- 44net - mailman.ardc.net

by James Sharp

Hi all, I've had a /29 allocation for a while but I'm just now getting set up to try to get it working and I have a questions. My edge router is a Cisco 1811 that I've configured a single IP-IP tunnel on. interface Tunnel44 no ip address ip tcp adjust-mss 1436 tunnel source FastEthernet0 tunnel mode ipip tunnel destination 169.228.66.251 end The only traffic I see coming in on that interface is multicast (which I see as being from RIPng). Are hosts on AMPR net reachable from the public internet via the UCD gateway or is the only traffic I'll ever see from there those RIPng packets? And from what I'm guessing, packets sent to the UCD gateway don't get routed to other netblocks/allocations so I'd need to goahead and build tunnels to everyone else to get a full mesh network. Can someone give me a suggestion on netblocks to build to just to test things? Thanks, James Sharp N5XNS james(a)fivecats.org

8 years, 12 months

3
4
0 0

Latest Working Script For MikroTik Routers

by R P

Hi there After long time Its time to replace my Cisco with the MikroTik The Cisco will go out soon from my home to the local repeater site and deal with connecting our local P25 capable repeater with a worldwide amateur repeaters network and in addition will deal with portion of the AMPRNET network (hopefully will give the local amateurs 44 net feed Via High speed 2.4GHZ WIFI access point) So the MikroTik will have to do what my Cisco does now and do the IPIP for my network I saw that there has been some changes to the automatic router Scripts in the last few weeks and saw a note that one of the script consume memory and Probably wouldn't run on my home router ... Due to small memory It have So what Script i need to take now ? and where can i take it From ? and if there is a small note how to run it If needed it has 32M Memory and 16 M So called HDD (flash ?) The Router is hap lite can bee seen here http://www.routerboard.co.il/product/hap-lite [http://www.routerboard.co.il/sites/3102/images/itempics/133463_large.jpg]<http://www.routerboard.co.il/product/hap-lite> RouterBoard Israel??? ?????? ?????? MikroTik hAP lite ...<http://www.routerboard.co.il/product/hap-lite> www.routerboard.co.il RouterBoard Israel??? ?????? ?????? MikroTik hAP lite | ????? ???????? ???????? | ... Please Advice Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

8 years, 12 months

2
3
0 0

Is rip down?

by jerome schatten

Haven’t heard a rip broadcast since mid morning PST… Is there any way to check status at the portal? jerome ve7ass

8 years, 12 months

8
14
0 0

www.ampr.org

by Brian Kantor

In support of the "letsencrypt" and "https-everywhere" projects, encrypted connections to www.ampr.org and wiki.ampr.org are now available. Thanks to G1FEF for setting this up for us. - Brian

9 years

1
0
0 0

Mikrotik RIPv2 AMPR Gateway Setup Script 2.2

by Marius Petrescu

Hello, I found a bug in 2.1 which would crash the script on removing obsolete tunnels used in multiple routes. Also the loop causing this was completely useless, so a little more speed could be gained. I also tweaked the error handling in update_amprgw, but this should have a minimal impact. If you already run v2.1, please update only ampr_gw (and optional update_amprgw) from the zip file. The config file is unchanged. The updated versions are available as usual. Complete Mikrotik script for import for new installs: http://www.yo2loj.ro/hamprojects/ampr-gw-2.2.rsc http://yo2tm.ampr.org/hamprojects/ampr-gw-2.2.rsc ZIP archive containing individual files (for update): http://www.yo2loj.ro/hamprojects/ampr-gw-2.2.zip http://yo2tm.ampr.org/hamprojects/ampr-gw-2.2.zip Have fun, Marius, YO2LOJ

9 years

1
0
0 0

Addressing NSP's SWIP request, AT&T

by Ryan Elliott Turner

For BGP, AT&T is asking that we SWIP the subnet on ARIN. Of course we can't do that, and I've shared the background that AMPRNET is legacy pre-ARIN ip space. I'm curious, has anyone run into this in the past? How were the service provider's concerns addressed? Thanks, -- Ryan Turner

9 years

3
2
0 0

www.ampr.org

by Brian Kantor

I've reformatted our www.ampr.org web site; please let me know if you have any problems with it. The content is mostly unchanged. - Brian

9 years

5
10
0 0

att: KE6I

by Brian

Cathryn; Please contact me off-list. I've sent you emails and have not seen a reply. Thanks much. -- <rhetorical> Why is it linux users can install and operate *any* version of M$ Windoze but the same can't be said in reverse?</rhetorical> 73 de Brian - N1URO email: (see above) Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode http://uronode.sourceforge.net http://axmail.sourceforge.net AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.

9 years

1
0
0 0

Re: [44net] Mikrotik RIPv2 AMPR Gateway Setup Script 2.0

by Rob Janssen

> On a second thought, a simple plain text file that could be fetched via API > holding e.g. <subnet>:<gw>;[<subnet>:<gw>;]... would do the trick. I now read on the forum that a text file to be read in a script can be no more than 4K in size, so that may be a problem...

9 years

1
0
0 0

Mikrotik RIPv2 AMPR Gateway Setup Script 2.1

by Marius Petrescu

Hello, Just a small update for specific needs. - Added configuration script so updates can happen only for the main script System consists of 3 scripts: wrapper, config and actual update script so further updates can be done for a single script only without needing to edit the configuration every time (Tnx. Marc, LX1DUC). - Only static routes from the main table will be processed, so dynamic ones can co-exist without issues (Tnx. Adrian, YO8RXT) Complete Mikrotik script for import: http://www.yo2loj.ro/hamprojects/ampr-gw-2.1.rsc http://yo2tm.ampr.org/hamprojects/ampr-gw-2.1.rsc ZIP archive containing individual files: http://www.yo2loj.ro/hamprojects/ampr-gw-2.1.zip Have fun, Marius, YO2LOJ

9 years

1
0
0 0

New ARRL book on HSMM

by Steve L

In case anyone is looking for a review of this new book: http://kb9mwr.blogspot.com/2016/04/high-speed-multimedia-for-amateur-radio.…

9 years

3
2
0 0

Mikrotik RIPv2 AMPR Gateway Setup Script 2.0

by Marius Petrescu

Hello, I rewritten the Mikrotik router script so it relies less on interactions with RouterOS and processes mainly lists in memory. So the speed significantly increased, an update check without changes on my RB110AHx2 taking 4 seconds. A full table and tunnel setup takes less than 1 min. On a single core ARM, an update check takes less than 10 seconds. The introduced delay will increase the runtime. Still on the RB1100 it takes only 12 seconds for a check, and some 30 sec on the ARM, while the processor load is quite small (15-20% on the RB1100). Download links (rsc script): http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.rsc http://yo2tm.ampr.org/hamprojects/ampr-gw-2.0.rsc Only main script as text file: http://www.yo2loj.ro/hamprojects/ampr-gw-2.0.txt http://yo2tm.ampr.org/hamprojects/ampr-gw-2.0.txt Have fun, Marius, YO2LOJ

9 years

5
9
0 0

postfix and ax25 mail

by Boudewijn (Bob) Tenty

Does somebody know a trick so that the postfix smtp server will accept a particular illigal sender address. (= ax25 hierarchical address of my bbs) so avoiding error 501. I'm popping fbb and bpq for personal mail with fetchmail. 73, Bob VE3TOK

9 years

4
4
0 0

Re: [44net] strange login attempts to AMPR Hosts

by lleachii＠aol.com

To mitigate this, I generally Deny by default - login/access to my AMPR hosts from 44.0.0.0/8 addresses or to the specific port/protocol (e.g. tcp/22 Denied by default from tun0, etc.) - Lynwood KB3VWG

9 years

2
4
0 0

AMPR ORG Ping behave

by R P

Hi there Is the AMPR.ORG (44.0.0.1) answer for ping request from 44 net address ? for me it answer only from non 44 net .. It has no tunnel route in the portal and therefore the packets not entering to the tunnel like any other 44 net Should i have a specific route for it ? 2) from non amprnet this is what i get when i do ping to 44.0.0.1 is it correct or is it a problem ? Pinging 44.0.0.1 with 32 bytes of data: Reply from 44.0.0.1: bytes=32 time=410ms TTL=45 Request timed out. Reply from 44.0.0.1: bytes=32 time=297ms TTL=45 Request timed out. Reply from 44.0.0.1: bytes=32 time=256ms TTL=45 Request timed out. Reply from 44.0.0.1: bytes=32 time=238ms TTL=45 Request timed out. Reply from 44.0.0.1: bytes=32 time=402ms TTL=45 Request timed out. Reply from 44.0.0.1: bytes=32 time=295ms TTL=45 Request timed out. Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years

2
1
0 0

Re: [44net] Mikrotik RIPv2 AMPR Gateway Setup Script 2.0

by Rob Janssen

> Subject: > [44net] Mikrotik RIPv2 AMPR Gateway Setup Script 2.0 > From: > "Marius Petrescu" <marius(a)yo2loj.ro> > Date: > 04/12/2016 08:44 PM > > To: > "AMPRNet working group" <44net(a)hamradio.ucsd.edu> > > > Hello, > > I rewritten the Mikrotik router script so it relies less on interactions with RouterOS and processes mainly lists in memory. > So the speed significantly increased, an update check without changes on my RB110AHx2 taking 4 seconds. > A full table and tunnel setup takes less than 1 min. > On a single core ARM, an update check takes less than 10 seconds. That is great Marius! Always nice to see spectacular increases in performance in an existing program :-) This should make it usable in practice. Let's see how it works on Ronen's small router! (maybe I do an experiment myself on a RB951G or RB750 when I can borrow it for this purpose) Rob

9 years

1
0
0 0

Mikrotik RIPv2 AMPR Gateway Setup Script 1.6

by Marius Petrescu

Hello, I managed to optimize/change the Mikrotik router script so it has some 50% or less run time and less processor load compared to 1.5. Download links (rsc script): http://www.yo2loj.ro/hamprojects/ampr-gw-1.6.rsc http://yo2tm.ampr.org/hamprojects/ampr-gw-1.6.rsc Only main script as text file: http://www.yo2loj.ro/hamprojects/ampr-gw-1.6.txt http://yo2tm.ampr.org/hamprojects/ampr-gw-1.6.txt Have fun, Marius, YO2LOJ

9 years

1
2
0 0

Re: [44net] Mikrotik RIPv2 AMPR Gateway Setup Script 1.5

by Rob Janssen

Marius, Do you have any explanation why the script requires a powerful router? Is it just the general inefficiency of the MikroTik scripting language execution, is there some operation called by the script that takes a lot of CPU, or is there a chance that by using a more efficient algorithm (e.g. optimization of the case that nothing changes for an entry) a lot of performance could be gained? I ask this because your approach is of course the easiest to have everything integrated on a single router, vs two alternatives that could be considered: - run a Metarouter which does the multipoint IPIP tunneling and runs ampr-ripd - run a Metarouter which runs the python scripts that update the config on the main router Rob

