30 Aug
2019
30 Aug
'19
1:29 a.m.
Greatings...!!!
I'm setting up an AMPR Gateway on an Ubuntu 16.04 box. This box is behind a Ubiquiti
Unifi USG. I'm forwarding IP Protocol 4 to the internal IP of the box.
The layout of the box is two NIC cards...one that sits on my home network, the other card
will handle my 44 net allocations with connection to the rest of the AMPR Net via the AMPR
Net tunnel.
When I first bring the box up, and before I bring up the tunnel, I'm able to ping the
44 net hosts inside of my network. Using TCPDUMP I can follow the flow of packets pretty
easily. The problem starts when I bring up the tunnel. As soon the tunnel comes up, when
I try to ping one of my 44 hosts, I can see the packets are now going out on the tunnel
interface and not on the NIC card on my 44 network. I've gone through this line by
line on my scripts, and the problem starts when the actual default route to the AMPR
Gateway is added. From that point on, all the packets are sent thru the tunnel. I've
tried three different versions of scripts that I've found on the Internet and the
result is the same.
Here's one script that I got off the AMPR Wiki:
#!/bin/sh
###
## Create AMPRNet Tunnel and routing
##
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 192.168.12.158 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.2.32/27 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at UCSD
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet here)
ip route add 44.26.2.32/27 dev ens192 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for <SecretPassword>
# Put your static IP you received from your ISP here.
ampr-ripd -s -i ampr0 -a 192.168.12.158 -t 44
I've tried the obvious stuff...removing the route, re-adding the route....but I
can't seem to figure this out. Any input, ideas, suggestions would be appreciated.
73's
Albert
WB7AWL
30 Aug
30 Aug
2:25 a.m.
What kind of obvious stuff have you tried?
I don't see a route in your script to specifically take your local
subnet and direct it to the other NIC that you mentioned
I run a similar setup, and here is my startup:
https://www.qsl.net/kb9mwr/wapr/tcpip/startampr
On Thu, Aug 29, 2019 at 7:37 PM Albert Lawson via 44Net
<44net(a)mailman.ampr.org> wrote:
Greatings...!!!
I'm setting up an AMPR Gateway on an Ubuntu 16.04 box. This box is behind a Ubiquiti
Unifi USG. I'm forwarding IP Protocol 4 to the internal IP of the box.
The layout of the box is two NIC cards...one that sits on my home network, the other card
will handle my 44 net allocations with connection to the rest of the AMPR Net via the AMPR
Net tunnel.
When I first bring the box up, and before I bring up the tunnel, I'm able to ping the
44 net hosts inside of my network. Using TCPDUMP I can follow the flow of packets pretty
easily. The problem starts when I bring up the tunnel. As soon the tunnel comes up, when
I try to ping one of my 44 hosts, I can see the packets are now going out on the tunnel
interface and not on the NIC card on my 44 network. I've gone through this line by
line on my scripts, and the problem starts when the actual default route to the AMPR
Gateway is added. From that point on, all the packets are sent thru the tunnel. I've
tried three different versions of scripts that I've found on the Internet and the
result is the same.
Here's one script that I got off the AMPR Wiki:
#!/bin/sh
###
## Create AMPRNet Tunnel and routing
##
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 192.168.12.158 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes
ifconfig ampr0 multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here)
ip rule add from 44.26.2.32/27 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at UCSD
ip route add default dev ampr0 via 169.228.34.84 onlink table 44
# Route packets for our net to local interface (put your AMPRNet Subnet here)
ip route add 44.26.2.32/27 dev ens192 table 44
## Start ampr-ripd to learn rest of mesh routes
# Be sure to substitute the password you found earlier for <SecretPassword>
# Put your static IP you received from your ISP here.
ampr-ripd -s -i ampr0 -a 192.168.12.158 -t 44
I've tried the obvious stuff...removing the route, re-adding the route....but I
can't seem to figure this out. Any input, ideas, suggestions would be appreciated.
73's
Albert
WB7AWL
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
2:38 a.m.
Let me look at the URL for your script and try it out. I've seen this on my Internet
searches, but this appears to be an entirely different version.
73's
Albert
WB7AWL
-----Original Message-----
From: 44Net [mailto:44net-bounces+wb7awl=lawsonpc.com@mailman.ampr.org] On Behalf Of Steve
L via 44Net
Sent: Thursday, August 29, 2019 6:26 PM
To: AMPRNet working group <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Routing Help Please
What kind of obvious stuff have you tried?
I don't see a route in your script to specifically take your local subnet and direct
it to the other NIC that you mentioned
I run a similar setup, and here is my startup:
https://www.qsl.net/kb9mwr/wapr/tcpip/startampr
On Thu, Aug 29, 2019 at 7:37 PM Albert Lawson via 44Net <44net(a)mailman.ampr.org>
wrote:
Greatings...!!!
