44Net Wiki - User contributions [en]

Setting up a gateway on Cisco Routers

2018-06-06T06:02:40Z

4Z4ZQ:

To create a gateway using Cisco equipment you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet ports (but can be done also with one Ethernet port)

Pre requirement to the setup to work are as follows:

You have already registered with AMPRNet and got your 44.x.x.x/y allocation and it is showing in the encap.txt file (see "If you are looking to get an IP allocation within the 44/8 AMPRNet please read the Portal page.") info on the main page .

You have registered some hosts of your allocated network in the AMPRNet DNS like <your call sign>.ampr.org

The example given here here is of one Ethernet port.

You have to assign the router Ethernet port the Commercial IP

The commands are:

enable
configure terminal
interface ethernet0
ip address <and here you give the ip of the commercial isp the router is connected to> (it can also be the IP of a network the router is on (as long as this IP is accessible to the outside world))> <The NetMask of the network>

The interface name can vary depending on your router type, it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc.

(To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet port name.)

Then you have to assign the 44 AMPRNet IP .

For a router with one port any additional network IP has to be secondary and the command is:

int eth0
ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)

This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition the router has to be notified to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connected to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "any IP") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "any IP" route command described before and say to the router : "pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel"

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum commands necessary to be able to route your inside 44 net IP to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and non 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.34.84
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.34.84
ip route 169.228.34.84 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the route commands automatically

Because the route info of the gateways (the encap file) changes periodically
mainly because a lot of gateway sits on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available , one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2018-06-06T06:01:25Z

4Z4ZQ:

To create a gateway using Cisco equipment you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet ports (but can be done also with one Ethernet port)

Pre requirement to the setup to work are as follows:

You have already registered with AMPRNet and got your 44.x.x.x/y allocation and it is showing in the encap.txt file (see "If you are looking to get an IP allocation within the 44/8 AMPRNet please read the Portal page." info on the main page )

You have registered some hosts of your allocated network in the AMPRNet DNS like <your call sign>.ampr.org

The example given here here is of one Ethernet port.

You have to assign the router Ethernet port the Commercial IP

The commands are:

enable
configure terminal
interface ethernet0
ip address <and here you give the ip of the commercial isp the router is connected to> (it can also be the IP of a network the router is on (as long as this IP is accessible to the outside world))> <The NetMask of the network>

The interface name can vary depending on your router type, it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc.

(To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet port name.)

Then you have to assign the 44 AMPRNet IP .

For a router with one port any additional network IP has to be secondary and the command is:

int eth0
ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)

This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition the router has to be notified to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connected to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "any IP") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "any IP" route command described before and say to the router : "pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel"

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum commands necessary to be able to route your inside 44 net IP to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and non 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.34.84
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.34.84
ip route 169.228.34.84 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the route commands automatically

Because the route info of the gateways (the encap file) changes periodically
mainly because a lot of gateway sits on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available , one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2018-06-06T05:58:16Z

4Z4ZQ:

To create a gateway using Cisco equipment you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet ports (but can be done also with one Ethernet port)

Pre requirement to the setup to work are as follows:

You have already registered with AMPRNet and got your 44.x.x.x/y allocation and it is showing in the encap.txt file

You have registered some hosts of your allocated network in the AMPRNet DNS like <your call sign>.ampr.org

The example given here here is of one Ethernet port.

You have to assign the router Ethernet port the Commercial IP

The commands are:

enable
configure terminal
interface ethernet0
ip address <and here you give the ip of the commercial isp the router is connected to> (it can also be the IP of a network the router is on (as long as this IP is accessible to the outside world))> <The NetMask of the network>

The interface name can vary depending on your router type, it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc.

(To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet port name.)

Then you have to assign the 44 AMPRNet IP .

For a router with one port any additional network IP has to be secondary and the command is:

int eth0
ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)

This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition the router has to be notified to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connected to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "any IP") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "any IP" route command described before and say to the router : "pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel"

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum commands necessary to be able to route your inside 44 net IP to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and non 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.34.84
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.34.84
ip route 169.228.34.84 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the route commands automatically

Because the route info of the gateways (the encap file) changes periodically
mainly because a lot of gateway sits on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available , one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2018-04-16T06:56:25Z

4Z4ZQ: wrong amprgw adress fixed

To create a gateway using Cisco equipment you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet ports (but can be done also with one Ethernet port)

The example given here here is of one Ethernet port.

You have to assign the router Ethernet port the Commercial IP

The commands are:

enable
configure terminal
interface ethernet0
ip address <and here you give the ip of the commercial isp the router is connected to> (it can also be the IP of a network the router is on (as long as this IP is accessible to the outside world))> <The NetMask of the network>

The interface name can vary depending on your router type, it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc.

(To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet port name.)

Then you have to assign the 44 AMPRNet IP .

For a router with one port any additional network IP has to be secondary and the command is:

int eth0
ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)

This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition the router has to be notified to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connected to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "any IP") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "any IP" route command described before and say to the router : "pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel"

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum commands necessary to be able to route your inside 44 net IP to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and non 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.34.84
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.34.84
ip route 169.228.34.84 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the route commands automatically

Because the route info of the gateways (the encap file) changes periodically
mainly because a lot of gateway sits on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available , one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2018-04-16T06:54:04Z

4Z4ZQ: AMPRGW AT UCSD adress error

To create a gateway using Cisco equipment you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet ports (but can be done also with one Ethernet port)

The example given here here is of one Ethernet port.

You have to assign the router Ethernet port the Commercial IP

The commands are:

enable
configure terminal
interface ethernet0
ip address <and here you give the ip of the commercial isp the router is connected to> (it can also be the IP of a network the router is on (as long as this IP is accessible to the outside world))> <The NetMask of the network>

The interface name can vary depending on your router type, it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc.

(To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet port name.)

Then you have to assign the 44 AMPRNet IP .

For a router with one port any additional network IP has to be secondary and the command is:

int eth0
ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)

This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition the router has to be notified to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connected to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "any IP") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "any IP" route command described before and say to the router : "pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel"

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum commands necessary to be able to route your inside 44 net IP to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and non 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.34.84
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.34.84
ip route 169.228.33.84 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the route commands automatically

Because the route info of the gateways (the encap file) changes periodically
mainly because a lot of gateway sits on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available , one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on MikroTik Routers

2017-05-30T17:23:24Z

4Z4ZQ:

To setup a Gateway you need to have mikrotik router (all models support IPIP by default)

The example here will show the router that the WAN Port is connected to the DMZ of your Main router (the one that you get the ISP from it) and the 44 Net will appear on the Lan Port (wan and lan Referring to a home router model)

Before you start configure the DMZ of your main router at least to allow two direction (Incoming/Outgoing) traffic to the InterNet and make sure that the wan of the mikrotik router have ip on the same network of your DMZ and check that the MikroTik Interface can communicate with the Main ISP router

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

At first assign 44 Net address to your router Interface
You do it by the web : IP --> Addresses --> Add New , a new screen will open , fill your 44 Net IP 44.xxx.YYY.ZZZ/your sub net (usually it will be /24)
feel the network it should usually be same as the IP but with 0 in the end

Now chose which interface you assign this IP for , there is a drop down menu that show all of your interfaces , chose the one that connected to the local net

Now a tunnel interface have to be created between your router and the main AMPRNet router

You do it in the web by this : interfaces ---> Add New --> IP tunnel ,
a Screen will open

Change the name to say UCSD

Fill in the local address field your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

At the remote address fill the address of the AMPRNET router (169.228.34.84)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no local-address=10.0.0.180 name=UCSD \
remote-address=169.228.34.84

Make sure to check that no keep alive is active on that interface as the amprnet router dont like the keep alive data .

