Hello,
For thos who like experimenting...
I managed to implement the complete AMPR gateway tunnelling setup on a Mikrotik router by a scheduled script on the router only. Tested on my RB100AHx2 with ROS 6.34.2
You can find it on http://www.yo2loj.ro/hamprojects/ Direct link: http://www.yo2loj.ro/hamprojects/ampr-gw-1.0.txt
Setup details are in the initial comments of the script.
Enjoy. Marius, YO2LOJ
Hi Marius -- just joined here glad to see you back. Hope alls ok. I'll give this a test.
Leon
On 2/24/2016 5:51 AM, Marius Petrescu wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hello,
For thos who like experimenting...
I managed to implement the complete AMPR gateway tunnelling setup on a Mikrotik router by a scheduled script on the router only. Tested on my RB100AHx2 with ROS 6.34.2
You can find it on http://www.yo2loj.ro/hamprojects/ Direct link: http://www.yo2loj.ro/hamprojects/ampr-gw-1.0.txt
Setup details are in the initial comments of the script.
Enjoy. Marius, YO2LOJ
And a small update, to delete obsolete elements only if RIP data is available...
You can find it on http://www.yo2loj.ro/hamprojects/ Direct link: http://www.yo2loj.ro/hamprojects/ampr-gw-1.1.txt
Hi Marius...
does this look right?
My local Public is 24.115.112.147 My AMPRnet allocation is 44.56.53.1/28 I've defined 44.56.53.1/28 on physical ether 3 I was a little confused about the /8 on the ip address below seeing your defining the full /8 for AMPR net?
Having a real world commented example in the script would help.
many thanks 73 leon
====================
/interface ipip add !keepalive clamp-tcp-mss=yes local-address=24.115.112.147 \ remote-address=169.228.66.251 name=ucsd-gw
/ip address add address=44.56.53.1/8 interface=ucsd-gw network=44.0.0.0
# To be able to receive RIPv2 broadcasts into a specific table, first create a VRF:
/ip route vrf add interfaces=ucsd-gw routing-mark=44rip
# and activate passive RIP for that routing table:
/routing rip set garbage-timer=20m routing-table=44rip timeout-timer=10m update-timer=5m /routing rip interface add authentication=simple authentication-key=ThePAssword \ in-prefix-list=all interface=ucsd-gw out-prefix-list= none passive=yes receive=v2 /routing rip network add network=44.0.0.0/8
The /8 is needed to get the RIP announcements which need to have both endpoints in the same network to receive multicast RIP. You just need to have some unused 44.56.53.x/8 on the ucsd-gw. It does not matter what it is. Since that one will land on the vrf, it will not bother you and will not interfere with your regular routes..
My setup: Router public IP: 89.122.215.236 via PPPoE Router ampr IP: 44.182.21.254
/ip route vrf add interfaces=ucsd-gw routing-mark=44net /ip address add address=44.182.21.254/8 interface=ucsd-gw network=44.0.0.0 /ip address add address=44.182.21.254/24 interface=bridge-ampr network=44.182.21.0 <-- this is my local LAN
/routing prefix-lists add action=discard chain=ampr prefix=44.0.0.1/32 add chain=ampr prefix=44.0.0.0/8 add action=discard chain=ampr add action=discard chain=none add chain=all
/routing rip set garbage-timer=20m routing-table=44net timeout-timer=10m update-timer=5m /routing rip interface add authentication=simple authentication-key=<rip_password> in-prefix-list=ampr interface=ucsd-gw out-prefix-list=none passive=yes receive=v2 /routing rip network add network=44.0.0.0/8
This gives me RIP routes in passive mode, as needed by the script.
Marius, YO2LOJ
-----Original Message----- From: Leon Zetekoff Sent: Wednesday, February 24, 2016 15:31 To: 44net@hamradio.ucsd.edu Subject: Re: [44net] RIP broadcast based AMPR gateway script for Mikrotik routers
(Please trim inclusions from previous messages) _______________________________________________ Hi Marius...
does this look right?
My local Public is 24.115.112.147 My AMPRnet allocation is 44.56.53.1/28 I've defined 44.56.53.1/28 on physical ether 3 I was a little confused about the /8 on the ip address below seeing your defining the full /8 for AMPR net?
Having a real world commented example in the script would help.
many thanks 73 leon
====================
/interface ipip add !keepalive clamp-tcp-mss=yes local-address=24.115.112.147 \ remote-address=169.228.66.251 name=ucsd-gw
/ip address add address=44.56.53.1/8 interface=ucsd-gw network=44.0.0.0
# To be able to receive RIPv2 broadcasts into a specific table, first create a VRF:
/ip route vrf add interfaces=ucsd-gw routing-mark=44rip
# and activate passive RIP for that routing table:
/routing rip set garbage-timer=20m routing-table=44rip timeout-timer=10m update-timer=5m /routing rip interface add authentication=simple authentication-key=ThePAssword \ in-prefix-list=all interface=ucsd-gw out-prefix-list= none passive=yes receive=v2 /routing rip network add network=44.0.0.0/8
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Just some clarifications on the setup of the ucst gateway IPIP tunnel. It seems that the RIP messages receiving is not that easy to set up. So, from what I found out, these are the steps. These are CLI commands but they are also available in winbox and webfig.