9 years

3
2
0 0

Re: [44net] Source address based routing on MikroTik ?

by Rob Janssen

> Yes, you do it by applying a routing mark, then have a different route > table for the mark. Here is an article about it Besides the generic method of using the Mangle table to apply a routing mark, there is also the simpler method of using IP->Routes->Rules to directly select a routing table based on a source address/network. Rob

9 years

1
0
0 0

Source address based routing on MikroTik ?

by R P

Hi there Is there any way to do source address based routing in the miKrotik ? The idea is to route only local 44 net trafic to the tunnel and other adress spaces that live on the network to route directly to the internet ? If yes (im almost sure Mikrotik can do it) how ? What is the command syntax ? Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years

2
1
0 0

Mikrotik RIPv2 AMPR Gateway Setup Script 1.5

by Marius Petrescu

Hello, I just updated the gateway setup scripts for Mikrotik routers to make the system more robust. It now consists of 2 scripts: - the parent script (update_amprgw) which is scheduled every 5 minutes, on 1 min pat the RIP announcement - the actual update script (ampr_gw) which called from the parent script The parent script will: - prevent run overlaps - after 3 unsuccessful schedules will consider the update script failed end will enforce a run - it will prevent tunnel updates if less than 100 RIPv2 routes are available The scripts and schedule entry are in Mikrotik export format. The file can be copied into the router and loaded using the import command or the content copy/pasted into the console. After this step, edit your config in the ampr_gw script under system->scripts and enable the scheduler entry (disabled by default). Download from: http://www.yo2loj.ro/hamprojects/ampr-gw-1.5.rsc http://yo2tm.ampr.org/hamprojects/ampr-gw-1.5.rsc Have fun, Marius, YO2LOJ

9 years

2
3
0 0

Re: [44net] Tunnel to UCSD refuse to work on my mikrotik

by Rob Janssen

> Subject: > Re: [44net] Tunnel to UCSD refuse to work on my mikrotik > From: > R P <ronenp(a)hotmail.com> > Date: > 04/09/2016 05:59 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > Now i have to put the other routes to the other 44 Net Gateways > I have to find the syntax because i did it in the web interface You have to use that python program, it is not practical to do this (and keep doing this) manually. But I already told you to use /export to get the config which also explains how you could do it manually. Rob

9 years

4
3
0 0

Re: [44net] Tunnel to UCSD refuse to work on my mikrotik

by Rob Janssen

> marius already did all the legwork and wrote scripts that do this on the > Mikrotik. It requires a more powerful MikroTik than he has. I looked a bit at the solution of running a virtual Linux system on the MikroTik but I can't find a reasonably current ready-made Linux image (the one on the site is dated 2010) and I don't think I will setup a cross-compilation environment just for this pointless experiment. (I use a Pi when I need things like that) Also, lately MikroTik have been reducing Flash memory size in their smallest models, making it difficult to impossible to run arbitrary (non-RouterOS) virtual machines on them. (my RB2011 has 128MB Flash, the smaller boxes used to have 64MB, but now the smallest boxes have 16MB Flash. clearly cost cutting is important to sell a router for $39 or less) Rob

9 years

1
0
0 0

Re: [44net] Tunnel to UCSD refuse to work on my mikrotik

by Rob Janssen

> changed the ip route 0.0.0.0 to point to the UCSD interface (to tunnel outgoing traffic of my 44 net to the tunnel ) Did you first add a route to 169.228.66.251 via the gateway that was used for 0.0.0.0/0 before? There must be some way to reach the tunnel interface outside of your 0.0.0.0/0 route! (or else you build an encapsulation loop) It is easier to start with routing only 44.0.0.0/8 to the tunnel interface. > If it matterthe OS version is 6.29.1 > and system firmware 3.24 Why not update it to the current version? It can be done at the click of a button, no separate maintenance contract required as with Cisco. > Is there any command that i can grab the configuration of the router (like in Cisco the command "Show running config" ) ? /export You can also do: /export file=myrouter Then download myrouter.rsc from "Files" and delete it. You can then examine the file using a text editor, e.g. "wordpad". Rob

9 years

2
1
0 0

Tunnel to UCSD refuse to work on my mikrotik

by R P

Hi group the tunnel traffic from mikrotik refuse to work I have done the followings Gave the wan (called ether1-gateway) ip of the outside (in my case 10.0.0.180 (it connect to the ISP router DMZ zone)) Gave the Lan the gateway 44 IP in my case (44.138.1.l) unchecked the NAT option created tunnel interface (called UCSD) with IPIP and source address of 10.0.0.180 and destination address of the amprgw at UCSD changed the ip route 0.0.0.0 to point to the UCSD interface (to tunnel outgoing traffic of my 44 net to the tunnel ) same config exist and working at the Cisco here ( i have disconnected it and plugged the Mikrotik instead) . I see that the tunnel interface receive data and send data but i have no connectivity when i look at the firewall connection tab i see the incoming DNS attacks to what used to be the mikrotik address when it was connected to the 44 net few days ago so it looks like that incoming traffic work ok from the ucsd tunnel side I disabled all firewalls rules (the one that came with the router out of the box) and no change When i do trace route from the router it stop at the 10.0.0.180 IP and not go afterward What am i doing wrong ? the same setup work at the CIsco If it matterthe OS version is 6.29.1 and system firmware 3.24 Any help would be more then appreciated Is there any command that i can grab the configuration of the router (like in Cisco the command "Show running config" ) ? regards Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years

2
1
0 0

Re: [44net] firewall rules at AMPR.ORG router ?

by Rob Janssen

> Subject: > Re: [44net] firewall rules at AMPR.ORG router ? > From: > R P <ronenp(a)hotmail.com> > Date: > 04/08/2016 08:50 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > and if we talk on explain what is forward chain ? in and out i can understand but forward? > and also there are a lot of commands in the action that i dont understand beside reject drop accept > Where can i find description ? I forgot to mention this in yesterday's reply: In the "iptables" firewall, "forward" is the path that packets take through a router. It does not work as in a Cisco, where "forward" is just "input" followed by "output". "input" and "output" refer to traffic to/from the router itself, like the management interface and the processing of packets by the router e.g. for a tunnel that it has to encapsulate/decapsulate, but when packets are just routed they only pass through the "forward" table and not the "input" and "output" table. This can also be seen in the diagram that Marius posted. The actions in the entry can do other things than accepting/rejecting, e.g. logging the packet. Also a nice action that is notably missing from Cisco access lists is "jump". You can make your own table and put some rules in it that are required only for one interface or in one particular situation, then in the normal input (or forward) table you can match on that interface or situation and jump to your custom table. That way you do not need to put all rules in one long input table, and you can improve clarity and performance. For example, in an IPIP router you have rules you want to apply to the external interface, and rules you want to apply to the tunnel interface (which receives traffic for 44-address). You can put these in a separate table and make it easier to manage. Rob

9 years

1
0
0 0

Re: [44net] firewall rules at AMPR.ORG router ?

by Rob Janssen

> some of the verbs such as established sound familiar from the days i used to work with Cisco access lists and checkpoint firewall > the new command wasn't known to me The firewall filters in a MikroTik (and on Linux in general) are far more advanced than the simple access lists in a Cisco router. On a Cisco router you generally just have static rules that allow e.g. traffic incoming on some ports. (there are some exceptions, e.g. "reflexive" access lists) On a MikroTik or Linux system there is a table of open connections (you can see it on a separate tab in the MikroTik router), and you can easily allow all traffic belonging to existing open connections. This means you don't need to do anything to allow replies to outgoing connections, other than having a rule that allows "established, related" in all directions and a rule that allows "new" in outgoing direction. (or just a rule that allows everything in outgoing direction) To allow some things in incoming direction (e.g. outside access to your IPIP tunnel), you need only to allow some new traffic matching a certain pattern. Once the connection completes, it will be in the connection table and again it will be matched by the "established, related" rule that you normally put at the top so it will be matched first. The checkpoint firewall of course also offers such features. In the default configuration, the MikroTik is delivered with some rules that allow "established, related", block other traffic incoming on ether1 (normally the internet port), and allow everything else. I don't like that, because once you add a new interface that is facing outside (like a tunnel), the default will be to allow new connections and thus it is possible to exploit the services on the router. Therefore I always replace such settings by a rule that allows "established, related", then one or more rules that allow "new" only from interfaces that I know are on the inside (trusted) side, then a rule that drops everything. So, a new interface is always by default untrusted until a new rule is added. Make sure that when you modify the firewall you always do it in such a sequence that you do not lock yourself out because you added the "drop" rule before the correct "accept" rules, for example. A way to avoid that is to click the "safe mode" button in the menu on the left, then make all your changes to the firewall and check that you can still navigate around the user interface (open the quick start page, for example) and when everything is OK click the "safe mode" button again so it pops back out. When you lose connectivity to the router while the safe mode is active, all changes you made after clicking it will be rolled back and you will have access again! When you reset safe mode, the changes are committed and you can logoff without losing them. (note that there is no separate "running" config and "saved" config, everything you change is always saved immediately. so a mistake cannot be corrected by power-cycling the router, as with a Cisco) Rob

9 years

4
3
0 0

Re: [44net] firewall rules at AMPR.ORG router ?

by Rob Janssen

> Subject: > Re: [44net] firewall rules at AMPR.ORG router ? > From: > R P <ronenp(a)hotmail.com> > Date: > 04/08/2016 08:50 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > Dear Rob > Thank you for Brief explain > Yes the Syntax of the Mikrotik is totally different then what i use to > Also the mikrotik is not popular here I had hard time to find stores that sell it and i think im the only amateur who use it here > The help that comes with the web interface is not so explainable do you know where i can find more explain on the commands (such as the explain you gave me about the establish and new and related) ? > and if we talk on explain what is forward chain ? in and out i can understand but forward? > and also there are a lot of commands in the action that i dont understand beside reject drop accept > Where can i find description ? As David also wrote: look for manuals of the Linux firewall, "iptables". What is written about iptables is directly applicable to MikroTik, but in the MikroTik you can enter the values in lots of fields on the webform whereas in iptables you enter those on the commandline. Also there is wiki.mikrotik.com for a lot of documentation, unfortunately it is oriented around the command-line interface but you generally find the same things in the web interface. Here the MikroTik routers are available at a couple of webshops, but not in the average highstreet computer store. The reason is that they are very advanced and most users will not know how to configure them beyond the simple generic configurations available from the quick start screen. But at features-for-price they are unbeatable. For example, at work I needed a router for a "workplace-on-the-go". I use a MikroTik router plus a 4G stick. It opens a VPN to our Cisco VPN router at the central office and routes some subnets both ways using iBGP. The box can be connected at the installation site automatically using either plain ethernet, guest WiFi, or 4G mobile internet. The routed subnet is accessible on ethernet and WiFi. We use this to connect a printer and a couple of laptops at a temporary office site, using the internet access that is available, or 4G if there is none. Total price for such a setup is about 150 euro when all hardware has to be bought, or 60 euro when the 4G stick is "free with a mobile subscription". The MikroTik is either a RB951G-2HnD or a hAP AC Lite. Not many other cheap routers can be WiFi access point and WiFi client at the same time, and are able to do a VPN and run a routing protocol over that. (simplifies the configuration, no static routes required) A similar Cisco (not ex-Linksys) router costs 5-20 times as much, and has less features. But, it still is not the most convenient router for AMPRnet! For that, a plain Linux box is to be preferred. We could try to install a Linux VM to bridge the gap between a standard router and the multipoint IPIP mesh plus modified RIP that we use and that is not supported in standard routers (either Cisco or MikroTik). Rob