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.34.84/32
and at the gateway , type the ip address of the next router (for home network , it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.34.84/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

The MikroTik have ability to run an automatic script that deal with the routing to the rest of the AMPRNET networks

The script run inside the router and take care of all the routes

In general it listen to the routes advertisements send from the AMPR.ORG main router and translating it to routes commands to the router

The Script can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.rsc

The Commands to run it can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-README.txt

RIP

2017-05-24T16:30:13Z

4Z4ZQ:

Information about other AMPRNet [[gateway| gateways]] can now be received dynamically via modified [http://en.wikipedia.org/wiki/Routing_Information_Protocol RIPv2] advertisements. Previously, routes were obtained by creating a [[munge script]] that parsed [[Encap.txt]].

= RIP44 Daemons =

Two programs are available for GNU/Linux to utilize these updates:

* [[ampr-ripd]], a C based routing daemon
* [[rip44d]], a PERL based routing daemon

= Availability/Compatibility =

The RIP44 daemons have been tested and known to work on the following operating systems:

* BSD
* OpenWRT/LEDE
* Raspbian
* Slackware Linux
* Ubuntu/Debian Linux
* Vyatta/VyOS

= Non-RIP44 Workarounds =

The devices below do not possess a known, end-user method to install additional software (i.e. ampr-ripd). Operators have developed scripts to parse inbound routing packets to make them compatible for usage on AMPRNet:

* Cisco IOS (a separate machine must run the script) : look here http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Cisco_Routers at the "Making the route commands automatically" section
* JunOS
* MikroTik : look here http://www.yo2loj.ro/hamprojects/ at the "Mikrotik RIPv2 AMPR Gateway Setup Script 3.0"
* Ubiquiti OS

= See Also =

* [[startampr]] - a script that loads the routing daemon on boot on Linux server-type devices
* Instructions for [[setting up a gateway on Linux|setting up a tunnel gateway on Linux]]
* Instructions for [[setting up a gateway on OpenWRT|setting up a gateway on OpenWRT]]

RIP

2017-05-24T16:29:36Z

4Z4ZQ:

Information about other AMPRNet [[gateway| gateways]] can now be received dynamically via modified [http://en.wikipedia.org/wiki/Routing_Information_Protocol RIPv2] advertisements. Previously, routes were obtained by creating a [[munge script]] that parsed [[Encap.txt]].

= RIP44 Daemons =

Two programs are available for GNU/Linux to utilize these updates:

* [[ampr-ripd]], a C based routing daemon
* [[rip44d]], a PERL based routing daemon

= Availability/Compatibility =

The RIP44 daemons have been tested and known to work on the following operating systems:

* BSD
* OpenWRT/LEDE
* Raspbian
* Slackware Linux
* Ubuntu/Debian Linux
* Vyatta/VyOS

= Non-RIP44 Workarounds =

The devices below do not possess a known, end-user method to install additional software (i.e. ampr-ripd). Operators have developed scripts to parse inbound routing packets to make them compatible for usage on AMPRNet:

* Cisco IOS (a separate machine must run the script) : look here http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Cisco_Routers at the "Making the route commands automatically" section"
* JunOS
* MikroTik : look here http://www.yo2loj.ro/hamprojects/ at the "Mikrotik RIPv2 AMPR Gateway Setup Script 3.0"
* Ubiquiti OS

= See Also =

* [[startampr]] - a script that loads the routing daemon on boot on Linux server-type devices
* Instructions for [[setting up a gateway on Linux|setting up a tunnel gateway on Linux]]
* Instructions for [[setting up a gateway on OpenWRT|setting up a gateway on OpenWRT]]

RIP

2017-05-24T16:21:12Z

4Z4ZQ:

Information about other AMPRNet [[gateway| gateways]] can now be received dynamically via modified [http://en.wikipedia.org/wiki/Routing_Information_Protocol RIPv2] advertisements. Previously, routes were obtained by creating a [[munge script]] that parsed [[Encap.txt]].

= RIP44 Daemons =

Two programs are available for GNU/Linux to utilize these updates:

* [[ampr-ripd]], a C based routing daemon
* [[rip44d]], a PERL based routing daemon

= Availability/Compatibility =

The RIP44 daemons have been tested and known to work on the following operating systems:

* BSD
* OpenWRT/LEDE
* Raspbian
* Slackware Linux
* Ubuntu/Debian Linux
* Vyatta/VyOS

= Non-RIP44 Workarounds =

The devices below do not possess a known, end-user method to install additional software (i.e. ampr-ripd). Operators have developed scripts to parse inbound routing packets to make them compatible for usage on AMPRNet:

* Cisco IOS (a separate machine must run the script)
* JunOS
* MikroTik : look here http://www.yo2loj.ro/hamprojects/ at the "Mikrotik RIPv2 AMPR Gateway Setup Script 3.0"
* Ubiquiti OS

= See Also =

* [[startampr]] - a script that loads the routing daemon on boot on Linux server-type devices
* Instructions for [[setting up a gateway on Linux|setting up a tunnel gateway on Linux]]
* Instructions for [[setting up a gateway on OpenWRT|setting up a gateway on OpenWRT]]

RIP

2017-05-24T16:19:15Z

4Z4ZQ:

Information about other AMPRNet [[gateway| gateways]] can now be received dynamically via modified [http://en.wikipedia.org/wiki/Routing_Information_Protocol RIPv2] advertisements. Previously, routes were obtained by creating a [[munge script]] that parsed [[Encap.txt]].

= RIP44 Daemons =

Two programs are available for GNU/Linux to utilize these updates:

* [[ampr-ripd]], a C based routing daemon
* [[rip44d]], a PERL based routing daemon

= Availability/Compatibility =

The RIP44 daemons have been tested and known to work on the following operating systems:

* BSD
* OpenWRT/LEDE
* Raspbian
* Slackware Linux
* Ubuntu/Debian Linux
* Vyatta/VyOS

= Non-RIP44 Workarounds =

The devices below do not possess a known, end-user method to install additional software (i.e. ampr-ripd). Operators have developed scripts to parse inbound routing packets to make them compatible for usage on AMPRNet:

* Cisco IOS (a separate machine must run the script)
* JunOS
* MikroTik look here http://www.yo2loj.ro/hamprojects/ at the "Mikrotik RIPv2 AMPR Gateway Setup Script 3.0"
* Ubiquiti OS

= See Also =

* [[startampr]] - a script that loads the routing daemon on boot on Linux server-type devices
* Instructions for [[setting up a gateway on Linux|setting up a tunnel gateway on Linux]]
* Instructions for [[setting up a gateway on OpenWRT|setting up a gateway on OpenWRT]]

Setting up a gateway on MikroTik Routers

2017-05-15T17:38:21Z

4Z4ZQ:

To setup a Gateway you need to have mikrotik router (all models support IPIP by default)

The example here will show the router that the WAN Port is connected to the DMZ of your Main router (the one that you get the ISP from it) and the 44 Net will appear on the Lan Port (wan and lan Referring to a home router model)

Before you start configure the DMZ of your main router at least to allow two direction (Incoming/Outgoing) traffic to the InterNet and make sure that the wan of the mikrotik router have ip on the same network of your DMZ and check that the MikroTik Interface can communicate with the Main ISP router

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

At first assign 44 Net address to your router Interface
You do it by the web : IP --> Addresses --> Add New , a new screen will open , fill your 44 Net IP 44.xxx.YYY.ZZZ/your sub net (usually it will be /24)
feel the network it should usually be same as the IP but with 0 in the end

Now chose which interface you assign this IP for , there is a drop down menu that show all of your interfaces , chose the one that connected to the local net

Now a tunnel interface have to be created between your router and the main AMPRNet router

You do it in the web by this : interfaces ---> Add New --> IP tunnel ,
a Screen will open

Change the name to say UCSD

Fill in the local address field your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

