Bill,
That error means that you are encapsulating an IP that does not equal a 44 IP (e.g. you're improperly sending multicast, broadcast or your Public IP onto the tunnel). Ensure that you only send 44-net SRC IPs inside the tunnel. Also, any 44 IP that you want to reach the Internet must have a DNS entry in the AMPR.ORG and 44 reverse zones. That seems to be properly setup already: 1.170.131.44.in-addr.arpa name = m1bkf.ampr.org. --- I ping and receive no reply - this is a TCPDUMP of my tunnel: 21:23:10.793135 IP (tos 0x0, ttl 64, id 46020, offset 0, flags [DF], proto IPIP (4), length 104) 138.88.77.89 > 90.155.50.1: IP (tos 0x0, ttl 64, id 48759, offset 0, flags [DF], proto ICMP (1), length 84) 44.60.44.1 > 44.131.170.1: ICMP echo request, id 19216, seq 7, length 64 21:23:11.793459 IP (tos 0x0, ttl 64, id 46092, offset 0, flags [DF], proto IPIP (4), length 104) 138.88.77.89 > 90.155.50.1: IP (tos 0x0, ttl 64, id 48962, offset 0, flags [DF], proto ICMP (1), length 84) 44.60.44.1 > 44.131.170.1: ICMP echo request, id 19216, seq 8, length 64 21:23:12.793801 IP (tos 0x0, ttl 64, id 46294, offset 0, flags [DF], proto IPIP (4), length 104) 138.88.77.89 > 90.155.50.1: IP (tos 0x0, ttl 64, id 49447, offset 0, flags [DF], proto ICMP (1), length 84) 44.60.44.1 > 44.131.170.1: ICMP echo request, id 19216, seq 9, length 64 21:23:13.794158 IP (tos 0x0, ttl 64, id 46674, offset 0, flags [DF], proto IPIP (4), length 104) 138.88.77.89 > 90.155.50.1: IP (tos 0x0, ttl 64, id 49657, offset 0, flags [DF], proto ICMP (1), length 84) 44.60.44.1 > 44.131.170.1: ICMP echo request, id 19216, seq 10, length 64 21:23:14.794465 IP (tos 0x0, ttl 64, id 47472, offset 0, flags [DF], proto IPIP (4), length 104) 138.88.77.89 > 90.155.50.1: IP (tos 0x0, ttl 64, id 50140, offset 0, flags [DF], proto ICMP (1), length 84) 44.60.44.1 > 44.131.170.1: ICMP echo request, id 19216, seq 11, length 64
73,
- Lynwood KB3VWG
Bill, Where are your routes for the other 753 nodes on AMPRNet?
- KB3VWG
Bill, Also, I noticed your interface is Ethernet with a 1500 MTU? Also, your interface is improperly subnetted as /8 (255.0.0.0). Your network is a /30 (or 255.255.255.252). root@OpenWrt:~# ip route show table 44 | grep 90.155.50.144.131.170.0/30 via 90.155.50.1 dev tunl0 proto 44 onlink window 840 Are you certain that you have the tunnel setup? Feel free to message me offline if you're running Linux/OpenWrt.
- KB3VWG
For use with amprd (not ampr-ripd), the interface is correctly subnetted (/8, meaning the whole ampr network is reachable by that interface, as per before the /10 sale).
Also, the routes are internal to amprd, and not in any routing table as expected when using ampr-ripd.
There may be another issue when using recent kernels (4.9 and newer):
Because of the changes in the kernel, ipip protocol handling by the kernel is done incorrectly in case of raw sockets, and will result in sending a icmp protocol unreachable back to the communication partners.
This can be solved by filtering outgoing icmp messages, or use the latest amprd version which features a kernel plugin to work around this problem.
I would strongly recommend to drop amprd and switch to the native ipip tunnel handling and ampr-ripd.
Marius, YO2LOJ
On 25.01.2020 18:54, lleachii--- via 44Net wrote:
Bill, Also, I noticed your interface is Ethernet with a 1500 MTU? Also, your interface is improperly subnetted as /8 (255.0.0.0). Your network is a /30 (or 255.255.255.252). root@OpenWrt:~# ip route show table 44 | grep 90.155.50.144.131.170.0/30 via 90.155.50.1 dev tunl0 proto 44 onlink window 840 Are you certain that you have the tunnel setup? Feel free to message me offline if you're running Linux/OpenWrt.
- KB3VWG
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
BTW, if using the parameter
rip_password =
you should enter the password, or just delete/comment the parameter for the default value.
Leaving it like that would assume an empty password, which doesn't work.
On 26.01.2020 04:42, Marius Petrescu via 44Net wrote:
For use with amprd (not ampr-ripd), the interface is correctly subnetted (/8, meaning the whole ampr network is reachable by that interface, as per before the /10 sale).