9 years

1
0
0 0

firewall rules at AMPR.ORG router ?

by R P

Hi there after entering to the DNS attack business (as the one who is attacked) i think of the following Can an access list rule be done that will have rule per gateway subnet on the main AMPRNET ROUTER ? I mean if I have a 44.138.1.x that i will be able to have rules for my subnet as i want ? I ask it because the firewall rule i have added to the miKrotiK (thanks a lot to the ham who gave me the correct syntax) does the job but the tunnel to UCSD still flud with incoming DNS attack noise of about 500KB/s (of course that the router block them to pass through but if i could stop this attack before they even enter to the tunnel from UCSD to me) NB i still dont understand what is the point standing behind UDP flood may someone explain me ? I can understand telnet ftp ssh web attempt but not DNS flood may someone explain it to me ? one more point I have talked with a friend of myn which his job include networking he have a Fixed IP connected to Cisco ASA Firewall and he doesn't see any DNS attacks in the logs he saw here and there SIP attempts (i see at the 44 Net here also some UDP sip but it is almost 0 comparing the DNS attack) so it look like the DNS is related more to the AMPRNET and not to regular internet or maybe this is a coincidence anyway it is something i havent seen on the AMPRNET network we had 20 years ago Regards Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years

4
5
0 0

Re: [44net] How to config mikrotik router for IPIP (and more)

by Rob Janssen

> Subject: > Re: [44net] How to config mikrotik router for IPIP (and more) > From: > Don Fanning <don(a)00100100.net> > Date: > 04/05/2016 04:54 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > Maybe this is a good opportunity for someone to create a basic distribution > that gets AMPRnet working on a RPi. 8G SD cards are incredibly cheap and > ship well or someone can write the image directly on them. Maybe if it's > packaged, profits could be sent to Brian for gateway maintenance/growth. I think it would be a good idea to create something like that. I have done images for another special-purpose Pi application, however in this case it probably needs a little more work to create a nice "setup" program that allows the user to enter the variable data and configures the Pi accordingly. (after all, the instructions that are already on wiki.ampr.org apparently are not enough to get people started, so providing an image and then tell them to edit config files and scripts will probably fail the same way) It is also clear that the default firewall should be OK, and users should be warned not to install things like open telnet servers on or behind the router. Rob

9 years

6
5
0 0

UDP DNS attacks at my 44 Net

by R P

Hi group Now when the mikrotik have a connections sessions screen i see about 150 (yesterday night it was 1200) UDP Port 53 (DNS)sessions coming from about 15 different sites each site have about 10 sessions total bandwidth it consume is 500 KB/s What is it ? why a site have to do 10 times DNS queries (or maybe it is a UDP session to port 53 but not a DNS query ) to my host where even no DNS server exist ? Is there anyone that can tell me the exact command to block it ? i have tried with the web interface to add a firewall rule but nothing happen it looks like im not giving the right rule Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years

3
3
0 0

ISP Router and Pi Cohabitation

by Geoff Joy -KE6QH-

I'm on FiOS (was Verizon now Frontier Comm.) and I'm considering buying a Pi for ampr.org connection. I'm pretty much stuck with the Verizon Actiontec MI424WR on the WAN due to ISP requirements and I'm wondering how it might be best to place the Pi on the LAN. Should it be in the DMZ or should it stay behind NAT? Feel free to email me off list if this is OT. -- Geoff Joy - ke6qh - AmprNet IP Address Coordinator for San Bernardino & Riverside Counties. (44.18/16)

9 years, 1 month

4
4
0 0

Re: [44net] ISP Router and Pi Cohabitation

by Assi Friedman

Many of the Linux based routers do allow you to add non-standard rules. It surprised me that the current ASUS family of consumer routers allowed me to configure a porthole for IPIP without having to use the CLI. Assi -----Original Message----- From: 44Net [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On Behalf Of Brian Kantor Sent: Tuesday, April 05, 2016 11:11 AM To: AMPRNet working group <44net(a)hamradio.ucsd.edu> Subject: Re: [44net] ISP Router and Pi Cohabitation (Please trim inclusions from previous messages) _______________________________________________ On Tue, Apr 05, 2016 at 11:05:38AM -0700, Geoff Joy -KE6QH- wrote: > I'm on FiOS (was Verizon now Frontier Comm.) and I'm considering > buying a Pi for ampr.org connection. I'm pretty much stuck with the > Verizon Actiontec MI424WR on the WAN due to ISP requirements and I'm > wondering how it might be best to place the Pi on the LAN. Should it > be in the DMZ or should it stay behind NAT? I'm not familiar with that particular router, but most residential routers don't have a provision for allowing the IPIP protocol through the NAT so you pretty much have to use the DMZ for AMPRNet tunneling. - Brian _________________________________________ 44Net mailing list 44Net(a)hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net

9 years, 1 month

1
0
0 0

Re: [44net] How to config mikrotik router for IPIP (and more)

by Steve L

Step one would be to create an interactive script that asks some basic questions like your ampr address allocation and sets up the routes and rules. I have been meaning to do this. Sadly winter is pretty much over. I documented the way I did it in pretty good detail: http://www.qsl.net/kb9mwr/wapr/tcpip/ampr-ripd.html Of course there is more than one way to skin a cat. You don't have to add a USB Nic, you could use a VLAN capable switch for example. That is always the rub, one size may not fit all. I skipped explaining a basic firewall, as I think its a bitch much for most people already, and is documented elsewhere. The best info I had at the time was LX1DUC's info, but I wanted to take explaining certain things a bit more that I initially thought weren't the most clear. http://marc.storck.lu/blog/2013/08/howto-setup-an-amprnet-gateway-on-linux/ http://marc.storck.lu/blog/2013/08/basic-paranoid-iptables-firewall-for-an-… I have found everyone in any aspect of the hobby has a different level of understanding. Writing a disk image to a SD card might be a first timer for someone for example. Then you need to explain that. A good start would be for more people to share details on their gateway setup. >Maybe this is a good opportunity for someone to create a basic distribution >that gets AMPRnet working on a RPi. 8G SD cards are incredibly cheap and >ship well or someone can write the image directly on them. Maybe if it's >packaged, profits could be sent to Brian for gateway maintenance/growth.

9 years, 1 month

1
0
0 0

Re: [44net] strange login attempts to AMPR Hosts

by Assi Friedman

For those of you running Linux, Iptables + Fail2ban work very well against port exploit and brute force attempts. Obviously, it also helps using a mainstream distribution with active maintenance. Assi kk7kx. -----Original Message----- From: 44Net [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On Behalf Of Geoff Joy -KE6QH- Sent: Tuesday, April 05, 2016 8:20 AM To: AMPRNet working group <44net(a)hamradio.ucsd.edu> Subject: Re: [44net] strange login attempts to AMPR Hosts Probes of IP addresses are VERY common. T ...snip.. Geoff Joy - ke6qh - AmprNet IP Address Coordinator for San Bernardino & Riverside Counties. (44.18/16)

9 years, 1 month

1
0
0 0

strange login attempts to AMPR Hosts

by R P

Hi group The mikrotik router log show me every half minute a telnet and SSH login attempt it last for hours the strange thing is that the IP it is using was not active in the AMR DNS up to yesterday and right after i have add it to the DNS and connected the router the login attempt tried I have traced two off the breakers and one is in Poland and other is in China Is it common that someone try to brake our network hosts ? do you see such things at your hosts too ? how someone discover so quick about an active host in a Whole class A network ? What is your solution \ reaction for such a brake attempts ?? Thanks for every clarifications Regards Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years, 1 month

3
2
0 0

How to config mikrotik router for IPIP (and more)

by R P

Hi there I got few hours ago Mikrotik router I must say it look impressive from the web interface it have I have some questions May anyone send me the commands needed to make an IPIP tunnel (lets start with IPIP Tunnel to the UCSD Router) and if any route command needed to be add please write it to me as well Im new to the mikrotik routers but they look very professional certainly comparing the TP-link stuff 2) can a interface of the microtik (say the lan port) have two ip addresses (like the Cisco Router do with the command : ip address a.b.c.d 1.2.3.4 (subnet) secondary ) ? 3) The router lan port have no default gateway and therefore if i connect the router lan (which is also connected to the wifi part of it) Is there any way to connect the router lan port to the net and have it to be able to get a default gateway ? Thanks For any help Regards Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years, 1 month

6
15
0 0

Re: [44net] How to config mikrotik router for IPIP (and more)

by Rob Janssen

> The best for now is to give up, and use some Linux device (like > Raspberry Pi) to set 44networking. We've been telling him that for weeks now... Of course, now he has a MikroTik router which is much more flexible than the average router. These things (as tiny as they are) can run a virtual machine! (the feature called Metarouter) It may be possible to run a small virtual machine with Linux on it, that either does the tunnel and RIP processing, or is running the script to re-configure the main router all the time to add/remove the tunnels. That way it may be possible to get it working even on this low-end router, with the advantage that it has multiple ethernet ports and even WiFi. It would actually be nice to have a solution for the appliance operator to get an IPIP tunnel, although there of course are many challenges to overcome. I should find time to play with the Metarouter running plain Linux... Rob

9 years, 1 month

3
5
0 0

Re: [44net] How to config mikrotik router for IPIP (and more)

by Rob Janssen

> I can set it up to run with > cron so that it emails you the list of commands needed to update it > every hour. After a few hours of this, you may understand why it is > provided as an automatic script! This is why a Linux system (e.g. Raspberry Pi) running ampr-ripd is so much easier! Did you ever try to run Linux under Metarouter and run ampr-ripd on that? I think an OpenWRT image is available that could be stripped down to a bare Linux system that could handle the tunnel routing as a Metarouter on certain types of MikroTik. (RB750, RB2011 etc) Of course Ronen will not be able to figure that out himself, but maybe he could run it when a ready-made image is available for download. I have not yet tried Metarouter myself, always enough things to do :-) Rob