I'm setting up an AMPR Gateway on an Ubuntu 16.04 box. This box is behind a Ubiquiti
Unifi USG. I'm forwarding IP Protocol 4 to the internal IP of the box.
The layout of the box is two NIC cards...one that sits on my home network, the other card
will handle my 44 net allocations with connection to the rest of the AMPR Net via the AMPR
Net tunnel.
When I first bring the box up, and before I bring up the tunnel, I'm able to ping the
44 net hosts inside of my network. Using TCPDUMP I can follow the flow of packets pretty
easily. The problem starts when I bring up the tunnel. As soon the tunnel comes up, when
I try to ping one of my 44 hosts, I can see the packets are now going out on the tunnel
interface and not on the NIC card on my 44 network. I've gone through this line by
line on my scripts, and the problem starts when the actual default route to the AMPR
Gateway is added. From that point on, all the packets are sent thru the tunnel. I've
tried three different versions of scripts that I've found on the Internet and the
result is the same.
Here's one script that I got off the AMPR Wiki:
#!/bin/sh
###
## Create AMPRNet Tunnel and routing
##
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 192.168.12.158 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes ifconfig ampr0
multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44 ip rule add to
44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet
here) ip rule add from 44.26.2.32/27 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at
UCSD ip route add default dev ampr0 via 169.228.34.84 onlink table 44
# Route packets for our net to local interface (put your AMPRNet
Subnet here) ip route add 44.26.2.32/27 dev ens192 table 44
## Start ampr-ripd to learn rest of mesh routes # Be sure to
substitute the password you found earlier for <SecretPassword> # Put
your static IP you received from your ISP here.
ampr-ripd -s -i ampr0 -a 192.168.12.158 -t 44
I've tried the obvious stuff...removing the route, re-adding the route....but I
can't seem to figure this out. Any input, ideas, suggestions would be appreciated.
73's
Albert
WB7AWL
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
3:19 a.m.
Steve,
No joy....I'm getting the exact same behavior...
Here's your script...with modifications:
#!/bin/sh
# KB9MWR 07/2019 amprnet routing including rules.
# Uses ampr-ripd 1.16.3 by Marius, YO2LOJ
# Further explained at:
# http://www.qsl.net/kb9mwr/wapr/tcpip/ampr-ripd.html
##################################################################
### ENABLE IP FORWARDING ###
#
## AWL Comments - Already enabled in sysctl config file
# sysctl -w net.ipv4.ip_forward=1
########################################
### ENABLE IPIP TUNNEL INTERFACE tunl0 ###
### you must enable the tunnel before specifying routes using the tunnel
#
## AWL Comments - Already added to /etc/modules
# modprobe ipip
# My server AmprNet IP
ip addr add 44.26.2.33/32 dev tunl0
### gives tunnel its own TTL of 64 enabling traceroute over tunnel
ip tunnel change ttl 64 mode ipip tunl0
ip link set dev tunl0 up
ifconfig tunl0 mtu 1480
########
### AMPR ROUTING RULES ###
# Per PE1CHL: This is required to get routing of the net-44 traffic correct #
# and have a default route for the tunneled traffic different from the default #
# route of the system. It may be possible to get it working without this, but #
# policy based routing is so much easier. #
### Packets to and from the 44 Network use Route Table 44
#ip rule add to 44.0.0.0/8 table 44 priority 44 (old)
