Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X: Difference between revisions

From 44Net Wiki
Jump to navigation Jump to search
No edit summary
m (Update)
(25 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Info ==
These are the steps for setting up a fully functional AMPR gateway on Ubiquiti's EdgeRouter Light and EdgeRouter-X.
These are the steps for setting up a fully functional AMPR gateway on Ubiquiti's EdgeRouter Light and EdgeRouter-X.
Tested and found working on the following firmware versions:
ER3 Light 1.10.8
ER3 Light 1.10.9
ER-X 1.10.9
ER3 Light 2.0.0
ER3 Light 2.0.1
ER3 Light 2.0.3
ER3 Light 2.0.4
ER3 Light 2.0.5
ER3 Light 2.0.8




<span style="color: red;">'''NOTE: THE SETUP SCRIPT DOES NOT SECURE YOUR ROUTER. YOU NEED TO SET UP FIREWALL ROULES YOURSELF.'''</span>
<span style="color: red;">'''NOTE: THE SETUP SCRIPT DOES NOT SECURE YOUR ROUTER. YOU NEED TO SET UP FIREWALL RULES YOURSELF.'''</span>




Line 14: Line 26:
</blockquote>
</blockquote>


; On a firmware update, you need to reinstall ampr-ripd, since the file system gets replaced. The tunnel setup and the status wizard will stay.


1. First add tunnel interface. You need to reserve an AMPR address from your AMPR subnet for the tunnel interface.
== Tunnel Setup ==
If you have a /32 assignement, you need to use that one, else pick an unused address.
First add tunnel interface. You need to reserve an AMPR address from your AMPR subnet for the tunnel interface.
Use the name 'tun44' for the tunnel, don't be creative since the script depends on this name.
If you have a /32 assignment, you need to use that one, else pick an unused address.
 
<span style="color: red;">Use the name 'tun44' for the tunnel, don't get creative since the script depends on this name.</span>


- Config Tree -> add tun44 -> Update List
- Config Tree -> add tun44 -> Update List


- tun44:
- tun44:
<blockquote>
  address: <your AMPR IP assigned to the router>/32 <span style="color: red;">(this needs to be /32, no matter your allocated subnet, see above)</span>
address: <your AMPR IP assigned to the router, see above>/32 (this MUST be 0.0.0.0, no matter what, to allow P2MP connections)
  description: AMPR GW
  encapsulation: ipip
  local-ip: <your WAN IP - ISP assigned or router's DMZ IP>
  remote-ip: 0.0.0.0 <span style="color: red;">(this MUST be 0.0.0.0, no matter what, to allow P2MP connections)</span>


description: AMPR GW
- tun44 -> disable-link-detect, press + right of it to enable
 
encapsulation: ipip
 
local-ip: <your WAN IP - ISP assigned or router's DMZ IP>
 
remote-ip: 0.0.0.0 (this MUST be 0.0.0.0, no matter what)
 
</blockquote>
- tun44 -> disabe-link-detect, press + right of it to enable


- Press Preview and Apply
- Press Preview and Apply


If you prefer to do it by CLI:
If you prefer to do it by CLI:
<blockquote><span style="font-family:Courier;">
  ubnt@YO2LOJ-ER3:~$ configure
ubnt@YO2LOJ-ER3:~$ configure
  ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44
 
  ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 local-ip <put the external ip>
ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44
  ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 remote-ip <span style="color: red;">0.0.0.0</span>
 
  ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 encapsulation ipip
ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 local-ip <put the external ip>
  ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 address <44net router ip><span style="color: red;">/32</span>
  ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 description "AMPR GW"
  ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 disable-link-detect
  ubnt@YO2LOJ-ER3:~$ commit; save


ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 remote-ip 0.0.0.0
== Installing ampr-ripd ==
 
Download your packages from here (read this section to the end...):
ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 encapsulation ipip
 
ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 address <44net router ip>/32
 
ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 description "AMPR GW"
 
ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 disable-link-detect
 
ubnt@YO2LOJ-ER3:~$ commit; save
</span></blockquote>
 
2. Download your packages from here (read this section to the end...):


Find the EdgeRouter setup package here: http://www.yo2loj.ro/hamprojects/Ampr_EdgeRouter.tgz (mips64)
Find the EdgeRouter setup package here: http://www.yo2loj.ro/hamprojects/Ampr_EdgeRouter.tgz (mips64)
Line 73: Line 73:


a. First, log in and become root (don't omit that '-'):
a. First, log in and become root (don't omit that '-'):
<blockquote><span style="font-family:Courier;">
  Welcome to EdgeOS
Welcome to EdgeOS
  ubnt@YO2LOJ-ER3:~$ sudo su -
 
ubnt@YO2LOJ-ER3:~$ sudo su -
 
</span></blockquote>
 
b. Now download the correct package as described in the links above and unpack it:
<blockquote><span style="font-family:Courier;">
root@YO2LOJ-ER3:~# curl http://yo2loj.ro/hamprojects/Ampr_EdgeRouter.tgz -o er.tgz