9 years, 1 month

2
1
0 0

UCSD gateway filters

by Marius Petrescu

Lately I have a lot of domain response traffic from china, probably a dns amplification attack targeting the host 42.202.148.15. The used address which gets that traffic is mainly 44.182.20.27. Other hosts of this subnet also receive traffic via the ucsd tunnel (44.182.20.*, 44.182.230.*). These addresses have no registered host name and thus should be dropped by the gateway, but this is not happening. Anyone knows an explanation or is it a gateway bug? Marius, YO2LOJ

9 years, 1 month

2
2
0 0

Suspend routing

by Assi Friedman

Is there a simple way to suspend routing from mirrorshades to my segments? Without putting an invalid IP (BAD), or canceling the allocation, I don't see a simple option. I am currently doing a network upgrade and will looe AMPRNet support for a while. Obviously, I can just leave it as is and the host machines will just ignore the traffic. Thanks, Assi

9 years, 1 month

2
1
0 0

Re: [44net] IP assignment history

by Rob Janssen

> I don't think git or subversion existed back then According to Wikipedia, SCCS was developed in 1972 and RCS in 1982. However, in those days most of us could not afford a Unix machine. It was only end 1992 when I built a system running Linux and all of this became much easier. I became coordinator in 1996, and my predecessor PA0GRI had used Unix at home much earlier than me. (I think he had a Unix system on packet radio in 1988 or so) He developed the scripts used to send update mails to the robot, which I continue to use. These just save a copy of the mails sent to the robot. That is about 5MB now. Does not seem much, but there have been times this was most of the harddisk capacity of a computer... :-) Rob

9 years, 1 month

1
0
0 0

IP assignment history

by Bill Vodall

Is there any history maintained of the address assignments? I've been thinking it would be interesting if I could pick up the date of my first use back around 1990 in Colorado. 73 Bill, WA7NWP

9 years, 1 month

4
5
0 0

Testers/Consideration/Inquiry - Coordinating the Private AS Numbers

by lleachii＠aol.com

All, ASNs 64,512 to 65,534 of the original 16-bit AS range, and 4,200,000,000 to 4,294,967,294 of the 32-bit range are commonly used amongst persons on the same network to coordinate routing, etc. While, it's not yet feasible, there is much research into technologies (e.g. space elevators), willingness of sponsors for satellites/availability/etc., and availability of machines, embedded devices, network cards, etc. tinkering into consumer-grade hardware capable of multi homing and routing. Also, lets recall, some of our operators have access to carrier-grade devices as well. Considerations: - those on BGP'd islands of the Public Internet (announcing their allocations with LOAs/Public ASNs,etc.) would still be so (this is no different than stations with allocations that use their allocations in a manner that would not route back to AMPR anyway), they must be considered as those taking allocations to use without AMPR connection, but there are more options for current and future connectivity with BGP - RIP44 can still remain in use. In addition, there are multiple methods to remove your own routes and those of others. You simply remove the route of those you peer with, change metrics, etc. - My router (and, I would assume those of many others that have been flashed, etc.) are capable of forwarding packets, regardless of source/destination IP. We could test the possibility of switching from a star (reliance on AMPRGW's 100% uptime for 'real-time' route updates) to a mesh, where we peer with those who choose, have a large connection, are physically interconnected to one another, etc. - (in the future) anyone, including those on the Public Internet, could volunteer to announce more specific routes for IPIP allocations (with the proper authorization requested by the allocation holder) and then maintain a tunnel, RF link, etc. - could connect to someone who could provide the AMPRGW. - there is a movement in many areas to establish HSMM in many regions of the world, but there have been many hindrances to their ability to a.) interconnect beyond their island-of-connectivity and 2.) not rely on the same factor/conditions that could cause a loss of commodity Internet connectivity in order to reach other subnets - in these considerations, AMPRNet's 100% reliance on AMPRGW and not devising methods not to rely on the commodity Internet for Islands of interconnectivity could cause issues in a real emergency scenario Goal: - to attempt to alleviate load/reliance on AMPRGW - provide redundancy - test the possibility to geographical alternatives to AMPRGW - consider test the need of issuance of private ASN space for these purposes TEST: I'm looking for anyone currently using IPIP only that's GEOGRAPHICALLY CLOSER (I am connected to the Internet through Verizon via Ashburn/Wash.DC) to me than AMPRGR, AND/OR a BGP's station willing to coordinate establishment of a point-to-point VPN tunnel, over which we will announce our own allocations and/or those in the AMPR test subnet. I am willing to assist with documentation, graphing etc. To-do: - Establish sessions - setup test hosts - test multihoming, availability, etc. - test route prioritization, etc. - lastly, test (with permission) loss of a stations default route via tunl0 and using the other session - test with stations who may be located physically nearby (fiber, RF, etc.) ***Please let me know your thoughts, opinions, etc.*** 73, - Lynwood KB3VWG

9 years, 1 month

6
29
0 0

Re: [44net] IP assignment history

by Rob Janssen

> Subject: > Re: [44net] IP assignment history > From: > Jay Nugent <jjn(a)nuge.com> > Date: > 03/27/2016 08:49 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > Greetings, > I have ALL of my IP Address/Hostname requests (with all contact information for those end users) going back to at least March of 1998 and probably even YEARS further back than that (saved on a different hard disk), from when I was the AMPRnet IP > Address Coordinator for 44.102/16 in the state of Michigan. > > I also have a copy of each and every ENCAP.TXT file saved from the 1st of the every month, also going back to at least March 1998 and probably for years further back that that. > > Doesn't *EVERY* IP Coordinator have good archival records of their activities, and that of their 'customers' for which they serve? Just poking a little fun here... :) I have copies of the mails sent to the DNS robot since January 1994 and also copies of most of the requests received from the users. Unfortunately I have not kept an easily accessible list of contact information. It would be possible to construct it from the request mails, but it would be a lot of work. I'm a bit surprised that the processed robot mails are not saved, but maybe now they are... (disk space has become much cheaper than it was back then) Rob

9 years, 1 month

2
1
0 0

can there routers do IPIP ?

by R P

Hi there I have finally found some shops that sell here MiKroTik Routers May anyone of you tell me if the two models listed here will do IPIP (Gateway) ? by default ? (without need to do custom software flash (as WRT) http://routerboard.com/RB750GL [http://img.routerboard.com/mimg/673_m.png]<http://routerboard.com/RB750GL> RouterBoard.com : RB750GL<http://routerboard.com/RB750GL> routerboard.com RouterBoard RB750GL description. The RB750GL is a small SOHO router in a white plastic case. It has five independent Gigabit Ethernet ports and optional switch chip ... http://www.routerboard.co.il/Product/hap-lite [http://www.routerboard.co.il/sites/3102/images/itempics/133463_large.jpg]<http://www.routerboard.co.il/Product/hap-lite> RouterBoard Israel??? ?????? ?????? MikroTik hAP lite ...<http://www.routerboard.co.il/Product/hap-lite> www.routerboard.co.il The home Access Point lite (hAP lite) is an ideal little device for your apartment, house or office. It supports button triggered WPS, for the convenience of not ... Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org

9 years, 1 month

2
1
0 0

Re: [44net] Testers/Consideration/Inquiry - Coordinating the Private AS Numbers

by Rob Janssen

> I tend to agree that currently when i now go to any Israeli commercial site from the 44 net ip the packet travel to UCSD and then back to UCSD and by tunnel to me again and this is a long trip > If there was a mechanism to allow the traffic to go to any local 44 gateway and then the packet will go to the local Internet the trip would be much shorter > but i dont know how it can be done these days that every IPS block Source 44 Net address from passing through > as for 44 net to 44 net trafic it look ok because it tunnel direct to the gateway and not passing through AMPRGW > the only thing I can think off is to put a secondary portal for redundancy . > Ronen - 4Z4ZQ To solve this you need to talk to people at an ISP who want to announce the 44.138.0.0/16 block on internet on their routers just like they do for the address block you use at home, then forward the traffic on that block to your internet router. Similarly you forward the outgoing traffic to internet via their router. When you have found an ISP who would be prepared to do that, at a cost you can afford, then you write a letter to Brian asking for permission to do that and then you tell them to set it all up. (NOT BEFORE YOU HAVE THE PERMISSION FROM Brian!) Your own router then receives all traffic for that address block directly from internet and you can route parts of it to others via radio, VPN, or whatever you like. Please note you will have a constant traffic of several Mbit/s from only the bad guys that are portscanning and the reflection from the bad guys using your addresses as spoofed source address, and this is increasing all the time. So don't do this from your home, put your router in a datacenter where you have 100 Mbit/s or more. We have done this here for the 44.137.0.0/16 network and there are other places where this is done. I can ping google from a 44-address and have reply times under 10ms. This also enables us to run repeaters with echolink, DMR, D-Star etc etc on 44-net addresses. Rob

9 years, 1 month

1
0
0 0

Re: [44net] RIP44... v 2???

by Rob Janssen

> Perhaps consider ways that RIP44 could be updated: > - to bootstrap one another in the case of a failure of AMPRGW (election > of a master to send RIP44 announcements, participation in elections > disabled by default) > - allow possibility for addition of routes while 'acting AMPRGW' is > offline (re-elections with time-stamping/flagging)? > - ability to resume normal operations (AMPRGW is automatically > elected/flagged/timestamps-recognized as master/signals send end of > elections) > Ideas? This is all completely unnecessary. The only thing you need to do to have redundancy in the RIP announcements is setup another RIP announcer that gets the same database information and sends the same announcements. Currently they are sent at 5 minute intervals, an efficient solution would be to modify the existing announce to use 10 minute intervals and setup a second one to use 10 minute intervals with a 5 minute offset from the first. When both are up, the users see no change. When one is down, the update interval halves but everything remains running. Rob

9 years, 1 month

1
0
0 0

Re: [44net] Testers/Consideration/Inquiry - Coordinating the Private AS Numbers

by Assi Friedman

There is a mechanism, it's the point to point tunnels. Most gateways support that. The routing table is designed to match for point to point gateways before going to the default AMPR gateway at UCSD. >From a configuration perspective, the easy configuration approach is to first route everything through UCSD to make sure one has mastered local gateway tunneling configuration. Then the local configuration should be expanded to perform direct tunneling to AMPR hosts/gateways and the UCSD gateway should be the lowest priority route. Assi -----Original Message----- From: 44Net [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On Behalf Of R P Sent: Saturday, March 26, 2016 9:18 AM To: AMPRNet working group <44net(a)hamradio.ucsd.edu> Subject: Re: [44net] Testers/Consideration/Inquiry - Coordinating the Private AS Numbers (Please trim inclusions from previous messages) _______________________________________________ ..snip... If there was a mechanism to allow the traffic to go to any local 44 gateway and then the packet will go to the local Internet the trip would be much shorter but i dont know how it can be done these days that every IPS block Source 44 Net address from passing through as for 44 net to 44 net trafic it look ok because it tunnel direct to the gateway and not passing through AMPRGW the only thing I can think off is to put a secondary portal for redundancy . Ronen - 4Z4ZQ http://www.ronen.org

