
record for each individual IP?
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf of Steve L
via 44Net <44net(a)mailman.ampr.org>
Sent: Thursday, November 4, 2021 17:53
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
https://wiki.ampr.org/wiki/FAQ
*What is the AmprGW?*
The AmprGW is a server run by Brian Kantor at UCSD as part of a
long-running Internet research project. It has a number of functions:
a) It provides a selective gateway between non-AMPRNet internet devices and
the IPIP (mesh) AMPRNet. For this traffic, it filters at the per-host(/32)
level. Each host which is to receive traffic from the Internet into AMPRNet
must individually be listed in the permissions file, which is built from
the AMPR.ORG DNS 'A' records. If there is no DNS A record for a tunneled
amprnet destination host, the traffic is not forwarded in either direction.
Therefore, if you want hosts on your subnet to be able to communicate with
the Internet, you will need to have your local coordinator add them to the
AMPR.ORG DNS for you.
On Thu, Nov 4, 2021, 5:01 PM KUN LIN via 44Net <44net(a)mailman.ampr.org>
wrote:
I still can't ping my AMPR IP: I could receive
RIPv2 password
Here is a recap of all the configuration I did:
/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens3
iface ens3 inet dhcp
iface ens3 inet6 static
address 2605:6400:20:1920:8af7:f451:cb26:a3f8
netmask 48
gateway 2605:6400:20::1
auto ampr0
iface ampr0 inet static
address 44.26.0.168
netmask 255.255.255.248
/etc/rc.local
iptables -A INPUT -p 4 -j ACCEPT
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.0.168/29 table 44 priority 45
ip route add default dev ampr0 via 169.228.34.84 onlink table 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at UCSD
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet
here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for <SecretPassword>
# Put your static IP you received from your ISP here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p pLaInTeXtpAsSwD
iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
--restore-mark
iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
CONNMARK --restore-mark
exit 0
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
of Marius Petrescu via 44Net <44net(a)mailman.ampr.org>
Sent: Thursday, November 4, 2021 14:45
To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org>
Cc: Marius Petrescu <marius(a)yo2loj.ro>
Subject: Re: [44net] Tunnel setup help: Debian 11
That's because that setup does not allow that, because replies will go
out your main default route, from table main.
There should be another routing table, let's say 45, holding only a
single default route:
ip route add default dev ampr0 via 169.228.34.84 onlink table 45
And you need to connection mark any incoming new connection from ampr0
NOT in 44.0.0.0/9 or 44.128.0.0/10 with that connection mark, and then
mark any packet with that connection mark with routing mark 45.
This will ensure the replies coming from ampr0 go back the way they came
in...
So basically you need this:
iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
--restore-mark
iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
CONNMARK --restore-mark
But be aware, this will get the door wide open from the internet to your
internal network, so setting up some firewall rules would be useful...
Marius, YO2LOJ
On 04/11/2021 23:28, KUN LIN via 44Net wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
Oh, when I run find_pass.sh again, I did get the
ripv4 broadcast and
found the password.
And then I proceed to setup rc.local as documented in that wiki article.
However,
I still can't ping my AMPR IP from Internet.
-- rc.local
###
## Create AMPRNet Tunnel and routing
##
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.0.168/29 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at
UCSD
ip route add default dev ampr0 via 169.228.34.84
onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet
here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for
<SecretPassword>
# Put your static IP you received from your ISP
here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p <thepassword I
received>
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
of
Steve L via 44Net <44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
Waiting
for RIPv2 broadcasts... and never retrieve a password.
I have configured the public IP in the AMPR
portal as gateway.
If you just did this, wait a while like a half hour.
> When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at You don't need to run the find password
script or specify a password
if you are using ampr-ripd above version 1.14 (its hardcoded in the
program). But I do believe even if you run that, it should retrieve
it.
I usually start off really stripped down, with all firewall stuff off
till I know I am receiving the protocol 4 rip broadcasts.
Do you see anything with tcpdump ?
tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
If not, then something upstream is blocking protocol 4 from reaching
you. Seems like it might be outside of your home if your configuring
the interface directly with a public IP
In the iptables world, here is the ipencap (protocol 4) syntax:
iptables -A INPUT -p 4 -j ACCEPT
On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net <44net(a)mailman.ampr.org>
wrote:
> I have been trying to configure the
AMPRtunnel for a while without
success. Could someone please point me to the right
direction.
>
> I am running Debian 11 with public IP. I have configured the public IP
in the
AMPR portal as gateway.
>
> I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
>
> When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at
Waiting
for RIPv2 broadcasts... and never retrieve a password.
>
> Here is what I have done so far.
>
> in /etc/network/interfaces, I added
>
> auto ens3:1
> iface ens3:1 inet static
> address 44.26.0.168
> netmask 255.255.255.248
>
> Then I created ipip tunnel using following commands
>
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
> ip link set dev ampr0 up
> ifconfig ampr0 multicast
> ip rule add to 44.0.0.0/8 table 44 priority 44
> ip rule add from 44.26.0.168/29 table 44 priority 45
> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
> ip route add 44.26.0.168/29 dev ens3 table 44
>
> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to
plug
into lat command
> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p
<SecretPassword>
>
> However, the find_password.sh stopped at waiting for ripv2 broadcast.
Here is
the logs for command
>
> Using metric 0 for routes.
> Using TCP window 840 for routes.
> Using gateway 209.141.42.1 for direct 44net endpoints via interface
ens3.
Waiting
for RIPv2 broadcasts...
Any idea on what am I doing wrong?
Thanks
Kun
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net 
5:53 p.m.
Yes
On Fri, Nov 5, 2021 at 9:22 AM KUN LIN via 44Net <44net(a)mailman.ampr.org>
wrote:
So, for my allocation 44.26.0.168/29, in order to use
them, I will have
to ask for a A record for each individual IP?