Also, the routes are internal to amprd, and not in any routing table as expected when using ampr-ripd.
There may be another issue when using recent kernels (4.9 and newer):
Because of the changes in the kernel, ipip protocol handling by the kernel is done incorrectly in case of raw sockets, and will result in sending a icmp protocol unreachable back to the communication partners.
This can be solved by filtering outgoing icmp messages, or use the latest amprd version which features a kernel plugin to work around this problem.
I would strongly recommend to drop amprd and switch to the native ipip tunnel handling and ampr-ripd.
Marius, YO2LOJ
On 25.01.2020 18:54, lleachii--- via 44Net wrote:
Bill, Also, I noticed your interface is Ethernet with a 1500 MTU? Also, your interface is improperly subnetted as /8 (255.0.0.0). Your network is a /30 (or 255.255.255.252). root@OpenWrt:~# ip route show table 44 | grep 90.155.50.144.131.170.0/30 via 90.155.50.1 dev tunl0 proto 44 onlink window 840 Are you certain that you have the tunnel setup? Feel free to message me offline if you're running Linux/OpenWrt.
- KB3VWG
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Additionally, it seems to be working from 44.182.21.1:
root@vps62907:~# ping 44.131.170.1 PING 44.131.170.1 (44.131.170.1) 56(84) bytes of data. 64 bytes from 44.131.170.1: icmp_seq=1 ttl=64 time=47.6 ms 64 bytes from 44.131.170.1: icmp_seq=2 ttl=64 time=47.6 ms 64 bytes from 44.131.170.1: icmp_seq=3 ttl=64 time=48.0 ms 64 bytes from 44.131.170.1: icmp_seq=4 ttl=64 time=48.0 ms 64 bytes from 44.131.170.1: icmp_seq=5 ttl=64 time=47.6 ms 64 bytes from 44.131.170.1: icmp_seq=6 ttl=64 time=49.1 ms 64 bytes from 44.131.170.1: icmp_seq=7 ttl=64 time=47.3 ms 64 bytes from 44.131.170.1: icmp_seq=8 ttl=64 time=47.9 ms 64 bytes from 44.131.170.1: icmp_seq=9 ttl=64 time=48.0 ms
root@vps62907:~# traceroute -I 44.131.170.1 traceroute to 44.131.170.1 (44.131.170.1), 30 hops max, 60 byte packets 1 m1bkf.ampr.org (44.131.170.1) 53.323 ms 54.589 ms 56.038 ms root@vps62907:~#
On 26.01.2020 04:55, Marius Petrescu via 44Net wrote:
BTW, if using the parameter
rip_password =
you should enter the password, or just delete/comment the parameter for the default value.
Leaving it like that would assume an empty password, which doesn't work.
On 26.01.2020 04:42, Marius Petrescu via 44Net wrote:
For use with amprd (not ampr-ripd), the interface is correctly subnetted (/8, meaning the whole ampr network is reachable by that interface, as per before the /10 sale).
Also, the routes are internal to amprd, and not in any routing table as expected when using ampr-ripd.
There may be another issue when using recent kernels (4.9 and newer):
Because of the changes in the kernel, ipip protocol handling by the kernel is done incorrectly in case of raw sockets, and will result in sending a icmp protocol unreachable back to the communication partners.
This can be solved by filtering outgoing icmp messages, or use the latest amprd version which features a kernel plugin to work around this problem.
I would strongly recommend to drop amprd and switch to the native ipip tunnel handling and ampr-ripd.
Marius, YO2LOJ
On 25.01.2020 18:54, lleachii--- via 44Net wrote:
Bill, Also, I noticed your interface is Ethernet with a 1500 MTU? Also, your interface is improperly subnetted as /8 (255.0.0.0). Your network is a /30 (or 255.255.255.252). root@OpenWrt:~# ip route show table 44 | grep 90.155.50.144.131.170.0/30 via 90.155.50.1 dev tunl0 proto 44 onlink window 840 Are you certain that you have the tunnel setup? Feel free to message me offline if you're running Linux/OpenWrt.