9 years, 1 month

1
0
0 0

Re: [44net] Testers/Consideration/Inquiry - Coordinating the Private AS Numbers

by Rob Janssen

> - I'm not certain how one can reach portal.ampr.org before establishing > an Internet connection first Of course portal.ampr.org should be run on a net-44 address and preferably have radio connectivity, but for reasons unknown to me it isn't. As the worldwide AMPRnet over radio is just a dream, it would not be likely that everyone would be able to reach that system without internet any day. You would need internet anyway to search and visit a webshop to buy the equipment you need to be on radio... > - You stated: "This is not a task of AMPRGR but of portal.ampr.org..." > The Portal is simply a backend to configure AMPRGW itself; and > specifically in the case of IPIP tunnels using RIP44. In the future it > plans to add DNS functionality, but keep in mind, this is just merely a > website I am bringing this up only because I get the feeling that you don't understand the topology of the network and the components involved very well. The title of your initial message is also very indicative of that. What you brought up has zero to do with AS numbers and the issue of coordinating AS numbers was already handled to everyone's satisfaction a couple of months ago. > - I'm not sure how a DNS zone file relates to real-time connectivity to > a network Not to the connectivity directly, but certainly to the usability. It appears that one of your goals is to use AMPRnet without internet connection and that is not really practical when you don't have a DNS on it. There is a DNS server 44.0.0.1 but for most people it will be unreachable when they don't have some internet tunnel. > - AMPRGW is not the ideal route to all subnets because it is not the > most geographically closest AMPRNet node with an Internet connection. If > other nodes were setup in the manner I'd like to test, any node willing > to establish a session could potentially be a closer node I advise you to study the network topology before proposing to change it. Traffic to another amprnet node does NOT flow through AMPRGW. > - You note again "we have a full mesh:" ***Then please test by pinging > MY gateway VIA N1URO's***. In your testing, do not connect directly to > me or use AMPRGW. I will DOWN my tunl0 interface and only connect to > another AMPR station with AMPRGW connectivity - via RF or over a VPN > connection. > + it's my understanding this would fail - STAR > + you imply that it should work - MESH This is not what defines a star versus a mesh. When you disconnect yourself from the mesh and do not update the routing to be reachable via someone else's connection, of course you will be unreachable. What makes it a mesh is that the reliance on AMPRGW that you bring forward all the time IS NOT THERE. The pings I send to your gateway directly travel from my internet connection to yours, NOT via AMPRGW. We use a multi-level subnet system here. We route the entire country subnet to a single gateway which has radio and VPN connectivity to users in the country. Those users can also have their own IPIP gateway when they like. In that case the traffic for their subnet will flow directly to them, but when they stop that the traffic will go to our gateway and then to them via radio. Of course there is no "alive" detection in the current IPIP gateway system, so a route will not disappear from the announcements just because the internet connection of that gateway is broken. So you will have to disable the gateway first (functionality that has been removed from the portal.ampr.org system for reasons totally unclear to me, you now just have to delete the subnets) Rob

9 years, 1 month

1
0
0 0

Uncle "google" in hamradio network ?

by Waldek Waldek

Hi, Many years ago we used as main application the terminal to the connections of the BBS Currently we use modern solutions in hamradio network such as WIFI and main application which we use is web browser to see many WWW pages On our club www page we have small collections urls to others http://sp2pmk.ampr.org but it is not good solution In Europe we have a system with a database of web sites, search engines based on yacy: http://search.db0sda.ampr.org/ http://web.oe2xzr.ampr.at/ http://44.134.190.114/lsp_map.cgi etc How to find others www pages outside Europe for examaple in US or others places Anybody know or exist similar solution in US ? It will be fine to travel via 44/8 network and see and read other www hamradio pages individual or club station. Sometimes we can find on hamradio amprnet/hamnet www pages interesting information or solution. -- Waldek sp2ong

9 years, 1 month

2
2
0 0

Re: [44net] Uncle "google" in hamradio network ?

by Rob Janssen

> I just recently completed an nmap of the routed portions: > http://kb9mwr.ampr.org/public/nmap/030516routed.txt <http://kb9mwr.ampr.org/public/nmap/030516routed.txt> > http://kb9mwr.ampr.org/public/nmap/030516nmap.txt <http://kb9mwr.ampr.org/public/nmap/030516nmap.txt> You have crashed my instance of NET (and that of a friend) several times with this action. It is normally runs for months on end until I need to reboot the machine, but in that case it just crashes. I know it must be a bug somewhere in the years old naive TCP implementation but I have not been able to locate it yet. Until then, I have just blocked you in the firewall. Just to let you know that actions like this (and the one Ronen proposed) *do* cause damage to others. Rob

9 years, 1 month

1
0
0 0

Re: [44net] was Uncle "google" in hamradio network ? Repeater linking

by Steve L

There isn't a whole lot of entries in the wiki services list. I am not sure how many net 44 users are on this list and or know about that. I personally find wiki markup coding a pain as its not native to me. Another thing is maybe some people would rather share service details after a portal login rather than somewhere that gets scraped by google. To me it sort of make sense to briefly explain what your doing in the network allocation area and/or gateway areas of the portal. In my quest, one thing that caught my eye was this Michigan repeater linking/microwave project. Mostly because they are closer to me in Wisconsin. https://w8cmn.net/tiki-index.php?page=Mi6WAN-MAIN I recall someone on this list no that long ago from overseas was doing a similar project with Asterisk/app_rpt and 802.11. Elsewhere (reddit/slashdot) I recently read about the Mid-Atlantic IP Network ( I think they aren't using 44net though), same type of thing. I like the idea, and have been looking to try the Asterisk/Allstar RTCM to add a voted receive site, but transported over a microwave IP link. We just did a tower climb today here in Wisconsin and replaced some damaged 802.11 gear. And had an offer from a broadcast group for some tower space. I am hoping 2016 is the year things take off a bit locally. Steve

9 years, 1 month

2
1
0 0

Re: [44net] Uncle "google" in hamradio network ?

by Steve L

Thanks for the info. Looks like the info I need to use it for our purposes. Some time back there was a resource list that Jim Fuller maintained that was handy to list what was all out there. >HiHi >Not the whole one, for shure. >Just your "local area" and then report to the yacy network. > >Have a look here after google translated it for you ;-) >http://www.amateurfunk-wiki.de/index.php/Suchmaschine > >73 >2MIC

9 years, 1 month

2
1
0 0

Re: [44net] Uncle "google" in hamradio network ?

by Steve L

I just recently completed an nmap of the routed portions: http://kb9mwr.ampr.org/public/nmap/030516routed.txt http://kb9mwr.ampr.org/public/nmap/030516nmap.txt I did the same thing a few years back but there was that IPIP,<-> BGP problem I too have yacy installed. I just started it back up. I am not to familiar with it, how do it get it to crawl the amprnet?

9 years, 1 month

3
2
0 0

Re: [44net] Uncle "google" in hamradio network ?

by Steve L

No, and I'll admit that. That is why I'd like to hear more about how to configure yacy. But since there isn't a search engine or otherwise way yet to get an idea what is on the amprnet and what people are doing on the address space, I couldn't really think of any other way. The links below will only be active for a short time, as it's really only meant for 44net folks to get an idea. Steve >> http://kb9mwr.ampr.org/public/nmap/030516routed.txt >> http://kb9mwr.ampr.org/public/nmap/030516nmap.txt > >> I am not to familiar with it, how do it get it to crawl the amprnet? > >Is this wise? >- Brian

9 years, 1 month

1
0
0 0

Re: [44net] Testers/Consideration/Inquiry - Coordinating the Private AS Numbers

by Rob Janssen

I don't understand your consideration of "moving from a star to a mesh". We ALREADY have a mesh! There is no load to be removed from AMPRGW other than the routing from/to internet for those that are not directly BGP routed on internet. When you want a solution for the "single point of failure" for RIP announcements, the simple solution would be to deploy a second RIP annoucer elsewhere, that sends the same information as AMPRGW, and takes over when AMPRGW does not send those announcements. Of course it still needs to be fed with the same topology information, so it could be tricky to get a solution that does not have any single point of failure, but your solution of doing BGP over tunnels instead has such information embedded in the static configuration of all the peers, which is even more difficult to manage. So it is not really clear to me what such a change really would achieve what we do not already have. What is the status of usage of AMPRnet addresses in HSMM? In the past they used RFC1918 addresses that were automatically allocated. I believe newer versions can use static addresses that could als well be from NET-44. Is this already in wide use? Rob

9 years, 1 month

2
1
0 0

Re: [44net] Testers/Consideration/Inquiry - Coordinating the Private AS Numbers

by Rob Janssen

> a.) then how would a new or offline IPIP station connect if AMPRGW were DOWN at the time? This is not a task of AMPRGR but of portal.ampr.org > b.) then how do I get routes from AMPRNet without a DIRECT CONNECTION tunl0 connection to AMPRGW? As I wrote is is possible to deploy a second system that does the RIP announcements > c.) what if I can directly reach 2 or more AMPR subnets (but not the Internet)? We already have a large network of radiolinks running here in Europe, and I think also in some other areas of the world. It does not rely much on the internet, except for DNS. I download the ampr.org DNS zonefile daily so I have it available when we are offline. > a.) AMPRGW is currently the only route announcer (but you address that elsewhere) I think it is important because it is the only weak spot I can see. > b.) Next, it's not the ideal route to all subnets Why not? > c.) this solution addresses the possibility of redundancy to other subnets, as well as AMPRGW I don't understand. There already is full redundancy. We have a full mesh. > In planning, it would probably be an alternative to IPIP, and not a replacement. Ideally, there could be a few regional gateways, other stations connecting to one or more regional gateway and to other end-user gateways. That is how we run the network here. What is your proposed change? Rob

9 years, 1 month

1
0
0 0

DMZ or not?

by Rob Janssen

> I host a 70cm echolink node and did not need to place that PC in the DMZ. > I did need to forward UDP ports 5198 and 5199 to the PC running echolink. I don't > remember whether I also forwarded TCP port 5200 or whether that "looked after itself". You are right, only forwarding 5198 and 5199 UDP is sufficient. The echolink program also makes outgoing connects to port 5200 on the central server but you normally don't need to open or forward anything for that, it is just the normal outgoing NAT. (there are instructions that mistakenly mention port 5200 to be opened, but the program is not even listening on that) Rob

9 years, 1 month

1
0
0 0

Re: [44net] ampr-ripd for openwrt

by lleachii＠aol.com

http://44.60.44.10/amprnet_docs/ Should be available at this time to the Internet at-large. - Lynwood KB3VWG

9 years, 1 month

24
82
0 0

D-Star

by Pedja YT9TP

We are planing on setting up D-Star gateway, so I am reading all I can about it. Here is exception form one tutorial regarding this: "The router for the D-STAR gateway must support a LAN address of 10.0.0.1, with a full class ‘A’ LAN (subnet mask of 255.0.0.0)." Is it just me or this is really strange to force this IP range which will conflict with number of private networks, especially when there is 44net dedicated for ham radio use? Pedja YT9TP

