I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to distribute the /24 that was assigned to me.
I played a lot with the openvpn and wireguard software up to a point I had to redo the whole install of the VPS.
here is the receipy I have been able to use for the task. I am running a Debian10 that was updated to the latest software
First I have use the tutorial at https://www.vultr.com/docs/configuring-bgp-on-vultr
Be aware that on my version of bird I was not able to open the "/var/log/bird.log" files because of a propriatary right. the file belongned to root and it was supposed to belong to bird it is a known bug that I hope will be fixed soon.
this helped me create that information into my bird.conf ------------------------------------------------------------------------------ log "/var/log/bird.log" all;
router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps
protocol device { scan time 60; }
protocol static { route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the ipv4 from your vps }
protocol bgp vultr { local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on your dashboard on myvultr.com for your vps source address xxx.xxx.xxx.xxx; import none; export all; graceful restart on; next hop self; multihop 2; neighbor 169.254.169.254 as 64515; password "YourSecretPassword" ; } ------------------------------------------------------------------------------
On the openvpn side of thing I have use the install script from angristan available at https://github.com/angristan/openvpn-install
just followed the instruction and all was good.
from there I changed some things on my network at etc/network/interfaces
-------------------------------------------------------------------------- # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo iface lo inet loopback
auto ens3 allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet static address 44.135.59.1/32 --------------------------------------------------------------------- the last line point at the first address of my /24 put yours into your file.
then on the openvpn server I changed into the server.conf file only one line
the file is at /etc/openvpn/server.conf
i switched the server line from server 10.8.0.0 255.255.255.0 to server 44.135.59.0 255.255.255.0
the 44 address is my /24 put yours if you follow my exemple.
that's it!
it was not that complicated. But I had to dig a bit to understand the whole thing.
My next step will be to split my /24 in parts. one section will be for the single connections like now, but I want to have connection that are like blocks of /28 or /29.
I know I will have to make another instence of the openvpn server That is the part that is the less clear for me yet. The conf file is more clear. As I want to strat and stop each instence easily I will have to make a new starting script for systemd And that is where I will need to read more.
If this helps someone I will be happy!
If you see a problem with my setup please let me know!
Pierre VE2PF
Well It looks like I still have a problem. When I connect to my openvpn server it works. BUT I have no connection to the outside world.
here is my output of my iptable.
iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1937 332K ACCEPT udp -- ens3 any anywhere anywhere udp dpt:openvpn 3 180 ACCEPT all -- tun0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 979 94816 ACCEPT all -- tun0 ens3 anywhere anywhere 0 0 ACCEPT all -- ens3 tun0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
and here is my network adress state:
# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic ens3 valid_lft 85194sec preferred_lft 85194sec inet 44.135.59.1/32 brd 44.135.59.1 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5400:2ff:fefc:bdba/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq state UNKNOWN group default qlen 100 link/none inet 44.135.59.1/24 brd 44.135.59.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::cd3f:6e0a:55e:e9ac/64 scope link stable-privacy valid_lft forever preferred_lft forever
Bird show my route advertised properly.
Anyone can help?
________________________________________ De : pete M petem001@hotmail.com Envoyé : 15 décembre 2020 17:40 À : James Colderwood via 44Net Objet : BGP/openvpn finally all ok.
I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to distribute the /24 that was assigned to me.
I played a lot with the openvpn and wireguard software up to a point I had to redo the whole install of the VPS.
here is the receipy I have been able to use for the task. I am running a Debian10 that was updated to the latest software
First I have use the tutorial at https://www.vultr.com/docs/configuring-bgp-on-vultr
Be aware that on my version of bird I was not able to open the "/var/log/bird.log" files because of a propriatary right. the file belongned to root and it was supposed to belong to bird it is a known bug that I hope will be fixed soon.
this helped me create that information into my bird.conf ------------------------------------------------------------------------------ log "/var/log/bird.log" all;
router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps
protocol device { scan time 60; }
protocol static { route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the ipv4 from your vps }
protocol bgp vultr { local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on your dashboard on myvultr.com for your vps source address xxx.xxx.xxx.xxx; import none; export all; graceful restart on; next hop self; multihop 2; neighbor 169.254.169.254 as 64515; password "YourSecretPassword" ; } ------------------------------------------------------------------------------
On the openvpn side of thing I have use the install script from angristan available at https://github.com/angristan/openvpn-install
just followed the instruction and all was good.
from there I changed some things on my network at etc/network/interfaces
-------------------------------------------------------------------------- # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo iface lo inet loopback
auto ens3 allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet static address 44.135.59.1/32 --------------------------------------------------------------------- the last line point at the first address of my /24 put yours into your file.
then on the openvpn server I changed into the server.conf file only one line
the file is at /etc/openvpn/server.conf
i switched the server line from server 10.8.0.0 255.255.255.0 to server 44.135.59.0 255.255.255.0
the 44 address is my /24 put yours if you follow my exemple.
that's it!
it was not that complicated. But I had to dig a bit to understand the whole thing.
My next step will be to split my /24 in parts. one section will be for the single connections like now, but I want to have connection that are like blocks of /28 or /29.
I know I will have to make another instence of the openvpn server That is the part that is the less clear for me yet. The conf file is more clear. As I want to strat and stop each instence easily I will have to make a new starting script for systemd And that is where I will need to read more.
If this helps someone I will be happy!
If you see a problem with my setup please let me know!
Pierre VE2PF
By outside connectivity, do you mean egress only? In either case, please provide a traceroute sourced from an address within your 44net block so we can see where things are going wrong. Also, do a "ip route" so we can check the routing table to make sure everything is in order.
Nate KJ7DMC
On Fri, 2021-01-15 at 16:23 +0000, pete M via 44Net wrote:
Well It looks like I still have a problem. When I connect to my openvpn server it works. BUT I have no connection to the outside world.
here is my output of my iptable.
iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1937 332K ACCEPT udp -- ens3 any anywhere anywhere udp dpt:openvpn 3 180 ACCEPT all -- tun0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 979 94816 ACCEPT all -- tun0 ens3 anywhere anywhere 0 0 ACCEPT all -- ens3 tun0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
and here is my network adress state:
# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic ens3 valid_lft 85194sec preferred_lft 85194sec inet 44.135.59.1/32 brd 44.135.59.1 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5400:2ff:fefc:bdba/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq state UNKNOWN group default qlen 100 link/none inet 44.135.59.1/24 brd 44.135.59.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::cd3f:6e0a:55e:e9ac/64 scope link stable-privacy valid_lft forever preferred_lft forever
Bird show my route advertised properly.
Anyone can help?
De : pete M petem001@hotmail.com Envoyé : 15 décembre 2020 17:40 À : James Colderwood via 44Net Objet : BGP/openvpn finally all ok.
I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to distribute the /24 that was assigned to me.
I played a lot with the openvpn and wireguard software up to a point I had to redo the whole install of the VPS.
here is the receipy I have been able to use for the task. I am running a Debian10 that was updated to the latest software
First I have use the tutorial at https://www.vultr.com/docs/configuring-bgp-on-vultr
Be aware that on my version of bird I was not able to open the "/var/log/bird.log" files because of a propriatary right. the file belongned to root and it was supposed to belong to bird it is a known bug that I hope will be fixed soon.
this helped me create that information into my bird.conf
log "/var/log/bird.log" all;
router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps
protocol device { scan time 60; }
protocol static { route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the ipv4 from your vps }
protocol bgp vultr { local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on your dashboard on myvultr.com for your vps source address xxx.xxx.xxx.xxx; import none; export all; graceful restart on; next hop self; multihop 2; neighbor 169.254.169.254 as 64515; password "YourSecretPassword" ; }
On the openvpn side of thing I have use the install script from angristan available at https://github.com/angristan/openvpn-install
just followed the instruction and all was good.
from there I changed some things on my network at etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo iface lo inet loopback
auto ens3 allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet static address 44.135.59.1/32
the last line point at the first address of my /24 put yours into your file.
then on the openvpn server I changed into the server.conf file only one line
the file is at /etc/openvpn/server.conf
i switched the server line from server 10.8.0.0 255.255.255.0 to server 44.135.59.0 255.255.255.0
the 44 address is my /24 put yours if you follow my exemple.
that's it!
it was not that complicated. But I had to dig a bit to understand the whole thing.