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
of Steve L via 44Net <44net(a)mailman.ampr.org>
Sent: Thursday, November 4, 2021 17:53
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
https://wiki.ampr.org/wiki/FAQ
*What is the AmprGW?*
The AmprGW is a server run by Brian Kantor at UCSD as part of a
long-running Internet research project. It has a number of functions:
a) It provides a selective gateway between non-AMPRNet internet devices and
the IPIP (mesh) AMPRNet. For this traffic, it filters at the per-host(/32)
level. Each host which is to receive traffic from the Internet into AMPRNet
must individually be listed in the permissions file, which is built from
the AMPR.ORG DNS 'A' records. If there is no DNS A record for a tunneled
amprnet destination host, the traffic is not forwarded in either direction.
Therefore, if you want hosts on your subnet to be able to communicate with
the Internet, you will need to have your local coordinator add them to the
AMPR.ORG DNS for you.
On Thu, Nov 4, 2021, 5:01 PM KUN LIN via 44Net <44net(a)mailman.ampr.org>
wrote:
behalf
--
------------------------------
John D. Hays - K7VE
Kingston, WA
<http://k7ve.org/blog> <http://twitter.com/#!/john_hays>
<http://www.facebook.com/john.d.hays>
I still can't ping my AMPR IP: I could
receive RIPv2 password
Here is a recap of all the configuration I did:
/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens3
iface ens3 inet dhcp
iface ens3 inet6 static
address 2605:6400:20:1920:8af7:f451:cb26:a3f8
netmask 48
gateway 2605:6400:20::1
auto ampr0
iface ampr0 inet static
address 44.26.0.168
netmask 255.255.255.248
/etc/rc.local
iptables -A INPUT -p 4 -j ACCEPT
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.0.168/29 table 44 priority 45
ip route add default dev ampr0 via 169.228.34.84 onlink table 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at
UCSD
ip route add default dev ampr0 via 169.228.34.84
onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet
here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for
<SecretPassword>
# Put your static IP you received from your ISP
here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p pLaInTeXtpAsSwD
iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
--restore-mark
iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
CONNMARK --restore-mark
exit 0
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
of Marius Petrescu via 44Net <44net(a)mailman.ampr.org>
Sent: Thursday, November 4, 2021 14:45
To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org>
Cc: Marius Petrescu <marius(a)yo2loj.ro>
Subject: Re: [44net] Tunnel setup help: Debian 11
That's because that setup does not allow that, because replies will go
out your main default route, from table main.
There should be another routing table, let's say 45, holding only a
single default route:
ip route add default dev ampr0 via 169.228.34.84 onlink table 45
And you need to connection mark any incoming new connection from ampr0
NOT in 44.0.0.0/9 or 44.128.0.0/10 with that connection mark, and then
mark any packet with that connection mark with routing mark 45.
This will ensure the replies coming from ampr0 go back the way they came
in...
So basically you need this:
iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
--restore-mark
iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
CONNMARK --restore-mark
But be aware, this will get the door wide open from the internet to your
internal network, so setting up some firewall rules would be useful...
Marius, YO2LOJ
On 04/11/2021 23:28, KUN LIN via 44Net wrote:
article.
Oh, when I run find_pass.sh again, I did get the
ripv4 broadcast and
found the password.
>
> And then I proceed to setup rc.local as documented in that wiki However, I still can't ping my AMPR IP from
Internet.
>
> -- rc.local
>
> ###
> ## Create AMPRNet Tunnel and routing
> ##
>
> ## Configure Tunnel (put your ISP you received from your ISP Here).
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
>
> ## Bring it up
> ip link set dev ampr0 up
>
> ## Enable Multicast in order to receive routes
> ifconfig ampr0 multicast
>
> ## Configure Policy Based routing
> # Packets to 44/8 network use routing table 44
> ip rule add to 44.0.0.0/8 table 44 priority 44
>
> # Packets from our 44 subnet use table 44 (put your AMPRNet Subnet
here)
ip rule
add from 44.26.0.168/29 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at
UCSD
ip route add default dev ampr0 via 169.228.34.84
onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet
here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for
<SecretPassword>
# Put your static IP you received from your ISP
here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p <thepassword I
received>
>
> ________________________________
> From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on of Steve L via 44Net
<44net(a)mailman.ampr.org>
44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
Waiting
for RIPv2 broadcasts... and never retrieve a password.
> You don't need to run the find password script or specify a password
> if you are using ampr-ripd above version 1.14 (its hardcoded in the
> program). But I do believe even if you run that, it should retrieve
> it.
>
> I usually start off really stripped down, with all firewall stuff off
> till I know I am receiving the protocol 4 rip broadcasts.
>
> Do you see anything with tcpdump ?
> tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
>
> If not, then something upstream is blocking protocol 4 from reaching
> you. Seems like it might be outside of your home if your configuring
> the interface directly with a public IP
>
> In the iptables world, here is the ipencap (protocol 4) syntax:
> iptables -A INPUT -p 4 -j ACCEPT
>
> On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net < I have configured the public IP in the AMPR
portal as gateway.
If you just did this, wait a while like a half hour.
> When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
> I have been trying to configure the
AMPRtunnel for a while without
success. Could someone please point me to the right
direction.
>
> I am running Debian 11 with public IP. I have configured the public IP
in the
AMPR portal as gateway.
>
> I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
>
> When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at
Waiting
for RIPv2 broadcasts... and never retrieve a password.
>
> Here is what I have done so far.
>
> in /etc/network/interfaces, I added
>
> auto ens3:1
> iface ens3:1 inet static
> address 44.26.0.168
> netmask 255.255.255.248
>
> Then I created ipip tunnel using following commands
>
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
> ip link set dev ampr0 up
> ifconfig ampr0 multicast
> ip rule add to 44.0.0.0/8 table 44 priority 44
> ip rule add from 44.26.0.168/29 table 44 priority 45
> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
> ip route add 44.26.0.168/29 dev ens3 table 44
>
> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to
plug
into lat command
> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p
<SecretPassword>
>
> However, the find_password.sh stopped at waiting for ripv2 broadcast.
Here is
the logs for command
>
> Using metric 0 for routes.
> Using TCP window 840 for routes.
> Using gateway 209.141.42.1 for direct 44net endpoints via interface
ens3.
Waiting
for RIPv2 broadcasts...
Any idea on what am I doing wrong?