9 years, 1 month

4
5
0 0

Re: [44net] D-Star

by K7VE - John

Let me explain the whole 10.x.x.x thing for D-STAR. Icom created this to meet concerns of the Japanese postal service, to help mitigate the concerns of TCP/IP over D-STAR displacing the ISP monopoly. In D-STAR, the digital data mode transports Ethernet packets (and in turn TCP/IP) as a payload to D-STAR packets. Routing is done based on the D-STAR addresses which are call signs plus an optional "Terminal ID", essentially an 8 octet address. If you are using the Icom G2 (or V1) gateway software it talks to the Icom RP-2C controller over Ethernet using 172.16.0.x addresses. On the controller you can add up to 4 modules. A module can be a D-STAR voice repeater (2m, 70cm, 23cm) or D-STAR data access point (23cm 128kbps). In theory then you could have up to 4 D-STAR data access points (model RP-2D). As traffic from the RP-2D modules come into the gateway, it assumes it has a unique IP address in the 10.x.x.x range (assigned by a registration process), but routes according the D-STAR addresses. The IP addresses are registered to attempt avoidance of address collisions. So if I as 10.10.10.1 (K7VE) want to contact NN1XYZ (10.3.2.1), the gateway software sends the Ethernet packets from D-STAR address K7VE to D-STAR address NN1XYZ. The 10.x.x.x addresses are also NATed out to the Internet if the destination address is not in the 10.x.x.x range. None of this is used if you are only doing Digital Voice over D-STAR. Everything is routed by callsign and the voice packets do not encapsulate any TCP/IP or Ethernet content (well you could but it is not standard). Now the reality is G2 is closed and largely stagnant, it also runs on Centos 5.x which is losing update support, many data facilities have security concerns if you are hosting with them. The larger network is now running on ircDDB (ircddb.net) using ircddbgateway (see Yahoo! group by the same name). ircDDBGateway is Open Source and is pretty agnostic on Linux distributions as well as being available as a Windows application. ircDDBGateway supports the Icom controller as well as a variety of alternate controller options. I would strongly encourage any new D-STAR install to use ircDDBGateway (or another ircDDB based gateway). You don't have to use the Icom addressing scheme. The RP2C can be on a LAN address. Client stations of the RP2D (ID-1 radios) can then use LAN/DHCP addresses (including 44-net). -- ------------------------------ John D. Hays K7VE PO Box 1223, Edmonds, WA 98020-1223 <http://k7ve.org/blog> <http://twitter.com/#!/john_hays> <http://www.facebook.com/john.d.hays>

9 years, 1 month

2
1
0 0

Re: [44net] D-Star

by Rob Janssen

> This is the local IP setting of the gateway. > It expects to be connected to a router with 10.0.0.1/8 witch will NAT to the > Internet. > In other words, the D-STAR device has a default route via 10.0.0.1, that's > all. > No conflicts here. Well, I agree with Pedja that it is an extremely unfortunate choice and that it would have been much more convenient when it supported 44-net addresses or even an arbitrary address on the LAN. We are running several D-Star repeaters and this requirement makes it very difficult to share resources. Even running multiple D-Star gateways on the same ESX system is more difficult than it ought to be (when a single router is running in another VM). Also note that this program has other strange requirements. It requires an ancient CentOS distribution, for example. That is why we want to put it in some ESX VMs. Rob

9 years, 1 month

1
0
0 0

protocol 0002 is buggy

by Poland AMPRNet Co-ord. - Janusz HF1L (ex.SP1LOP)

Hi everyone.. I have a problem, from 3 months I use Debian 7.9 kernel 3.13.3 in part hamradio use jnos 2.0j and from the very beginning I have a problem in kern.log I have all the time such data: /var/log/kern.log ... Mar 20 08:03:07 server kernel: [1908060.719531] protocol 0002 is buggy, dev bcsf0 Mar 20 08:03:07 server kernel: [1908060.865694] protocol 0002 is buggy, dev bcsf0 Mar 20 08:03:07 server kernel: [1908060.885101] protocol 0002 is buggy, dev bcsf1 ... Mar 20 20:13:16 server kernel: [1951869.497517] protocol 0002 is buggy, dev ax0 Mar 20 20:13:18 server kernel: [1951871.496945] protocol 0002 is buggy, dev ax0 Mar 20 20:14:26 server kernel: [1951939.652479] protocol 0002 is buggy, dev ax0 Mar 20 20:15:53 server kernel: [1952026.478022] protocol 0002 is buggy, dev ax0 Mar 20 20:16:12 server kernel: [1952045.710541] protocol 0002 is buggy, dev ax0 Does anyone know how to fix that such messages was not ?. -- 73 de Janusz HF1L (ex.SP1LOP) ===== Janusz J. Przybylski, HF1L ==================== Poland AMPRNet Co-ordinator [44.165/16] from Mar 2003 =====================================================

9 years, 1 month

4
3
0 0

Re: [44net] ports / Protocoles needed to be opened for a gateway ?

by Rob Janssen

> IRLP: > TCP 22 - SSH Not a good idea at all to open this port to the world! Rob

9 years, 1 month

2
1
0 0

ports / Protocoles needed to be opened for a gateway ?

by R P

Hi Does anyone know what ports \ protocols needed to be open to allow ipip tunneling ? The Idea is not to place the gateway in the DMZ in a home internet connection when the gateway sit there / Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years, 1 month

3
2
0 0

Re: [44net] DNS cleanup

by Rob Janssen

> It's getting the legacy allocations into the portal that's not > making me happy. Admittedly, the process is painful but I didn't > think there'd be too many since we've had several years to get > things in. Rob's point about needing some kind of bulk update > process is well taken, and I'll look into that. I think what I need is some way to feed a list of subnet/callsign pairs into the portal (using a tab-separated file, XML file, json file, or whatever the implementer feels most happy with) and it can create the subnet allocations and set the type and the description of the subnet (to that callsign), but leave the owner unset. Then, when this particular OM creates a portal account and is validated and accepted the normal way, those dangling subnet allocations would be automatically attached to his account without me having to approve them. Alternatively, rudimentary accounts could be created automatically so the subnets could be attached to them immediately, but the completion with the details asked when this particular call is registering would be deferred until that happens. Important is that I can make bulk changes (like addition of a thousand entries) as a coordinator without having to go through the current process of "registrant fills a webform, I receive a mail and have to go to the portal and add/change some fields to approve it" for each and every of those subnets. It would be nice if there also is a way to process a callsign or allocation change this way (delete old still dangling subnet allocations and create new ones with different address or different callsign from a batch file). This because we are in the process of building new nodes and need to renumber some areas, which could contain entries that are not yet claimed by the owner. Furthermore I would like to have the capability, as a coordinator, to change the address and owner of an already allocated subnet. I can now change the type, description and notes of an allocation, but not the address or user it is allocated to. (this would not need to be a batch operation, just an addition to the existing "Coordinator: Network Allocations" screen would suffice) Rob

9 years, 1 month

1
0
0 0

Re: [44net] BGP community values

by Rob Janssen

> Just a thought, if the lowest link on the route to a destination has 1 single link at 10kbps this will also be the maximum speed you > can achieve over that path towards this specifc destinatio , so there is no need to multiply the different communities. Ok... In that case a (small) number of communities could be used and a filter list to match them from slow to fast and assign some preference value. However, this will not be enough to make a consistent and optimal set of routes I'm afraid. We'll see how it works out once we encounter this situation in practice and can check if it leads to unwanted routes and this change would improve it. > BTW we use eBGP between sites but we combine this with BGP confederation. This brings the benefit of eBGP > (only BGP sessions with link peers) and keeps AS PATHs short towards our external peers. I still have to find the limits of the AS PATH length (hard or practical). Looking this up after a mention in a direct mail I found that there apparently is or was an implementation limit in Cisco routers at a path length of 256 that destabilized the internet 7 years ago. We are not anywhere near such lengths. However, I am aware that longer path lengths probably mean more data traffic between peers and maybe a little more memory and CPU use, so it could be worthwile to keep these down a bit. > We also opted for a single routing protocol versus OSPF within the internal network with iBGP overlay and eBGP on the edge. Ok, that is what I am doing for now as well, it has to be kept a bit simple not only for me but also for other people who like to install a node and configure it themselves. Rob

9 years, 1 month

1
0
0 0

Re: [44net] BGP community values

by Rob Janssen

> AFAICT making a difference between routes learned via radio, tunnel or the AMPR IPIP mesh > has most importance within your local AS. You may forward those annoucements by any mean to another AS. > For example, you may learn a route via tunnel bit forward it via radio to another AS. This other AS may > learn that same route via tunnel and your radio link. So the question may come up if that other AS should > prefer a direct route via tunnel ot a route learned via radio whcih ultimately still goes via a tunnel. > From a HAM perspective you might want to prefer the longer route via radio but then you will eventually > have to pay for the bandwidth used by that other AS, but this might not be relevant in your case. I have been varying what is an AS, but at the moment I am using the simple "one site is one AS". This means everything is eBGP and there is no interior routing protocol. Of course one could define larger areas and use iBGP within them, but it will be very difficult to set up a reasonable system because geographical boundaries and management group boundaries are very different here, and also difficult to predict. Some people may want to do everything themselves, others will leave the management to me. And of course we like "simple" deployment without the headaches of setting up peering with an increasing number of routers within the AS. With eBGP you only need to peer with the routers you link to. I have read that in other countries OSPF is used as IGP and eBGP on top of that as an inter-AS protocol. That is most likely too difficult to deploy here, except when we exclusively use OSPF inside the country and BGP at the links to our neighbors. The way I see it now is that we use eBGP to exchange the routes between our nodes inside the country and our gateway, where we distribute 3 routes (0.0.0.0/0, 44.0.0.0/8 and 44.137.0.0/16) that can be used as "default" easily selectable with a filter, and the /22 or lower subnets are exchanged as defined in our IP plan. When we make links to our neighboring countries Germany and Belgium, we will only send them the aggregated route to 44.137.0.0/16 and not the route to 44.0.0.0/8 or 0.0.0.0/0. When we receive /15 or smaller routes from them we announce them inside our network and also to the other neighboring country, so we can also carry transit traffic from Belgium to Germany and v.v. We are not going to route traffic towards internet for them, neither direct nor tunneled. > What may be of interest in a more universal way, might be the available bandwidth on the route. > A route which goes over multiple links (whatever kind) of which one has one link limited to 50kbps > might be worth to be used as a secondary route over a route which has the slowest link at 1 Mbps, regardless of the technology. > So may we should define "well known communities" which define the link speed over which they are learned. > Those pseudo well known communities could start by X: followed by the bandwidth class. For example: > 0:1 = 10kbps > 0:2 = 100 kbps > 0:3 = 1 Mbps > 0:4 = 10 Mbps > Etc The problem with eBGP is that there is no other metric than hop count to select preference of a route, all other selections have to be made by local static configuration or derived from community values. In the automatic routing protocols we used before, like NET/ROM, the metric of a path is calculated from the metrics of the individual links, and assigning a metric corresponding the the quality of each link would influence the selection of that link as part of a long path. 3 fast link hops could be preferred over one slow one. Not so in eBGP. You can influence the path by introducing "artificial" extra hops on slow or bad links, so that for example a 10kbps link counts as 3 hops, and is not used when two other faster hops can reach the same destination, but of course this works very coarsely. A system as depicted above could only be used at the next hop, but it would not be easy to assign such values to every link and then calculate an aggregate metric of all the hops to the destination. Routers can match community values using a direct compare and often a simple pattern match on the decimal representation of the numbers (e.g. when the value is 1234 you can match on 1??? to select the values that start with a 1 when written in decimal), but operations like multiplying community values to achieve a new value to be used as a preference are not available. That means you would need long and complicated matching tables to do anything with information like you propose. Rob

