[nos-bbs] Re: Ip-Ip tunnels on "real" routers

Barry Siegfried k2mf at k2mf.ampr.org
Mon Aug 20 03:18:41 EDT 2007 

["David Henderson" <hendersondb at acm.org> wrote]:

> > Is anyone doing IP-IP tunnelling between AMPRnet sub-nets using
> > router hardware instead of the NOS engine?

[snip]

> The last time I looked in detail, the geographically seperate bits of
> network 44/8 were primarly linked by IP-IP tunnels between NOS-machines
> with a single advertised route courtesy of mirrorshades at UCSD.  I
> was just wondering if anybody was using a dedicated router to terminate
> the 44-net tunnels across the Internet, instead of runing NOS-based
> routing/tunneling -

Since no one else has replied to your second message about this in
over a week I will.

The simple answer to your question is a qualified "yes", but it cannot
be done with stock firmware in consumer-grade routers.  In fact, the
vast majority of consumer-grade routers out there won't even recognize
IP-IP (IP protocol 4) packets and will simply toss them (even if you
have a DMZ target set).  The only packets these routers will recognize
and pass through are ICMP (IP protocol 1), TCP (IP protocol 6) and UDP
(IP protocol 17) which of course makes it very difficult to get on the
AMPRnet at all in installations which use them.

While IPUDP running on dedicated hardware behind these devices was
developed to get around this issue for "most" consumer-grade routers,
the LinkSys brand of consumer-grade router is particularly interesting.
While stock firmware for this brand will generally at least pass through
incoming IP-IP packets to a DMZ target, they don't actually know how
to use IP-IP tunnels themselves as an endpoint IP routing termination.

Now as you probably already know, the majority of gateway installations
around the AMPRnet that still exist have changed from being NOS-based
to Linux-based over the last 10 years because hams are generally
fascinated with single PCs that do everything instead of having
separate and dedicated PCs for specific purposes.  Since Linux is
a "real" O/S and provides IP-IP support, that is the "up" side to
using it in AMPRnet gateway service.

The "down" side to using Linux, of course, is that it is somewhat
more of a challenge and difficult to configure than NOS is for
this purpose and it can therefore become very confusing for hams
to successfully configure it as a "fully functional" AMPRnet gateway
in today's dynamically IP-allocated and source address filtered
internet community (there are tools which address both situations
but that is outside the scope of your basic question).

I mention the above about Linux because there is a considerable
amount of 3rd-party replacement firmware floating around for LinkSys
consumer-grade routers and much of what is available turns this little
dedicated piece of hardware into a small Linux machine.  I personally
do not use one of these as an endpoint for IP-IP route termination
(I still use dedicated hardware behind it for that) but I have it
on relatively good authority that for those who are very experienced
with Linux, it can be (and in a very few cases is being) done.

73, de Barry, K2MF >>
           o
          <|>      Barry Siegfried
+---------/-\---------------------------+
| Internet | bgs at mfnos.net              |
| HomePage | http://www.mfnos.net/~bgs  |
+----------+----------------------------+
| Amprnet  | k2mf at k2mf.ampr.org         |
| PBBS     | k2mf at k2ge.#cnj.nj.usa.noam |
+----------+----------------------------+

More information about the nos-bbs mailing list