Hi all,
I’ve been trying off and on over the last few days to set up a VPN connection to amprnet to use my new allocation.
I’m not succeeding on multiple linux machines and a macOS device and seeing a couple of the same errors -
OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Cannot load private key file /etc/openvpn/client.key
Error: private key password verification failed
The first is related to, I assume, my user certificate - is this a fatal error and am I doing something wrong, has the advice changed from `cat certs/user certs/authorities > client.crt`?
Secondly, the password verification is confusing me - I have just imported a new tqsl cert generated this week, and in tqsl it advises me there’s no certificate passphrase. I’m not sure what to do here - if I try and export a .p12 from tqsl, and generate keys from that, I am asked for a password too and that ends in no progress.
I see the same errors in tunnelblick on MacOS.
Is there any reason I’m being asked for a password? My current LoTW password doesn’t resolve this. My concern is that there is some password I’m missing from when the certificate was first generated years ago and that now prevents me from accessing the VPN.
Cheers & 73
Hibby MM0RFN.
Hey Everyone,
* Please join us in welcoming Bob Witte, K0NR, to ARDC's Board of
Directors! To learn more about Bob, check out our recent blog post:
https://www.ardc.net/bob-witte-k0nr-joins-ardcs-board-of-directors/
* The blog post announcing ARDC's 2024 Advisory Committee Members is
also live: check it out to learn more about our new members and see
who's continuing with us this year:
https://www.ardc.net/ardc-welcomes-new-committee-members-for-2024/
Have a great week and 73,
Rebecca
KO4KVG
--
Rebecca Key - KO4KVG
Communicaions Manager
Amateur Radio Digital Communications (ARDC)
ardc.net
Hey Everyone,
ARDC will be atOrlando HamCation happening from Feb. 9 - 11. If you're
at the event, stop by our table and say hello. Also, be sure to attend
our Forum (Friday, 2/9, 3:30pm ET), where John Hays (K7VE) will be
presenting/New Adventures using TCP/IP on 44Net (AMPRNet) and an ARDC
Update/.
Have a great weekend and 73,
Rebecca
KO4KVG
--
Rebecca Key - KO4KVG
Communicaions Manager
Amateur Radio Digital Communications (ARDC)
ardc.net
Hello to those the list,
I have a VPN server running on a VPS (OpenVPN Access Server). I also have
the packet software XRouter (a.k.a. XRLin) running on the VPS. Normally it
can get the routes from the amprnet RIP broadcasts.
The VPN server uses a tunnel to send packets to my client. In the server to
client direction it takes packets from the internet addressed to the static
WAN address and changes the destination address to the client's VPN address
- pretty standard stuff. The dnat results in the traffic being routed to
the VPN tunnel. The OpenVPN Access Server writes rules to NFTables in order
to handle the forwarding, dnat, etc.
XRouter is set up with its own tunnel - somewhat similar to JNOS. I have
added rules in NFTables to forward all transport protocol 4/encap packets
to the XRouter tunnel. Included is a rule to dnat to Xrouter's address
which is on the Xrouter side of the P2P tunnel. This setup is working for
all encap packets EXCEPT the RIP packets.
Checking things with TCPdump, the RIP packets are being dnat'd to the VPN
tunnel address instead of the XRouter tunnel. I can't find any rules added
by the OpenVPN server that are matching any encap traffic, so I'm baffled
as to why they are not matched by my rules and also how they are matched by
the VPN rules. That said, the VPN Access server creates a very confusing
set of NTFable rules jumping all over the place though different chains, so
it's possible that they lost me. However I asked a question on their forum
a while back about support for protocol 4, and their answer was they don't
support it.
Is there anything about the RIP "IPIP" packets that is different from other
"IPIP" traffic so that they would be handled differently by NFTables?
Thanks,
Lee K5DAT
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campai…>
Virus-free.www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campai…>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
Hello!
I've been working on getting my IPIP mesh gateway set up on Debian & feel like I'm almost there. One thing I’ve noticed is every time I reboot the router, it takes around 45-60 minutes before I can start passing traffic to the public internet again via the ucsd gateway. For example, after rebooting the router, once rip44d has retrieved the routes I can:
(a) Ping and curl across tunl0 to n2nov.ampr.org
(b) Use yo2tm’s nettools to successfully ping my ampr ip and see that traffic locally via tcpdump
But cannot:
(c) Ping 8.8.8.8 across tunl0 (via 169.228.34.84) or
(d) Curl to ifconfig.me across tunl0 (via 169.228.34.84)
However, if I just leave everything running and come back 45-60 minutes later, (c) and (d) work fine with no additional configuration changes and (d) returns the assigned 44net ip address.
Just curious if the above is an expected behavior or a sign that I’ve got something misconfigured.
-Steve
kc8qba
Happy New Year, Everyone!
ARDC will be at the Gwinnett Amateur Radio Society TechFest on January
13, 2024 in Lawrenceville, GA. If you're at the event, stop by our table
and say hello!
73,
Rebecca
KO4KVG
--
Rebecca Key - KO4KVG
Communicaions Manager
Amateur Radio Digital Communications (ARDC)
ardc.net