9 years, 1 month

2
1
0 0

cleanup?

by Rob Janssen

What is the status of the "to-be-deleted.txt" cleanup? There are 14946 entries that were announced to be deleted early march, but looking at the current zonefile it appears that only about 1524 have been deleted at this time... (I have deleted about 1000 entries, that were not on that list, in 44.137 myself) Rob

9 years, 1 month

3
4
0 0

DNS cleanup

by Brian Kantor

With the kind cooperation of Neil Johnson, I've identified nearly 15000 entries in the AMPR.ORG DNS that I feel can go away. What was done was to create a list of valid subnets of network 44 by combining the encap list, the list of BGP-advertised subnets, and extracting all the connected or end-user subnets listed in the portal. We then made a list of all the DNS entries that no longer fall into any of those subnets. This is nearly half the "A" records in the DNS. That list is available for review by anonymous FTP from hamradio.ucsd.edu. The file is called "to-be-deleted.txt". I encourage everyone who has a DNS entry to fetch a copy of the file and make sure that we haven't accidently included any entries that need to remain in the DNS. Please let me know of any such entries and I can remove them from the list. Assuming our scheme worked, around the beginning of next month, March, I will process the list and remove those entries from the DNS. We still have a long ways to go but this will help. Thank you. - Brian

9 years, 1 month

7
13
0 0

Re: [44net] cleanup?

by Rob Janssen

> It's essentially at a standstill; it depends on people making sure > that their allocations are registered in the portal and that just > hasn't been happening. It's very disappointing. Ah, ok... This time I just announced the deletion, gave people a month to reply, then deleted everything that was not reconfirmed. I received some confirmations, in addition to those received and processed in 2014. After the deletion, only two suddenly woke up and wanted their registration back. But most of these are still not registered in the portal, I would need some kind of batch import method for that. Rob

9 years, 1 month

1
0
0 0

Re: [44net] OpenVPN

by Steve L

Cory is correct. I just followed his steps and the openvpn server started up fine. When I went to connect using my windows Securepoint client I got a TLS error till I went in and unchecked the server certificate box. I am using the concatenated certs\root (didn't break them apart) as ca.crt I got an IP and everything worked just fine after that. I'll try what Hessu is talking about setting up a private ca and having it issue a server certificate about later today after running some errands. Still a little confused on that. But I think it equates to: ./build-ca ./build-key-server server Do I just discard the ca.crt that the first step produces and continue to use the certs\root file?

9 years, 1 month

1
0
0 0

Re: [44net] OpenVPN

by Steve L

Thanks Corey that is the info I was seeking. For anyone else with further clarification: Server Side: - ca.crt = The latest LotW Root CA cert certs\root*, you need to break them apart an select the latest one - server.crt* = Your personal LotW cert concatenated with the intermediate that signed it. certs\user* + certs\authorities* - server.key = The private key associated with your personal cert keys\YOURCALL* *References are to the Windows TQSL program: C:\Documents and Settings\your-username\Application Data\TrustedQSL\

9 years, 1 month

3
2
0 0

BGP community values

by Rob Janssen

Is there any registry or documented method for allocation values for "BGP communities" to be used inside the AMPRnet as helpers for the BGP routing? Note I am not referring to internet BGP, but to the BGP protocol used on isolated radio networks operated using private AS numbers. Some time ago we have discussed the allocation of AS numbers in the 32-bit AS space, and I would like to know if people feel a necessity for allocating (reserving) community values as well. These are 32-bit values, commonly written as two decimal 16-bit values separated by a colon, used to communicate attributes of a route. I now use one value to tell the other routers that a route is not over radio (but over internet tunnel, in this case) so inside the network it can be used as a backup route when the radio route fails. In practice there is little chance of collision of these community values, and they can easily be filtered or translated at boundaries between areas where different values are used. Originally a common practice was to use the own AS number as the first value in the 2x16bit pair, but of course that no longer works now the AS number can be 32 bits. Rob

9 years, 1 month

4
3
0 0

Re: [44net] BGP community values

by Rob Janssen

> RFC4360 defines extended communities, but I don't know much more about them. > So far not I haven't seen much usage of communities within AMPR BGP networks. Of course the used routers must support it as well... > Which usages would you like to coordinate? My question is if I need to coordinate... I think probably not. The usage is to mark routes with an origin, just like Jann mentioned in his reply: we have a central gateway with VPN support and we can setup a VPN from routers in the country that are interlinked by radio links, where of course we would like the traffic to flow over the radio links unless they have failed, in which case the routing via VPN would be an alternative. For BGP to know which routes are radio routes and which are VPN routes, a "community" is the BGP name for an attribute that you can add to each separate route, at its origin. Then every router can examine this attribute and assign a lower preference value to the route. Routes with a lower preference are not used when a route to the same destination with default or higher preference is available. > Since these are arbitrary numbers, I use the first decimal part of the 32bit > address as the high word (so that the 42 + country is conserved). > Just an idea, and it works... > e.g. 42226:0 Yes, that would be a possibility. Right now I have used 44137 (our net is 44.137) but a numbering like that would be possible too. Of course this conflicts with the common practice to use the 16-bit AS as the first 16 bits, because we don't own any of those two AS numbers. Jann's proposal of using a 16-bit private AS avoids this conflict, but it is incompatible with 32-bit AS. However, in practice there is no problem because we will never see community values from an AS like 42226 or 44137 on our isolated network. (where we are using private AS numbers only) Again, for clarity, our network is BGP routed on internet, but this is a completely separate thing. BGP at the internet side is run by our ISP who advertises our 44.137.0.0/16 network on internet (under agreement with ARDC) using their own AS number, receive the data and send it over an ethernet link to our gateway, where we relay it to our radio network which also uses BGP, using private AS numbers and those community values we are discussing, but there is no BGP traffic "across" the gateway, only IP traffic to/from internet. So my guess is that any community value set up using a convenient numbering scheme to reduce the conflicts with cross-border schemes is sufficient, a more elaborate scheme like the IP address or AS number coordination is not required. (note that HamnetDB has a registration for AS numbers, but not for community values) Rob

9 years, 1 month

2
1
0 0

Re: [44net] OpenVPN

by Steve L

While I appreciate the responses from everyone, no one is really explaining this in a nice step by step manner that I need. I suspect its because everyone is trying to help me learn it rather than give me the answer. The problem is the terminology compounded by extraneous info. ________________________________ >If you want to use LotW keys, you CAN NOT generaty any keys. > >Let me motivate: Well its not working. I am real close to throwing in the towel and moving on to a different project. > >- LotW has a CA certificate, and its private key. >- using those, it generates some intermediate certificates, public and >private keys. >- using those intermediate certificates, it generates the public and >private keys for the user which are sent to him. I understand all this. >To generate user keys, you NEED the private keys of the intermediate >certificates, which you do not have. These are needed to sign the newly >generated keys. I think of this as two parts, client and server. Maybe thats the wrong way to look at it, but either way user keys equates to me as client keys, which has already been documented in a simple manner. I don't need the private keys because A.) I am not asking about the user/client end of this. These are the related files in my server,conf file. I am asking where/how do I get these so that my openvpn server can be accessed by clients using the method documented in the wiki: http://wiki.ampr.org/wiki/AMPRNet_VPN ca.crt server + all clients Root CA certificate ca.key key signing machine only Root CA key dh{n}.pem server only Diffie Hellman parameters server.crt server only Server Certificate server.key server only Server Key

9 years, 1 month

3
2
0 0

Re: [44net] BGP community values

by Rob Janssen

> Here you can find the proposed allocation method: > http://laru.lu/on-the-air/hamnet-44net.html <http://laru.lu/on-the-air/hamnet-44net.html> > It uses 32 bit ASNs, which are represented as a single number, the old > 16bit:16bit scheme being obsolete, but backwards compatible. I know about AS numbers but I am asking about community values, not AS numbers. Rob

9 years, 1 month

3
2
0 0

Re: [44net] OpenVPN

by Steve L

>Ok, so you're trying to generate a server certificate for your VPN server. I am trying to generate/gather all the files I need for the server side so that when its done it works like yours. Where I don't have to issue client keys, and all that. (Just a config file and the public key ca.crt file). They can just follow the well documented steps in the wiki that work for yours. So I don't need to build a Certificate Signing Request after all? > >For this step, we actually do not need *anything* from LotW/TQSL side (and >can not use any)! Just use any openvpn server setup guide's instructions >for setting up a CA and generating a server certificate out from that CA. >That CA cert is then given to the openvpn client, so that the client can >make sure it is talking to the correct server. This is what I have done before. Builds a private root ca, and all the rest. ./clean-all ./build-ca ./build-key-server server ./build-key client1 ./build-dh The first line makes sure we start from scratch. The second generates a key for the Certificate Authority (ca.crt and ca.key). The key for the server itself is generated on the third line (server.crt, server.key, and server.csr) . Repeat the forth line for each client that needs to connect (client1.key, client1.csr, client.crt, etc). Finally, we need the Diffie Hellman key as well, which is generated on the fifth line (dh1024.pem). In my server config file: ca ca.crt cert server.crt key server.key dh dh1024.pem >The LotW certificates are only used for authenticating the client. The >server's "ca" config option points to the LotW root certs bundle. The >cleint's "ca" config option points to the private CA which signed the >server's certificate. A paragraph ago I thought you said build ones own private root ca... But it sounds like you are now saying I just copy: C:\Documents and Settings\your-username\Application Data\TrustedQSL\certs\root over to the server, rename it to ca.crt?