Thanks
Kun
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net 
6:12 p.m.
I think a key point here is if you want them to be able to reach the
Internet via the AMPR gateway in San Diego,CA then YES, each IP will
need it's own DNS "A" record. If you just want to talk to other hosts
on the IPIP mesh, NO, each of your IPs won't need a DNS record.
--David
KI6ZHD
On 11/05/2021 10:53 AM, K7VE - John via 44Net wrote:
Yes
On Fri, Nov 5, 2021 at 9:22 AM KUN LIN via 44Net <44net(a)mailman.ampr.org>
wrote:
So, for my allocation 44.26.0.168/29, in order to
use them, I will have
to ask for a A record for each individual IP?
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
of Steve L via 44Net <44net(a)mailman.ampr.org>
Sent: Thursday, November 4, 2021 17:53
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
https://wiki.ampr.org/wiki/FAQ
*What is the AmprGW?*
The AmprGW is a server run by Brian Kantor at UCSD as part of a
long-running Internet research project. It has a number of functions:
a) It provides a selective gateway between non-AMPRNet internet devices and
the IPIP (mesh) AMPRNet. For this traffic, it filters at the per-host(/32)
level. Each host which is to receive traffic from the Internet into AMPRNet
must individually be listed in the permissions file, which is built from
the AMPR.ORG DNS 'A' records. If there is no DNS A record for a tunneled
amprnet destination host, the traffic is not forwarded in either direction.
Therefore, if you want hosts on your subnet to be able to communicate with
the Internet, you will need to have your local coordinator add them to the
AMPR.ORG DNS for you.
On Thu, Nov 4, 2021, 5:01 PM KUN LIN via 44Net <44net(a)mailman.ampr.org>
wrote:
behalf
I still can't ping my AMPR IP: I could
receive RIPv2 password
Here is a recap of all the configuration I did:
/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens3
iface ens3 inet dhcp
iface ens3 inet6 static
address 2605:6400:20:1920:8af7:f451:cb26:a3f8
netmask 48
gateway 2605:6400:20::1
auto ampr0
iface ampr0 inet static
address 44.26.0.168
netmask 255.255.255.248
/etc/rc.local
iptables -A INPUT -p 4 -j ACCEPT
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.0.168/29 table 44 priority 45
ip route add default dev ampr0 via 169.228.34.84 onlink table 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at
UCSD
ip route add default dev ampr0 via 169.228.34.84
onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet
here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for
<SecretPassword>
# Put your static IP you received from your ISP
here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p pLaInTeXtpAsSwD
iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
--restore-mark
iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
CONNMARK --restore-mark
exit 0
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
of Marius Petrescu via 44Net <44net(a)mailman.ampr.org>
Sent: Thursday, November 4, 2021 14:45
To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org>
Cc: Marius Petrescu <marius(a)yo2loj.ro>
Subject: Re: [44net] Tunnel setup help: Debian 11
That's because that setup does not allow that, because replies will go
out your main default route, from table main.
There should be another routing table, let's say 45, holding only a
single default route:
ip route add default dev ampr0 via 169.228.34.84 onlink table 45
And you need to connection mark any incoming new connection from ampr0
NOT in 44.0.0.0/9 or 44.128.0.0/10 with that connection mark, and then
mark any packet with that connection mark with routing mark 45.
This will ensure the replies coming from ampr0 go back the way they came
in...
So basically you need this:
iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
--restore-mark
iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
CONNMARK --restore-mark
But be aware, this will get the door wide open from the internet to your
internal network, so setting up some firewall rules would be useful...
Marius, YO2LOJ
On 04/11/2021 23:28, KUN LIN via 44Net wrote:
article.
Oh, when I run find_pass.sh again, I did get the
ripv4 broadcast and
found the password.
> And then I proceed to setup rc.local as documented in that wiki However, I still can't ping my AMPR IP from
Internet.
> -- rc.local
>
> ###
> ## Create AMPRNet Tunnel and routing
> ##
>
> ## Configure Tunnel (put your ISP you received from your ISP Here).
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
>
> ## Bring it up
> ip link set dev ampr0 up
>
> ## Enable Multicast in order to receive routes
> ifconfig ampr0 multicast
>
> ## Configure Policy Based routing
> # Packets to 44/8 network use routing table 44
> ip rule add to 44.0.0.0/8 table 44 priority 44
>
> # Packets from our 44 subnet use table 44 (put your AMPRNet Subnet
here)
ip rule
add from 44.26.0.168/29 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at
UCSD
ip route add default dev ampr0 via 169.228.34.84
onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet
here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for
<SecretPassword>
# Put your static IP you received from your ISP
here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p <thepassword I
received>
> ________________________________
> From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on of Steve L via 44Net
<44net(a)mailman.ampr.org>
44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
> I have configured the public IP in the AMPR portal as gateway.
If you just did this, wait a while like a half hour.
> When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at
Waiting
for RIPv2 broadcasts... and never retrieve a password.
> You don't need to run the find password script or specify a password
> if you are using ampr-ripd above version 1.14 (its hardcoded in the
> program). But I do believe even if you run that, it should retrieve
> it.
>
> I usually start off really stripped down, with all firewall stuff off
> till I know I am receiving the protocol 4 rip broadcasts.
>
> Do you see anything with tcpdump ?
> tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
>
> If not, then something upstream is blocking protocol 4 from reaching
> you. Seems like it might be outside of your home if your configuring
> the interface directly with a public IP
>
> In the iptables world, here is the ipencap (protocol 4) syntax:
> iptables -A INPUT -p 4 -j ACCEPT
>
> On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net < wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
> I have been trying to configure the
AMPRtunnel for a while without
success. Could someone please point me to the right
direction.
> I am running Debian 11 with public IP. I have
configured the public IP
in the AMPR portal as gateway.
> I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
> When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at
Waiting for RIPv2 broadcasts... and never retrieve
a password.
> Here is what I have done so far.
