That wasn't from the Wiki.. that was from my fingers. --David KI6ZHD On 02/17/2019 01:14 PM, Bill Vodall via 44Net wrote:

Hi David, First thank you for your message and taking the time to answer my question. Your explaination is really well detailed and I am pretty sure I will get this working. I dont have a fix IP but I do have a vps at OVH and I was planning on using a vpn bridge to have a fix adress and have a few other service running on the vps. But I wanted to first have a working gateway. Thanks again for the time you took to answer. Will keep the group posted on the project. Pierre VE2PF ________________________________ De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de la part de David Ranch <amprgw(a)trinnet.net> Envoyé : 17 février 2019 16:11 À : AMPRNet working group Objet : Re: [44net] Can't seem to grasp something Hello Pierre, Welcome to AMPR! Ok. Log into the AMPR Portal: - Click on the top level "Home" then "Allocations". Make sure your allocation shows up as expected and make sure you denote the subnet size you have (say a /29). Remember that the first IP is the network designation and the last IP is the broadcast designation. Neither of these can be used for anything. - Click on the top level "Gateways" and second level "Manage". Here, you need to add a gateway for your AMPR subnet. This will be your external facing Internet IP address and this ideally needs to be a STATIC IP from your ISP. If it's a dynamic IP that changes often, you're going to need to update this gateway IP either via the AMPR web interface of the the AMPR API whenever it changes. At the bottom of this page, you will need to associate this gateway IP with your AMPR allocation. Click "Add network" when done. - Now configure your AMPR subnet on your eth1 interface of your Debian box. Generally speaking this should be the first IP address of the subnet. - Next, you need to ask your AMPR coordinator to set a DNS name for at least one of your AMPR addresses. For example, set the first usable IP address to something like "ve2-pf-gw". By setting this AMPR name in DNS, you then enable the RIP broadcasts to go to that IP address (your Debian machine). If you don't set this DNS name, things can still work but you'll need to manually load the ENCAPS files into your Debian box via a script. Whenever the encaps file is updated, you'd need to reload the file. - To receive and populate the AMPR routes via the RIP broadcasts (if you choose to go this route), I recommend to use YO2LOJ's ampr-ripd program. The setup of the program is pretty strait forward. After that, to get things working, you can either manually edit a copy of the script at http://wiki.ampr.org/wiki/Startampr#Script as you mentioned before but that script doesn't give you a lot of detail nor comments. Alternatively, you can look at the script I use: http://www.trinityos.com/HAM/CentosDigitalModes/usr/local/sbin/manual-ampr-… In this script, you edit in the variables at the top and just manually run it. It includes comments on how to troubleshoot things, it runs the ampr-ripd program, etc. If it's working for you and you want it to run every boot, you can start it from say /etc/rc.local. To troubleshoot your network setup, you can use various tools websites mentioned on http://wiki.ampr.org/wiki/Services http://yo2tm.ampr.org/nettools.php http://kb3vwg-010.ampr.org/tools http://speedtest.ampr.org http://n1uro.ampr.org/do.shtml --David KI6ZHD _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net

Hi David, Comments in line On Sun, Feb 17, 2019, 9:30 PM pete M via 44Net <44net(a)mailman.ampr.org wrote: It looks to me that AMPRIP should be the 44-net IP address you wish to assign your gateway - EX: 44.135.51.1. Yes, it appears to me that way. Don't forget to go through the all the steps! For example, step 3 likely will require you to uncomment (remove the preceding '#' symbol) the 'echo 1...' line. Don't be afraid to break things too much... Fixing the breakages is a wonderful way to learn! David, thanks very much for sharing your script! A couple questions for you (if you see this): 1) would you mind posting this script to the wiki - or at least linking to it?; 2) would you welcome contributions/patches to your file? If so, how would you prefer to receive/process such? 73's for now! DE AF4H