My next step will be to split my /24 in parts. one section will be for the single connections like now, but I want to have connection that are like blocks of /28 or /29.
I know I will have to make another instence of the openvpn server That is the part that is the less clear for me yet. The conf file is more clear. As I want to strat and stop each instence easily I will have to make a new starting script for systemd And that is where I will need to read more.
If this helps someone I will be happy!
If you see a problem with my setup please let me know!
Pierre VE2PF
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Thnaks Nate for the help.
# ip route show default via 207.246.122.1 dev ens3 44.135.59.0/24 dev tun0 proto kernel scope link src 44.135.59.1 169.254.169.254 via 207.246.122.1 dev ens3 207.246.122.0/23 dev ens3 proto kernel scope link src 207.246.122.57
I have fixed the mixe up in the fact that ens3 and tun0 had the 44.135.59.0/24 assigned to them both
traceroute from a windows 10 machine (french so dont worry about the strange words ;-) tracert 8.8.8.8
Détermination de l’itinéraire vers 8.8.8.8 avec un maximum de 30 sauts.
1 20 ms 18 ms 21 ms 44.135.59.1 2 * * * Délai d’attente de la demande dépassé. 3 * * * Délai d’attente de la demande dépassé. 4 * * * Délai d’attente de la demande dépassé. 5 * * * Délai d’attente de la demande dépassé. 6 * * * Délai d’attente de la demande dépassé. 7 * * * Délai d’attente de la demande dépassé. 8 * * * Délai d’attente de la demande dépassé. 9 * * * Délai d’attente de la demande dépassé. 10 * * * Délai d’attente de la demande dépassé.
I have ipv4.ip_forward = 1 in /etc/sysctl.conf
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Nate Sales via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 11:53 À : 44net@mailman.ampr.org Cc : Nate Sales Objet : Re: [44net] BGP/openvpn finally all ok.
By outside connectivity, do you mean egress only? In either case, please provide a traceroute sourced from an address within your 44net block so we can see where things are going wrong. Also, do a "ip route" so we can check the routing table to make sure everything is in order.
Nate KJ7DMC
On Fri, 2021-01-15 at 16:23 +0000, pete M via 44Net wrote:
Well It looks like I still have a problem. When I connect to my openvpn server it works. BUT I have no connection to the outside world.
here is my output of my iptable.
iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1937 332K ACCEPT udp -- ens3 any anywhere anywhere udp dpt:openvpn 3 180 ACCEPT all -- tun0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 979 94816 ACCEPT all -- tun0 ens3 anywhere anywhere 0 0 ACCEPT all -- ens3 tun0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
and here is my network adress state:
# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic ens3 valid_lft 85194sec preferred_lft 85194sec inet 44.135.59.1/32 brd 44.135.59.1 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5400:2ff:fefc:bdba/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq state UNKNOWN group default qlen 100 link/none inet 44.135.59.1/24 brd 44.135.59.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::cd3f:6e0a:55e:e9ac/64 scope link stable-privacy valid_lft forever preferred_lft forever
Bird show my route advertised properly.
Anyone can help?
De : pete M petem001@hotmail.com Envoyé : 15 décembre 2020 17:40 À : James Colderwood via 44Net Objet : BGP/openvpn finally all ok.
I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to distribute the /24 that was assigned to me.
I played a lot with the openvpn and wireguard software up to a point I had to redo the whole install of the VPS.
here is the receipy I have been able to use for the task. I am running a Debian10 that was updated to the latest software
First I have use the tutorial at https://www.vultr.com/docs/configuring-bgp-on-vultr
Be aware that on my version of bird I was not able to open the "/var/log/bird.log" files because of a propriatary right. the file belongned to root and it was supposed to belong to bird it is a known bug that I hope will be fixed soon.
this helped me create that information into my bird.conf
log "/var/log/bird.log" all;
router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps
protocol device { scan time 60; }
protocol static { route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the ipv4 from your vps }
protocol bgp vultr { local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on your dashboard on myvultr.com for your vps source address xxx.xxx.xxx.xxx; import none; export all; graceful restart on; next hop self; multihop 2; neighbor 169.254.169.254 as 64515; password "YourSecretPassword" ; }
On the openvpn side of thing I have use the install script from angristan available at https://github.com/angristan/openvpn-install
just followed the instruction and all was good.
from there I changed some things on my network at etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo iface lo inet loopback
auto ens3 allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet static address 44.135.59.1/32
the last line point at the first address of my /24 put yours into your file.
then on the openvpn server I changed into the server.conf file only one line
the file is at /etc/openvpn/server.conf
i switched the server line from server 10.8.0.0 255.255.255.0 to server 44.135.59.0 255.255.255.0
the 44 address is my /24 put yours if you follow my exemple.
that's it!
it was not that complicated. But I had to dig a bit to understand the whole thing.
My next step will be to split my /24 in parts. one section will be for the single connections like now, but I want to have connection that are like blocks of /28 or /29.
I know I will have to make another instence of the openvpn server That is the part that is the less clear for me yet. The conf file is more clear. As I want to strat and stop each instence easily I will have to make a new starting script for systemd And that is where I will need to read more.
If this helps someone I will be happy!
If you see a problem with my setup please let me know!
Pierre VE2PF
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Thanks for the info. Let's start with connecitvity to the VM itself (44.135.59.1). As Dave pointed out, 44.135.59.0/24 has not reached the DFZ. Checking my collector, the covering route is 44.128.0.0/10
~ # b s route for 44.135.59.0/24 BIRD 2.0.7 ready. Table master4: 44.128.0.0/10 [...]
Could you show the output of "birdc s protocols all" - and "birdc s route export vultr" to make sure the route is indeed being exported over the session.
Nate KJ7DMC
On Fri, 2021-01-15 at 17:19 +0000, pete M via 44Net wrote:
Thnaks Nate for the help.
# ip route show default via 207.246.122.1 dev ens3 44.135.59.0/24 dev tun0 proto kernel scope link src 44.135.59.1 169.254.169.254 via 207.246.122.1 dev ens3 207.246.122.0/23 dev ens3 proto kernel scope link src 207.246.122.57
I have fixed the mixe up in the fact that ens3 and tun0 had the 44.135.59.0/24 assigned to them both
traceroute from a windows 10 machine (french so dont worry about the strange words ;-) tracert 8.8.8.8
Détermination de l’itinéraire vers 8.8.8.8 avec un maximum de 30 sauts.
1 20 ms 18 ms 21 ms 44.135.59.1 2 * * * Délai d’attente de la demande dépassé. 3 * * * Délai d’attente de la demande dépassé. 4 * * * Délai d’attente de la demande dépassé. 5 * * * Délai d’attente de la demande dépassé. 6 * * * Délai d’attente de la demande dépassé. 7 * * * Délai d’attente de la demande dépassé. 8 * * * Délai d’attente de la demande dépassé. 9 * * * Délai d’attente de la demande dépassé. 10 * * * Délai d’attente de la demande dépassé.
I have ipv4.ip_forward = 1 in /etc/sysctl.conf
De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Nate Sales via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 11:53 À : 44net@mailman.ampr.org Cc : Nate Sales Objet : Re: [44net] BGP/openvpn finally all ok.
By outside connectivity, do you mean egress only? In either case, please provide a traceroute sourced from an address within your 44net block so we can see where things are going wrong. Also, do a "ip route" so we can check the routing table to make sure everything is in order.