At the remote address fill the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway , type the ip address of the next router (for home network , it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.66.251/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

The MikroTik have ability to run an automatic script that deal with the routing to the rest of the AMPRNET networks

The script run inside the router and take care of all the routes

In general it listen to the routes advertisements send from the AMPR.ORG main router and translating it to routes commands to the router

The Script can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.rsc

The Commands to run it can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-README.txt

Setting up a gateway on MikroTik Routers

2017-05-15T17:26:46Z

4Z4ZQ:

To setup a Gateway you need to have mikrotik router (all models support IPIP by default)

The example here will show the router that the WAN Port is connected to the DMZ of your Main router (the one that you get the ISP from it) and the 44 Net will appear on the Lan Port (wan and lan Referring to a home router model)

Before you start configure the DMZ of your main router at least to allow two way trafic to the UCSD Router and make sure that the wan of the mikrotik router have ip on the same network of your DMZ and check that the MikroTik Interface can communicate with the Main ISP router

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

At first assign 44 Net address to your router Interface
You do it by the web : IP --> Addresses --> Add New , a new screen will open , fill your 44 Net IP 44.xxx.YYY.ZZZ/your sub net (usually it will be /24)
feel the network it should usually be same as the IP but with 0 in the end

Now chose which interface you assign this IP for , there is a drop down menu that show all of your interfaces , chose the one that connected to the local net

Now a tunnel interface have to be created between your router and the main AMPRNet router

You do it in the web by this : interfaces ---> Add New --> IP tunnel ,
a Screen will open

Change the name to say UCSD

Fill in the local address field your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

At the remote address fill the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway , type the ip address of the next router (for home network , it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.66.251/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

The MikroTik have ability to run an automatic script that deal with the routing to the rest of the AMPRNET networks

The script run inside the router and take care of all the routes

In general it listen to the routes advertisements send from the AMPR.ORG main router and translating it to routes commands to the router

The Script can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.rsc

The Commands to run it can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-README.txt

Setting up a gateway on MikroTik Routers

2017-05-15T17:20:01Z

4Z4ZQ:

To setup a Gateway you need to have mikrotik router (all models support IPIP by default)

The example here will show the router that the WAN Port is connected to the DMZ of your Main router (the one that you get the ISP from it) and the 44 Net will appear on the Lan Port (wan and lan Referring to a home router model)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

At first assign 44 Net address to your router Interface
You do it by the web : IP --> Addresses --> Add New , a new screen will open , fill your 44 Net IP 44.xxx.YYY.ZZZ/your sub net (usually it will be /24)
feel the network it should usually be same as the IP but with 0 in the end

Now chose which interface you assign this IP for , there is a drop down menu that show all of your interfaces , chose the one that connected to the local net

Now a tunnel interface have to be created between your router and the main AMPRNet router

You do it in the web by this : interfaces ---> Add New --> IP tunnel ,
a Screen will open

Change the name to say UCSD

Fill in the local address field your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

At the remote address fill the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway , type the ip address of the next router (for home network , it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.66.251/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

The MikroTik have ability to run an automatic script that deal with the routing to the rest of the AMPRNET networks

The script run inside the router and take care of all the routes

In general it listen to the routes advertisements send from the AMPR.ORG main router and translating it to routes commands to the router

The Script can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.rsc

The Commands to run it can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-README.txt

Setting up a gateway on MikroTik Routers

2017-05-15T17:18:45Z

4Z4ZQ:

To setup a Gateway you need to have mikrotik router (all models support IPIP by default)

The example here will show the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will appear on the Lan Port (wan and lan Referring to a home router model)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

At first assign 44 Net address to your router Interface
You do it by the web : IP --> Addresses --> Add New , a new screen will open , fill your 44 Net IP 44.xxx.YYY.ZZZ/your sub net (usually it will be /24)
feel the network it should usually be same as the IP but with 0 in the end

Now chose which interface you assign this IP for , there is a drop down menu that show all of your interfaces , chose the one that connected to the local net

Now a tunnel interface have to be created between your router and the main AMPRNet router

You do it in the web by this : interfaces ---> Add New --> IP tunnel ,
a Screen will open

Change the name to say UCSD

Fill in the local address field your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

At the remote address fill the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway , type the ip address of the next router (for home network , it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.66.251/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

The MikroTik have ability to run an automatic script that deal with the routing to the rest of the AMPRNET networks

The script run inside the router and take care of all the routes

In general it listen to the routes advertisements send from the AMPR.ORG main router and translating it to routes commands to the router

The Script can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.rsc

The Commands to run it can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-README.txt

Setting up a gateway on MikroTik Routers

2017-05-15T17:18:21Z

4Z4ZQ:

To setup a Gateway you need to have mikrotik router (all models support IPIP by default)
The example here will show the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will appear on the Lan Port (wan and lan Referring to a home router model)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

At first assign 44 Net address to your router Interface
You do it by the web : IP --> Addresses --> Add New , a new screen will open , fill your 44 Net IP 44.xxx.YYY.ZZZ/your sub net (usually it will be /24)
feel the network it should usually be same as the IP but with 0 in the end

Now chose which interface you assign this IP for , there is a drop down menu that show all of your interfaces , chose the one that connected to the local net

Now a tunnel interface have to be created between your router and the main AMPRNet router

You do it in the web by this : interfaces ---> Add New --> IP tunnel ,
a Screen will open

Change the name to say UCSD

Fill in the local address field your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

At the remote address fill the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway , type the ip address of the next router (for home network , it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.66.251/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

The MikroTik have ability to run an automatic script that deal with the routing to the rest of the AMPRNET networks

The script run inside the router and take care of all the routes

In general it listen to the routes advertisements send from the AMPR.ORG main router and translating it to routes commands to the router

The Script can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.rsc

The Commands to run it can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-README.txt

Setting up a gateway on MikroTik Routers

2017-04-22T17:56:08Z

4Z4ZQ:

The MikroTik Routers by default support IP-IP tunneling so setting up a gateway is quiet easy

The example here will show the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will appear on the Lan Port (wan and lan Referring to a home router model)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

At first assign 44 Net address to your router Interface
You do it by the web : IP --> Addresses --> Add New , a new screen will open , fill your 44 Net IP 44.xxx.YYY.ZZZ/your sub net (usually it will be /24)
feel the network it should usually be same as the IP but with 0 in the end

Now chose which interface you assign this IP for , there is a drop down menu that show all of your interfaces , chose the one that connected to the local net

Now a tunnel interface have to be created between your router and the main AMPRNet router

You do it in the web by this : interfaces ---> Add New --> IP tunnel
a Screen will open

Change the name to say UCSD

Fill in the local address field your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

At the remote address fill the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway , type the ip address of the next router (for home network , it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.66.251/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

The MikroTik have ability to run an automatic script that deal with the routing to the rest of the AMPRNET networks

The script run inside the router and take care of all the routes

In general it listen to the routes advertisements send from the AMPR.ORG main router and translating it to routes commands to the router

The Script can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.rsc

The Commands to run it can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-README.txt

Setting up a gateway on MikroTik Routers

2017-04-22T17:52:42Z

4Z4ZQ:

The MikroTik Routers by default support IP-IP tunneling so setting up a gateway is quiet easy

The example here will show the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will appear on the Lan Port (wan and lan Referring to a home router model)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

At first assign 44 Net address to your router Interface
You do it by the web : IP --> Addresses --> Add New , a new screen will open , fill your 44 Net IP 44.xxx.YYY.ZZZ/your sub net (usually it will be /24)
feel the network it should usually be same as the IP but with 0 in the end

Now chose which interface you assign this IP for , there is a drop down menu that show all of your interfaces , chose the one that connected to the local net

Now a tunnel interface must be created between your router and the main AMPRNet router

You do it in the web by this : interfaces ---> Add New --> IP tunnel
a Screen will open