So the tunel do come up. but I dont seem able to use it. here is a look of the network state: ip -c a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link/ether 00:e0:29:3e:a9:99 brd ff:ff:ff:ff:ff:ff inet 192.168.1.195/24 brd 192.168.1.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::2e0:29ff:fe3e:a999/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether f4:ce:46:2b:a3:7b brd ff:ff:ff:ff:ff:ff 4: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1 link/ipip 0.0.0.0 brd 0.0.0.0 inet 44.135.51.1/26 scope global tunl0 valid_lft forever preferred_lft forever ANd the output of the script.. sh manual-ampr-start.sh -e creating tunl0 interface allowing TTL of 64 for traceroute support and Path-MTU discovery adding default AMPR route to 169.228.34.84 Current number of routes in AMPR44 route table: 1 -e ----------------------------------------------------------------------- default via 169.228.34.84 dev tunl0 src 44.135.51.1 onlink -e ----------------------------------------------------------------------- Enable Policy routing for traffic from 44 goes back to 44 -en Adding specific static AMPR routes to: -en [n1uro] -en [n6mef] -en [lu9dce] -en [ki6zhd-2] Current number of routes in AMPR44 route table: 5 -e ----------------------------------------------------------------------- default via 169.228.34.84 dev tunl0 src 44.135.51.1 onlink 44.4.2.152/29 via 173.167.109.217 dev tunl0 proto static onlink 44.4.10.48 via 24.4.6.65 dev tunl0 proto static onlink 44.88.0.0/27 via 24.147.182.8 dev tunl0 proto static onlink 44.153.32.97 via 181.16.42.162 dev tunl0 proto static onlink -e ----------------------------------------------------------------------- -e Ping tests for specific AMPR hosts: (known previously working hosts) -e n1uro: -e ------------------------------- PING 44.88.0.9 (44.88.0.9) 56(84) bytes of data. --- 44.88.0.9 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4088ms -e n6mef -e ------------------------------- PING 44.4.2.153 (44.4.2.153) 56(84) bytes of data. --- 44.4.2.153 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4078ms -e Enabling ampr-ripd for route learning (daemon mode) and loading cached 44.x.x.x routes -e Done I can ping the ampr gateway (169.228.34.84) so that mean at least that I am not loosing net connectivity. But a traceroute show that the traffic on the gateway is not using the tunl0 I am connected by ssh to eth0 and what I find odd is that eth1 loose its IP adress and seem down from the ip -c a command. That will be it for tonight. Thanks again for the help and all the people that help maintening this great tool that is the 44 network! Pierre VE2PF ________________________________ De : 44Net &lt;44net-bounces+petem001=hotmail.com(a)mailman.ampr.org&gt; de la part de pete M via 44Net &lt;44net(a)mailman.ampr.org&gt; Envoyé : 17 février 2019 22:34 À : AMPRNet working group Cc : pete M Objet : Re: [44net] Can't seem to grasp something OK things did moved a lot since this morning frustration ;-) Anyone looking at using that script. dont forget ( like I did) to install the net-tools package as the script use it and debian 9 does not install it by default. (apt-get install net-tools) . On the next run of the script I did got a few interresting result: root@44gateway:/home/ve2pf# sh manual-ampr-start.sh -e creating tunl0 interface allowing TTL of 64 for traceroute support and Path-MTU discovery adding default AMPR route to 169.228.34.84 Current number of routes in AMPR44 route table: 1 -e ----------------------------------------------------------------------- default via 169.228.34.84 dev tunl0 src 44.135.51.1 onlink -e ----------------------------------------------------------------------- Enable Policy routing for traffic from 44 goes back to 44 RTNETLINK answers: File exists RTNETLINK answers: File exists -en Adding specific static AMPR routes to: -en [n1uro] -en [n6mef] -en [lu9dce] -en [ki6zhd-2] Current number of routes in AMPR44 route table: 