ip rule add to 44.0.0.0/9 table 44 priority 44
# ip rule add to 44.128.0.0/10 table 44 priority 44
ip rule add from 44.26.2.32/27 table 44 priority 45
####### TABLE 44 ROUTES ###
### Default Route [Internet Access] using AMPRGW for 44/8 hosts (optional)
### do NOT change the IP 169.228.34.84, this is the central AMPR Gateway
### and all traffic leaving AMPRnet towards the internet MUST pass this router.
ip route add default dev tunl0 via 169.228.34.84 onlink table 44
# ^new ucsd address 5/2017
#
# Adds local 44 Wireless LAN network to Table 44
ip route add 44.26.2.32/27 dev ens192 table 44
####################################
#
# For OpenVPN tunnel
# ip route add 44.92.21.128/25 dev tun0 table 44
# Needed to get data to flow between eth1 and tun0 (OpenVPN):
# iptables -t nat -A POSTROUTING -s 44.92.21.128/25 -d 44.92.21.0/25 -j MASQUERADE
#
#Firewall Rules to drop all network 44 traffic
##iptables -A INPUT -i tunl0 -p all ! -s 44.0.0.0/8 -j DROP (old)
#iptables -A INPUT -i tunl0 -p all ! -s 44.0.0.0/9 -D DROP
#iptables -A INPUT -i tunl0 -p all ! -s 44.128.0.0/10 -j DROP
#
#Other good practice rules:
# This prevents nested ipencap
# iptables -t raw -I PREROUTING -p 4 -i tunl0 -j DROP
# This prevents a general loop
# iptables -I FORWARD -i tunl0 -o tunl0 -j DROP
# Drops outbound unassigned IPs from looping though tunl0 via ipencap
# iptables -I FORWARD ! -s 44.26.2.32/27 -o tunl0 -j DROP
#
########################################
### STARTS THE ampr-ripd ROUTER DAMEON
# -s saves routes to /var/lib/ampr-ripd/encap.txt
# -r use raw socket instead of multicast
# -t routing table to use
# -i tunnel interface to use
# -p RIPv2 password (latest ampr-ripd defaults to the current valid password)
# -a ampr subnets to be ignored (remove your allocation from the table)
ampr-ripd -s -r -t 44 -i tunl0 -a 44.26.2.32/27
-----Original Message-----
From: 44Net [mailto:44net-bounces+wb7awl=lawsonpc.com@mailman.ampr.org] On Behalf Of
Albert Lawson via 44Net
Sent: Thursday, August 29, 2019 6:38 PM
To: AMPRNet working group <44net(a)mailman.ampr.org>
Cc: Albert Lawson <wb7awl(a)LAWSONPC.COM>
Subject: Re: [44net] Routing Help Please
Let me look at the URL for your script and try it out. I've seen this on my Internet
searches, but this appears to be an entirely different version.
73's
Albert
WB7AWL
-----Original Message-----
From: 44Net [mailto:44net-bounces+wb7awl=lawsonpc.com@mailman.ampr.org] On Behalf Of Steve
L via 44Net
Sent: Thursday, August 29, 2019 6:26 PM
To: AMPRNet working group <44net(a)mailman.ampr.org>
Cc: Steve L <kb9mwr(a)gmail.com>
Subject: Re: [44net] Routing Help Please
What kind of obvious stuff have you tried?
I don't see a route in your script to specifically take your local subnet and direct
it to the other NIC that you mentioned
I run a similar setup, and here is my startup:
https://www.qsl.net/kb9mwr/wapr/tcpip/startampr
On Thu, Aug 29, 2019 at 7:37 PM Albert Lawson via 44Net <44net(a)mailman.ampr.org>
wrote:
Greatings...!!!
I'm setting up an AMPR Gateway on an Ubuntu 16.04 box. This box is behind a Ubiquiti
Unifi USG. I'm forwarding IP Protocol 4 to the internal IP of the box.
The layout of the box is two NIC cards...one that sits on my home network, the other card
will handle my 44 net allocations with connection to the rest of the AMPR Net via the AMPR
Net tunnel.
When I first bring the box up, and before I bring up the tunnel, I'm able to ping the
44 net hosts inside of my network. Using TCPDUMP I can follow the flow of packets pretty
easily. The problem starts when I bring up the tunnel. As soon the tunnel comes up, when
I try to ping one of my 44 hosts, I can see the packets are now going out on the tunnel
interface and not on the NIC card on my 44 network. I've gone through this line by
line on my scripts, and the problem starts when the actual default route to the AMPR
Gateway is added. From that point on, all the packets are sent thru the tunnel. I've
tried three different versions of scripts that I've found on the Internet and the
result is the same.
Here's one script that I got off the AMPR Wiki:
#!/bin/sh
###
## Create AMPRNet Tunnel and routing
##
## Configure Tunnel (put your ISP you received from your ISP Here).
ip tunnel add ampr0 mode ipip local 192.168.12.158 ttl 255
## Bring it up
ip link set dev ampr0 up
## Enable Multicast in order to receive routes ifconfig ampr0
multicast
## Configure Policy Based routing
# Packets to 44/8 network use routing table 44 ip rule add to
44.0.0.0/8 table 44 priority 44
# Packets from our 44 subnet use table 44 (put your AMPRNet Subnet
here) ip rule add from 44.26.2.32/27 table 44 priority 45
## Configure static routes
# Default route for table 44 is to send traffic to amprnet gateway at
UCSD ip route add default dev ampr0 via 169.228.34.84 onlink table 44
# Route packets for our net to local interface (put your AMPRNet
Subnet here) ip route add 44.26.2.32/27 dev ens192 table 44
## Start ampr-ripd to learn rest of mesh routes # Be sure to
substitute the password you found earlier for <SecretPassword> # Put
your static IP you received from your ISP here.
ampr-ripd -s -i ampr0 -a 192.168.12.158 -t 44
I've tried the obvious stuff...removing the route, re-adding the route....but I
can't seem to figure this out. Any input, ideas, suggestions would be appreciated.
73's
Albert
WB7AWL
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
1977
days inactive
1977
days old
3 comments
2 participants
participants (2)
-
Albert Lawson -
Steve L