Nate KJ7DMC
On Fri, 2021-01-15 at 16:23 +0000, pete M via 44Net wrote:
Well It looks like I still have a problem. When I connect to my openvpn server it works. BUT I have no connection to the outside world.
here is my output of my iptable.
iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1937 332K ACCEPT udp -- ens3 any anywhere anywhere udp dpt:openvpn 3 180 ACCEPT all -- tun0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 979 94816 ACCEPT all -- tun0 ens3 anywhere anywhere 0 0 ACCEPT all -- ens3 tun0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
and here is my network adress state:
# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic ens3 valid_lft 85194sec preferred_lft 85194sec inet 44.135.59.1/32 brd 44.135.59.1 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5400:2ff:fefc:bdba/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq state UNKNOWN group default qlen 100 link/none inet 44.135.59.1/24 brd 44.135.59.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::cd3f:6e0a:55e:e9ac/64 scope link stable-privacy valid_lft forever preferred_lft forever
Bird show my route advertised properly.
Anyone can help?
De : pete M petem001@hotmail.com Envoyé : 15 décembre 2020 17:40 À : James Colderwood via 44Net Objet : BGP/openvpn finally all ok.
I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to distribute the /24 that was assigned to me.
I played a lot with the openvpn and wireguard software up to a point I had to redo the whole install of the VPS.
here is the receipy I have been able to use for the task. I am running a Debian10 that was updated to the latest software
First I have use the tutorial at https://www.vultr.com/docs/configuring-bgp-on-vultr
Be aware that on my version of bird I was not able to open the "/var/log/bird.log" files because of a propriatary right. the file belongned to root and it was supposed to belong to bird it is a known bug that I hope will be fixed soon.
this helped me create that information into my bird.conf
log "/var/log/bird.log" all;
router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps
protocol device { scan time 60; }
protocol static { route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the ipv4 from your vps }
protocol bgp vultr { local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on your dashboard on myvultr.com for your vps source address xxx.xxx.xxx.xxx; import none; export all; graceful restart on; next hop self; multihop 2; neighbor 169.254.169.254 as 64515; password "YourSecretPassword" ; }
On the openvpn side of thing I have use the install script from angristan available at https://github.com/angristan/openvpn-install
just followed the instruction and all was good.
from there I changed some things on my network at etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo iface lo inet loopback
auto ens3 allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet static address 44.135.59.1/32
the last line point at the first address of my /24 put yours into your file.
then on the openvpn server I changed into the server.conf file only one line
the file is at /etc/openvpn/server.conf
i switched the server line from server 10.8.0.0 255.255.255.0 to server 44.135.59.0 255.255.255.0
the 44 address is my /24 put yours if you follow my exemple.
that's it!
it was not that complicated. But I had to dig a bit to understand the whole thing.
My next step will be to split my /24 in parts. one section will be for the single connections like now, but I want to have connection that are like blocks of /28 or /29.
I know I will have to make another instence of the openvpn server That is the part that is the less clear for me yet. The conf file is more clear. As I want to strat and stop each instence easily I will have to make a new starting script for systemd And that is where I will need to read more.
If this helps someone I will be happy!
If you see a problem with my setup please let me know!
Pierre VE2PF
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
#Could you show the output of "birdc s protocols all" - and "birdc s #route export vultr" to make sure the route is indeed being exported #over the session.
here it is.
# birdc s protocols all BIRD 1.6.6 ready. name proto table state since info device1 Device master up 17:06:16 Preference: 240 Input filter: ACCEPT Output filter: REJECT Routes: 0 imported, 0 exported, 0 preferred Route change stats: received rejected filtered ignored accepted Import updates: 0 0 0 0 0 Import withdraws: 0 0 --- 0 0 Export updates: 0 0 0 --- 0 Export withdraws: 0 --- --- --- 0
static1 Static master up 17:06:16 Preference: 200 Input filter: ACCEPT Output filter: REJECT Routes: 1 imported, 0 exported, 1 preferred Route change stats: received rejected filtered ignored accepted Import updates: 5 0 0 0 5 Import withdraws: 4 0 --- 0 4 Export updates: 0 0 0 --- 0 Export withdraws: 0 --- --- --- 0
vultr BGP master up 17:06:20 Established Preference: 100 Input filter: REJECT Output filter: ACCEPT Routes: 0 imported, 1 exported, 0 preferred Route change stats: received rejected filtered ignored accepted Import updates: 1 0 1 0 0 Import withdraws: 0 0 --- 1 0 Export updates: 5 0 0 --- 5 Export withdraws: 4 --- --- --- 4 BGP state: Established Neighbor address: 169.254.169.254 Neighbor AS: 64515 Neighbor ID: 209.222.14.236 Neighbor caps: refresh restart-aware AS4 add-path-rx Session: external multihop AS4 Source address: 207.246.122.57 Hold timer: 137/180 Keepalive timer: 10/60
Thanks, so there is a route exported to Vultr. Please run "birdc s route export vultr" so we can see what the route is.
I would also suggest modifing your import filter to permit 0.0.0.0/0. In this case it's not as much of a problem because you only have a single peer and they're only sending a default route, but it is not a good idea to point static routes at a BGP peer. Doing that on the public internet is a quick way to cause problems :)
Nate KJ7DMC
On Fri, 2021-01-15 at 17:48 +0000, pete M via 44Net wrote:
#Could you show the output of "birdc s protocols all" - and "birdc s #route export vultr" to make sure the route is indeed being exported #over the session.
here it is.
# birdc s protocols all BIRD 1.6.6 ready. name proto table state since info device1 Device master up 17:06:16 Preference: 240 Input filter: ACCEPT Output filter: REJECT Routes: 0 imported, 0 exported, 0 preferred Route change stats: received rejected filtered ignored accepted Import updates: 0 0 0 0 0 Import withdraws: 0 0 --- 0 0 Export updates: 0 0 0 --- 0 Export withdraws: 0 --- --- --- 0
static1 Static master up 17:06:16 Preference: 200 Input filter: ACCEPT Output filter: REJECT Routes: 1 imported, 0 exported, 1 preferred Route change stats: received rejected filtered ignored accepted Import updates: 5 0 0 0 5 Import withdraws: 4 0 --- 0 4 Export updates: 0 0 0 --- 0 Export withdraws: 0 --- --- --- 0
vultr BGP master up 17:06:20 Established Preference: 100 Input filter: REJECT Output filter: ACCEPT Routes: 0 imported, 1 exported, 0 preferred Route change stats: received rejected filtered ignored accepted Import updates: 1 0 1 0 0 Import withdraws: 0 0 --- 1 0 Export updates: 5 0 0 --- 5 Export withdraws: 4 --- --- --- 4 BGP state: Established Neighbor address: 169.254.169.254 Neighbor AS: 64515 Neighbor ID: 209.222.14.236 Neighbor caps: refresh restart-aware AS4 add-path-rx Session: external multihop AS4 Source address: 207.246.122.57 Hold timer: 137/180 Keepalive timer: 10/60
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
OK I did the change in the interfaces file. I now have those route
ip route show 0.0.0.0/1 via 44.135.59.1 dev ens3 default via 207.246.122.1 dev ens3 44.135.59.0/24 dev tun0 proto kernel scope link src 44.135.59.1 44.135.59.0/24 dev ens3 proto kernel scope link src 44.135.59.1 128.0.0.0/1 via 44.135.59.1 dev ens3 169.254.169.254 via 207.246.122.1 dev ens3 207.246.122.0/23 dev ens3 proto kernel scope link src 207.246.122.57
Now the birdc show birdc s route export vultr BIRD 1.6.6 ready. 44.135.59.0/24 via 207.246.122.57 on ens3 [static1 18:22:30] * (200)
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Nate Sales via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 12:53 À : 44net@mailman.ampr.org Cc : Nate Sales Objet : Re: [44net] BGP/openvpn finally all ok.
Thanks, so there is a route exported to Vultr. Please run "birdc s route export vultr" so we can see what the route is.