- KB3VWG
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Same here, working from 44.92.21.1 etc
root@gwpi:~# ping 44.182.21.1 PING 44.182.21.1 (44.182.21.1) 56(84) bytes of data. 64 bytes from 44.182.21.1: icmp_seq=1 ttl=64 time=184 ms 64 bytes from 44.182.21.1: icmp_seq=2 ttl=64 time=181 ms ^C
On Sat, Jan 25, 2020 at 9:02 PM Marius Petrescu via 44Net 44net@mailman.ampr.org wrote:
Additionally, it seems to be working from 44.182.21.1:
root@vps62907:~# ping 44.131.170.1 PING 44.131.170.1 (44.131.170.1) 56(84) bytes of data. 64 bytes from 44.131.170.1: icmp_seq=1 ttl=64 time=47.6 ms 64 bytes from 44.131.170.1: icmp_seq=2 ttl=64 time=47.6 ms 64 bytes from 44.131.170.1: icmp_seq=3 ttl=64 time=48.0 ms 64 bytes from 44.131.170.1: icmp_seq=4 ttl=64 time=48.0 ms 64 bytes from 44.131.170.1: icmp_seq=5 ttl=64 time=47.6 ms 64 bytes from 44.131.170.1: icmp_seq=6 ttl=64 time=49.1 ms 64 bytes from 44.131.170.1: icmp_seq=7 ttl=64 time=47.3 ms 64 bytes from 44.131.170.1: icmp_seq=8 ttl=64 time=47.9 ms 64 bytes from 44.131.170.1: icmp_seq=9 ttl=64 time=48.0 ms
root@vps62907:~# traceroute -I 44.131.170.1 traceroute to 44.131.170.1 (44.131.170.1), 30 hops max, 60 byte packets 1 m1bkf.ampr.org (44.131.170.1) 53.323 ms 54.589 ms 56.038 ms root@vps62907:~#
On 26.01.2020 04:55, Marius Petrescu via 44Net wrote:
BTW, if using the parameter
rip_password =
you should enter the password, or just delete/comment the parameter for the default value.
Leaving it like that would assume an empty password, which doesn't work.
On 26.01.2020 04:42, Marius Petrescu via 44Net wrote:
For use with amprd (not ampr-ripd), the interface is correctly subnetted (/8, meaning the whole ampr network is reachable by that interface, as per before the /10 sale).
Also, the routes are internal to amprd, and not in any routing table as expected when using ampr-ripd.
There may be another issue when using recent kernels (4.9 and newer):
Because of the changes in the kernel, ipip protocol handling by the kernel is done incorrectly in case of raw sockets, and will result in sending a icmp protocol unreachable back to the communication partners.
This can be solved by filtering outgoing icmp messages, or use the latest amprd version which features a kernel plugin to work around this problem.
I would strongly recommend to drop amprd and switch to the native ipip tunnel handling and ampr-ripd.
Marius, YO2LOJ
On 25.01.2020 18:54, lleachii--- via 44Net wrote:
Bill, Also, I noticed your interface is Ethernet with a 1500 MTU? Also, your interface is improperly subnetted as /8 (255.0.0.0). Your network is a /30 (or 255.255.255.252). root@OpenWrt:~# ip route show table 44 | grep 90.155.50.144.131.170.0/30 via 90.155.50.1 dev tunl0 proto 44 onlink window 840 Are you certain that you have the tunnel setup? Feel free to message me offline if you're running Linux/OpenWrt.
- KB3VWG
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
On 26/01/2020 03:01, Marius Petrescu via 44Net wrote:
Additionally, it seems to be working from 44.182.21.1:
Yep and I can:
piver - [~] $ ping -c3 -Iampr0 44.182.21.1 PING 44.182.21.1 (44.182.21.1) from 44.131.170.1 ampr0: 56(84) bytes of data. 64 bytes from 44.182.21.1: icmp_seq=1 ttl=64 time=48.1 ms 64 bytes from 44.182.21.1: icmp_seq=2 ttl=64 time=47.5 ms 64 bytes from 44.182.21.1: icmp_seq=3 ttl=64 time=49.8 ms
--- 44.182.21.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 47.581/48.503/49.803/0.979 ms
Still can't ping 44.92.21.35 or 44.92.21.50
I've had this working a while back, but might have been pre-raspian upgrade, what could that have done?
And any suggestions what I should do about leaking non-44 packets over ampr0?