Change the name to say UCSD

Add in the local address your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

At the remote address put the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway , type the ip address of the next router (for home network , it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.66.251/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

The MikroTik have ability to run an automatic script that deal with the routing to the rest of the AMPRNET networks

The script run inside the router and take care of all the routes

In general it listen to the routes advertisements send from the AMPR.ORG main router and translating it to routes commands to the router

The Script can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.rsc

The Commands to run it can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-README.txt

Setting up a gateway on MikroTik Routers

2017-04-22T17:44:43Z

4Z4ZQ:

The MikroTik Routers by default support IP-IP tunneling so setting up a gateway is quiet easy

The example here will show the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will appear on the Lan Port (wan and lan Referring to a home router model)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

At first assign 44 Net address to your router Interface
you do it by the web : IP --> Addresses --> Add New , a new screen will open , fill your 44 Net IP 44.xxx.YYY.ZZZ/your sub net (usually it will be /24)
feel the network it should usually be same as the IP but with 0 in the end

Now chose which interface you assign this IP for there is a drop down menu that show all of your interfaces chose the one that connected to the local net

Now a tunnel interface must be created between your router and the main AMPRNet router

You do it in the web by this : interfaces ---> Add New --> IP tunnel
a Screen will open

Change the name to say UCSD

Add in the local address your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

At the remote address put the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway type the ip address of the next router (for home network it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.66.251/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

The MikroTik have ability to run an automatic script that deal with the routing to the rest of the AMPRNET networks

The script run inside the router and take care of all the routes

In general it listen to the routes advertisements send from the AMPR.ORG main router and translating it to routes commands to the router

The Script can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.rsc

The Commands to run it can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-README.txt

Setting up a gateway on MikroTik Routers

2017-04-22T17:40:42Z

4Z4ZQ:

The MikroTik Routers by default support IP-IP tunneling so setting up a gateway is quiet easy

The example here will show the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will appear on the Lan Port (wan and lan Referring to a home router model)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

At first assign 44 Net address to your router Interface
you do it by the web : IP --> Addresses --> Add New a new screen will open fill your 44 Net IP 44.xxx.YYY.ZZZ/your sub net (usually it will be /24)
feel the network it should useually be same as the IP but with 0 in the end
now chose which interface you assign this IP for there is a drop down menu that show all of your interfaces

Now a tunnel interface must be created between your router and the main AMPRNet router

You do it in the web by this : interfaces ---> add new --> IP tunnel
a Screen will open

Change the name to say UCSD

add in the local address your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

at the remote address put the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway type the ip address of the next router (for home network it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.66.251/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

The MikroTik have ability to run an automatic script that deal with the routing to the rest of the AMPRNET networks

The script run inside the router and take care of all the routes

In general it listen to the routes advertisements send from the AMPR.ORG main router and translating it to routes commands to the router

The Script can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.rsc

The Commands to run it can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-README.txt

Setting up a gateway on MikroTik Routers

2017-04-22T17:39:38Z

4Z4ZQ:

The MikroTik Routers by default support IP-IP tunneling so setting up a gateway is quiet easy

The mikrotik router is a very powerful device and there are a lot of options that can be used

The example here will show the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will appear on the Lan Port (wan and lan Referring to a home router model)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

At first assign 44 Net address to your router Interface
you do it by the web : IP --> Addresses --> Add New a new screen will open fill your 44 Net IP 44.xxx.YYY.ZZZ/your sub net (usually it will be /24)
feel the network it should useually be same as the IP but with 0 in the end
now chose which interface you assign this IP for there is a drop down menu that show all of your interfaces

Now a tunnel interface must be created between your router and the main AMPRNet router

You do it in the web by this : interfaces ---> add new --> IP tunnel
a Screen will open

Change the name to say UCSD

add in the local address your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

at the remote address put the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway type the ip address of the next router (for home network it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.66.251/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

The MikroTik have ability to run an automatic script that deal with the routing to the rest of the AMPRNET networks

The script run inside the router and take care of all the routes

In general it listen to the routes advertisements send from the AMPR.ORG main router and translating it to routes commands to the router

The Script can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.rsc

The Commands to run it can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-README.txt

Setting up a gateway on Cisco Routers

2017-04-02T18:44:47Z

4Z4ZQ:

To create a gateway using Cisco equipment you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet ports (but can be done also with one Ethernet port)

The example given here here is of one Ethernet port.

You have to assign the router Ethernet port the Commercial IP

The commands are:

enable
configure terminal
interface ethernet0
ip address <and here you give the ip of the commercial isp the router is connected to> (it can also be the IP of a network the router is on (as long as this IP is accessible to the outside world))> <The NetMask of the network>

The interface name can vary depending on your router type, it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc.

(To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet port name.)

Then you have to assign the 44 AMPRNet IP .

For a router with one port any additional network IP has to be secondary and the command is:

int eth0
ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)

This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition the router has to be notified to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connected to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "any IP") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "any IP" route command described before and say to the router : "pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel"

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum commands necessary to be able to route your inside 44 net IP to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and non 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the route commands automatically

Because the route info of the gateways (the encap file) changes periodically
mainly because a lot of gateway sits on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available , one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2017-04-02T18:31:52Z

4Z4ZQ:

To create a gateway using Cisco equipment you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet ports (but can be done also with one Ethernet port)

The example given here here is of one Ethernet port.

You have to assign the router Ethernet port the Commercial IP

The commands are:

enable
configure terminal
interface ethernet0
ip address <and here you give the ip of the commercial isp the router is connected to> (it can also be the IP of a network the router is on (as long as this IP is accessible to the outside world))> <The NetMask of the network>

The interface name can vary depending on your router type, it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc.

(To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet port name.)

Then you have to assign the 44 AMPRNet IP .

For a router with one port any additional network IP has to be secondary and the command is:

int eth0
ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)

This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition the router has to be notified to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connected to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "any IP") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "any IP" route command described before and say to the router pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel)

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum commands to be able to route your inside 44 net IP to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and non 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the route commands automatically

Because the route info of the gateways (the encap file) changes periodically
mainly because a lot of gateway sits on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-05-27T09:41:19Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

interface ethernet0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

The interface name can vary depend on your router type , it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc

(To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet card name)

Then you have to assign the 44 Net IP

For router with one card any additional network IP has to be secondary and the command is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)
This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition the router has to be notified to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connected to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "any IP") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "any IP" route command described before and say to the router pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel)

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum commands to be able to route your inside 44 net IP to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and non 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Gateway

2016-04-14T20:51:22Z

4Z4ZQ:

A lot of the 44/8 address space is interconnected via [[gateway|gateways]]. These are IPIP encapsulated [[tunnel|tunnels]] that carry the 44/8 address space allocated to a particular region or end user. There exists a database of all the gateways public IP addresses and the subnets they service on the [[portal]]. This database is used to dynamically generate gateway information via modified [[RIP]] advertisements. This database also generates a file called [[encap.txt]] which is basically a routing table that specifies which subnets can be reached via which gateway.

Learn how to [[Setting up a gateway on Linux|setup a Linux gateway]]

Learn how to [[Setting up a gateway on OpenWRT|setup an OpenWRT gateway]]

Learn how to [[Setting up a gateway on Cisco Routers|setup a Cisco Router gateway]]

Learn how to [[setting up a gateway on MikroTik Routers|setting up a gateway on MikroTik Routers]]

In order to keep this database up to date, everyone that operates a gateway must register on the [[portal]] and have their gateway assigned to their account.

As the portal only went live recently, we are in a transition phase, where all the old gateway entries that existed have been copied into the new database and are awaiting their "owners" to claim them. After a suitable period of time has elapsed, about a year, any unclaimed gateways will be removed from the system, thus ensuring that the database is as up to date and as accurate as possible. It is therefore important to register and claim your gateway asap!

