All,

I have implemented the dynamic IPENCAP firewall script in OpenWRT; and it works!

I had to either:

- bootstrap AMPRGW's IPENCAP firewall rule (causing the router to receive AMPRGW's first route statement, causing execution of load_ipipfilter.sh) by ampr-ripd; or

- create symbolic links for the OpenWRT OS to save encap.txt into a persistent location /etc/config (and bootstrap by creating an empty encap.txt file there), then run load_ipipfilter.sh from Startup. In addition, it would of course load all other routes/firewall rules.

- Lastly, I had to discover why, after having ran the script, I was unable to add the IPENCAP firewall rule to the ipipfilter CHAIN via Custom Firewall Rules. I just explicitly created the CHAIN by adding this rule before:

iptables -N ipipfilter

I managed to make symbolic links for encap.txt, and save it to persistent storage at /etc/config/encap.txt

I opted for the symbolic link method, as this solved another issue of not being able to load routes on startup using OpenWRT devices (due to /var/lib/ampr-ripd not being a persistent storage location in that OS.

The information has been added to the OpenWRT and ipencap wikis.

73

- Lynwood KB3VWG

On 10/12/2016 03:00 PM, Rob wrote:

I have posted it before on this mailinglist: http://hamradio.ucsd.edu/mailman/private/44net/2014-November/003577.html