5 -e ----------------------------------------------------------------------- default via 169.228.34.84 dev tunl0 src 44.135.51.1 onlink 44.4.2.152/29 via 173.167.109.217 dev tunl0 proto static onlink 44.4.10.48 via 24.4.6.65 dev tunl0 proto static onlink 44.88.0.0/27 via 24.147.182.8 dev tunl0 proto static onlink 44.153.32.97 via 181.16.42.162 dev tunl0 proto static onlink -e ----------------------------------------------------------------------- -e Ping tests for specific AMPR hosts: (known previously working hosts) -e n1uro: -e ------------------------------- PING 44.88.0.9 (44.88.0.9) 56(84) bytes of data. --- 44.88.0.9 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4076ms -e n6mef -e ------------------------------- PING 44.4.2.153 (44.4.2.153) 56(84) bytes of data. --- 44.4.2.153 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4098ms -e Enabling ampr-ripd for route learning (daemon mode) and loading cached 44.x.x.x routes -e ampr-ripd already running; killing and restarting -e It wont die.. error! I will leave it running as I read that all the routes wont be loaded before some times. will see what I will collect from that ;-) Pierre VE2PF ________________________________ De : Don McMorris &lt;don.mcmorris(a)gmail.com&gt; Envoyé : 17 février 2019 22:09 À : AMPRNet working group Cc : pete M Objet : Re: [44net] Can't seem to grasp something Hi David, Comments in line On Sun, Feb 17, 2019, 9:30 PM pete M via 44Net <44net@mailman.ampr.org<mailto:44net@mailman.ampr.org> wrote: HI to all, One last thing before I start the script that David point me to. my allocation is a /26 so my netmask is 255.255.255.192 But inside the script there is something I am not sure of: #What is your allocated AMPR IP or AMPR gateway IP address and netmask AMPRIP="44.135.51.0" AMPRMASK="255.255.255.192" # Alternative syntax when using the "ip" command CIDRNM="32" It looks to me that AMPRIP should be the 44-net IP address you wish to assign your gateway - EX: 44.135.51.1. The CIDRNM value should it be "26"? Yes, it appears to me that way. I dont want to fire any thing before being sur that I have it all ok. Not that it will break something on my side.. I just dont want to break anything anywhere. Don't forget to go through the all the steps! For example, step 3 likely will require you to uncomment (remove the preceding '#' symbol) the 'echo 1...' line. Don't be afraid to break things too much... Fixing the breakages is a wonderful way to learn! So if anyone can help confirm, thanks! Pierre VE2PF ________________________________ De : 44Net <44net-bounces+petem001=hotmail.com@mailman.ampr.org<mailto:hotmail.com@mailman.ampr.org>> de la part de David Ranch <amprgw@trinnet.net<mailto:amprgw@trinnet.net>> Envoyé : 17 février 2019 16:11 À : AMPRNet working group Objet : Re: [44net] Can't seem to grasp something Hello Pierre, Welcome to AMPR! Ok. Log into the AMPR Portal: - Click on the top level "Home" then "Allocations". Make sure your allocation shows up as expected and make sure you denote the subnet size you have (say a /29). Remember that the first IP is the network designation and the last IP is the broadcast designation. Neither of these can be used for anything. - Click on the top level "Gateways" and second level "Manage". Here, you need to add a gateway for your AMPR subnet. This will be your external facing Internet IP address and this ideally needs to be a STATIC IP from your ISP. If it's a dynamic IP that changes often, you're going to need to update this gateway IP either via the AMPR web interface of the the AMPR API whenever it changes. At the bottom of this page, you will need to associate this gateway IP with your AMPR allocation. Click "Add network" when done. - Now configure your AMPR subnet on your eth1 interface of your Debian box. Generally speaking this should be the first IP address of the subnet. - Next, you need to ask your AMPR coordinator to set a DNS name for at least one of your AMPR addresses. For example, set the first usable IP address to something like "ve2-pf-gw". By setting this AMPR name in DNS, you then enable the RIP broadcasts to go to that IP