I would also suggest modifing your import filter to permit 0.0.0.0/0. In this case it's not as much of a problem because you only have a single peer and they're only sending a default route, but it is not a good idea to point static routes at a BGP peer. Doing that on the public internet is a quick way to cause problems :)
Nate KJ7DMC
On Fri, 2021-01-15 at 17:48 +0000, pete M via 44Net wrote:
#Could you show the output of "birdc s protocols all" - and "birdc s #route export vultr" to make sure the route is indeed being exported #over the session.
here it is.
# birdc s protocols all BIRD 1.6.6 ready. name proto table state since info device1 Device master up 17:06:16 Preference: 240 Input filter: ACCEPT Output filter: REJECT Routes: 0 imported, 0 exported, 0 preferred Route change stats: received rejected filtered ignored accepted Import updates: 0 0 0 0 0 Import withdraws: 0 0 --- 0 0 Export updates: 0 0 0 --- 0 Export withdraws: 0 --- --- --- 0
static1 Static master up 17:06:16 Preference: 200 Input filter: ACCEPT Output filter: REJECT Routes: 1 imported, 0 exported, 1 preferred Route change stats: received rejected filtered ignored accepted Import updates: 5 0 0 0 5 Import withdraws: 4 0 --- 0 4 Export updates: 0 0 0 --- 0 Export withdraws: 0 --- --- --- 0
vultr BGP master up 17:06:20 Established Preference: 100 Input filter: REJECT Output filter: ACCEPT Routes: 0 imported, 1 exported, 0 preferred Route change stats: received rejected filtered ignored accepted Import updates: 1 0 1 0 0 Import withdraws: 0 0 --- 1 0 Export updates: 5 0 0 --- 5 Export withdraws: 4 --- --- --- 4 BGP state: Established Neighbor address: 169.254.169.254 Neighbor AS: 64515 Neighbor ID: 209.222.14.236 Neighbor caps: refresh restart-aware AS4 add-path-rx Session: external multihop AS4 Source address: 207.246.122.57 Hold timer: 137/180 Keepalive timer: 10/60
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Apparently your subnet is still not advertised in the DFZ. Either Vultr is not receiving your advertisement, or they are ignoring it for some reason.. Is your LOA okay and submitted to Vultr? If yes, I would open up a ticket with Vultr and ask them if they are receiving your advertisement
-- $ show ip bgp 44.135.59.0/24 % Network not in table --
73
Ruben ON3RVH
-----Original Message----- From: 44Net 44net-bounces+on3rvh=on3rvh.be@mailman.ampr.org On Behalf Of pete M via 44Net Sent: Friday, January 15, 2021 19:25 To: AMPRNet working group 44net@mailman.ampr.org Cc: pete M petem001@hotmail.com Subject: Re: [44net] BGP/openvpn finally all ok.
OK I did the change in the interfaces file. I now have those route
ip route show 0.0.0.0/1 via 44.135.59.1 dev ens3 default via 207.246.122.1 dev ens3 44.135.59.0/24 dev tun0 proto kernel scope link src 44.135.59.1 44.135.59.0/24 dev ens3 proto kernel scope link src 44.135.59.1 128.0.0.0/1 via 44.135.59.1 dev ens3 169.254.169.254 via 207.246.122.1 dev ens3 207.246.122.0/23 dev ens3 proto kernel scope link src 207.246.122.57
Now the birdc show birdc s route export vultr BIRD 1.6.6 ready. 44.135.59.0/24 via 207.246.122.57 on ens3 [static1 18:22:30] * (200)
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Nate Sales via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 12:53 À : 44net@mailman.ampr.org Cc : Nate Sales Objet : Re: [44net] BGP/openvpn finally all ok.
Thanks, so there is a route exported to Vultr. Please run "birdc s route export vultr" so we can see what the route is.
I would also suggest modifing your import filter to permit 0.0.0.0/0. In this case it's not as much of a problem because you only have a single peer and they're only sending a default route, but it is not a good idea to point static routes at a BGP peer. Doing that on the public internet is a quick way to cause problems :)
Nate KJ7DMC
On Fri, 2021-01-15 at 17:48 +0000, pete M via 44Net wrote:
#Could you show the output of "birdc s protocols all" - and "birdc s #route export vultr" to make sure the route is indeed being exported #over the session.
here it is.
# birdc s protocols all BIRD 1.6.6 ready. name proto table state since info device1 Device master up 17:06:16 Preference: 240 Input filter: ACCEPT Output filter: REJECT Routes: 0 imported, 0 exported, 0 preferred Route change stats: received rejected filtered ignored accepted Import updates: 0 0 0 0 0 Import withdraws: 0 0 --- 0 0 Export updates: 0 0 0 --- 0 Export withdraws: 0 --- --- --- 0
static1 Static master up 17:06:16 Preference: 200 Input filter: ACCEPT Output filter: REJECT Routes: 1 imported, 0 exported, 1 preferred Route change stats: received rejected filtered ignored accepted Import updates: 5 0 0 0 5 Import withdraws: 4 0 --- 0 4 Export updates: 0 0 0 --- 0 Export withdraws: 0 --- --- --- 0
vultr BGP master up 17:06:20 Established Preference: 100 Input filter: REJECT Output filter: ACCEPT Routes: 0 imported, 1 exported, 0 preferred Route change stats: received rejected filtered ignored accepted Import updates: 1 0 1 0 0 Import withdraws: 0 0 --- 1 0 Export updates: 5 0 0 --- 5 Export withdraws: 4 --- --- --- 4 BGP state: Established Neighbor address: 169.254.169.254 Neighbor AS: 64515 Neighbor ID: 209.222.14.236 Neighbor caps: refresh restart-aware AS4 add-path-rx Session: external multihop AS4 Source address: 207.246.122.57 Hold timer: 137/180 Keepalive timer: 10/60
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Your route is still not showing up. Time to open a ticket with Vultr, Show them the output from the birdc command.
Oh, did you power cycle the VPS? A reboot from linux is not enough. Beware, if you do not have a reserved IP, your main IP will likely change on the power cycle, requiring you to reconfigure things. You can reserve an IP, but they charge $3/mo. Sounds small, but if you are only paying $5 or $6 for the machine, it is significant.
The ip is fix, so no they did not change the ip. They could do it but I have a doamain name pointed to it and it is still working and the DNS is not at vultr so they have no control over it.
will have to check with vultur why bgp does not work
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Dave Gingrich via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 13:41 À : AMPRNet working group Cc : Dave Gingrich Objet : Re: [44net] BGP/openvpn finally all ok.
Your route is still not showing up. Time to open a ticket with Vultr, Show them the output from the birdc command.
Oh, did you power cycle the VPS? A reboot from linux is not enough. Beware, if you do not have a reserved IP, your main IP will likely change on the power cycle, requiring you to reconfigure things. You can reserve an IP, but they charge $3/mo. Sounds small, but if you are only paying $5 or $6 for the machine, it is significant.
-- Dave K9DC
On Jan 15, 2021, at 13:24, pete M via 44Net 44net@mailman.ampr.org wrote:
OK I did the change in the interfaces file. I now have those route
ip route show 0.0.0.0/1 via 44.135.59.1 dev ens3 default via 207.246.122.1 dev ens3 44.135.59.0/24 dev tun0 proto kernel scope link src 44.135.59.1 44.135.59.0/24 dev ens3 proto kernel scope link src 44.135.59.1 128.0.0.0/1 via 44.135.59.1 dev ens3 169.254.169.254 via 207.246.122.1 dev ens3 207.246.122.0/23 dev ens3 proto kernel scope link src 207.246.122.57
Now the birdc show birdc s route export vultr BIRD 1.6.6 ready. 44.135.59.0/24 via 207.246.122.57 on ens3 [static1 18:22:30] * (200)
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
The same thing happened to me. Open a ticket. I showed them my set up and my belief that it should work. They dug around in the cave for a while and found a configuration problem on their side. Fixed it in a jiffy. I’ve got to give them credit though, their automated setup is very cool. Most providers it takes weeks of paper shuffling before everything is working.