<i>(you should get some download stats here...)</i>
b. Now download <span style="color: red;">the correct package</span> as described in the links above and unpack it:
 
root@YO2LOJ-ER3:~# ls
 
er.tgz
 
root@YO2LOJ-ER3:~# tar -xf er.tgz
 
</span></blockquote>


EdgeRouter Lite3, possibly ER4, ER6 (mips64):
  root@YO2LOJ-ER3:~# curl http://yo2loj.ro/hamprojects/Ampr_EdgeRouter.tgz -o er.tgz
  <i>(you should get some download stats here...)</i>
EdgeRouter X (mipsel):
  root@YO2LOJ-ERX:~# curl http://yo2loj.ro/hamprojects/Ampr_EdgeRouterX.tgz -o er.tgz
  <i>(you should get some download stats here...)</i>
Check and unpack:
  root@YO2LOJ-ER3:~# ls
  er.tgz
  root@YO2LOJ-ER3:~# tar -xf er.tgz
c. install the package:
c. install the package:
<blockquote><span style="font-family:Courier;">
  root@YO2LOJ-ER3:~# ./install.sh
root@YO2LOJ-ER3:~# ./install.sh
 
</span></blockquote>


d. edit the startup script to fit your needs. This is only needed if your router is behind NAT or you need to reject specific subnets. Edit only the -a options like below, don't touch the rest. If you want to have your position shown on the ampr map, also add the -L option using your callsign and your QTH locator ( -L your-call@AA00aa ).
d. edit the startup script to fit your needs. This is only needed if your router is behind NAT or you need to reject specific subnets. Edit only the -a options like below, don't touch the rest. If you want to have your position shown on the ampr map, also add the -L option using your callsign and your QTH locator ( -L your-call@AA00aa ).
<blockquote><span style="font-family:Courier;">
  root@YO2LOJ-ER3:~# cd /etc
root@YO2LOJ-ER3:~# cd /etc
  root@YO2LOJ-ER3:/etc# vi ampr.sh
 
  <span style="color: blue;"><i><press insert to start editing></i></span>
root@YO2LOJ-ER3:/etc# vi ampr.sh
  [...]
 
  ampr-ripd -s -t 44 -i tun44 -m 90 -a 44.128.1.0/24,44.128.2.0/24,your.gw.com <i>(adapt this list to your needs - commna separated, no spaces)</i>
<i><press insert to start editing></i>
  ~
 
  ~
[...]
  ~
 
  <span style="color: blue;"><i><press esc>:wq (to save and exit - yes, vi is strange)</i></span>
ampr-ripd -s -t 44 -i tun44 -m 90 -a 44.128.1.0/24,44.128.2.0/24,your.gw.com <i>(adapt this list to your needs - commna separated, no spaces)</i>
 
~
 
~
 
~
 
<i><press esc>:wq (to save and exit - yes, vi is strange)</i>
 
</span></blockquote>


e. Now run the startup script:
e. Now run the startup script:
<blockquote><span style="font-family:Courier;">
  root@YO2LOJ-ER3:/etc# ./ampr.sh
root@YO2LOJ-ER3:/etc# ./ampr.sh
 
</span></blockquote>
(On router restart, this will happen automatically)
(On router restart, this will happen automatically)


That should do it :-)
<span style="color: red;">'''NOTE: THE SETUP SCRIPT DOES NOT SECURE YOUR ROUTER. YOU NEED TO SET UP FIREWALL ROULES YOURSELF.'''</span>


<span style="color: red;">'''NOTE: THE SETUP SCRIPT DOES NOT SECURE YOUR ROUTER. YOU NEED TO SET UP FIREWALL RULES YOURSELF.'''</span>


3. Optionally you can install a status page in the wizzard section.
== Adding a Local AMPR subnet ==
To use a local AMPR subnet, just assign the router's AMPR IP with the proper subnet mask to a local network interface, using the regular EdgeRouter management interface. Remember to also set up the proper firewall rules to allow or disallow access to your hosts.


Download here: http://www.yo2loj.ro/hamprojects/Ampr_Status_Wizard.tar
== Status Wizard ==
Optionally you can install a status page in the wizard section.


Download here: http://www.yo2loj.ro/hamprojects/Ampr_Status_Wizard.tar and add it in your configuration wizard tab.


Marius, YO2LOJ
On firmware update, there is no need to reinstall the wizard.

Revision as of 23:04, 6 December 2019

Info

These are the steps for setting up a fully functional AMPR gateway on Ubiquiti's EdgeRouter Light and EdgeRouter-X. Tested and found working on the following firmware versions:

ER3 Light 1.10.8
ER3 Light 1.10.9
ER-X 1.10.9
ER3 Light 2.0.0
ER3 Light 2.0.1
ER3 Light 2.0.3
ER3 Light 2.0.4
ER3 Light 2.0.5
ER3 Light 2.0.8


NOTE: THE SETUP SCRIPT DOES NOT SECURE YOUR ROUTER. YOU NEED TO SET UP FIREWALL RULES YOURSELF.