Setting up a gateway on MikroTik Routers

2016-04-13T06:21:51Z

4Z4ZQ:

The MikroTik Routers by default support IP-IP tunneling so setting up a gateway is quiet easy

The mikrotik router is a very powerful device and there are a lot of options that can be used

The example here will show the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will appear on the Lan Port (wan and lan Referring to a home router model)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

First a tunnel interface must be created to the Main AMPRNet router

You do it in the web by this : interfaces ---> add new --> IP tunnel
a Screen will open

Change the name to say UCSD

add in the local address your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

at the remote address put the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway type the ip address of the next router (for home network it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.66.251/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

The MikroTik have ability to run an automatic script that deal with the routing to the rest of the AMPRNET networks

The script run inside the router and take care of all the routes

In general it listen to the routes advertisements send from the AMPR.ORG main router and translating it to routes commands to the router

The Script can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.rsc

The Commands to run it can be found here http://www.yo2loj.ro/hamprojects/ampr-gw-README.txt

Setting up a gateway on MikroTik Routers

2016-04-11T11:21:17Z

4Z4ZQ:

The MikroTik Routers by default support IP-IP tunneling so setting up a gateway is quiet easy

The mikrotik router is a very powerful device and there are a lot of options that can be used

The example here will show the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will appear on the Lan Port (wan and lan Referring to a home router model)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

First a tunnel interface must be created to the Main AMPRNet router

You do it in the web by this : interfaces ---> add new --> IP tunnel
a Screen will open

Change the name to say UCSD

add in the local address your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

at the remote address put the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway type the ip address of the next router (for home network it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.66.251/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

Setting up a gateway on MikroTik Routers

2016-04-11T11:01:12Z

4Z4ZQ:

The MikroTik Routers By default support IP-IP tunneling so setting up a gateway is quiet easy

The mikrotik router is a very powerful device and there are a lot of options that can be used

The example here will deal with the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will appear on the Lan Port (Referring to a home router)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

First a tunnel interface must be created to the Main AMPRNET router

you do it in the web by this : interfaces ---> add new --> IP tunnel
a Screen will open

Change the name to say UCSD

add in the local address your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

at the remote address put the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

The command line in text is as follow

/ip route
add distance=1 gateway=UCSD

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway type the ip address of the next router (for home network it is usually 10.0.0.138 or 192.168.1.1)

The command line is as follows

/ip route
add distance=1 dst-address=169.228.66.251/32 gateway=10.0.0.138

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

Setting up a gateway on MikroTik Routers

2016-04-11T10:55:18Z

4Z4ZQ:

The MikroTik Routers By default support IP-IP tunneling so setting up a gateway is quiet easy

The mikrotik router is a very powerful device and there are a lot of options that can be used

The example here will deal with the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will appear on the Lan Port (Referring to a home router)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

First a tunnel interface must be created to the Main AMPRNET router

you do it in the web by this : interfaces ---> add new --> IP tunnel
a Screen will open

Change the name to say UCSD

add in the local address your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

at the remote address put the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

The Command in command line interface (via Telnet ot SSH) is as follows

/interface ipip
add allow-fast-path=no !keepalive local-address=10.0.0.180 name=UCSD \
remote-address=169.228.66.251

Now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway type the ip address of the next router (for home network it is usually 10.0.0.138 or 192.168.1.1)

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

Setting up a gateway on MikroTik Routers

2016-04-10T21:44:39Z

4Z4ZQ:

The MikroTik Routers By default support IP-IP tunneling so setting up a gateway is quiet easy

The mikrotik router is a very powerful device and there are a lot of options that can be used

The example here will deal with the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will appear on the Lan Port (Referring to a home router)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

First a tunnel interface must be created to the Main AMPRNET router

you do it in the web by this : interfaces ---> add new --> IP tunnel
a Screen will open

Change the name to say UCSD

add in the local address your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

at the remote address put the address of the AMPRNET router (169.228.66.251)

Press the apply button and you are done

now some routes commands needed to be done

1) Route all the traffic to the tunnel interface

You do it by : IP --> Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---> routes ---> add new

at the screen , type in the destination address 169.228.66.251/32
and at the gateway type the ip address of the next router (for home network it is usually 10.0.0.138 or 192.168.1.1)

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

Setting up a gateway on MikroTik Routers

2016-04-10T21:39:24Z

4Z4ZQ:

The MikroTik Routers By default support IP-IP tunneling so setting up a gateway is quiet easy

The mikrotik router is a very powerful device and there are a lot of options that can be used

The example here will deal with the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will apear on the Lan Port (Refering to a home router)

The configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

First a tunnel interface must be created to the Main AMPRNET router
you do it in the web by this interfaces ---> add new --> IP tunnel
a Screen will open

Change the name to say UCSD

add in the local address your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)

at the remote address put the adress of the AMPRNET router (169.228.66.251)
Press the apply button and you are done

now some routes commands needed to be done

1) Route all the trafic to the tunnel interface
You do it by IP-->Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply

2) route command for the tunnel to go to the InterNet

You do it by the web as follows : IP ---? routes ---> add new

at the screen type in the destination address 169.228.66.251/32
and at the gateway type the ip address of the next router (for home network it is usually 10.0.0.138 or 192.168.1.1)

Now you should have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide )

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

Setting up a gateway on MikroTik Routers

2016-04-10T21:37:10Z

4Z4ZQ: Created page with "The MikroTik Routers By default support IP-IP tunneling so setting up a gateway is quiet easy The mikrotik router is a very powerful device and there are a lot of option..."

The MikroTik Routers By default support IP-IP tunneling so setting up a gateway is quiet easy
The mikrotik router is a very powerful device and there are a lot of options that can be used
The example here will deal with the router that the WAN Port is connected to the DMZ of your Network and the 44 Net will apear on the Lan Port (Refering to a home router)

the configuration can be done with the web interface (webFig) or in manual text command with telnet or SSH connection to the router

First a tunnel interface must be created to the Main AMPRNET router
you do it in the web by this interfaces ---> add new --> IP tunnel
a Screen will open
Change the name to say UCSD
add in the local address your router address on the DMZ (in home it will probably be 10.0.0.x or 192.168.1.x)
at the remote address put the adress of the AMPRNET router (169.228.66.251)
Press the apply button and you are done

now some routes commands needed to be done
1) Route all the trafic to the tunnel interface
You do it by IP-->Routes and clicking on the 0.0.0.0 line
and changing the gateway to the tunnel interface name and clicking apply
2) route command for the tunnel to go to the InterNet
You do it by the web as follows : IP ---? routes ---> add new
at the screen type in the destination address 169.228.66.251/32
and at the gateway type the ip address of the next router (for home network it is usually 10.0.0.138 or 192.168.1.1)
Now you shoul have connectivity from your 44 Net to the rest of the world (but not to any other 44 net networks worldwide

In order to have a full connectivity to the other 44 Net networks a tunnel (and corresponding route command) must be added for every 44 Net gateway

Archive/Main Page

2016-04-10T21:10:28Z

4Z4ZQ:

Welcome to the AMPRNet Wiki.

Since its allocation to Amateur Radio in the mid-1980's, Internet network 44 (44.0.0.0/8), known as the AMPRNet™, has been used by amateur radio operators to conduct scientific research and to experiment with digital communications over radio with a goal of advancing the state of the art of Amateur Radio networking, and to educate amateur radio operators in these techniques. - [http://www.ampr.org/ www.ampr.org]
__NOTOC__
== Starting points ==
* Basic information about the [[AMPRNet]] and the [[ampr.org]] domain
* [[Services]] available on AMPRNet
* If you are looking to get an IP allocation within the 44/8 AMPRNet please read the [[Portal]] page.