Check this page in your Vultr account and be sure the BGP is listed there. https://my.vultr.com/network/#network-bgp
A couple of tips on bird.conf. Use the following router statement instead of the one with the static IP address to pick up whatever IP is assigned by Vultr to ens3 between VPS rebuilds.
router id from "ens3";
The "source address..." statement in the "protocol bgp" section is not required. It will default to the IP connected to "neighbor".
I did not require a "protocol static" section.
These bird.conf changes seem to let me recreate the bgp VPS with a new Vultr IP address and bgp will continue to function.
David M. WD5M
yup it is there BGP Prefix Date Added RPKI Status Valid 44.135.59.0/24 2020-10-26 18:22:57 No RPKI ROA found Yes
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de David McAnally via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 13:56 À : AMPRNet working group Cc : David McAnally Objet : Re: [44net] BGP/openvpn finally all ok.
Check this page in your Vultr account and be sure the BGP is listed there. https://my.vultr.com/network/#network-bgp
A couple of tips on bird.conf. Use the following router statement instead of the one with the static IP address to pick up whatever IP is assigned by Vultr to ens3 between VPS rebuilds.
router id from "ens3";
The "source address..." statement in the "protocol bgp" section is not required. It will default to the IP connected to "neighbor".
I did not require a "protocol static" section.
These bird.conf changes seem to let me recreate the bgp VPS with a new Vultr IP address and bgp will continue to function.
David M. WD5M _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Maybe it is an idea to take this off-list?
On 1/15/21 8:01 PM, pete M via 44Net wrote:
yup it is there BGP Prefix Date Added RPKI Status Valid 44.135.59.0/24 2020-10-26 18:22:57 No RPKI ROA found Yes
De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de David McAnally via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 13:56 À : AMPRNet working group Cc : David McAnally Objet : Re: [44net] BGP/openvpn finally all ok.
Check this page in your Vultr account and be sure the BGP is listed there. https://my.vultr.com/network/#network-bgp
A couple of tips on bird.conf. Use the following router statement instead of the one with the static IP address to pick up whatever IP is assigned by Vultr to ens3 between VPS rebuilds.
router id from "ens3";
The "source address..." statement in the "protocol bgp" section is not required. It will default to the IP connected to "neighbor".
I did not require a "protocol static" section.
These bird.conf changes seem to let me recreate the bgp VPS with a new Vultr IP address and bgp will continue to function.
David M. WD5M _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Perhaps better discussed here? https://groups.io/g/net-44-vpn
David M. WD5M
On Fri, Jan 15, 2021 at 1:18 PM Rob PE1CHL via 44Net 44net@mailman.ampr.org wrote:
Maybe it is an idea to take this off-list?
On 1/15/21 8:01 PM, pete M via 44Net wrote:
yup it is there BGP Prefix Date Added RPKI Status Valid 44.135.59.0/24 2020-10-26 18:22:57 No RPKI ROA found
Yes
De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la
part de David McAnally via 44Net 44net@mailman.ampr.org
Envoyé : 15 janvier 2021 13:56 À : AMPRNet working group Cc : David McAnally Objet : Re: [44net] BGP/openvpn finally all ok.
Check this page in your Vultr account and be sure the BGP is listed
there.
https://my.vultr.com/network/#network-bgp
A couple of tips on bird.conf. Use the following router statement instead of the one with the static IP address to pick up whatever IP is assigned by Vultr to ens3 between VPS rebuilds.
router id from "ens3";
The "source address..." statement in the "protocol bgp" section is not required. It will default to the IP connected to "neighbor".
I did not require a "protocol static" section.
These bird.conf changes seem to let me recreate the bgp VPS with a new Vultr IP address and bgp will continue to function.
David M. WD5M _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Yes probably. Better on group.io for such project. Going there for the rest of the discussion..
The BGP route not working was a problem at vultr, they fixed it pretty fast. But as always I got stock with something else for the job ;-)
Thanks to every one that helped!
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de David McAnally via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 14:31 À : AMPRNet working group Cc : David McAnally; Rob PE1CHL Objet : Re: [44net] BGP/openvpn finally all ok.
Perhaps better discussed here? https://groups.io/g/net-44-vpn
David M. WD5M
On Fri, Jan 15, 2021 at 1:18 PM Rob PE1CHL via 44Net 44net@mailman.ampr.org wrote:
Maybe it is an idea to take this off-list?
On 1/15/21 8:01 PM, pete M via 44Net wrote:
yup it is there BGP Prefix Date Added RPKI Status Valid 44.135.59.0/24 2020-10-26 18:22:57 No RPKI ROA found
Yes
De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la
part de David McAnally via 44Net 44net@mailman.ampr.org
Envoyé : 15 janvier 2021 13:56 À : AMPRNet working group Cc : David McAnally Objet : Re: [44net] BGP/openvpn finally all ok.
Check this page in your Vultr account and be sure the BGP is listed
there.
https://my.vultr.com/network/#network-bgp
A couple of tips on bird.conf. Use the following router statement instead of the one with the static IP address to pick up whatever IP is assigned by Vultr to ens3 between VPS rebuilds.
router id from "ens3";
The "source address..." statement in the "protocol bgp" section is not required. It will default to the IP connected to "neighbor".
I did not require a "protocol static" section.
These bird.conf changes seem to let me recreate the bgp VPS with a new Vultr IP address and bgp will continue to function.
David M. WD5M _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
I don’t see why you should move. It is 44net related, even if you are announcing through vultr.
Ruben - ON3RVH
On 15 Jan 2021, at 22:17, pete M via 44Net 44net@mailman.ampr.org wrote:
Yes probably. Better on group.io for such project. Going there for the rest of the discussion..
The BGP route not working was a problem at vultr, they fixed it pretty fast. But as always I got stock with something else for the job ;-)
Thanks to every one that helped!
De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de David McAnally via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 14:31 À : AMPRNet working group Cc : David McAnally; Rob PE1CHL Objet : Re: [44net] BGP/openvpn finally all ok.
Perhaps better discussed here? https://groups.io/g/net-44-vpn
David M. WD5M
On Fri, Jan 15, 2021 at 1:18 PM Rob PE1CHL via 44Net 44net@mailman.ampr.org wrote:
Maybe it is an idea to take this off-list?
On 1/15/21 8:01 PM, pete M via 44Net wrote: yup it is there BGP Prefix Date Added RPKI Status Valid 44.135.59.0/24 2020-10-26 18:22:57 No RPKI ROA found
Yes
De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la
part de David McAnally via 44Net 44net@mailman.ampr.org
Envoyé : 15 janvier 2021 13:56 À : AMPRNet working group Cc : David McAnally Objet : Re: [44net] BGP/openvpn finally all ok.
Check this page in your Vultr account and be sure the BGP is listed
there.
https://my.vultr.com/network/#network-bgp
A couple of tips on bird.conf. Use the following router statement instead of the one with the static IP address to pick up whatever IP is assigned by Vultr to ens3 between VPS rebuilds.
router id from "ens3";
The "source address..." statement in the "protocol bgp" section is not required. It will default to the IP connected to "neighbor".
I did not require a "protocol static" section.
These bird.conf changes seem to let me recreate the bgp VPS with a new Vultr IP address and bgp will continue to function.
David M. WD5M _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Now the problem is about openvpn.
I wont connect to it, either by the adress on 44 or the vultr provided IP.
So
systemctl status openvpn ● openvpn.service - OpenVPN service Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled) Active: inactive (dead)
Jan 15 21:21:33 hamrad.ca systemd[1]: openvpn.service: Succeeded. Jan 15 21:21:33 hamrad.ca systemd[1]: Stopped OpenVPN service.
Now I need to follow the bread crumb that is causing this...
So not being a 44net problem should I not go to the vpn44 list?
