44net October 2015

44net@mailman.ampr.org

20 participants
18 discussions

Re: [44net] 44Net Digest, Vol 4, Issue 144
by Rob Janssen 15 Oct '15

15 Oct '15

> I just followed this, for a CentOS 5 system and it took right off: > > http://wiki.ampr.org/index.php/AMPRNet_VPN > > Make sure you have these files in your /etc/openvpn directory: > amprnet-vpn-ca.crt > client.conf > client.crt > client.key Actually with a modern openvpn client it is possible to combine everything in a single .conf file. (or .ovpn when you want to use it on Windows) The certificates and keys van be put in the file "inline". I use this method for distribution of openvpn configs that can be used with our national VPN gateway (only available for Dutch stations), for which we generate certificates and send them to the users. The file for the amprnet vpn system would look like this: client dev tun proto udp remote amprnet-vpn1.aprs.fi 1773 resolv-retry infinite persist-key persist-tun comp-lzo verb 3 ca [inline] cert [inline] key [inline] <ca> contents of the amprnet-vpn-ca.crt file </ca> <cert> contents of the client.crt file </cert> <key> contents of the client.key file </key> This makes it easier to move the certificate around, use it on Windows, etc. Only really old versions of the openvpn client, today only found on devices like NAS that have not updated for a long time, do not support the [inline] construct. Rob

2 1

Re: [44net] Accessing AMPRNet via VPN
by Steve L 14 Oct '15

14 Oct '15

I just gave it a try for the first time ever. A couple years back I applied for a Log of the World certificate and never really took it any further. I guess I forgot. Mistake #1 for me was only backing up the KB9MWR.p12 and KB9MWR.tq6 files a couple years ago. That was on a former computer. I should have backup up the whole, C:\Documents and Settings\your-username\Application Data\TrustedQSL directory, or just completed the process and made the openvpn keys back then. Anyway no big deal, just a few more hoops to have the certificates re-issued. I just followed this, for a CentOS 5 system and it took right off: http://wiki.ampr.org/index.php/AMPRNet_VPN Make sure you have these files in your /etc/openvpn directory: amprnet-vpn-ca.crt client.conf client.crt client.key Aside from that we are going to need a bit more detail to further help you. What does the openvpn daemon say when you start it?

1 0

Subject: PTD
by Rob Janssen 12 Oct '15

12 Oct '15

> Subject: > [44net] PTD > From: > Brian <n1uro(a)n1uro.ampr.org> > Date: > 10/10/2015 04:13 AM > > To: > 44net(a)hamradio.ucsd.edu > > > Is anyone on PTD.net that's running SNMP? Please MAKE SURE that you block all incoming SNMP traffic from internet to amprnet! (especially when you are using community names like "public") The bad guys use SNMP as an attack amplifier. One time I moved a switch to another address and it became exposed, and within 3 days I had an abuse report. Now I have a general rule that drops all SNMP at our gateway. (of course the real problem is the ISPs that refuse to implement BCP38, source address filtering) Rob