>
> in /etc/network/interfaces, I added
>
> auto ens3:1
> iface ens3:1 inet static
> address 44.26.0.168
> netmask 255.255.255.248
>
> Then I created ipip tunnel using following commands
>
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
> ip link set dev ampr0 up
> ifconfig ampr0 multicast
> ip rule add to 44.0.0.0/8 table 44 priority 44
> ip rule add from 44.26.0.168/29 table 44 priority 45
> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
> ip route add 44.26.0.168/29 dev ens3 table 44
>
> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to
plug
into lat command
> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p
<SecretPassword>
>
> However, the find_password.sh stopped at waiting for ripv2 broadcast.
Here is
the logs for command
> Using metric 0 for routes.
> Using TCP window 840 for routes.
> Using gateway 209.141.42.1 for direct 44net endpoints via interface
ens3.
> Waiting for RIPv2 broadcasts...
>
> Any idea on what am I doing wrong?
> Thanks
>
> Kun
>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
9:38 p.m.
Is there an example IP I could try ping to make sure my tunnel is setup correctly before
asking for an A record?
Thanks,
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf of David
Ranch via 44Net <44net(a)mailman.ampr.org>
Sent: Friday, November 5, 2021 11:12
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: David Ranch <amprgw(a)trinnet.net>
Subject: Re: [44net] Tunnel setup help: Debian 11
I think a key point here is if you want them to be able to reach the
Internet via the AMPR gateway in San Diego,CA then YES, each IP will
need it's own DNS "A" record. If you just want to talk to other hosts
on the IPIP mesh, NO, each of your IPs won't need a DNS record.
--David
KI6ZHD
On 11/05/2021 10:53 AM, K7VE - John via 44Net wrote:
Yes
On Fri, Nov 5, 2021 at 9:22 AM KUN LIN via 44Net <44net(a)mailman.ampr.org>
wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
So, for my allocation 44.26.0.168/29, in order to
use them, I will have
to ask for a A record for each individual IP?
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
of Steve L via 44Net <44net(a)mailman.ampr.org>
Sent: Thursday, November 4, 2021 17:53
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
https://wiki.ampr.org/wiki/FAQ
*What is the AmprGW?*
The AmprGW is a server run by Brian Kantor at UCSD as part of a
long-running Internet research project. It has a number of functions:
a) It provides a selective gateway between non-AMPRNet internet devices and
the IPIP (mesh) AMPRNet. For this traffic, it filters at the per-host(/32)
level. Each host which is to receive traffic from the Internet into AMPRNet
must individually be listed in the permissions file, which is built from
the AMPR.ORG DNS 'A' records. If there is no DNS A record for a tunneled
amprnet destination host, the traffic is not forwarded in either direction.
Therefore, if you want hosts on your subnet to be able to communicate with
the Internet, you will need to have your local coordinator add them to the
AMPR.ORG DNS for you.
On Thu, Nov 4, 2021, 5:01 PM KUN LIN via 44Net <44net(a)mailman.ampr.org>
wrote:
behalf
I still can't ping my AMPR IP: I could
receive RIPv2 password
Here is a recap of all the configuration I did:
/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens3
iface ens3 inet dhcp
iface ens3 inet6 static
address 2605:6400:20:1920:8af7:f451:cb26:a3f8
netmask 48
gateway 2605:6400:20::1
auto ampr0
iface ampr0 inet static
address 44.26.0.168
netmask 255.255.255.248
/etc/rc.local
iptables -A INPUT -p 4 -j ACCEPT
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.0.168/29 table 44 priority 45
ip route add default dev ampr0 via 169.228.34.84 onlink table 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at
UCSD
ip route add default dev ampr0 via 169.228.34.84
onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet
here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for
<SecretPassword>
# Put your static IP you received from your ISP
here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p pLaInTeXtpAsSwD
iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
--restore-mark
iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
CONNMARK --restore-mark
exit 0
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
of Marius Petrescu via 44Net <44net(a)mailman.ampr.org>
Sent: Thursday, November 4, 2021 14:45
To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org>
Cc: Marius Petrescu <marius(a)yo2loj.ro>
Subject: Re: [44net] Tunnel setup help: Debian 11
That's because that setup does not allow that, because replies will go
out your main default route, from table main.
There should be another routing table, let's say 45, holding only a
single default route:
ip route add default dev ampr0 via 169.228.34.84 onlink table 45
And you need to connection mark any incoming new connection from ampr0
NOT in 44.0.0.0/9 or 44.128.0.0/10 with that connection mark, and then
mark any packet with that connection mark with routing mark 45.
This will ensure the replies coming from ampr0 go back the way they came
in...
So basically you need this:
iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
--restore-mark
iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
CONNMARK --restore-mark
But be aware, this will get the door wide open from the internet to your
internal network, so setting up some firewall rules would be useful...
Marius, YO2LOJ
On 04/11/2021 23:28, KUN LIN via 44Net wrote:
article.
Oh, when I run find_pass.sh again, I did get the
ripv4 broadcast and
found the password.
> And then I proceed to setup rc.local as documented in that wiki However, I still can't ping my AMPR IP from
Internet.
> -- rc.local
>
> ###
> ## Create AMPRNet Tunnel and routing
> ##
>
> ## Configure Tunnel (put your ISP you received from your ISP Here).
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
>
> ## Bring it up
> ip link set dev ampr0 up
>
> ## Enable Multicast in order to receive routes
> ifconfig ampr0 multicast
>
> ## Configure Policy Based routing
> # Packets to 44/8 network use routing table 44
> ip rule add to 44.0.0.0/8 table 44 priority 44
>
> # Packets from our 44 subnet use table 44 (put your AMPRNet Subnet
here)
ip rule
add from 44.26.0.168/29 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at
UCSD
ip route add default dev ampr0 via 169.228.34.84
onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet
here)
ip route add 44.26.0.168/29 dev ens3 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for
<SecretPassword>
# Put your static IP you received from your ISP
here.
/usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p <thepassword I
received>
> ________________________________
> From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on of Steve L via 44Net
<44net(a)mailman.ampr.org>
44net(a)mailman.ampr.org>
Sent: Wednesday, November 3, 2021 18:46
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
> I have configured the public IP in the AMPR portal as gateway.
If you just did this, wait a while like a half hour.