I think this will only climb the noise level way too high for many people on the list that have no interest at all about vpn stuff.
Now prove me wrong and I will stay here ;-)
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Ruben ON3RVH via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 16:29 À : AMPRNet working group Cc : Ruben ON3RVH Objet : Re: [44net] BGP/openvpn finally all ok.
I don’t see why you should move. It is 44net related, even if you are announcing through vultr.
Ruben - ON3RVH
On 15 Jan 2021, at 22:17, pete M via 44Net 44net@mailman.ampr.org wrote:
Yes probably. Better on group.io for such project. Going there for the rest of the discussion..
The BGP route not working was a problem at vultr, they fixed it pretty fast. But as always I got stock with something else for the job ;-)
Thanks to every one that helped!
De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de David McAnally via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 14:31 À : AMPRNet working group Cc : David McAnally; Rob PE1CHL Objet : Re: [44net] BGP/openvpn finally all ok.
Perhaps better discussed here? https://groups.io/g/net-44-vpn
David M. WD5M
On Fri, Jan 15, 2021 at 1:18 PM Rob PE1CHL via 44Net 44net@mailman.ampr.org wrote:
Maybe it is an idea to take this off-list?
On 1/15/21 8:01 PM, pete M via 44Net wrote: yup it is there BGP Prefix Date Added RPKI Status Valid 44.135.59.0/24 2020-10-26 18:22:57 No RPKI ROA found
Yes
De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la
part de David McAnally via 44Net 44net@mailman.ampr.org
Envoyé : 15 janvier 2021 13:56 À : AMPRNet working group Cc : David McAnally Objet : Re: [44net] BGP/openvpn finally all ok.
Check this page in your Vultr account and be sure the BGP is listed
there.
https://my.vultr.com/network/#network-bgp
A couple of tips on bird.conf. Use the following router statement instead of the one with the static IP address to pick up whatever IP is assigned by Vultr to ens3 between VPS rebuilds.
router id from "ens3";
The "source address..." statement in the "protocol bgp" section is not required. It will default to the IP connected to "neighbor".
I did not require a "protocol static" section.
These bird.conf changes seem to let me recreate the bgp VPS with a new Vultr IP address and bgp will continue to function.
David M. WD5M _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Clients connect to the Vultr non-44 address on ens3. The target of the tunnel cannot be an address inside the tunnel range.
While establishing BGP for Net-44 is a topic for this list (IMO). Configuring OpenVPN probably is not. But OpenVPN is popular and widely used. There are tons of public places to get support for OpenVPN. One place I would suggest (it is what we are using for IRLP repeaters) is pivpn.io. It was intended for the Raspberry Pi, but can run on any Debian. But beyond that suggestion, I going back to listen only.
Good luck, you beat the hard part!
-Dave, K9DC
On Jan 15, 2021, at 16:44, pete M via 44Net 44net@mailman.ampr.org wrote:
Now the problem is about openvpn.
I wont connect to it, either by the adress on 44 or the vultr provided IP.
So
systemctl status openvpn ● openvpn.service - OpenVPN service Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled) Active: inactive (dead)
Jan 15 21:21:33 hamrad.ca systemd[1]: openvpn.service: Succeeded. Jan 15 21:21:33 hamrad.ca systemd[1]: Stopped OpenVPN service.
Now I need to follow the bread crumb that is causing this...
So not being a 44net problem should I not go to the vpn44 list?
I think this will only climb the noise level way too high for many people on the list that have no interest at all about vpn stuff.
Now prove me wrong and I will stay here ;-)
De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Ruben ON3RVH via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 16:29 À : AMPRNet working group Cc : Ruben ON3RVH Objet : Re: [44net] BGP/openvpn finally all ok.
I don’t see why you should move. It is 44net related, even if you are announcing through vultr.
Ruben - ON3RVH
On 15 Jan 2021, at 22:17, pete M via 44Net 44net@mailman.ampr.org wrote:
Yes probably. Better on group.io for such project. Going there for the rest of the discussion..
The BGP route not working was a problem at vultr, they fixed it pretty fast. But as always I got stock with something else for the job ;-)
Thanks to every one that helped!
De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de David McAnally via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 14:31 À : AMPRNet working group Cc : David McAnally; Rob PE1CHL Objet : Re: [44net] BGP/openvpn finally all ok.
Perhaps better discussed here? https://groups.io/g/net-44-vpn
David M. WD5M
On Fri, Jan 15, 2021 at 1:18 PM Rob PE1CHL via 44Net 44net@mailman.ampr.org wrote:
Maybe it is an idea to take this off-list?
On 1/15/21 8:01 PM, pete M via 44Net wrote: yup it is there BGP Prefix Date Added RPKI Status Valid 44.135.59.0/24 2020-10-26 18:22:57 No RPKI ROA found
Yes
I think it is great to have some information about how to do this, but it is a bit much to have a debugging session going on with copies to all mailinglist members.
Rob
On 1/15/21 10:29 PM, Ruben ON3RVH via 44Net wrote:
I don’t see why you should move. It is 44net related, even if you are announcing through vultr.
Ruben - ON3RVH
Can you post the output of 'journalctl -xeu openvpn' to a pastebin perhaps?
On January 15, 2021 2:43:28 PM PST, Rob PE1CHL via 44Net 44net@mailman.ampr.org wrote:
I think it is great to have some information about how to do this, but it is a bit much to have a debugging session going on with copies to all mailinglist members.
Rob
On 1/15/21 10:29 PM, Ruben ON3RVH via 44Net wrote:
I don’t see why you should move. It is 44net related, even if you are announcing through vultr.
Ruben - ON3RVH
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
I will do, but a little later today. Right now I need to shovel the 8 inch of snow already down, and I will have to do it again in the evening for the other foot that will have fallen after.
The joy of living in a cold place. Keeping you in shape no matter if you want to or not.
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de john roman via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 17:57 À : AMPRNet working group Cc : john roman Objet : Re: [44net] BGP/openvpn finally all ok.
Can you post the output of 'journalctl -xeu openvpn' to a pastebin perhaps?
On January 15, 2021 2:43:28 PM PST, Rob PE1CHL via 44Net 44net@mailman.ampr.org wrote:
I think it is great to have some information about how to do this, but it is a bit much to have a debugging session going on with copies to all mailinglist members.
Rob
On 1/15/21 10:29 PM, Ruben ON3RVH via 44Net wrote:
I don’t see why you should move. It is 44net related, even if you are announcing through vultr.
Ruben - ON3RVH
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
-- Sent from my Android device with K-9 Mail. Please excuse my brevity. _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
You are missing a few routes. I am doing exactly the same thing in Sydney, here is mine…
root@server4:~# ip route show 0.0.0.0/1 via 44.136.33.1 dev ens3 default via 45.32.242.1 dev ens3 44.136.33.0/24 via 44.136.33.2 dev tun0 44.136.33.0/24 dev ens3 proto kernel scope link src 44.136.33.1 44.136.33.2 dev tun0 proto kernel scope link src 44.136.33.1 45.32.242.0/23 dev ens3 proto kernel scope link src 45.32.242.208 128.0.0.0/1 via 44.136.33.1 dev ens3 169.254.169.254 via 45.32.242.1 dev ens3
You need to leave the default route intact, but you also need to have two /1 routes
0.0.0.0/1 via 44.136.33.1 dev ens3 128.0.0.0/1 via 44.136.33.1 dev ens3
Including these lines in your interfaces file will make that happen
allow-hotplug ens3 iface ens3 inet dhcp #iface ens3 inet6 auto up /sbin/ip addr add 44.136.33.1/24 dev ens3 up /sbin/ip route add 0.0.0.0/1 via 44.136.33.1 dev ens3 up /sbin/ip route add 128.0.0.0/1 via 44.136.33.1 dev ens3
The problem here is that your bird instance is not announcing your subnet to vultr. That is step 1 in the whole process. Once that is fixed we can ts further
Ruben - ON3RVH
On 15 Jan 2021, at 18:40, Dave Gingrich via 44Net 44net@mailman.ampr.org wrote:
You are missing a few routes. I am doing exactly the same thing in Sydney, here is mine…
root@server4:~# ip route show 0.0.0.0/1 via 44.136.33.1 dev ens3 default via 45.32.242.1 dev ens3 44.136.33.0/24 via 44.136.33.2 dev tun0 44.136.33.0/24 dev ens3 proto kernel scope link src 44.136.33.1 44.136.33.2 dev tun0 proto kernel scope link src 44.136.33.1 45.32.242.0/23 dev ens3 proto kernel scope link src 45.32.242.208 128.0.0.0/1 via 44.136.33.1 dev ens3 169.254.169.254 via 45.32.242.1 dev ens3
You need to leave the default route intact, but you also need to have two /1 routes
0.0.0.0/1 via 44.136.33.1 dev ens3 128.0.0.0/1 via 44.136.33.1 dev ens3
Including these lines in your interfaces file will make that happen
allow-hotplug ens3 iface ens3 inet dhcp #iface ens3 inet6 auto up /sbin/ip addr add 44.136.33.1/24 dev ens3 up /sbin/ip route add 0.0.0.0/1 via 44.136.33.1 dev ens3 up /sbin/ip route add 128.0.0.0/1 via 44.136.33.1 dev ens3
-- Dave K9DC
On Jan 15, 2021, at 12:19, pete M via 44Net 44net@mailman.ampr.org wrote:
Thnaks Nate for the help.
# ip route show default via 207.246.122.1 dev ens3 44.135.59.0/24 dev tun0 proto kernel scope link src 44.135.59.1 169.254.169.254 via 207.246.122.1 dev ens3 207.246.122.0/23 dev ens3 proto kernel scope link src 207.246.122.57
I have fixed the mixe up in the fact that ens3 and tun0 had the 44.135.59.0/24 assigned to them both
traceroute from a windows 10 machine (french so dont worry about the strange words ;-) tracert 8.8.8.8
Détermination de l’itinéraire vers 8.8.8.8 avec un maximum de 30 sauts.
1 20 ms 18 ms 21 ms 44.135.59.1 2 * * * Délai d’attente de la demande dépassé. 3 * * * Délai d’attente de la demande dépassé. 4 * * * Délai d’attente de la demande dépassé. 5 * * * Délai d’attente de la demande dépassé. 6 * * * Délai d’attente de la demande dépassé. 7 * * * Délai d’attente de la demande dépassé. 8 * * * Délai d’attente de la demande dépassé. 9 * * * Délai d’attente de la demande dépassé. 10 * * * Délai d’attente de la demande dépassé.
I have ipv4.ip_forward = 1 in /etc/sysctl.conf
De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Nate Sales via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 11:53 À : 44net@mailman.ampr.org Cc : Nate Sales Objet : Re: [44net] BGP/openvpn finally all ok.
By outside connectivity, do you mean egress only? In either case, please provide a traceroute sourced from an address within your 44net block so we can see where things are going wrong. Also, do a "ip route" so we can check the routing table to make sure everything is in order.
Nate KJ7DMC
On Fri, 2021-01-15 at 16:23 +0000, pete M via 44Net wrote: Well It looks like I still have a problem. When I connect to my openvpn server it works. BUT I have no connection to the outside world.
here is my output of my iptable.
iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1937 332K ACCEPT udp -- ens3 any anywhere anywhere udp dpt:openvpn 3 180 ACCEPT all -- tun0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 979 94816 ACCEPT all -- tun0 ens3 anywhere anywhere 0 0 ACCEPT all -- ens3 tun0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
and here is my network adress state:
# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic ens3 valid_lft 85194sec preferred_lft 85194sec inet 44.135.59.1/32 brd 44.135.59.1 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5400:2ff:fefc:bdba/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq state UNKNOWN group default qlen 100 link/none inet 44.135.59.1/24 brd 44.135.59.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::cd3f:6e0a:55e:e9ac/64 scope link stable-privacy valid_lft forever preferred_lft forever
Bird show my route advertised properly.
Anyone can help?
De : pete M petem001@hotmail.com Envoyé : 15 décembre 2020 17:40 À : James Colderwood via 44Net Objet : BGP/openvpn finally all ok.
I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to distribute the /24 that was assigned to me.
I played a lot with the openvpn and wireguard software up to a point I had to redo the whole install of the VPS.
here is the receipy I have been able to use for the task. I am running a Debian10 that was updated to the latest software
First I have use the tutorial at https://www.vultr.com/docs/configuring-bgp-on-vultr
Be aware that on my version of bird I was not able to open the "/var/log/bird.log" files because of a propriatary right. the file belongned to root and it was supposed to belong to bird it is a known bug that I hope will be fixed soon.
this helped me create that information into my bird.conf
log "/var/log/bird.log" all;
router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps
protocol device { scan time 60; }
protocol static { route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the ipv4 from your vps }
protocol bgp vultr { local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on your dashboard on myvultr.com for your vps source address xxx.xxx.xxx.xxx; import none; export all; graceful restart on; next hop self; multihop 2; neighbor 169.254.169.254 as 64515; password "YourSecretPassword" ; }
On the openvpn side of thing I have use the install script from angristan available at https://github.com/angristan/openvpn-install
just followed the instruction and all was good.
from there I changed some things on my network at etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo iface lo inet loopback
auto ens3 allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet static address 44.135.59.1/32
the last line point at the first address of my /24 put yours into your file.
then on the openvpn server I changed into the server.conf file only one line
the file is at /etc/openvpn/server.conf
i switched the server line from server 10.8.0.0 255.255.255.0 to server 44.135.59.0 255.255.255.0
the 44 address is my /24 put yours if you follow my exemple.
that's it!
it was not that complicated. But I had to dig a bit to understand the whole thing.
My next step will be to split my /24 in parts. one section will be for the single connections like now, but I want to have connection that are like blocks of /28 or /29.
I know I will have to make another instence of the openvpn server That is the part that is the less clear for me yet. The conf file is more clear. As I want to strat and stop each instence easily I will have to make a new starting script for systemd And that is where I will need to read more.
If this helps someone I will be happy!
If you see a problem with my setup please let me know!
Pierre VE2PF
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Your redactions are inhibiting anyone from helping you. Please send again with all your IP address information intact (removing the BGP password is ok). The exact IPs are critical to understanding your setup. Also please include the kernel routing table.
FWIW, you are not advertising anything. 44.135.59.0/24 is being routed through San Diego.
You also might need to open a ticket with Vultr. I had trouble bringing the service up in Sydney, so I briefly brought my AU network to Chicago, which worked fine. It turned out they had a filter misconfigured in Sydney.
Dave I am not redacting anything at all.
The only thing I removed was the list of error that were the same from 10 to 30 in the traceroute
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Dave Gingrich via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 12:22 À : AMPRNet working group Cc : Dave Gingrich Objet : Re: [44net] BGP/openvpn finally all ok.
Your redactions are inhibiting anyone from helping you. Please send again with all your IP address information intact (removing the BGP password is ok). The exact IPs are critical to understanding your setup. Also please include the kernel routing table.
FWIW, you are not advertising anything. 44.135.59.0/24 is being routed through San Diego.
You also might need to open a ticket with Vultr. I had trouble bringing the service up in Sydney, so I briefly brought my AU network to Chicago, which worked fine. It turned out they had a filter misconfigured in Sydney.