== How to connect to AMPRNet ==

* Instructions for [[Setting up a gateway on Linux|setup a Linux gateway]]
* Instructions for [[setting up a gateway on Cisco Routers|setting up a gateway on Cisco Routers]].
* Instructions for [[setting up a gateway on MikroTik Routers|setting up a gateway on MikroTik Routers]].
* Instructions for [[setting up a gateway on OpenWRT|setting up a gateway on OpenWRT]].
* Instructions for [[announcing your allocation directly|directly announcing your allocation via your Internet Service Provider (ISP)]].
* Instructions for [[AMPRNet VPN|Accessing AMPRNet via VPN]] (experimental).
* <b>[[Why can't I just route my AMPRNet allocation directly myself ?]]</b>
* If you already operate a [[gateway]] please ensure you have registered on the [[portal]] and "claimed" your [[gateway]].

== Mailing List ==
To keep up-to-date on AMPRNet information please consider joining the [[44Net mailing list]].

== Contribute! ==
If you wish to contribute to the wiki, please send an email to <tt>wiki (at) ampr.org</tt> introducing yourself. Please specify your full name, amateur radio callsign and your preferred username. A login will then be created for you.

== Terms of Service ==
Use of 44.0.0.0/8 address space and ampr.org DNS is governed by the following [http://www.ampr.org/tos.txt Terms of Service]

== All Pages ==
[http://wiki.ampr.org/wiki/Special:AllPages Here's a list of all pages currently on the AMPRNet Wiki]

Setting up a gateway on Cisco Routers

2016-03-10T09:33:17Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

interface etherbet0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

The interface name can vary depend on your router type , it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc

(To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet card name)

Then you have to assign the 44 Net IP

For router with one card any additional network IP has to be secondary and the command is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)
This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition the router has to be notified to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connected to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "any IP") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "any IP" route command described before and say to the router pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel)

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum commands to be able to route your inside 44 net IP to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and non 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-10T09:29:38Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

interface etherbet0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

The interface name can vary depend on your router it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc

(To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet card name)

Then you have to assign the 44 Net IP

For router with one card any additional network IP has to be secondary and the command is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)
This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition the router has to be notified to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connected to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "any IP") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "any IP" route command described before and say to the router pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel)

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum commands to be able to route your inside 44 net IP to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and non 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-09T14:24:28Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

interface etherbet0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

The interface name can vary depend on your router it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc

To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet card name

Then you have to assign the 44 Net IP

For router with one card the IP has to be secondary and the command is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)
This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition the router has to be notifyed to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "any IP") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "any IP" route command described before and say to the router pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel)

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum commands to be able to route your inside 44 net IP to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and non 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-09T14:23:05Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

interface etherbet0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

The interface name can vary depend on your router it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc

To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet card name

Then you have to assign the 44 Net IP

For router with one card the IP has to be secondary and the command is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)
This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition the router has to be notifyed to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "any IP") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "any IP" route command described before and say to the router pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel)

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum commands to be able to route your inside 44 net IP to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and not 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-09T14:17:31Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

interface etherbet0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

The interface name can vary depend on your router it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc

To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet card name

Then you have to assign the 44 Net IP

For router with one card the IP has to be secondary and the command is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)
This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition the router has to be notifyed to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "any IP") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel)

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and not 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-08T19:27:05Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

interface etherbet0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

The interface name can vary depend on your router it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc

To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet card name

Then you have to assign the 44 Net IP

For router with one card the IP has to be secondary and the command is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)
This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel)

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and not 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses (excluding the 44 net) that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-08T19:11:18Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

interface etherbet0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

The interface name can vary depend on your router it can be Ethernet0 FastEthernet0 GigabitEthernet0/0 etc

To see what interfaces you have in order to assign them the address use the command Show interface and identify the Ethernet card name

Then you have to assign the 44 Net IP

For router with one card the IP has to be secondary and the command is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now some tunneling commands have to be added to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 net IP traffic to gain access to the outside world you need to do a tunnel to the AMPR.ORG router to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel channel you have to specify the tunnel source address (from where the tunnel is established) and tunnel destination (to where the tunnel establish to)
This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to route the tunneled traffic from the router to the main ampr.org router not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the tunneled traffic belong to the other side of the tunnel direct and not via tunnel)

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

This method will redirect any outgoing traffic (no matter what local IP is used ) to the tunnel and since the AMPR.ORG tunnel deal with tunneling from only 44 Net IP it mean that if the router local Lan is sharing 44 and not 44 IP machines the non 44 Net machines will have no connectivity to the world

To overcome this problem a route policy will have to be used (with the command route-map) because regular route command deal with route for destination IP without looking at the source (local net) and route policy can do it ...

So two policy have to be created one for all addresses BESIDE the 44 net that needed to be routed direct to the internet (without tunnel) and second one specifically for the 44 net hosts that needed to redirect their outgoing traffic to the tunnels

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-06T22:54:33Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

int eth0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP

The command for router with one ethernet card is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now you have to add some tunneling command to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG Router also to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established) and Tunnel destination (to where the tunnel establish to)
This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration Professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-06T22:52:15Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

int eth0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP

The command for router with one ethernet card is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now you have to add some tunneling command to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG Router also to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established) and Tunnel destination (to where the tunnel establish to)
This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-06T22:51:14Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

int eth0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP

The command for router with one ethernet card is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now you have to add some tunneling command to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG Router also to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established) and Tunnel destination (to where the tunnel establish to)
This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

TIP: If you are not familiar with Cisco Commands you can use the GUI Software called Cisco Configuration professional (CCP)

to config the router with it

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-02T19:54:24Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

int eth0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP

The command for router with one ethernet card is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now you have to add some tunneling command to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG Router also to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established) and Tunnel destination (to where the tunnel establish to)
This is done by a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-02T19:51:00Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

int eth0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP

The command for router with one ethernet card is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now you have to add some tunneling command to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of their network (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG Router also to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established) and to where the tunnel establish to (tunnel destination)
it is a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-02T19:49:53Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

int eth0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP

The command for router with one ethernet card is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now you have to add some tunneling command to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of his network (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG Router also to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established) and to where the tunnel establish to (tunnel destination)
it is a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-02T19:48:40Z

4Z4ZQ:

To set a getway with Cisco you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

The example given here here is of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

int eth0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP

The command for router with 0ne ethernet card is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now you have to add some tunneling command to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of his network (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG Router also to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established) and to where the tunnel establish to (tunnel destination)
it is a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-02T11:00:09Z

4Z4ZQ:

You can setup gateway on Cisco routers

Cisco support IPIP tunneling and that's what needed

First of all you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

I will give example of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

int eth0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP

The command for router with 0ne ethernet card is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now you have to add some tunneling command to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of his network (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG Router also to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established) and to where the tunnel establish to (tunnel destination)
it is a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-02T10:53:48Z

4Z4ZQ: Undo revision 536 by 4Z4ZQ (talk)

You can setup gateway on Cisco routers

Cisco support IPIP tunneling and that's what needed

First of all you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

I will give example of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

int eth0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP

The command for router with 0ne ethernet card is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now you have to add some tunneling command to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of his network (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG Router also to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established) and to where the tunnel establish to (tunnel destination)
it is a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

<code> #!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-02T10:53:07Z

4Z4ZQ:

You can setup gateway on Cisco routers

Cisco support IPIP tunneling and that's what needed

First of all you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

I will give example of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

int eth0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP

The command for router with 0ne ethernet card is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now you have to add some tunneling command to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of his network (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG Router also to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established) and to where the tunnel establish to (tunnel destination)
it is a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed
<code>
#!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ###
</CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic

Setting up a gateway on Cisco Routers

2016-03-02T10:51:16Z

4Z4ZQ:

You can setup gateway on Cisco routers

Cisco support IPIP tunneling and that's what needed

First of all you must have a Cisco Router (preferred from series 2600 and above)