> When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at
Waiting
for RIPv2 broadcasts... and never retrieve a password.
> You don't need to run the find password script or specify a password
> if you are using ampr-ripd above version 1.14 (its hardcoded in the
> program). But I do believe even if you run that, it should retrieve
> it.
>
> I usually start off really stripped down, with all firewall stuff off
> till I know I am receiving the protocol 4 rip broadcasts.
>
> Do you see anything with tcpdump ?
> tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
>
> If not, then something upstream is blocking protocol 4 from reaching
> you. Seems like it might be outside of your home if your configuring
> the interface directly with a public IP
>
> In the iptables world, here is the ipencap (protocol 4) syntax:
> iptables -A INPUT -p 4 -j ACCEPT
>
> On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net < wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
> I have been trying to configure the
AMPRtunnel for a while without
success. Could someone please point me to the right
direction.
> I am running Debian 11 with public IP. I have
configured the public IP
in the AMPR portal as gateway.
> I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
> When I try to run find_password.sh in
ampr-ripd-2.4, I am stopped at
Waiting for RIPv2 broadcasts... and never retrieve
a password.
> Here is what I have done so far.
>
> in /etc/network/interfaces, I added
>
> auto ens3:1
> iface ens3:1 inet static
> address 44.26.0.168
> netmask 255.255.255.248
>
> Then I created ipip tunnel using following commands
>
> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
> ip link set dev ampr0 up
> ifconfig ampr0 multicast
> ip rule add to 44.0.0.0/8 table 44 priority 44
> ip rule add from 44.26.0.168/29 table 44 priority 45
> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
> ip route add 44.26.0.168/29 dev ens3 table 44
>
> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to
plug
into lat command
> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p
<SecretPassword>
>
> However, the find_password.sh stopped at waiting for ripv2 broadcast.
Here is
the logs for command
> Using metric 0 for routes.
> Using TCP window 840 for routes.
> Using gateway 209.141.42.1 for direct 44net endpoints via interface
ens3.
> Waiting for RIPv2 broadcasts...
>
> Any idea on what am I doing wrong?
> Thanks
>
> Kun
>
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
6 Nov
6 Nov
12:49 a.m.
In theory all of these reporting nodes / stations should be internally
reachable:
https://wiki.ampr.org/wiki/Ampr-map
On Fri, Nov 5, 2021, 4:41 PM KUN LIN via 44Net <44net(a)mailman.ampr.org>
wrote:
Is there an example IP I could try ping to make sure
my tunnel is setup
correctly before asking for an A record?
Thanks,
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
of David Ranch via 44Net <44net(a)mailman.ampr.org>
Sent: Friday, November 5, 2021 11:12
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: David Ranch <amprgw(a)trinnet.net>
Subject: Re: [44net] Tunnel setup help: Debian 11
I think a key point here is if you want them to be able to reach the
Internet via the AMPR gateway in San Diego,CA then YES, each IP will
need it's own DNS "A" record. If you just want to talk to other hosts
on the IPIP mesh, NO, each of your IPs won't need a DNS record.
--David
KI6ZHD
On 11/05/2021 10:53 AM, K7VE - John via 44Net wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
Yes
On Fri, Nov 5, 2021 at 9:22 AM KUN LIN via 44Net <44net(a)mailman.ampr.org
wrote:
> So, for my allocation 44.26.0.168/29, in order to use them, I will have
> to ask for a A record for each individual IP?
> Kun
>
> ________________________________
> From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
> of Steve L via 44Net <44net(a)mailman.ampr.org>
> Sent: Thursday, November 4, 2021 17:53
> To: 44Net general discussion <44net(a)mailman.ampr.org>
> Cc: Steve L <kb9mwr(a)gmail.com>
> Subject: Re: [44net] Tunnel setup help: Debian 11
>
> https://wiki.ampr.org/wiki/FAQ
>
> *What is the AmprGW?*
>
> The AmprGW is a server run by Brian Kantor at UCSD as part of a
> long-running Internet research project. It has a number of functions:
>
> a) It provides a selective gateway between non-AMPRNet internet devices
and
> the IPIP (mesh) AMPRNet. For this traffic, it
filters at the
per-host(/32)
> level. Each host which is to receive traffic
from the Internet into
AMPRNet
> must individually be listed in the
permissions file, which is built from
> the AMPR.ORG DNS 'A' records. If there is no DNS A record for a
tunneled
> amprnet destination host, the traffic is not
forwarded in either
direction.
> Therefore, if you want hosts on your subnet
to be able to communicate
with
> the Internet, you will need to have your
local coordinator add them to
the
> AMPR.ORG DNS for you.
>
> On Thu, Nov 4, 2021, 5:01 PM KUN LIN via 44Net <44net(a)mailman.ampr.org>
> wrote:
>
>> I still can't ping my AMPR IP: I could receive RIPv2 password
>>
>> Here is a recap of all the configuration I did:
>>
>> /etc/network/interfaces
>> # The loopback network interface
>> auto lo
>> iface lo inet loopback
>>
>> # The primary network interface
>> allow-hotplug ens3
>> iface ens3 inet dhcp
>> iface ens3 inet6 static
>> address 2605:6400:20:1920:8af7:f451:cb26:a3f8
>> netmask 48
>> gateway 2605:6400:20::1
>>
>> auto ampr0
>> iface ampr0 inet static
>> address 44.26.0.168
>> netmask 255.255.255.248
>>
>> /etc/rc.local
>>
>> iptables -A INPUT -p 4 -j ACCEPT
>>
>> ## Configure Tunnel (put your ISP you received from your ISP Here).
>> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
>>
>> ## Bring it up
>> ip link set dev ampr0 up
>>
>> ## Enable Multicast in order to receive routes
>> ifconfig ampr0 multicast
>>
>> ## Configure Policy Based routing
>> # Packets to 44/8 network use routing table 44
>> ip rule add to 44.0.0.0/8 table 44 priority 44
>>
>> # Packets from our 44 subnet use table 44 (put your AMPRNet Subnet
here)
>> ip rule add from 44.26.0.168/29 table 44
priority 45
>> ip route add default dev ampr0 via 169.228.34.84 onlink table 45
>>
>> ## Configure static routes
>> # Default route for table 44 is to send traffic to amprnet gateway at
> UCSD
>> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
>>
>> # Route packets for our net to local interface (put your AMPRNet Subnet
>> here)
>> ip route add 44.26.0.168/29 dev ens3 table 44
>>
>> ## Start ampr-ripd to learn rest of mesh routes
>> # Be sure to substitute the password you found earlier for
> <SecretPassword>
>> # Put your static IP you received from your ISP here.
>> /usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p pLaInTeXtpAsSwD
>>
>> iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
>> iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
>> iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
>> iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
>> --restore-mark
>> iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
>> CONNMARK --restore-mark
>>
>> exit 0
>>
>> ________________________________
>> From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on
behalf
>> of Marius Petrescu via 44Net
<44net(a)mailman.ampr.org>
>> Sent: Thursday, November 4, 2021 14:45
>> To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org>
>> Cc: Marius Petrescu <marius(a)yo2loj.ro>
>> Subject: Re: [44net] Tunnel setup help: Debian 11
>>
>> That's because that setup does not allow that, because replies will go
>> out your main default route, from table main.
>>
>> There should be another routing table, let's say 45, holding only a
>> single default route:
>>
>> ip route add default dev ampr0 via 169.228.34.84 onlink table 45
>>
>> And you need to connection mark any incoming new connection from ampr0
>> NOT in 44.0.0.0/9 or 44.128.0.0/10 with that connection mark, and then
>> mark any packet with that connection mark with routing mark 45.
>> This will ensure the replies coming from ampr0 go back the way they
came
>> in...
>> So basically you need this:
>>
>> iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
>>
>> iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
>>
>> iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
>>
>> iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
>> --restore-mark
>>
>> iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
>> CONNMARK --restore-mark
>>
>>
>> But be aware, this will get the door wide open from the internet to
your
>> internal network, so setting up some
firewall rules would be useful...
>>
>> Marius, YO2LOJ
>>
>> On 04/11/2021 23:28, KUN LIN via 44Net wrote:
>>> Oh, when I run find_pass.sh again, I did get the ripv4 broadcast and
>> found the password.
>>> And then I proceed to setup rc.local as documented in that wiki
> article.
>> However, I still can't ping my AMPR IP from Internet.
>>> -- rc.local
>>>
>>> ###
>>> ## Create AMPRNet Tunnel and routing
>>> ##
>>>
>>> ## Configure Tunnel (put your ISP you received from your ISP Here).
>>> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
>>>
>>> ## Bring it up
>>> ip link set dev ampr0 up
>>>
>>> ## Enable Multicast in order to receive routes
>>> ifconfig ampr0 multicast
>>>
>>> ## Configure Policy Based routing
>>> # Packets to 44/8 network use routing table 44
>>> ip rule add to 44.0.0.0/8 table 44 priority 44
>>>
>>> # Packets from our 44 subnet use table 44 (put your AMPRNet Subnet
> here)
>>> ip rule add from 44.26.0.168/29 table 44 priority 45
>>>
>>> ## Configure static routes
>>> # Default route for table 44 is to send traffic to amprnet gateway at
>> UCSD
>>> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
>>>
>>> # Route packets for our net to local interface (put your AMPRNet
Subnet
>> here)
>>> ip route add 44.26.0.168/29 dev ens3 table 44
>>>
>>> ## Start ampr-ripd to learn rest of mesh routes
>>> # Be sure to substitute the password you found earlier for
>> <SecretPassword>
>>> # Put your static IP you received from your ISP here.
>>> /usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p <thepassword I
>> received>
>>> ________________________________
>>> From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on
> behalf
>> of Steve L via 44Net <44net(a)mailman.ampr.org>
>>> Sent: Wednesday, November 3, 2021 18:46
>>> To: 44Net general discussion <44net(a)mailman.ampr.org>
>>> Cc: Steve L <kb9mwr(a)gmail.com>
>>> Subject: Re: [44net] Tunnel setup help: Debian 11
>>>
>>>> I have configured the public IP in the AMPR portal as gateway.
>>> If you just did this, wait a while like a half hour.
>>>
>>>> When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at
>> Waiting for RIPv2 broadcasts... and never retrieve a password.
>>> You don't need to run the find password script or specify a password
>>> if you are using ampr-ripd above version 1.14 (its hardcoded in the
>>> program). But I do believe even if you run that, it should retrieve
>>> it.
>>>
>>> I usually start off really stripped down, with all firewall stuff off
>>> till I know I am receiving the protocol 4 rip broadcasts.
>>>
>>> Do you see anything with tcpdump ?
>>> tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
>>>
>>> If not, then something upstream is blocking protocol 4 from reaching
>>> you. Seems like it might be outside of your home if your configuring
>>> the interface directly with a public IP
>>>
>>> In the iptables world, here is the ipencap (protocol 4) syntax:
>>> iptables -A INPUT -p 4 -j ACCEPT
>>>
>>> On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net <
> 44net(a)mailman.ampr.org>
>> wrote:
>>>> I have been trying to configure the AMPRtunnel for a while without
>> success. Could someone please point me to the right direction.
>>>> I am running Debian 11 with public IP. I have configured the public
IP
in the AMPR portal as gateway.
>> I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
>> When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at
Waiting for RIPv2 broadcasts... and never retrieve a password.
>> Here is what I have done so far.
>>
>> in /etc/network/interfaces, I added
>>
>> auto ens3:1
>> iface ens3:1 inet static
>> address 44.26.0.168
>> netmask 255.255.255.248
>>
>> Then I created ipip tunnel using following commands
>>
>> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
>> ip link set dev ampr0 up
>> ifconfig ampr0 multicast
>> ip rule add to 44.0.0.0/8 table 44 priority 44
>> ip rule add from 44.26.0.168/29 table 44 priority 45
>> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
>> ip route add 44.26.0.168/29 dev ens3 table 44
>>
>> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to
plug into lat command
>> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p <SecretPassword>
>>
>> However, the find_password.sh stopped at waiting for ripv2 broadcast.
