Hi all,
I’ve been trying off and on over the last few days to set up a VPN connection to amprnet to use my new allocation.
I’m not succeeding on multiple linux machines and a macOS device and seeing a couple of the same errors -
OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Cannot load private key file /etc/openvpn/client.key
Error: private key password verification failed
The first is related to, I assume, my user certificate - is this a fatal error and am I doing something wrong, has the advice changed from `cat certs/user certs/authorities > client.crt`?
Secondly, the password verification is confusing me - I have just imported a new tqsl cert generated this week, and in tqsl it advises me there’s no certificate passphrase. I’m not sure what to do here - if I try and export a .p12 from tqsl, and generate keys from that, I am asked for a password too and that ends in no progress.
I see the same errors in tunnelblick on MacOS.
Is there any reason I’m being asked for a password? My current LoTW password doesn’t resolve this. My concern is that there is some password I’m missing from when the certificate was first generated years ago and that now prevents me from accessing the VPN.
Cheers & 73
Hibby MM0RFN.
I think we need to understand that the use of the IP space of ARDC 44net, have Nothing to do with the use of the RF space a ham can use in his/her country , and/or the rules that apply to your country/frequency/modulation scheme/3rd party data/Identification and the use of other bands that are not ham radio like the ISM band.
What ARDC give you as rules of use of the IP space is just that, rules about the ip space, and the ip space can be use outside of the RF ham bands and even outside of the RF realms and just on fibers or UTP cable.
Now. If you think you need to put some ssid or mac adress to be able to use the 44net ip allocated to you on RF links, that need to be check with your ruling body in your country. And it will depend witch rules Apply if you are using the ISM band , or the ham bands.
Can a RF link travel from the ism band to the ham band to a fiber and then some cable and back to ham band and back into the ism band, totally.
Can this happen on many different country, totally. Making it very hard to Apply all the rules from every country and multiple bands.
So as I was saying, terms of service of ARDC.
Not mixing the 2 will be of great help to understand all of this.
Pierre
VE2PF
A few things mentioned about WiFI thus far in FCC land were not entirely accurate or could be easily avoided. I wanted to just note some things or offer as suggestions - as not to direct to any person in the chain or discourage healthy, civil (as I've read) and intelligent discussion:* One could change the BSSID (i.e. MAC address) of the Access Point, Ad-Hoc, etc. to a hexadecimal value representing the Callsign - problem solved* If one were using alloted channels and e.g. using an amplifier, such an example would otherwise require it to be licensed. * Another example might be altering the antenna of a [modern] Part 15 device, or experimental devices in WiFi Sensing radarBut with the latter examples, I digress.73,LynwoodKB3VWG
Hi all,
The Terms of Service <https://www.ardc.net/about/legal/terms-of-service/>
states:
*"**Your license permits You to use certain addresses exclusively for the
purpose of Amateur Radio communications and experimentation, or other
special uses as may be agreed to by ARDC"*
I was wondering if this was clarified anywhere with examples of acceptable
use cases? A few examples that I'm curious if they're permitted or not:
- Hosting a radio club website that's accessible from the public
internet, including from non radio amateurs.
- Providing general outbound internet access for radio amateurs
connecting via RF, whether its AX.25 or WiFi operating on the allocated
amateur radio frequencies
- Hosting not strictly amateur radio services such as an IRC server for
discussing cars, but it's *only *reachable from other 44net addresses
and RF users
- Providing general outbound internet access to servers and services
that might need to pull software updates from non-radio amateur servers.
- Providing connectivity to a radio amateur related server such as a DMR
Master, to other radio amateur related servers *outside* of 44net
Any guidance would be appreciated.
Matthew
2E0SIP
Just did a dig on ve6cic.ampr.org and it's returning with an IP that is no where near what I thought it should be. Could someone update my DNS record to point to 44.135.148.131?
Stephen Atkins
VE6CIC/VE6CPU/VE6STA/VE6SU
Sent with [Proton Mail](https://proton.me/) secure email.
Hi
> If there is no DNS A record for a tunneled amprnet destination host, the
traffic is not forwarded in either direction.
Does this mean a single A record for my gateway (44.61.31.1/27), or
multiple A records, one for each IP of my subnet?
Thanks
Tom M0LTE
Hello everyone. I've been playing with my 44 net addresses for a while now. I've got an Edgerouter X setup and I've attached a picture of the main config page for it. The edgerouter has an address of 44.135.148.129 and my computer has 44.135.148.130/27. Default gateway is 44.135.148.29. I've also had my DNS setup so it points ve6cic.ampr.org to 44.135.148.130 and my gateway on the portal points to my internet IP.
I run a CC Cluster and BBS on this machine. Is there a way to route from the internet (not on the 44 Net) to this machine?
[44Net.PNG]
Stephen Atkins
VE6CIC
Sent with [Proton Mail](https://proton.me/) secure email.
Oh, I am on ROS7/CHR. Is there a way to get it work on ROS7?
Kun
________________________________
From: Marius Petrescu via 44net <44net(a)mailman.ampr.org>
Sent: Monday, September 18, 2023 9:18
To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org>
Subject: [44net] Re: IPIP tunnel for Mikrotik
The v3.1 scripts are for ROS up to 6.40, and the v3.2 scripts from ROS 6.41 up to the latest v6 releases.
The scripts do NOT work on ROS 7 due to the fact that the RIP handling changed and the RIP timers do not work correctly.
Marius, YO2LOJ
On 18/09/2023 18:01, KUN LIN via 44net wrote:
Hi
Has anyone setup the IPIP tunnel successfully in Mikrotik? I think the instruction in Wiki is written for ROS 2.0. Things has changed a lot and I have trouble following. I created the IPIP tunnel in the interface and not sure what to do next. I added my IP subnet to the IP tab. The RIP configuration menu is very different now.
Kun
_______________________________________________
44net mailing list -- 44net(a)mailman.ampr.org<mailto:44net@mailman.ampr.org>
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org<mailto:44net-leave@mailman.ampr.org>
Thanks, TCP MSS was the answer!
On my router ( Mikrotik ):
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp
tcp-flags=syn
On Sun, Sep 17, 2023 at 4:02 PM Jonathan Lassoff <jof(a)thejof.com> wrote:
> That DNS resolution seems ok, 20.201.28.151 is one of the web frontend
> IPs. (Confirmed with their API's /meta endpoint:
> https://api.github.com/meta)
>
> However, an operation timing out implies that something along the path
> is filtering your TCP connection.
>
> Maybe use `tcptraceroute` to try and tell how far your initial TCP SYN
> packet is making it (to try and tell whom is filtering).
>
> The other thought that comes in mind in the context of TCP breaking
> while traversing VPNs (where small packets like ICMP pings are
> working) is that maybe something along the path is not clamping TCP
> MSS? Maybe try adding a `mssfix` option into the OpenVPN config (maybe
> sized 1420 bytes).
>
> --j
>
> On Sat, 16 Sept 2023 at 11:19, Henrique Brancher Gravina
> <henrique(a)gravina.com.br> wrote:
> >
> > gnutls-cli cannot connect to the host, it give me a timeout:
> >
> > $gnutls-cli github.com:443
> > Processed 137 CA certificate(s).
> > Resolving 'github.com:443'...
> > Connecting to '20.201.28.151:443'...
> > *** Fatal error: The operation timed out
> >
> >
> > But I cant ping the host:
> >
> > $ping www.github.com
> > PING github.com (20.201.28.151) 56(84) bytes of data.
> > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=1 ttl=111
> time=22.3 ms
> > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=2 ttl=111
> time=19.5 ms
> > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=3 ttl=111
> time=22.3 ms
> > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=4 ttl=111
> time=19.8 ms
> > 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=5 ttl=111
> time=19.7 ms
> >
> >
> >
> >
> > On Sat, Sep 16, 2023 at 3:33 AM Jonathan Lassoff <jof(a)thejof.com> wrote:
> >>
> >> For what it's worth, I am able to successfully do git clones from IPv4
> >> Github from 44net BGP island space, and even that repo you list.
> >>
> >> That error suggests that something happened with GNUTLS while
> >> establishing a TLS connection. Maybe test just that with GNUTLS and
> >> run "gnutls-cli github.com:443"?
> >>
> >> On Fri, 15 Sept 2023 at 23:08, Henrique Brancher Gravina via 44net
> >> <44net(a)mailman.ampr.org> wrote:
> >> >
> >> > Hello,
> >> >
> >> > I am running a 44 network with bgp announces on Vultr ( mikrotik )
> and a VPN to my home ( mikrotik ) . Everything is working fine inbound and
> outbound traffic are being routed ok.
> >> >
> >> > The problem is that I can use github on the server on my 44 hosts.
> >> >
> >> > For example:
> >> >
> >> > # git clone https://github.com/Henriquegravina/DxccResolver
> >> > Cloning into 'DxccResolver'...
> >> > fatal: unable to access '
> https://github.com/Henriquegravina/DxccResolver/': gnutls_handshake()
> failed: Error in the pull function.
> >> > # root@odc1:/home/henrique/tmp# git clone
> https://github.com/Henriquegravina/DxccResolver
> >> > Cloning into 'DxccResolver'...
> >> > fatal: unable to access '
> https://github.com/Henriquegravina/DxccResolver/': gnutls_handshake()
> failed: Error in the pull function.
> >> >
> >> > Thanks for any help.
> >> > PU3IKE
> >> >
> >> >
> >> > _______________________________________________
> >> > 44net mailing list -- 44net(a)mailman.ampr.org
> >> > To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
>
