I have been playing with openvpn. Works great to establish a
connection to a remote firewalled host.
Problem:
I have a rip IPIP gateway. I have subnets 44.92.20.0/24 and
44.92.21.0/24 set in the portal
44.92.20.1 is my ampr gateway address. That is working, pingable.
tunl0 Link encap:IPIP Tunnel HWaddr
inet addr:44.92.21.1 Mask:255.0.0.0
UP RUNNING NOARP MULTICAST MTU:1480 Metric:1
RX packets:138952 errors:0 dropped:0 overruns:0 frame:0
TX packets:89710 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:37916347 (36.1 MiB) TX bytes:15979452 (15.2 MiB)
I have a openvpn server also running on this box. It's address is
44.92.20.1. The client connecting is: 44.92.20.6
The server can ping the client, the client can ping the server.
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:44.92.20.1 P-t-P:44.92.20.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1184 (1.1 KiB) TX bytes:756 (756.0 B)
I don't understand why 44.92.20.6 is not reachable from the outside world?
(If nothing else, you'd think some simple route add command would make is so)
And yes I have these routes for the IPIP gateway:
/sbin/ip route add default via 169.228.66.251 dev tunl0 proto static
onlink table 10
/sbin/ip rule add from 44.92.21.0/24 table 10
/sbin/ip rule add from 44.92.20.0/24 table 10
Can anyone see anything I am overlooking?
First, Hessu your VPN idea looks interesting. Hopefully I'll have
some time in the coming weeks to give it a try. Thanks for your
efforts.
Regarding cleaning up the DNS. Someone mentioned the idea of sorting
hosts that are theoretically reachable via a tunnel. Then possibly
purging ones that are not, or at least further review of these.
So we gave it a shot, seemed simple enough. Look at the encap.txt
file, look for hosts in each CIDR... (checking this file:
ftp://hamradio.ucsd.edu/pub/amprhosts.)
A quick google search yielded this nifty function that is the magic to
the whole thing
http://stackoverflow.com/questions/594112/matching-an-ip-to-a-cidr-mask-in-…http://pastebin.com/CCiX4Upd
It's not quite working, maybe someone who knows more can fix it?
I get some errors about Undefined offsets.
Steve, KB9MWR
from the wiki at http://en.wikipedia.org/wiki/AMPRNet:
*44.128.0.0/16*
*44.128.x.x is the testing subnet and consists of 65,536 (216) addresses.
Much akin to 10.0.0.0/8, 172.16.0.0/12, 169.254.0.0/16 or 192.168.0.0/16,
this is an unroutable private IP
block<http://en.wikipedia.org/wiki/Private_network>.
Connectivity to the rest of the network should be given through router
gateways <http://en.wikipedia.org/wiki/Gateway_(telecommunications)> much
as one would do with Network address
translation<http://en.wikipedia.org/wiki/Network_address_translation>
in
any other private IP block.*
There is no attribution to that statement, and nothing I could find at
AMPR.org
Is this the best way to address devices when doing NAT into a private
network? Any issues?
Or are there advantages to requesting assigned numbers?
thanks & 73,
Jim Alles
I just made some requests via the AMPRNet portal to create some DNS records in the ampr.org domain, and the requests were rejected with the following remark:
"DNS is not active yet, please subscribe to the 44-Net mailing list to keep advised of progress."
I presume they are referring to this mail list.
So, how do I get DNS records created in the ampr.org domain? I understand that in the past, there was an email robot, but I have been unable to find any details on how to use it. Can anyone point me in the right direction?
Many thanks,
Matt VK2RQ
What are your thoughts about where do we go with IPv6?
We (PSARC) are about to request a backbone connection with IPv6 addressing.
What if I wanted to map an assigned 44net address to a IPv6 address?
Or, is tunneling the answer?
It looks like the possibilities are endless
http://en.wikipedia.org/wiki/IPv6_transition_mechanisms
Jim A.