We start assuming you have a complete working and configured router, that already has internet access (a configured WAN port and a local LAN).

For technical reasons, this set-up does not support dynamic assigned WAN addresses. If you have a dynamic IP, this setup can only be used in the primary router's DMZ.

Some technical details:

We will use an IPIP tunnel interface called 'tun44' connected to your external interface (with a fixed public IP or an interface in a DMZ). All ampr routes will be created in routing table 44. Routing table 45 will be used for routing requests from the public internet back via the ampr-gw.

On a firmware update, you need to reinstall ampr-ripd, since the file system gets replaced. The tunnel setup and the status wizard will stay.

Tunnel Setup

First add tunnel interface. You need to reserve an AMPR address from your AMPR subnet for the tunnel interface. If you have a /32 assignment, you need to use that one, else pick an unused address.

Use the name 'tun44' for the tunnel, don't get creative since the script depends on this name.

- Config Tree -> add tun44 -> Update List

- tun44:

 address: <your AMPR IP assigned to the router>/32 (this needs to be /32, no matter your allocated subnet, see above)
 description: AMPR GW
 encapsulation: ipip
 local-ip: <your WAN IP - ISP assigned or router's DMZ IP>
 remote-ip: 0.0.0.0 (this MUST be 0.0.0.0, no matter what, to allow P2MP connections)

- tun44 -> disable-link-detect, press + right of it to enable

- Press Preview and Apply

If you prefer to do it by CLI:

 ubnt@YO2LOJ-ER3:~$ configure
 ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44
 ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 local-ip <put the external ip>
 ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 remote-ip 0.0.0.0
 ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 encapsulation ipip
 ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 address <44net router ip>/32
 ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 description "AMPR GW"
 ubnt@YO2LOJ-ER3:~$ set interfaces tunnel tun44 disable-link-detect
 ubnt@YO2LOJ-ER3:~$ commit; save

Installing ampr-ripd

Download your packages from here (read this section to the end...):

Find the EdgeRouter setup package here: http://www.yo2loj.ro/hamprojects/Ampr_EdgeRouter.tgz (mips64)

For the EdgeRouterX setup use this one: http://www.yo2loj.ro/hamprojects/Ampr_EdgeRouterX.tgz (mipsel)


In short, get it, unpack on the router and run the install.sh script.

Then edit your startup script if needed, and run it.


Now the details...


a. First, log in and become root (don't omit that '-'):

 Welcome to EdgeOS
 ubnt@YO2LOJ-ER3:~$ sudo su -

b. Now download the correct package as described in the links above and unpack it:

EdgeRouter Lite3, possibly ER4, ER6 (mips64):

 root@YO2LOJ-ER3:~# curl http://yo2loj.ro/hamprojects/Ampr_EdgeRouter.tgz -o er.tgz
 (you should get some download stats here...)

EdgeRouter X (mipsel):

 root@YO2LOJ-ERX:~# curl http://yo2loj.ro/hamprojects/Ampr_EdgeRouterX.tgz -o er.tgz
 (you should get some download stats here...)

Check and unpack:

 root@YO2LOJ-ER3:~# ls
 er.tgz
 root@YO2LOJ-ER3:~# tar -xf er.tgz

c. install the package:

 root@YO2LOJ-ER3:~# ./install.sh

d. edit the startup script to fit your needs. This is only needed if your router is behind NAT or you need to reject specific subnets. Edit only the -a options like below, don't touch the rest. If you want to have your position shown on the ampr map, also add the -L option using your callsign and your QTH locator ( -L your-call@AA00aa ).

 root@YO2LOJ-ER3:~# cd /etc
 root@YO2LOJ-ER3:/etc# vi ampr.sh
 <press insert to start editing>
 [...]
 ampr-ripd -s -t 44 -i tun44 -m 90 -a 44.128.1.0/24,44.128.2.0/24,your.gw.com (adapt this list to your needs - commna separated, no spaces)
 ~
 ~
 ~
 <press esc>:wq (to save and exit - yes, vi is strange)

e. Now run the startup script:

 root@YO2LOJ-ER3:/etc# ./ampr.sh

(On router restart, this will happen automatically)


NOTE: THE SETUP SCRIPT DOES NOT SECURE YOUR ROUTER. YOU NEED TO SET UP FIREWALL RULES YOURSELF.

Adding a Local AMPR subnet

To use a local AMPR subnet, just assign the router's AMPR IP with the proper subnet mask to a local network interface, using the regular EdgeRouter management interface. Remember to also set up the proper firewall rules to allow or disallow access to your hosts.

Status Wizard

Optionally you can install a status page in the wizard section.

Download here: http://www.yo2loj.ro/hamprojects/Ampr_Status_Wizard.tar and add it in your configuration wizard tab.

On firmware update, there is no need to reinstall the wizard.