Preferred with two Ethernet cards (but can be done also with one Ethernet card)

I will give example of one Ethernet card

You have to assign the router Ethernet card the Commercial IP

The command is :

int eth0 ip add <and here you give the ip of the commercial ip the router sit on >
(it can be also IP of a network the router sit on (as long as this IP is accessible
to the outside world))> <The NetMask of the network>

Then you have to assign the 44 Net IP

The command for router with 0ne ethernet card is:

int eth0 ip add <the AMPR IP > <the netmask of the network > secondary

Now you have to add some tunneling command to redirect your outgoing traffic (via tunnel) to the main AMPRNET router , you do it because every ISP block outgoing IP's which is not a part of his network (and 44 net is not belong to any ISP) so in order to allow the 44 Net Packet to gain access to the outside world you need to do a tunnel to the AMPR.ORG Router also to the outgoing traffic (traffic that intend to reach the internet (all other IP's that are not part of the 44 NET))

To open a tunnel command you have to put the tunnel Source address (from where the tunnel is established) and to where the tunnel establish to (tunnel destination)
it is a few commands here they are

interface tunnel0
tunnel source <here you put the router commercial IP>
tunnel destination <here you put the AMPR.ORG main tunnel router IP>
tunnel mode ipip (this command is to tell the tunnel (cisco support lot of tunneling types) which mode to use)

In addition you must tell the router to pass all the outgoing 44 Net Traffic to the tunnel interface and not to route it just like that to the Internet (because as explained they will be probably blocked by the closest ISP you are connecting to )

The command to do it is

ip route 0.0.0.0 0.0.0.0 Tunnel0 <the ip address of the AMPR.ORG main tunnel router >

(0.0.0.0 0.0.0.0 mean "everything") (will be explained latter)

Another important command is a command to let the traffic from the router to the main ampr.org router to pass their IP not via a tunnel (this important to establish tunnel)

This command is more specific then the "everything" route command described before and say to the router pass the traffic belong to the other side of the tunnel

The Command is :

ip route <the ampr.org main tunnel IP > 255.255.255.255 Ethernet0 <your router commercial IP>

This are the minimum Commands to be able to route your inside 44 Net ip to the outside world (but not to any other 44 net networks worldwide)

In order to route your traffic to other 44 net gateways you need to build a tunnel interface to every gateway (unlike JNOS that one tunnel deal with all tunnels)
and the tunnel have to have a tunnel source tunnel destination (as explained above ) and tunnel mode

In addition two route lines have to be added

One is route command to route the specific 44 network of the gateway this tunnel deal into this tunnel

And another is to allow the tunnel traffic to go thorough the internet

Enclosed is example from router that is doing tunnel to the main AMPR router and to one gateway somewhere in the world

The tunnel0 interface is the Main AMPR.ORG router and the tunnel with 741916672 is one tunnel to a gateway

The section of tunnel74xxx have to duplicated to every 44 net gateway (of course with the corresponding ip of the specific gateway) (currently about 400 times)

Later on we will deal of how to create these tunnels lines configuration using a script
that takes the info from the ENCAP.TXT file and convert it to Cisco config

interface Tunnel0
ip unnumbered Ethernet0
no ip directed-broadcast
tunnel source Ethernet0
tunnel destination 169.228.66.251
tunnel mode ipip
!
interface Tunnel741916672
description Link to 44.56.192.0
ip unnumbered Ethernet0
ip access-group acl_44 in
no ip directed-broadcast
tunnel source 10.0.0.180
tunnel destination 24.229.88.253
tunnel mode ipip

interface Ethernet0
description connected to EthernetLAN_HAIFA
ip address 44.138.1.1 255.255.255.0 secondary
ip address 10.0.0.180 255.255.255.0
no ip directed-broadcast

ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0 169.228.66.251
ip route 169.228.66.251 255.255.255.255 Ethernet0 10.0.0.138
ip route 44.56.192.0 255.255.255.0 Tunnel741916672
ip route 24.229.88.253 255.255.255.255 Ethernet0 10.0.0.138

Making the roue commands automaticly

Because the route info of the gateways (the encap file) changes periodically
mainly because alot of gateway sit on dynamic ip

and because the tunnel ip as a result change you may loose the tunnel to these gateways

In order to be "updated" it is needed to take the new encap file periodically and put it into the cisco router

Because the encap file lines are not a format of commands that Cisco "understand" a fomat conversion need to be made in order to convert route info in the encap file to commands that cisco can "understand"

So a Script that take the encap file and make a new file of Cisco commands must be run

There are two scripts that do it available one is Perl and other is VBS

The example will give the results of the Perl Script

The Perl Script for the Cisco enclosed

<code> #!/usr/bin/perl
#encapconvert.pl V0.1 10-31-12
#Script created by Jason Begley KY9J ky9j.com ky9j@arrl.net
#This script is used for converting the encap.txt file from the AMPR net
#into a loadable config file for use on cisco routers. It is advised to use
#this on a 2600 or better router due to interface limits.
#

my ($line);
my %nets = ();
my $net = undef;
my $mask = undef;

#####
#Below are user defined varibles

my $loop = "Ethernet0"; #LOOPBACK INT CHANGE IF ALREADY IN USE
my $outip = "10.0.0.180"; #YOUR PUBLIC IP ADDRESS
my $loopip = "44.138.1.1"; #YOUR AMPR IP ADDRESS
#EO user defined varibles
#####

my $file = $ARGV[0];
my $debug = $ARGV[1];
if(!$file) { usage(); exit; }
if($file =~ /--help/) { usage(); exit; }

open (MYFILE, '>cisco-config.txt');
print MYFILE "!\ninterface $loop\nip address $loopip 255.255.255.255\n!\n";
close (MYFILE);
open(ENCAP, $file);
@line = <ENCAP>;
close (ENCAP);
@line = grep (!/^\s*$/,@line);
@line = grep (!/^#/,@line);
chomp(@line);

foreach $line(@line)
{
$n1 = $n2 = $n3 = $n4 = undef;
@ln = (split(/ +/, $line));
($n, $s) = (split(/\//, $ln[2]));
($n1, $n2, $n3, $n4) = split(/\./, $n);
$gw = $ln[4];
$gw =~ s/\s*$//;

if ($n1 == '') { $n1='0'};
if ($n2 == '') { $n2='0'};
if ($n3 == '') { $n3='0'};
if ($n4 == '') { $n4='0'};

if ($s == '1') { $mask='128.0.0.0'};
if ($s == '2') { $mask='192.0.0.0'};
if ($s == '3') { $mask='224.0.0.0'};
if ($s == '4') { $mask='240.0.0.0'};
if ($s == '5') { $mask='248.0.0.0'};
if ($s == '6') { $mask='252.0.0.0'};
if ($s == '7') { $mask='254.0.0.0'};
if ($s == '8') { $mask='255.0.0.0'};
if ($s == '9') { $mask='255.128.0.0'};
if ($s == '10') { $mask='255.192.0.0'};
if ($s == '11') { $mask='255.224.0.0'};
if ($s == '12') { $mask='255.240.0.0'};
if ($s == '13') { $mask='255.248.0.0'};
if ($s == '14') { $mask='255.252.0.0'};
if ($s == '15') { $mask='255.254.0.0'};
if ($s == '16') { $mask='255.255.0.0'};
if ($s == '17') { $mask='255.255.128.0'};
if ($s == '18') { $mask='255.255.192.0'};
if ($s == '19') { $mask='255.255.224.0'};
if ($s == '20') { $mask='255.255.240.0'};
if ($s == '21') { $mask='255.255.248.0'};
if ($s == '22') { $mask='255.255.252.0'};
if ($s == '23') { $mask='255.255.254.0'};
if ($s == '24') { $mask='255.255.255.0'};
if ($s == '25') { $mask='255.255.255.128'};
if ($s == '26') { $mask='255.255.255.192'};
if ($s == '27') { $mask='255.255.255.224'};
if ($s == '28') { $mask='255.255.255.240'};
if ($s == '29') { $mask='255.255.255.248'};
if ($s == '30') { $mask='255.255.255.252'};
if ($s == '31') { $mask='255.255.255.254'};
if ($s == '32') { $mask='255.255.255.255'};
if ($s == '') { $mask='255.255.255.255'};