Here is the logs for command
>> Using metric 0 for routes.
>> Using TCP window 840 for routes.
>> Using gateway 209.141.42.1 for direct 44net endpoints via interface
ens3.
>> Waiting for RIPv2 broadcasts...
>>
>> Any idea on what am I doing wrong?
>> Thanks
>>
>> Kun
>>
>> _________________________________________
>> 44Net mailing list
>> 44Net(a)mailman.ampr.org
>> https://mailman.ampr.org/mailman/listinfo/44net
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
1:44 a.m.
Thanks. I did successfully ping some mesh only IP. I’m just waiting for DNS entry now.
Finally get the IPIP tunnel done.
Kun
From: Steve L via 44Net<mailto:44net@mailman.ampr.org>
Sent: Friday, November 5, 2021 5:49 PM
To: 44Net general discussion<mailto:44net@mailman.ampr.org>
Cc: Steve L<mailto:kb9mwr@gmail.com>
Subject: Re: [44net] Tunnel setup help: Debian 11
In theory all of these reporting nodes / stations should be internally
reachable:
https://wiki.ampr.org/wiki/Ampr-map
On Fri, Nov 5, 2021, 4:41 PM KUN LIN via 44Net <44net(a)mailman.ampr.org>
wrote:
Is there an example IP I could try ping to make sure
my tunnel is setup
correctly before asking for an A record?
Thanks,
Kun
________________________________
From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
of David Ranch via 44Net <44net(a)mailman.ampr.org>
Sent: Friday, November 5, 2021 11:12
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: David Ranch <amprgw(a)trinnet.net>
Subject: Re: [44net] Tunnel setup help: Debian 11
I think a key point here is if you want them to be able to reach the
Internet via the AMPR gateway in San Diego,CA then YES, each IP will
need it's own DNS "A" record. If you just want to talk to other hosts
on the IPIP mesh, NO, each of your IPs won't need a DNS record.
--David
KI6ZHD
On 11/05/2021 10:53 AM, K7VE - John via 44Net wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
Yes
On Fri, Nov 5, 2021 at 9:22 AM KUN LIN via 44Net <44net(a)mailman.ampr.org
wrote:
> So, for my allocation 44.26.0.168/29, in order to use them, I will have
> to ask for a A record for each individual IP?
> Kun
>
> ________________________________
> From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf
> of Steve L via 44Net <44net(a)mailman.ampr.org>
> Sent: Thursday, November 4, 2021 17:53
> To: 44Net general discussion <44net(a)mailman.ampr.org>
> Cc: Steve L <kb9mwr(a)gmail.com>
> Subject: Re: [44net] Tunnel setup help: Debian 11
>
> https://wiki.ampr.org/wiki/FAQ
>
> *What is the AmprGW?*
>
> The AmprGW is a server run by Brian Kantor at UCSD as part of a
> long-running Internet research project. It has a number of functions:
>
> a) It provides a selective gateway between non-AMPRNet internet devices
and
> the IPIP (mesh) AMPRNet. For this traffic, it
filters at the
per-host(/32)
> level. Each host which is to receive traffic
from the Internet into
AMPRNet
> must individually be listed in the
permissions file, which is built from
> the AMPR.ORG DNS 'A' records. If there is no DNS A record for a
tunneled
> amprnet destination host, the traffic is not
forwarded in either
direction.
> Therefore, if you want hosts on your subnet
to be able to communicate
with
> the Internet, you will need to have your
local coordinator add them to
the
> AMPR.ORG DNS for you.
>
> On Thu, Nov 4, 2021, 5:01 PM KUN LIN via 44Net <44net(a)mailman.ampr.org>
> wrote:
>
>> I still can't ping my AMPR IP: I could receive RIPv2 password
>>
>> Here is a recap of all the configuration I did:
>>
>> /etc/network/interfaces
>> # The loopback network interface
>> auto lo
>> iface lo inet loopback
>>
>> # The primary network interface
>> allow-hotplug ens3
>> iface ens3 inet dhcp
>> iface ens3 inet6 static
>> address 2605:6400:20:1920:8af7:f451:cb26:a3f8
>> netmask 48
>> gateway 2605:6400:20::1
>>
>> auto ampr0
>> iface ampr0 inet static
>> address 44.26.0.168
>> netmask 255.255.255.248
>>
>> /etc/rc.local
>>
>> iptables -A INPUT -p 4 -j ACCEPT
>>
>> ## Configure Tunnel (put your ISP you received from your ISP Here).
>> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
>>
>> ## Bring it up
>> ip link set dev ampr0 up
>>
>> ## Enable Multicast in order to receive routes
>> ifconfig ampr0 multicast
>>
>> ## Configure Policy Based routing
>> # Packets to 44/8 network use routing table 44
>> ip rule add to 44.0.0.0/8 table 44 priority 44
>>
>> # Packets from our 44 subnet use table 44 (put your AMPRNet Subnet
here)
>> ip rule add from 44.26.0.168/29 table 44
priority 45
>> ip route add default dev ampr0 via 169.228.34.84 onlink table 45
>>
>> ## Configure static routes
>> # Default route for table 44 is to send traffic to amprnet gateway at
> UCSD
>> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
>>
>> # Route packets for our net to local interface (put your AMPRNet Subnet
>> here)
>> ip route add 44.26.0.168/29 dev ens3 table 44
>>
>> ## Start ampr-ripd to learn rest of mesh routes
>> # Be sure to substitute the password you found earlier for
> <SecretPassword>
>> # Put your static IP you received from your ISP here.
>> /usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p pLaInTeXtpAsSwD
>>
>> iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
>> iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
>> iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
>> iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
>> --restore-mark
>> iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
>> CONNMARK --restore-mark
>>
>> exit 0
>>
>> ________________________________
>> From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on
behalf
>> of Marius Petrescu via 44Net
<44net(a)mailman.ampr.org>
>> Sent: Thursday, November 4, 2021 14:45
>> To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org>
>> Cc: Marius Petrescu <marius(a)yo2loj.ro>
>> Subject: Re: [44net] Tunnel setup help: Debian 11
>>
>> That's because that setup does not allow that, because replies will go
>> out your main default route, from table main.