address (your Debian machine). If you don't set this DNS name, things can still work but you'll need to manually load the ENCAPS files into your Debian box via a script. Whenever the encaps file is updated, you'd need to reload the file. - To receive and populate the AMPR routes via the RIP broadcasts (if you choose to go this route), I recommend to use YO2LOJ's ampr-ripd program. The setup of the program is pretty strait forward. After that, to get things working, you can either manually edit a copy of the script at http://wiki.ampr.org/wiki/Startampr#Script as you mentioned before but that script doesn't give you a lot of detail nor comments. Alternatively, you can look at the script I use: http://www.trinityos.com/HAM/CentosDigitalModes/usr/local/sbin/manual-ampr-… In this script, you edit in the variables at the top and just manually run it. It includes comments on how to troubleshoot things, it runs the ampr-ripd program, etc. If it's working for you and you want it to run every boot, you can start it from say /etc/rc.local. To troubleshoot your network setup, you can use various tools websites mentioned on http://wiki.ampr.org/wiki/Services http://yo2tm.ampr.org/nettools.php http://kb3vwg-010.ampr.org/tools http://speedtest.ampr.org http://n1uro.ampr.org/do.shtml --David KI6ZHD David, thanks very much for sharing your script! A couple questions for you (if you see this): 1) would you mind posting this script to the wiki - or at least linking to it?; 2) would you welcome contributions/patches to your file? If so, how would you prefer to receive/process such? _________________________________________ 44Net mailing list 44Net@mailman.ampr.org<mailto:44Net@mailman.ampr.org> https://mailman.ampr.org/mailman/listinfo/44net _________________________________________ 44Net mailing list 44Net@mailman.ampr.org<mailto:44Net@mailman.ampr.org> https://mailman.ampr.org/mailman/listinfo/44net 73's for now! DE AF4H _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net

its working!!!!! got over 700 route when I do ip route list table 44 I can ping some of the 44 network where none responded before. but I dont seem to be reachable from the outside. Anyone can ping 44.135.51.1?? from my windows machine I cant ping that adress and a traceroute end at the edcu network. Again a big thank you to David for the help and script. And to all that works on the 44 network! Pierre VE2PF ________________________________ De : 44Net &lt;44net-bounces+petem001=hotmail.com(a)mailman.ampr.org&gt; de la part de David Ranch &lt;amprgw(a)trinnet.net&gt; Envoyé : 18 février 2019 12:53 À : AMPRNet working group Objet : Re: [44net] Can't seem to grasp something Hello Pete, Ok.. I've made a comment about that in the script. I'll publish that new version in a bit. I'm not sure why you're seeing all these stray "-e" but the setup seems to be running ok/ Those are ok. Many remote AMPR stations require to learn known good AMPR routes first before they will respond to *any* traffic. What many they do is take the route list either from the RIP announcements or ENCAPS file, parse them, and then load them into an iptables firewall WHITELIST. This sometimes can take some time and if your external IP address changes often, you might have a challenge to have remote stations keep up in allowing your traffic into their stations. One station might NOT require that and that's the AMPRGW at 44.0.0.1. I've added a ping check for that IP into my script. I've added a sleep statement in the script to hopefully deal with this but it's nothing to worry about. With the setup created by this script, traffic going to an AMPR address will automatically go through the tunl0 interface. One address you should be able to ping is the AMPR default gateway. If you do that ping, you should see: $ ping 44.0.0.1 PING 44.0.0.1 (44.0.0.1) 56(84) bytes of data. 64 bytes from 44.0.0.1: icmp_seq=1 ttl=62 time=31.2 ms 64 bytes from 44.0.0.1: icmp_seq=2 ttl=62 time=29.5 ms 64 bytes from 44.0.0.1: icmp_seq=3 ttl=62 time=28.5 ms ^C --- 44.0.