Thanks. Bill (M1BKF)
BTW, if using the parameter
rip_password =
OK, zapped that. Running "amprd -d" gets me:
Default gateway: 192.168.1.1 via dev 2. Creating tunnel: ampr0 Prefix for ampr0: 44.131.170.1 Network prefix length not set - assuming "/8" Receiving RIPv2 for ampr0: yes Saving routes for ampr0: yes Setting routes received by ampr0: no RIPv2 gateway ignore list for ampr0: 90.155.50.1 Call home set to M1BKF@JO02pp
Loaded 753 entries from /var/lib/amprd/ampr0.txt Setting all routes on ampr0. Set host route to 44.130.237.0 on dev 2. Set host route to 44.130.236.0 on dev 2. Set host route to 44.130.235.0 on dev 2. Set host route to 44.130.234.0 on dev 2. Set host route to 44.130.107.0 on dev 2. Set host route to 44.94.17.128 on dev 2. Set host route to 44.130.104.0 on dev 2. Set host route to 44.130.105.0 on dev 2. Set host route to 44.130.106.0 on dev 2. Set host route to 44.136.150.0 on dev 2. Calling home for tunnel ampr0 on port 59002: M1BKF@JO02pp
Bill and Marius,
root@OpenWrt:~# ping 44.131.170.1 -I 44.60.44.1 PING 44.131.170.1 (44.131.170.1) from 44.60.44.1: 56 data bytes ^C --- 44.131.170.1 ping statistics --- 8 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# tcpdump -vv -n -i eth0.2 proto 4 and host 90.155.50.1
tcpdump: listening on eth0.2, link-type EN10MB (Ethernet), capture size 262144 bytes 15:24:55.542645 IP (tos 0x0, ttl 64, id 5816, offset 0, flags [DF], proto IPIP (4), length 104) 138.88.77.89 > 90.155.50.1: IP (tos 0x0, ttl 64, id 33597, offset 0, flags [DF], proto ICMP (1), length 84) 44.60.44.1 > 44.131.170.1: ICMP echo request, id 29441, seq 0, length 64 15:24:56.542951 IP (tos 0x0, ttl 64, id 5893, offset 0, flags [DF], proto IPIP (4), length 104) 138.88.77.89 > 90.155.50.1: IP (tos 0x0, ttl 64, id 33922, offset 0, flags [DF], proto ICMP (1), length 84) 44.60.44.1 > 44.131.170.1: ICMP echo request, id 29441, seq 1, length 64 15:24:57.543362 IP (tos 0x0, ttl 64, id 6365, offset 0, flags [DF], proto IPIP (4), length 104) 138.88.77.89 > 90.155.50.1: IP (tos 0x0, ttl 64, id 34371, offset 0, flags [DF], proto ICMP (1), length 84) 44.60.44.1 > 44.131.170.1: ICMP echo request, id 29441, seq 2, length 64 15:24:58.543757 IP (tos 0x0, ttl 64, id 6964, offset 0, flags [DF], proto IPIP (4), length 104) 138.88.77.89 > 90.155.50.1: IP (tos 0x0, ttl 64, id 34746, offset 0, flags [DF], proto ICMP (1), length 84) 44.60.44.1 > 44.131.170.1: ICMP echo request, id 29441, seq 3, length 64 15:24:59.544129 IP (tos 0x0, ttl 64, id 7262, offset 0, flags [DF], proto IPIP (4), length 104) 138.88.77.89 > 90.155.50.1: IP (tos 0x0, ttl 64, id 35223, offset 0, flags [DF], proto ICMP (1), length 84) 44.60.44.1 > 44.131.170.1: ICMP echo request, id 29441, seq 4, length 64 15:25:00.544441 IP (tos 0x0, ttl 64, id 7662, offset 0, flags [DF], proto IPIP (4), length 104) 138.88.77.89 > 90.155.50.1: IP (tos 0x0, ttl 64, id 36172, offset 0, flags [DF], proto ICMP (1), length 84) 44.60.44.1 > 44.131.170.1: ICMP echo request, id 29441, seq 5, length 64 15:25:01.544762 IP (tos 0x0, ttl 64, id 8099, offset 0, flags [DF], proto IPIP (4), length 104) 138.88.77.89 > 90.155.50.1: IP (tos 0x0, ttl 64, id 36590, offset 0, flags [DF], proto ICMP (1), length 84) 44.60.44.1 > 44.131.170.1: ICMP echo request, id 29441, seq 6, length 64 15:25:02.545124 IP (tos 0x0, ttl 64, id 8706, offset 0, flags [DF], proto IPIP (4), length 104) 138.88.77.89 > 90.155.50.1: IP (tos 0x0, ttl 64, id 36794, offset 0, flags [DF], proto ICMP (1), length 84) 44.60.44.1 > 44.131.170.1: ICMP echo request, id 29441, seq 7, length 64 ^C 8 packets captured 8 packets received by filter
0 packets dropped by kernel
root@OpenWrt:~# ipset test ipipfilter 90.155.50.1 Warning: 90.155.50.1 is in set ipipfilter.
root@OpenWrt:~# ip route get 44.131.170.1 from 44.60.44.1 44.131.170.1 from 44.60.44.1 via 90.155.50.1 dev tunl0 table 44 uid 0 cache expires 573sec mtu 1480 window 840
Nothing RX.
Also .254 is an AMPR-only IP you can ping (no DNS record).
-KB3VWG
BIll and Marius,
root@OpenWrt:~# cat /etc/config/encap.txt | grep UTC # encap.txt file - saved by ampr-ripd (UTC) Sun Jan 26 16:20:47 2020 root@OpenWrt:~# cat /etc/config/encap.txt | grep 90.155.50.1 route addprivate 44.131.170/30 encap 90.155.50.1
-KB3VWG
-
lleachii@aol.com -
Marius Petrescu -
Steve L -
W.B.Hill