5 8

PTD
by Brian 09 Oct '15

09 Oct '15

Is anyone on PTD.net that's running SNMP? 24.115.114.195.res-cmts.flt.ptd.net.54321 > gw.ct.ampr.org.snmp: [udp sum ok] { SNMPv2c C=AMPRNet_RO { GetRequest(34) R=198102558 E:14988.1.1.1.1.1.7.0 } } 22:08:32.571779 IP (tos 0x0, ttl 114, id 15043, offset 0, flags [none], proto UDP (17), length 81) 24.115.114.195.res-cmts.flt.ptd.net.54321 > gw.ct.ampr.org.snmp: [udp sum ok] { SNMPv2c C=AMPRNet_RO { GetRequest(34) R=198102560 E:14988.1.1.1.1.1.4.0 } } 22:08:32.571848 IP (tos 0x0, ttl 114, id 15044, offset 0, flags [none], proto UDP (17), length 81) 24.115.114.195.res-cmts.flt.ptd.net.54321 > gw.ct.ampr.org.snmp: [udp sum ok] { SNMPv2c C=AMPRNet_RO { GetRequest(34) R=198102562 E:14988.1.1.1.1.1.3.0 } } 22:08:32.571914 IP (tos 0x0, ttl 114, id 15045, offset 0, flags [none], proto UDP (17), length 81) 24.115.114.195.res-cmts.flt.ptd.net.54321 > gw.ct.ampr.org.snmp: [udp sum ok] { SNMPv2c C=AMPRNet_RO { GetRequest(34) R=198102564 E:14988.1.1.1.1.1.2.0 } } -- Dolphins are so smart that within a few weeks of captivity, they can train people to stand on the very edge of the pool and throw them fish. 73 de Brian - N1URO email: (see above) Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode http://uronode.sourceforge.net http://axmail.sourceforge.net AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.

1 0

Portal API "Heads Up"
by G1FEF 08 Oct '15

08 Oct '15

For those of you using the Portal’s API, this is a “heads up” to check your client code… It was pointed out to me that the JSON encoding the API returns was slightly non-standard. Having looked into the issue this seems to be the case, so I have today corrected the error and bumped the version. Just check your client is still decoding the output correctly - most libraries would have happily accepted the JSON variant I was using, so chances are you won’t need to change anything, but if you coded your own JSON decode routine… Regards, Chris

1 0

Attention PY2ZEN
by Brian 03 Oct '15

03 Oct '15

You may want to fix this... ax0: fm PY2ZEN-15 to QST ctl UI pid=CC(IP) len 161 IP: len 161 10.1.1.5->239.255.255.250 ihl 20 ttl 1 DF prot UDP UDP: len 141 52618->1900 Data 133 0000 M-SEARCH * HTTP/1.1..MX: 2..HOST: 239.255.255.250:1900..MAN: "ss 0040 dp:discover"..ST: urn:schemas-upnp-org:service:WANPPPConnection: 0080 1.... ax0: fm PY2ZEN-15 to QST ctl UI pid=CC(IP) len 161 IP: len 161 10.1.1.5->239.255.255.250 ihl 20 ttl 1 DF prot UDP UDP: len 141 52618->1900 Data 133 0000 M-SEARCH * HTTP/1.1..MX: 2..HOST: 239.255.255.250:1900..MAN: "ss 0040 dp:discover"..ST: urn:schemas-upnp-org:service:WANPPPConnection: 0080 1.... ax0: fm PY2ZEN-15 to QST ctl UI pid=CC(IP) len 160 IP: len 160 10.1.1.5->239.255.255.250 ihl 20 ttl 1 DF prot UDP UDP: len 140 52618->1900 Data 132 0000 M-SEARCH * HTTP/1.1..MX: 2..HOST: 239.255.255.250:1900..MAN: "ss 0040 dp:discover"..ST: urn:schemas-upnp-org:service:WANIPConnection:1 0080 .... -- Dolphins are so smart that within a few weeks of captivity, they can train people to stand on the very edge of the pool and throw them fish. 73 de Brian - N1URO email: (see above) Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode http://uronode.sourceforge.net http://axmail.sourceforge.net AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.

1 0

Reverse Delegation
by Fredric Moses 02 Oct '15

02 Oct '15

I know a couple of groups now have proper reverse delegation of DNS for their subnets… Wondering who to drop a line to so I can get 44.103.0.0/19 delegated to a.ns.mi6wan.net and b.ns.mi6wan.net ? Didn’t see it in the portal or wiki and my notes from a few months ago are foggy... -- Fredric Moses - W8FSM - WQOG498 fred(a)moses.bz

6 6

API new endpoint
by G1FEF 02 Oct '15

02 Oct '15

By request a new endpoint has been added to the API: GET encapSerial This returns the current serial number for the encap file, so you can poll this and decide whether you need to download the encap data. Regards, Chris

2 1

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net October 2015