$net = "$n1.$n2.$n3.$n4";
$ifid = cipdec(1, $net);
$wmask = do_subtract($mask);
print "*ip info*\n";
print "NET:$n\nBITS:$s MASK:$mask-$wmask\nGW:$gw\nIF:$ifid\n\n";
open (MYFILE, '>>cisco-config.txt');

if ($debug != NULL) {
print "LINE:$line";
print "\n!\n";
print "interface tunnel $ifid\n";
print "description Link to $net\n";
print "ip unnumbered $loop\n";
print "tunnel source $outip\n";
print "tunnel destination $gw\n";
print "tunnel mode ipip\n!\n";
}

if ($gw != $outip) {

print MYFILE "!\n";
print MYFILE "interface tunnel $ifid\n";
print MYFILE "description Link to $net\n";
print MYFILE "ip unnumbered $loop\n";
print MYFILE "tunnel source $outip\n";
print MYFILE "tunnel destination $gw\n";
print MYFILE "ip tcp adjust-mss 1436\n";
print MYFILE "ip access-group acl_44 in\n!\n";
print MYFILE "tunnel mode ipip\n!\n";
print MYFILE "ip route $net $mask tunnel$ifid\n!\n";
}
print MYFILE "ip route $gw 255.255.255.255 Eth0 10.0.0.138\n";
}
print MYFILE "!\nend\n!\n";
close (MYFILE);

sub usage
{
print << "EOT";
*** This script is for creating a loadable config (copy tftp run) for cisco routers ***
*** Please note that this was tested to work on 2651XM or better, expect poor resp- ***
*** -onse on smaller/slower platforms. ***
*** Edit this file and change varibles as noted to your values. ***
*** File \"cisco-config.txt\" will be generated in this directory for tftp upload ***
*** Run as follows: ***
*** perl encapconvert.pl encap.txt ***
EOT
}

########################################################
# Sub cipdec
# USAGE: For converting IP to DEC values and reverse
#
# my ($err, $ret) = cipdec(1, $ip); #1 =from ip to dec, 2 = from dec to ip
# if($err != 0) { print "MAIN: ERR ON \"$ret\"\n"; next; }
#
sub cipdec
{
my $debug = 0;
my (@oct, $opt, $var, $err, $ret, $errmsg);
my ($oct1, $oct2, $oct3, $oct4);
my ($dec1, $dec2, $dec3);
$opt = shift(@_); #1 =from ip to dec, 2 = from dec to ip
$var = shift(@_); # IP or a DEC
$err = 0;
$ret = 0;
if($debug == 1)
{
print "SUB TEST: OPT=\"$opt\"\n";
print "SUB TEST: VAR=\"$var\"\n";
}
if($opt == 1) #1 =from ip to dec
{
my $ip = $var;

if(!($ip) || ($ip eq "") || !($ip =~ /\./))
{
if($debug == 1) { print "NO . in IP.. Next\n"; }
$err = 1;
$ret = "ERR: IP WITH NO \".\"";
return($err, $ret);
}
@oct = split(/\./, $ip);
my $numoct = @oct;
if($numoct != 4)
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT CT \"$ip\"";
return($err, $ret);
}
foreach my $val (@oct)
{
if(!(defined $val) || ($val eq "") || ($val =~ /\D/) || ($val > 255) || ($val < 0))
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: OCT SIZE \"$ip:$val\"";
return($err, $ret);
} # EO IF oct container
} #EO FOREACH OCT
$ret += ($oct[0] * (256**3)); #Convert 1st octet to decimal and add
$ret += ($oct[1] * (256**2)); #Convert 2nd octet to decimal and add
$ret += $oct[2] * 256; #Convert 3rd octet to decimal and add
$ret += $oct[3]; #Add the 4th octet to decimal
if(($ret < 0) || ($ret > 4294967296)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID IP: \"$ip\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$ip\"";
return($err, $ret);
} #EO DEC Size

return($err, $ret);
} #EO OPT == 1

if($opt == 2) #1 = dec to ip
{
$oct1 = 0; $oct2 = 0; $oct3 = 0; $oct4 = 0;
my $dec = $var;
if($debug == 1) { print "SUB TEST: DEC=\"$dec\"\n"; }

if(!(defined $dec) || ($dec eq "") || ($dec < 1) || ($dec > 4294967295)) #0.0.0.0 or 255.255.255.255 = Err
{
if($debug == 1) { print "--INVALID DEC: \"$dec\"\n"; }
$err = 1;
$ret = "ERR: DEC SIZE \"$dec\"";
return($err, $ret);
} #EO DEC Size

if($dec >= 256**3)
{
$oct1 = ($dec / 256**3);
my @num = split(/\./, $oct1);
$oct1 = $num[0];
if($debug == 1) { print "OCT1: \"$oct1\"\n"; }
$dec1 = ($oct1 * 256**3);
$dec = $dec - $dec1;
}
if($dec >= 256**2)
{
$oct2 = ($dec / 256**2);
my @num = split(/\./, $oct2);
$oct2 = $num[0];
if($debug == 1) { print "OCT2: \"$oct2\"\n"; }
$dec2 = ($oct2 * 256**2);
$dec = $dec - $dec2;
}

if($dec >= 256)
{
$oct3 = ($dec / 256);
my @num = split(/\./, $oct3);
$oct3 = $num[0];
if($debug == 1) { print "OCT3: \"$oct3\"\n"; }
$dec3 = $oct3 * 256;
$dec = $dec - $dec3;
}

$oct4 = $dec;
if($debug == 1) { print "OCT4: \"$oct4\"\n"; }
$ret = "$oct1.$oct2.$oct3.$oct4";
return($err, $ret);
} #EO If $opt == 2

$err = 1;
$ret = "I'm lost and sent to leftovers";
return($err, $ret);
}
################### EO SUB CIPDEC#################################

### wildcard sub ###
sub do_subtract( ) {
local($ip) = @_;

# break up the bytes of the incoming IP address
$_ = $ip;
($a, $b, $c, $d) = split(/\./);

if ($a > 255 || $b > 255 || $c > 255 || $d > 255 || /[^0-9.]/) {
print "invalid input mask or wildcard\n";
exit( );
}

$a = 255 - $a;
$b = 255 - $b;
$c = 255 - $c;
$d = 255 - $d;

return ($a . "." . $b . "." . $c . "." . $d);
}

### EO wildcard sub ### </CODE>

Before you run the script make sure to take out the line of your gateway from the encap file

The result of the script is set of commands that look like that

interface tunnel 748306432
description Link to 44.154.64.0
ip unnumbered Ethernet0
tunnel source 10.0.0.180
tunnel destination 79.107.164.191
ip tcp adjust-mss 1436
ip access-group acl_44 in
!
tunnel mode ipip
!
ip route 44.154.64.0 255.255.255.0 tunnel748306432
!
ip route 79.107.164.191 255.255.255.255 Ethernet0 10.0.0.138
!

This section return on itself (with different IP , destination and route IPs's ) as the amount of lines in the encap file

When the file is ready (after running the perl script) you can copy it with editor and send it to the cisco or by terminal (with the config t command) or by TFTP

The Encap file can be taken automatically from the Portal using the API
and you can push the commands to the cisco (after the encap convert to cisco commands after running perl) with TFTP

So with a small software work the whole procedure can be done fully automatic