-- Dave K9DC
On Jan 15, 2021, at 11:23, pete M via 44Net 44net@mailman.ampr.org wrote:
Well It looks like I still have a problem. When I connect to my openvpn server it works. BUT I have no connection to the outside world.
here is my output of my iptable.
iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1937 332K ACCEPT udp -- ens3 any anywhere anywhere udp dpt:openvpn 3 180 ACCEPT all -- tun0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 979 94816 ACCEPT all -- tun0 ens3 anywhere anywhere 0 0 ACCEPT all -- ens3 tun0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
and here is my network adress state:
# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic ens3 valid_lft 85194sec preferred_lft 85194sec inet 44.135.59.1/32 brd 44.135.59.1 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5400:2ff:fefc:bdba/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq state UNKNOWN group default qlen 100 link/none inet 44.135.59.1/24 brd 44.135.59.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::cd3f:6e0a:55e:e9ac/64 scope link stable-privacy valid_lft forever preferred_lft forever
Bird show my route advertised properly.
Anyone can help?
De : pete M petem001@hotmail.com Envoyé : 15 décembre 2020 17:40 À : James Colderwood via 44Net Objet : BGP/openvpn finally all ok.
I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to distribute the /24 that was assigned to me.
I played a lot with the openvpn and wireguard software up to a point I had to redo the whole install of the VPS.
here is the receipy I have been able to use for the task. I am running a Debian10 that was updated to the latest software
First I have use the tutorial at https://www.vultr.com/docs/configuring-bgp-on-vultr
Be aware that on my version of bird I was not able to open the "/var/log/bird.log" files because of a propriatary right. the file belongned to root and it was supposed to belong to bird it is a known bug that I hope will be fixed soon.
this helped me create that information into my bird.conf
log "/var/log/bird.log" all;
router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps
protocol device { scan time 60; }
protocol static { route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the ipv4 from your vps }
protocol bgp vultr { local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on your dashboard on myvultr.com for your vps source address xxx.xxx.xxx.xxx; import none; export all; graceful restart on; next hop self; multihop 2; neighbor 169.254.169.254 as 64515; password "YourSecretPassword" ; }
On the openvpn side of thing I have use the install script from angristan available at https://github.com/angristan/openvpn-install
just followed the instruction and all was good.
from there I changed some things on my network at etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo iface lo inet loopback
auto ens3 allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet static address 44.135.59.1/32
the last line point at the first address of my /24 put yours into your file.
then on the openvpn server I changed into the server.conf file only one line
the file is at /etc/openvpn/server.conf
i switched the server line from server 10.8.0.0 255.255.255.0 to server 44.135.59.0 255.255.255.0
the 44 address is my /24 put yours if you follow my exemple.
that's it!
it was not that complicated. But I had to dig a bit to understand the whole thing.
My next step will be to split my /24 in parts. one section will be for the single connections like now, but I want to have connection that are like blocks of /28 or /29.
I know I will have to make another instence of the openvpn server That is the part that is the less clear for me yet. The conf file is more clear. As I want to strat and stop each instence easily I will have to make a new starting script for systemd And that is where I will need to read more.
If this helps someone I will be happy!
If you see a problem with my setup please let me know!
Pierre VE2PF
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
If the route is not advertise I dont get it cause here is what I have for the vultr side
birdc show proto all vultr BIRD 1.6.6 ready. name proto table state since info vultr BGP master up 17:06:19 Established Preference: 100 Input filter: REJECT Output filter: ACCEPT Routes: 0 imported, 1 exported, 0 preferred Route change stats: received rejected filtered ignored accepted Import updates: 1 0 1 0 0 Import withdraws: 0 0 --- 1 0 Export updates: 1 0 0 --- 1 Export withdraws: 0 --- --- --- 0 BGP state: Established Neighbor address: 169.254.169.254 Neighbor AS: 64515 Neighbor ID: 209.222.14.236 Neighbor caps: refresh restart-aware AS4 add-path-rx Session: external multihop AS4 Source address: 207.246.122.57 Hold timer: 89/180 Keepalive timer: 13/60
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de pete M via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 12:27 À : AMPRNet working group Cc : pete M Objet : Re: [44net] BGP/openvpn finally all ok.
Dave I am not redacting anything at all.
The only thing I removed was the list of error that were the same from 10 to 30 in the traceroute
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Dave Gingrich via 44Net 44net@mailman.ampr.org Envoyé : 15 janvier 2021 12:22 À : AMPRNet working group Cc : Dave Gingrich Objet : Re: [44net] BGP/openvpn finally all ok.
Your redactions are inhibiting anyone from helping you. Please send again with all your IP address information intact (removing the BGP password is ok). The exact IPs are critical to understanding your setup. Also please include the kernel routing table.
FWIW, you are not advertising anything. 44.135.59.0/24 is being routed through San Diego.
You also might need to open a ticket with Vultr. I had trouble bringing the service up in Sydney, so I briefly brought my AU network to Chicago, which worked fine. It turned out they had a filter misconfigured in Sydney.
-- Dave K9DC
On Jan 15, 2021, at 11:23, pete M via 44Net 44net@mailman.ampr.org wrote:
Well It looks like I still have a problem. When I connect to my openvpn server it works. BUT I have no connection to the outside world.
here is my output of my iptable.
iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1937 332K ACCEPT udp -- ens3 any anywhere anywhere udp dpt:openvpn 3 180 ACCEPT all -- tun0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 979 94816 ACCEPT all -- tun0 ens3 anywhere anywhere 0 0 ACCEPT all -- ens3 tun0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
and here is my network adress state:
# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic ens3 valid_lft 85194sec preferred_lft 85194sec inet 44.135.59.1/32 brd 44.135.59.1 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5400:2ff:fefc:bdba/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq state UNKNOWN group default qlen 100 link/none inet 44.135.59.1/24 brd 44.135.59.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::cd3f:6e0a:55e:e9ac/64 scope link stable-privacy valid_lft forever preferred_lft forever
Bird show my route advertised properly.
Anyone can help?
De : pete M petem001@hotmail.com Envoyé : 15 décembre 2020 17:40 À : James Colderwood via 44Net Objet : BGP/openvpn finally all ok.
I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to distribute the /24 that was assigned to me.
I played a lot with the openvpn and wireguard software up to a point I had to redo the whole install of the VPS.
here is the receipy I have been able to use for the task. I am running a Debian10 that was updated to the latest software
First I have use the tutorial at https://www.vultr.com/docs/configuring-bgp-on-vultr
Be aware that on my version of bird I was not able to open the "/var/log/bird.log" files because of a propriatary right. the file belongned to root and it was supposed to belong to bird it is a known bug that I hope will be fixed soon.
this helped me create that information into my bird.conf
log "/var/log/bird.log" all;
router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps
protocol device { scan time 60; }
protocol static { route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the ipv4 from your vps }
protocol bgp vultr { local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on your dashboard on myvultr.com for your vps source address xxx.xxx.xxx.xxx; import none; export all; graceful restart on; next hop self; multihop 2; neighbor 169.254.169.254 as 64515; password "YourSecretPassword" ; }
On the openvpn side of thing I have use the install script from angristan available at https://github.com/angristan/openvpn-install
just followed the instruction and all was good.
from there I changed some things on my network at etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo iface lo inet loopback
auto ens3 allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet static address 44.135.59.1/32
the last line point at the first address of my /24 put yours into your file.
then on the openvpn server I changed into the server.conf file only one line
the file is at /etc/openvpn/server.conf
i switched the server line from server 10.8.0.0 255.255.255.0 to server 44.135.59.0 255.255.255.0
the 44 address is my /24 put yours if you follow my exemple.
that's it!
it was not that complicated. But I had to dig a bit to understand the whole thing.
My next step will be to split my /24 in parts. one section will be for the single connections like now, but I want to have connection that are like blocks of /28 or /29.
I know I will have to make another instence of the openvpn server That is the part that is the less clear for me yet. The conf file is more clear. As I want to strat and stop each instence easily I will have to make a new starting script for systemd And that is where I will need to read more.
If this helps someone I will be happy!
If you see a problem with my setup please let me know!
Pierre VE2PF
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
-
Dave Gingrich -
David McAnally -
john roman -
Nate Sales -
pete M -
Rob PE1CHL -
Ruben ON3RVH