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 28.538/29.804/31.295/1.136 ms If you run tcpdump in another terminal window on your AMPR station using the interface connected to your external ISP, you would see all the protocol 4 encapsulation and the ICMP ping traffic inside it: tcpdump -n -i eth0 not port 22 and not port 53 and not ip6 and not arp -- 09:21:53.861892 IP 96.78.144.186 > 169.228.34.84: IP 44.4.10.41 > 44.0.0.1: ICMP echo request, id 24614, seq 1, length 64 (ipip-proto-4) 09:21:53.892722 IP 169.228.34.84 > 96.78.144.186: IP 44.0.0.1 > 44.4.10.41: ICMP echo reply, id 24614, seq 1, length 64 (ipip-proto-4) 09:21:54.863001 IP 96.78.144.186 > 169.228.34.84: IP 44.4.10.41 > 44.0.0.1: ICMP echo request, id 24614, seq 2, length 64 (ipip-proto-4) 09:21:54.892171 IP 169.228.34.84 > 96.78.144.186: IP 44.0.0.1 > 44.4.10.41: ICMP echo reply, id 24614, seq 2, length 64 (ipip-proto-4) 09:21:55.864410 IP 96.78.144.186 > 169.228.34.84: IP 44.4.10.41 > 44.0.0.1: ICMP echo request, id 24614, seq 3, length 64 (ipip-proto-4) 09:21:55.892531 IP 169.228.34.84 > 96.78.144.186: IP 44.0.0.1 > 44.4.10.41: ICMP echo reply, id 24614, seq 3, length 64 (ipip-proto-4) -- It's critical that you see both the requests AND responses and with that tcpdump command, you can also use remote sites like http://yo2tm.ampr.org/nettools.php to ping your AMPR IP address and see unsolicited protocol 4 / IPIP traffic is coming into your AMPR station. If it's not, your ISP is probably blocking this traffic and you'll need to either see if they are willing to unblock that traffic or setup a VPN with a IPIP friendly VPN provider ( http://wiki.ampr.org/wiki/AMPRNet_VPN ). --David KI6ZHD _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net

For your system to be reachable from the internet, it needs to have a registered DNS entry at ampr.org. Otherwise, the ampr gateway will not allow forwarding  traffic and it will be reachable from the 44 network only. Marius, YO2LOJ On 19.02.2019 04:35, pete M via 44Net wrote:

Thanks Marius. I already have a domain name (hamrad.ca) and I have a vps in a data center 30-50 km from my qth. I am planning on using a vpn to connexion to my vps so that I can use my vps as the entry point to my segment. (OVH wont bpg annonce my segment already asked) I will use my own DNS server on the vps. How should i fit all this in place and have my segment connected to 44 and reachable from the rest of the world. One of the first thing I want to setup is a machine that will do DMR to Dstar transcoding and a SDR server for LF/MF/HF/VHF (airspyhf+) And I want user to be able to connect either from the 44 net and the internet to both machine. ________________________________ De : 44Net &lt;44net-bounces+petem001=hotmail.com(a)mailman.ampr.org&gt; de la part de Marius Petrescu &lt;marius(a)yo2loj.ro&gt; Envoyé : 19 février 2019 01:28 À : 44net(a)mailman.ampr.org Objet : Re: [44net] Can't seem to grasp something For your system to be reachable from the internet, it needs to have a registered DNS entry at ampr.org. Otherwise, the ampr gateway will not allow forwarding traffic and it will be reachable from the 44 network only. Marius, YO2LOJ On 19.02.2019 04:35, pete M via 44Net wrote: _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net

Thanks Brain. Now I got this. How can I have a dns entry on the ampr.org dns? ________________________________ De : Brian Kantor &lt;Brian(a)bkantor.net&gt; Envoyé : 19 février 2019 14:00 À : AMPRNet working group Cc : pete M Objet : Re: [44net] Can't seem to grasp something Pete, Your allocation is 44.135.51.0/26. It is too small to be announced by BGP. It will never be directly reachable from the Internet. It *can* be reached from the Internet via the tunnel encapsulation mechanism at UCSD, but in order for that to work, you MUST have an address entry in the AMPR.ORG DNS zone. No other domain will work for that mechanism. Or you may be able to have a different subnet routed to you by someone who is already announcing their larger subnet and is willing to let you use a portion of their netspace via a VPN from their facility. But you can't do it yourself with what you have. - Brian On Tue, Feb 19, 2019 at 06:33:27PM +0000, pete M via 44Net wrote: