44net January 2024

44net@mailman.ampr.org

4 participants
8 discussions

Re: IPIP tunnel for Mikrotik
by KUN LIN 19 Jun '24

19 Jun '24

Oh, I am on ROS7/CHR. Is there a way to get it work on ROS7? Kun ________________________________ From: Marius Petrescu via 44net <44net(a)mailman.ampr.org> Sent: Monday, September 18, 2023 9:18 To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org> Subject: [44net] Re: IPIP tunnel for Mikrotik The v3.1 scripts are for ROS up to 6.40, and the v3.2 scripts from ROS 6.41 up to the latest v6 releases. The scripts do NOT work on ROS 7 due to the fact that the RIP handling changed and the RIP timers do not work correctly. Marius, YO2LOJ On 18/09/2023 18:01, KUN LIN via 44net wrote: Hi Has anyone setup the IPIP tunnel successfully in Mikrotik? I think the instruction in Wiki is written for ROS 2.0. Things has changed a lot and I have trouble following. I created the IPIP tunnel in the interface and not sure what to do next. I added my IP subnet to the IP tab. The RIP configuration menu is very different now. Kun _______________________________________________ 44net mailing list -- 44net(a)mailman.ampr.org<mailto:44net@mailman.ampr.org> To unsubscribe send an email to 44net-leave(a)mailman.ampr.org<mailto:44net-leave@mailman.ampr.org>

5 11

Announcing: ARDC's new Code of Conduct
by Rosy Schechter - KJ7RYV 14 May '24

14 May '24

Hello, 44Net! Last spring, ARDC put out a survey about whether we should adopt a Code of Conduct. The vast majority (~75%) of you Agreed or Strongly Agreed that we should. I’m pleased to share that, after many drafts, the day has finally come! https://www.ardc.net/about/legal/code-of-conduct/ Please give it a read, as it applies to all ARDC-hosted spaces and projects, including this mailing list. We’d love to hear your thoughts and questions. Feel free to respond to this thread for an open discussion, or email conduct(a)ardc.net for thoughts you’d rather keep private. If you are interested in having a public Q+A over Zoom, please let us know and we’ll set one up. As noted in one of the first paragraphs, we see this as a living document and expect patches over time. If you have feedback or suggestions, please send it to the email address above. Please also be patient with us and our replies – we are working with a new committee and will be building the plane as we fly it. The current committee members are noted in the document. Thanks for taking the time to review the Code of Conduct. We’re looking forward to continuing to growing the ARDC community, with this new Code as a solidifying block in our foundation. 73, Rosy -- Rosy Schechter - KJ7RYV Executive Director Amateur Radio Digital Communications (ARDC) ardc.net

2 3

VPN Setup - key errors
by Dave Hibberd 29 Feb '24

29 Feb '24

Hi all, I’ve been trying off and on over the last few days to set up a VPN connection to amprnet to use my new allocation. I’m not succeeding on multiple linux machines and a macOS device and seeing a couple of the same errors - OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Cannot load private key file /etc/openvpn/client.key Error: private key password verification failed The first is related to, I assume, my user certificate - is this a fatal error and am I doing something wrong, has the advice changed from `cat certs/user certs/authorities > client.crt`? Secondly, the password verification is confusing me - I have just imported a new tqsl cert generated this week, and in tqsl it advises me there’s no certificate passphrase. I’m not sure what to do here - if I try and export a .p12 from tqsl, and generate keys from that, I am asked for a password too and that ends in no progress. I see the same errors in tunnelblick on MacOS. Is there any reason I’m being asked for a password? My current LoTW password doesn’t resolve this. My concern is that there is some password I’m missing from when the certificate was first generated years ago and that now prevents me from accessing the VPN. Cheers & 73 Hibby MM0RFN.

5 8

Blog Posts Announcing our New Board member and our 2024 Advisory Committees
by Rebecca Key 31 Jan '24

31 Jan '24

Hey Everyone, * Please join us in welcoming Bob Witte, K0NR, to ARDC's Board of Directors! To learn more about Bob, check out our recent blog post: https://www.ardc.net/bob-witte-k0nr-joins-ardcs-board-of-directors/ * The blog post announcing ARDC's 2024 Advisory Committee Members is also live: check it out to learn more about our new members and see who's continuing with us this year: https://www.ardc.net/ardc-welcomes-new-committee-members-for-2024/ Have a great week and 73, Rebecca KO4KVG -- Rebecca Key - KO4KVG Communicaions Manager Amateur Radio Digital Communications (ARDC) ardc.net

1 0

ARDC to be at Orlando HamCation, Feb. 9 - 11
by Rebecca Key 26 Jan '24

26 Jan '24

Hey Everyone, ARDC will be atOrlando HamCation happening from Feb. 9 - 11. If you're at the event, stop by our table and say hello. Also, be sure to attend our Forum (Friday, 2/9, 3:30pm ET), where John Hays (K7VE) will be presenting/New Adventures using TCP/IP on 44Net (AMPRNet) and an ARDC Update/. Have a great weekend and 73, Rebecca KO4KVG -- Rebecca Key - KO4KVG Communicaions Manager Amateur Radio Digital Communications (ARDC) ardc.net

1 0

RIP Packet Issue
by Lee D Bengston 22 Jan '24

22 Jan '24

Hello to those the list, I have a VPN server running on a VPS (OpenVPN Access Server). I also have the packet software XRouter (a.k.a. XRLin) running on the VPS. Normally it can get the routes from the amprnet RIP broadcasts. The VPN server uses a tunnel to send packets to my client. In the server to client direction it takes packets from the internet addressed to the static WAN address and changes the destination address to the client's VPN address - pretty standard stuff. The dnat results in the traffic being routed to the VPN tunnel. The OpenVPN Access Server writes rules to NFTables in order to handle the forwarding, dnat, etc. XRouter is set up with its own tunnel - somewhat similar to JNOS. I have added rules in NFTables to forward all transport protocol 4/encap packets to the XRouter tunnel. Included is a rule to dnat to Xrouter's address which is on the Xrouter side of the P2P tunnel. This setup is working for all encap packets EXCEPT the RIP packets. Checking things with TCPdump, the RIP packets are being dnat'd to the VPN tunnel address instead of the XRouter tunnel. I can't find any rules added by the OpenVPN server that are matching any encap traffic, so I'm baffled as to why they are not matched by my rules and also how they are matched by the VPN rules. That said, the VPN Access server creates a very confusing set of NTFable rules jumping all over the place though different chains, so it's possible that they lost me. However I asked a question on their forum a while back about support for protocol 4, and their answer was they don't support it. Is there anything about the RIP "IPIP" packets that is different from other "IPIP" traffic so that they would be handled differently by NFTables? Thanks, Lee K5DAT <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campai…> Virus-free.www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campai…> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

2 3

UCSD tunnel persistence across reboots?
by kc8qba＠wildtky.com 21 Jan '24

21 Jan '24

Hello! I've been working on getting my IPIP mesh gateway set up on Debian & feel like I'm almost there. One thing I’ve noticed is every time I reboot the router, it takes around 45-60 minutes before I can start passing traffic to the public internet again via the ucsd gateway. For example, after rebooting the router, once rip44d has retrieved the routes I can: (a) Ping and curl across tunl0 to n2nov.ampr.org (b) Use yo2tm’s nettools to successfully ping my ampr ip and see that traffic locally via tcpdump But cannot: (c) Ping 8.8.8.8 across tunl0 (via 169.228.34.84) or (d) Curl to ifconfig.me across tunl0 (via 169.228.34.84) However, if I just leave everything running and come back 45-60 minutes later, (c) and (d) work fine with no additional configuration changes and (d) returns the assigned 44net ip address. Just curious if the above is an expected behavior or a sign that I’ve got something misconfigured. -Steve kc8qba

2 6

ARDC at GARS TechFest on January 13
by Rebecca Key 02 Jan '24

02 Jan '24

Happy New Year, Everyone! ARDC will be at the Gwinnett Amateur Radio Society TechFest on January 13, 2024 in Lawrenceville, GA. If you're at the event, stop by our table and say hello! 73, Rebecca KO4KVG -- Rebecca Key - KO4KVG Communicaions Manager Amateur Radio Digital Communications (ARDC) ardc.net

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net January 2024