44net March 2016

44net@mailman.ampr.org

52 participants
87 discussions

Re: [44net] Is there raceroutre machine on 44 net available for public ?

by Rob Janssen

> Do you have any way to check connectivity and routing problem without doing at least ping and trace route ? > I dont know ... > Whats the point to put the encap file if you cant use it ? What you have just found out is that a network by itself may be fun to construct but is not very useful on its own. That has always been a weak spot of tunneling amprnet over internet: why would you want to do that, when you can just use internet. When you want to actually use amprnet you need some way to find public services that are of interest. Then you can try to connect those, and assume that the operators have no problem with visitors. That is something different than pinging or tracerouting everything in sight. For example, enter in Google: site:ampr.org hamradio Or some other keywords after that text "site:ampr.org" (without the quotes) That way you will find websites on ampr.org (as far as they are connected to real internet), and you may find interesting pages that tell you about other things available on amprnet. Rob

8 years, 8 months

Re: [44net] Is there raceroutre machine on 44 net available for public ?

by marius

WW Converse is actually live and wll. Just more servers than users. Maybe it could be made more useful by association with some other populas service. Marius, YO2LOJ Sent from Samsung tablet. -------- Original message -------- From: Bill Vodall <wa7nwp(a)gmail.com> Date:08/03/2016 01:34 (GMT+02:00) To: AMPRNet working group <44net(a)hamradio.ucsd.edu> Subject: Re: [44net] Is there raceroutre machine on 44 net available for public ? ... Perhaps this is a good reason to revive the HTPP convsers server (IRC clone) and use it for announcements like the DStar folks do with IRC technology.

8 years, 8 months

Re: [44net] Is there raceroutre machine on 44 net available for public ?

by Rob Janssen

> Subject: > Re: [44net] Is there raceroutre machine on 44 net available for public ? > From: > Antonio Querubin <tony(a)lavanauts.org> > Date: > 03/07/2016 08:52 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > > You should NOT assume that all gateways actually have the entire mesh encap table loaded. Some only load a partial table to those networks they want to reach. You'd have to check with each gateway operator to verify which encap routes are > actually loaded if you can't reach any of the net-44 nodes behind their gateway. And of course the encap table does not tell you anything about which 44-net address is used by the gateway itself. So there is no way you can check if you can reach the gateway. (even if you would know the address of the gateway there is no guarantee that it will reply to detection attempts) It has already been made clear to mr "Please Advice" that lots of operators do not appreciate what he is doing. Unfortunately, he rarely listens to the advice he is constantly asking for.... Rob

8 years, 8 months

Misconfiguration of gateway tunnel interfaces

by Rob Janssen

> Is there a amprnet wiki page with recommendations and notes on just > how to do this? It depends too much on the layout of your network and the equipment and software you are using how to do this. I normally use tshark (terminal version), unfortunately it can only display a condensed version of each packet that does not show how it is tunneled, or a way-to-verbose version where one packet takes up multiple screens full of data. The GUI version 'wireshark' can nicely fold and unfold all levels of detail but of course it is more difficult to run it inside a router or small Linux system used as a router. Rob

8 years, 8 months

Re: [44net] Misconfiguration of gateway tunnel interfaces

by Steve L

I just use tcpdump: tcpdump -i eth0 -vvv host amprgw.sysnet.ucsd.edu or ip proto \\icmp tcpdump -vvv -s0 -n proto ipencap > I would recommend amprnet operators starting a network analyzer on your > network > (like wireshark) every time you have made a configuration change, added some > equipment, > or just have a few minutes of time to spend.

8 years, 8 months

Re: [44net] Is there raceroutre machine on 44 net available for public ?

by Steve L

Ronen, Feel free to use mine: http://44.92.21.1/tools/ These tools reside on my gateway (IPIP not BGP) and it does have a DNS entry so it should be accessible from the world wide internet as well as 44net. I have a ip route lookup tool, so you can see what my local routing table has for a return route. 73 Steve KB9MWR >Hi there > >I have unexplained 44 net routing problem > >There are some gateways i can reach from my 44 net address and others not ... > >I can access any of my 44 net equipment from any non 44 net IP with no problem > >the Encap text is most updated.... > >The gateways i cant reach are accessible from their non AMPRNET side > >I need a tool (beside this one http://44.60.44.10 ) to be able to do traceroute and ping to me and > to other 44 net > >Is there anyone that have such a thing open for the public (or willing to give me access ) on his >machine (that sit on 44 net IP via tunnel (not via BGP) ? > >Please Advice > >Thanks Forward > >Ronen - 4Z4ZQ > >http://www.ronen.org

8 years, 8 months

Re: [44net] OpenVPN

by Steve L

Thanks Tal.. I'll be looking forward to the email. It should help. >Hello, >The time here is 23:53 and i'm not next to my computer. >Tomorrow I'll send configuration file for the openvpn server and one to the >client, also i have script that generate key files & config files for >clients. > >Sorry that i can't send them now. > >Regards, >Tal. > >> Brian, thanks for the update. >> >> I know I asked before on how to build openvpn server keys and other >> configuration details that will let a openvpn server I build work with >> any hams lotw key clients that has previously documented: >> >> http://wiki.ampr.org/wiki/AMPRNet_VPN >> >> This is what I have built my own generated certificate authority, >> server keys, with before using the >> >> ./clean-all >> ./build-ca >> ./build-key-server server >> ./build-key client1 >> ./build-dh >> >> I could really use something detailed on the values for the keys and >> certificates parameters to make a server work with the lotw based keys >> >> Its not clear to me where one gets the the LoTW root CA certificate(s) >> that need to be installed on the server. And I assume these are >> Diffie hellman parameters? >> >> Steve

8 years, 8 months

Is there raceroutre machine on 44 net available for public ?

by R P

Hi there I have unexplained 44 net routing problem There are some gateways i can reach from my 44 net address and others not ... I can access any of my 44 net equipment from any non 44 net IP with no problem the Encap text is most updated.... The gateways i cant reach are accessible from their non AMPRNET side I need a tool (beside this one http://44.60.44.10 ) to be able to do traceroute and ping to me and to other 44 net Is there anyone that have such a thing open for the public (or willing to give me access ) on his machine (that sit on 44 net IP via tunnel (not via BGP) ? Please Advice Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org

8 years, 8 months

Misconfiguration of gateway tunnel interfaces

by Rob Janssen

> I've been observing the following: > a. - gateways sending RFC1918 addresses in the inside header (e.g. > 192.168.11.0/24) Unfortunately it is very common. Not only on IPIP tunnels but also on other connections we have (OpenVPN, IPsec tunnels, radio access points). Some weeks ago I mentioned it on the list, the sender claimed he would act on it, but it just continues. Unfortunately not many users understand iptables well enough to just block invalid traffic on their own gatewat and even fewer are actively monitoring their equipment so they would notice they are sending stuff like this and receiving "prohibited" replies all the time :-( I would recommend amprnet operators starting a network analyzer on your network (like wireshark) every time you have made a configuration change, added some equipment, or just have a few minutes of time to spend. It will teach you a lot and make the other operators happy. Rob

8 years, 8 months

OpenVPN

by Rob Janssen

> Phil has dropped the project. I doubt he'll take it up again. > - Brian Why? It was quite easy to implement on our gateway. And I did some extra work to make it easier for me to maintain, else it would have been even simpler. Maybe there were other reasons? Rob

8 years, 8 months

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net March 2016