1. Create the IPIP tunnel. Please use your own public address :-)
/interface ipip add comment="UCSD AMPR Gateway" !keepalive local-address=89.122.215.236 name=ucsd-gw remote-address=169.228.66.251
2. Set up a VRF (virtual routing and forward) entry for the ucsd-gw interface for net 44.0.0.0/8 and use some routing mark. I used "44rip". (Important - This will associate all traffic on that interface with the routing mark used)
/ip route vrf add interfaces=ucsd-gw routing-mark=44rip
3. Add an accept filter rule on the input chain for RIP, which uses UDP, src and dest port 520 on top of your fw rules
/ip firewall filter add chain=input comment=RIP dst-port=520 in-interface=ucsd-gw protocol=udp src-address=44.0.0.1 src-port=520
It also doesn't hurt to set up an accept rule for the encap protocol:
add chain=input comment="IP Encap" in-interface=RTC-PPPoE protocol=ipencap
4. Set up passive RIP routing to use routing table 44rip for the whole ampr network. Don't forget to use the proper auth key - get it from a friend).
/routing rip set garbage-timer=20m routing-table=44rip timeout-timer=10m update-timer=5m /routing rip interface add authentication=simple authentication-key=<password here> in-prefix-list=ampr interface=ucsd-gw out-prefix-list=none passive=yes receive=v2 /routing rip network add network=44.0.0.0/8
This should give proper RIP routes in routing table 44rip. You can check it using "/routing rip route print" Output should be like this:
[admin@RT1-YO2LOJ] /routing rip route> print Flags: C - connect, S - static, R - rip, O - ospf, B - bgp # DST-ADDRESS GATEWAY FROM METRIC TIMEOUT 0 R 44.0.0.0/8 1 1 R 44.2.2.0/24 157.130.198.190 44.0.0.1 2 5m46s 2 R 44.2.4.0/29 50.250.204.153 44.0.0.1 2 5m46s 3 R 44.2.5.0/25 176.183.139.74 44.0.0.1 2 5m46s 4 R 44.2.10.0/29 71.130.72.52 44.0.0.1 2 5m46s 5 R 44.2.14.0/29 50.79.156.221 44.0.0.1 2 5m46s [...] 510 R 44.208.58.0/28 87.10.236.252 44.0.0.1 2 9m12s 511 R 44.224.0.0/15 141.75.245.225 44.0.0.1 2 9m12s
I hope this helps.
Marius, YO2LOJ
And of course I forgot something:
Step 1a: Assign one of your subnet's ampr IPs to the gateway interface, but using netmask /8:
/ip address add address=44.182.21.254/8 interface=ucsd-gw network=44.0.0.0
-----Original Message----- From: Marius Petrescu Sent: Thursday, February 25, 2016 12:26 To: AMPRNet working group Subject: Re: [44net] RIP broadcast based AMPR gateway script forMikrotikrouters
(Please trim inclusions from previous messages) _______________________________________________ Just some clarifications on the setup of the ucst gateway IPIP tunnel. It seems that the RIP messages receiving is not that easy to set up. So, from what I found out, these are the steps. These are CLI commands but they are also available in winbox and webfig.
1. Create the IPIP tunnel. Please use your own public address :-)
/interface ipip add comment="UCSD AMPR Gateway" !keepalive local-address=89.122.215.236 name=ucsd-gw remote-address=169.228.66.251
2. Set up a VRF (virtual routing and forward) entry for the ucsd-gw interface for net 44.0.0.0/8 and use some routing mark. I used "44rip". (Important - This will associate all traffic on that interface with the routing mark used)
/ip route vrf add interfaces=ucsd-gw routing-mark=44rip
3. Add an accept filter rule on the input chain for RIP, which uses UDP, src and dest port 520 on top of your fw rules
/ip firewall filter add chain=input comment=RIP dst-port=520 in-interface=ucsd-gw protocol=udp src-address=44.0.0.1 src-port=520
It also doesn't hurt to set up an accept rule for the encap protocol:
add chain=input comment="IP Encap" in-interface=RTC-PPPoE protocol=ipencap
4. Set up passive RIP routing to use routing table 44rip for the whole ampr network. Don't forget to use the proper auth key - get it from a friend).
/routing rip set garbage-timer=20m routing-table=44rip timeout-timer=10m update-timer=5m /routing rip interface add authentication=simple authentication-key=<password here> in-prefix-list=ampr interface=ucsd-gw out-prefix-list=none passive=yes receive=v2 /routing rip network add network=44.0.0.0/8
This should give proper RIP routes in routing table 44rip. You can check it using "/routing rip route print" Output should be like this:
[admin@RT1-YO2LOJ] /routing rip route> print Flags: C - connect, S - static, R - rip, O - ospf, B - bgp # DST-ADDRESS GATEWAY FROM METRIC TIMEOUT 0 R 44.0.0.0/8 1 1 R 44.2.2.0/24 157.130.198.190 44.0.0.1 2 5m46s 2 R 44.2.4.0/29 50.250.204.153 44.0.0.1 2 5m46s 3 R 44.2.5.0/25 176.183.139.74 44.0.0.1 2 5m46s 4 R 44.2.10.0/29 71.130.72.52 44.0.0.1 2 5m46s 5 R 44.2.14.0/29 50.79.156.221 44.0.0.1 2 5m46s [...] 510 R 44.208.58.0/28 87.10.236.252 44.0.0.1 2 9m12s 511 R 44.224.0.0/15 141.75.245.225 44.0.0.1 2 9m12s
I hope this helps.
Marius, YO2LOJ
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
-
Leon Zetekoff -
Marius Petrescu