>>
>> There should be another routing table, let's say 45, holding only a
>> single default route:
>>
>> ip route add default dev ampr0 via 169.228.34.84 onlink table 45
>>
>> And you need to connection mark any incoming new connection from ampr0
>> NOT in 44.0.0.0/9 or 44.128.0.0/10 with that connection mark, and then
>> mark any packet with that connection mark with routing mark 45.
>> This will ensure the replies coming from ampr0 go back the way they
came
>> in...
>> So basically you need this:
>>
>> iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN
>>
>> iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN
>>
>> iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45
>>
>> iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK
>> --restore-mark
>>
>> iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j
>> CONNMARK --restore-mark
>>
>>
>> But be aware, this will get the door wide open from the internet to
your
>> internal network, so setting up some
firewall rules would be useful...
>>
>> Marius, YO2LOJ
>>
>> On 04/11/2021 23:28, KUN LIN via 44Net wrote:
>>> Oh, when I run find_pass.sh again, I did get the ripv4 broadcast and
>> found the password.
>>> And then I proceed to setup rc.local as documented in that wiki
> article.
>> However, I still can't ping my AMPR IP from Internet.
>>> -- rc.local
>>>
>>> ###
>>> ## Create AMPRNet Tunnel and routing
>>> ##
>>>
>>> ## Configure Tunnel (put your ISP you received from your ISP Here).
>>> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
>>>
>>> ## Bring it up
>>> ip link set dev ampr0 up
>>>
>>> ## Enable Multicast in order to receive routes
>>> ifconfig ampr0 multicast
>>>
>>> ## Configure Policy Based routing
>>> # Packets to 44/8 network use routing table 44
>>> ip rule add to 44.0.0.0/8 table 44 priority 44
>>>
>>> # Packets from our 44 subnet use table 44 (put your AMPRNet Subnet
> here)
>>> ip rule add from 44.26.0.168/29 table 44 priority 45
>>>
>>> ## Configure static routes
>>> # Default route for table 44 is to send traffic to amprnet gateway at
>> UCSD
>>> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
>>>
>>> # Route packets for our net to local interface (put your AMPRNet
Subnet
>> here)
>>> ip route add 44.26.0.168/29 dev ens3 table 44
>>>
>>> ## Start ampr-ripd to learn rest of mesh routes
>>> # Be sure to substitute the password you found earlier for
>> <SecretPassword>
>>> # Put your static IP you received from your ISP here.
>>> /usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p <thepassword I
>> received>
>>> ________________________________
>>> From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on
> behalf
>> of Steve L via 44Net <44net(a)mailman.ampr.org>
>>> Sent: Wednesday, November 3, 2021 18:46
>>> To: 44Net general discussion <44net(a)mailman.ampr.org>
>>> Cc: Steve L <kb9mwr(a)gmail.com>
>>> Subject: Re: [44net] Tunnel setup help: Debian 11
>>>
>>>> I have configured the public IP in the AMPR portal as gateway.
>>> If you just did this, wait a while like a half hour.
>>>
>>>> When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at
>> Waiting for RIPv2 broadcasts... and never retrieve a password.
>>> You don't need to run the find password script or specify a password
>>> if you are using ampr-ripd above version 1.14 (its hardcoded in the
>>> program). But I do believe even if you run that, it should retrieve
>>> it.
>>>
>>> I usually start off really stripped down, with all firewall stuff off
>>> till I know I am receiving the protocol 4 rip broadcasts.
>>>
>>> Do you see anything with tcpdump ?
>>> tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp
>>>
>>> If not, then something upstream is blocking protocol 4 from reaching
>>> you. Seems like it might be outside of your home if your configuring
>>> the interface directly with a public IP
>>>
>>> In the iptables world, here is the ipencap (protocol 4) syntax:
>>> iptables -A INPUT -p 4 -j ACCEPT
>>>
>>> On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net <
> 44net(a)mailman.ampr.org>
>> wrote:
>>>> I have been trying to configure the AMPRtunnel for a while without
>> success. Could someone please point me to the right direction.
>>>> I am running Debian 11 with public IP. I have configured the public
IP
in the AMPR portal as gateway.
>> I am trying to follow this document
https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example
>> When I try to run find_password.sh in ampr-ripd-2.4, I am stopped at
Waiting for RIPv2 broadcasts... and never retrieve a password.
>> Here is what I have done so far.
>>
>> in /etc/network/interfaces, I added
>>
>> auto ens3:1
>> iface ens3:1 inet static
>> address 44.26.0.168
>> netmask 255.255.255.248
>>
>> Then I created ipip tunnel using following commands
>>
>> ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255
>> ip link set dev ampr0 up
>> ifconfig ampr0 multicast
>> ip rule add to 44.0.0.0/8 table 44 priority 44
>> ip rule add from 44.26.0.168/29 table 44 priority 45
>> ip route add default dev ampr0 via 169.228.34.84 onlink table 44
>> ip route add 44.26.0.168/29 dev ens3 table 44
>>
>> Then, I run ampr-ripd -d -v -i ens3 to get the password in order to
plug into lat command
>> ampr-ripd -s -i ampr0 -a 209.141.42.9-t 44 -p <SecretPassword>
>>
>> However, the find_password.sh stopped at waiting for ripv2 broadcast.
Here is the logs for command
>> Using metric 0 for routes.
>> Using TCP window 840 for routes.
>> Using gateway 209.141.42.1 for direct 44net endpoints via interface
ens3.
>> Waiting for RIPv2 broadcasts...
>>
>> Any idea on what am I doing wrong?
>> Thanks
>>
>> Kun
>>
>> _________________________________________
>> 44Net mailing list
>> 44Net(a)mailman.ampr.org
>> https://mailman.ampr.org/mailman/listinfo/44net
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
903
days inactive
912
days old
15 comments
6 participants
participants (6)
-
David Ranch -
K7VE - John -
KUN LIN -
Marius Petrescu -
Nick KM6RDV -
Steve L