9 years, 1 month

2
1
0 0

Re: [44net] OpenVPN

by Steve L

Tal, thanks for the follow up. Most of that I already knew. As I have said, I have a functioning openvpn server. The only thing it lacks is the ability to work with client keys that folks extract from their lotw credentials. I have to issue client keys to people and that is what I am trying to get away from. I really need a watered down step by step guide on how to do this till it all clicks in my mind. Multi-factor authentication is pretty confusing and new to me yet. As I have said the client key extraction and documentation in the wiki is easy to understand, I just wish the same existed for the server end. http://wiki.ampr.org/wiki/AMPRNet_VPN It appears I need to build certificate signing request (maybe I am wrong). Again its not clear to me where/how to extract the root certificate from the ARRL LOTW program.

9 years, 1 month

4
5
0 0

Re: [44net] OpenVPN

by Steve L

My callsign.tq6 is binary data. However it looks like the root certificate is locate here: C:\Documents and Settings\your-username\Application Data\TrustedQSL\certs\root I noticed it looks like three stacked into one file based on the begin/end markings. But from the link Tom shared, it looks like you don't have to do anything different like break them apart, with a chained vs single. Step one (./build-req server ) went ok however stuck at step two:, root@test:/etc/openvpn/easy-rsa/2.0# ./build-key server pkitool: Need a readable ca.crt and ca.key in /etc/openvpn/easy-rsa/2.0/keys Try pkitool --initca to build a root certificate/key. root@test:/etc/openvpn/easy-rsa/2.0# I simply copied the TQSL root file over to /etc/openvpn/easy-rsa/2.0/keys and renamed it ca.crt So I am guessing I need to split each certificate into its own file? Is there anyway to support more than one?

9 years, 1 month

3
2
0 0

Re: [44net] Help Not receiving ampr-ripd encap route broadcast

by Rob Janssen

> If it works without it, don't. > The -r flag will make ampr-ripd receive ALL interface traffic and filter out > multicasts in user space, while in regular operation mode that's left to the > kernel and is more efficient. > While on a big system it probably doesn't make much difference, on a limited > resource device like the PI it could. > Marius, YO2LOJ I fully agree with that! Do you have any idea why it was broken and if this has been fixed? Of course it may depend on the details like which IP address was assigned to which interface, just like the problem that you fixed in version 1.6... Probably I should test again on some different systems and kernels... Rob

9 years, 1 month

2
1
0 0

Re: [44net] Help Not receiving ampr-ripd encap route broadcast

by Rob Janssen

> How can I diagnose why my ampr-ripd is not receiving the broadcast? Any > tools? Likely your problem is caused by a kernel bug that was introduced some time ago, I don't know if it has been fixed in the meantime or if it was defined as 'desirable behaviour' and left that way. Some time ago I faced the same problem, and I could only fix it by adding the -r flag ("Use raw socket instead of multicast") to ampr-ripd. In multicast mode, which used to work fine, it simply did not work anymore on the Pi. Rob

9 years, 1 month

3
2
0 0

Help Not receiving ampr-ripd encap route broadcast

by Jose Ng

Last year I followed this instructions http://www.qsl.net/kb9mwr/wapr/tcpip/ampr-ripd.html and was able to get a Amprnet Gateway working on a Raspberry Pi 2 with a second USB Ethernet and VPN working OK. Few months later, I have problem connecting with VPN. i found out later, I have 2 IPs one static and one dynamic on the RPI. This was due to the new dhcpcd.conf implementation. No longer you declare the static IP in interfaces and some say to add it at the end of dhcpcd.conf. I disable dhcpcd at boot and now 1 static IP and no trouble with VPN. Now, I have problem not receiving the ampr-ripd encap route broadcast. ip route show table 44 only shows: default via 169.228.66.251 dev tunl0 onlink 44.163.22.0/24 dev eth1 scope link 44.163.22.128/25 dev tun0 scope link tcpdump -i etho proto 4 monitor for a long time a no broadcast I use this tool to ping 44.163.22.1 http://yo2tm.ampr.org/nettools.php 100% packet lost But with tcpdump -i eth0 proto 4 it shows the ping arriving but my gateway with no route then no answer: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 00:33:08.740142 IP mail.yo2loj.ro > 192.168.1.112: IP yo2tm.ampr.org > onx.hp2at.ampr.org: ICMP echo request, id 44708, seq 1, length 64 (ipip-proto-4) How can I diagnose why my ampr-ripd is not receiving the broadcast? Any tools? Jose / HP2AT

9 years, 1 month

2
1
0 0

Re: [44net] OpenVPN

by Steve L

Brian, thanks for the update. I know I asked before on how to build openvpn server keys and other configuration details that will let a openvpn server I build work with any hams lotw key clients that has previously documented: http://wiki.ampr.org/wiki/AMPRNet_VPN This is what I have built my own generated certificate authority, server keys, with before using the ./clean-all ./build-ca ./build-key-server server ./build-key client1 ./build-dh I could really use something detailed on the values for the keys and certificates parameters to make a server work with the lotw based keys Its not clear to me where one gets the the LoTW root CA certificate(s) that need to be installed on the server. And I assume these are Diffie hellman parameters? Steve

9 years, 1 month

2
2
0 0

ideas to uutomatic updates of gateway file to Cisco Routers ?

by R P

Hi there My CS8251 works very well I need a idea how to make it get the Updated encap file automatically I do it now by Cut and paste but know that TFTP can do the job as well I need a solution that this can be done automatic (by batch or script) Any ideas , Solutions welcome Regards Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years, 1 month

5
12
0 0

Re: [44net] ideas to uutomatic updates of gateway file to Cisco Routers ?

by Assi Friedman

Ronen: Keep in mind that TFTP is horribly insecure and not very robust. It should only be used on local area networks. Assi -----Original Message----- From: 44Net [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On Behalf Of R P Sent: Friday, March 11, 2016 12:33 PM To: AMPRNet working group <44net(a)hamradio.ucsd.edu> Subject: Re: [44net] ideas to uutomatic updates of gateway file to Cisco Routers ? (Please trim inclusions from previous messages) _______________________________________________ I have made some tests with uploading config file to cisco in few ways The Telnet way is very slow it take to upload the whole gateways command about 5 minutes Today i have done config network (it is doing TFTP for the config file ) the whole procedure took 3 seconds The disadvantage that this way require TFTP server ... but i know it can be done with web also i will check tat too ... The script is also very simple all it have to do is to connect ... to wait for # prompt then to give the command conf network and to give some parameters such as the TFTP server address and file name and in the end to wait for OK When i will have fully automatic and running script (i will have to ask some of the local Script gurus to make it for me ) i will post it here and update the WIKI page Regards Ronen - 4Z4ZQ http://www.ronen.org

9 years, 1 month

2
1
0 0

Re: [44net] need someone that use Cisco with Policy routing

by Jesse Hindmarsh

Ronen, Below is a code snippet I use on my AmprNet router to direct any traffic with a 44/8 source or destination address to use Tunnel1 as my default interface. This allows any non-44 sourced traffic to route back to UCSD. The “ip local policy” command tells the router to apply the route-map to any locally generated traffic. ip local policy route-map NET44-ROUTE-MAP interface Loopback0 ip address 44.56.193.1 255.255.255.0 interface Tunnel1 description Default AMPRNet tunnel ip unnumbered Loopback0 ip tcp adjust-mss 1360 tunnel source 24.229.88.253 tunnel destination 169.228.66.251 tunnel mode ipip interface FastEthernet0/1 ip address 44.56.192.254 255.255.255.240 ip policy route-map NET44-ROUTE-MAP duplex auto speed auto ip access-list extended NET44-PBR permit ip any 44.0.0.0 0.255.255.255 permit ip 44.0.0.0 0.255.255.255 any route-map NET44-ROUTE-MAP permit 10 match ip address NET44-PBR set default interface Tunnel1 Thanks Jesse - WC3XS On 3/11/16, 1:57 PM, "44Net on behalf of R P" <44net-bounces+jesse=hindmarsh.cc(a)hamradio.ucsd.edu on behalf of ronenp(a)hotmail.com> wrote: >(Please trim inclusions from previous messages) >_______________________________________________ >Hi there > >Is there any one that use Cisco as Gateway and use Policy routing for redirecting the 44 Net Traffic ? > >I would like to get the Policy routing lines and the access list that belong to it > >and also the static route command specially the one that refer to the default route and to the route to AMPR Gateway (the main 44 net router) > >I am writing in the ampr wiki page how to set up a gateway with Cisco Router and i cant succeed to make my policy route work correct and dont want to publish example that doesn't work > >Thanks in advance > >Ronen - 4Z4ZQ > >http://www.ronen.org > >Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> >www.ronen.org >ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com > > >

9 years, 1 month

1
0
0 0

need someone that use Cisco with Policy routing

by R P

Hi there Is there any one that use Cisco as Gateway and use Policy routing for redirecting the 44 Net Traffic ? I would like to get the Policy routing lines and the access list that belong to it and also the static route command specially the one that refer to the default route and to the route to AMPR Gateway (the main 44 net router) I am writing in the ampr wiki page how to set up a gateway with Cisco Router and i cant succeed to make my policy route work correct and dont want to publish example that doesn't work Thanks in advance Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years, 1 month

1
0
0 0

Re: [44net] Is there raceroutre machine on 44 net available forpublic ?

by Rob Janssen

> We are not in a real mesh. We are in a star topology from each node. > A real mesh would mean that each node knows its neighbourgs (of course ) AND > is also > Able to handle traffic for its neighbourgs. That not the case if I'm right. This is not right, the IPIP network (at least when properly implemented) is a full mesh. All nodes can send traffic to all other nodes without having to rely on a central node or a neighbor other than the destination. Technically one can even send traffic to "the wrong node" and it might forward it to the correct endpoint, but that is not guaranteed to work because not all nodes allow that in their firewall rules. The only thing that operates in a star fashion is the distribution of routing information using RIP. It would be perfectly possible to setup a second node that sends this same information, to cover the case where that central node goes down and the other nodes gradually lose their routing info. Rob

9 years, 1 month

6
7
0 0

Re: [44net] Is there raceroutre machine on 44 net available forpublic ?

by Rob Janssen

> And there comes nice feature > of ampr-ripd program by Marius YO2LOJ: > in case of missing or not broadcasted > RIPv4 transmission, it keeps LASTLY > received data, thus preserving routing table. But of course only for completely lost transmissions. Some time ago I was hunting a problem where I apparently had packet loss in RIP transmissions, likely because they are sent in a big burst and may overflow buffers or exceed rate limits somewhere. In that case I was randomly losing routes. I kind of fixed that by increasing the timeout on routes to two hours (default was much lower, 15 minutes I think). Also when something would break down that resulted in e.g. the RIP server sending only info about 44.0.0.0/8 in a single packet and not all the other gateways (e.g. due to an empty result from a database query due to some outside issue), the routes would still be lost. It is always difficult to prevent all possible mishaps. Sending updates from different sources will also not prevent all problems (after all there must be a single source of all the info that is being distributed, or we would be faced with two portal systems and the obligation to always register and update both). Rob

9 years, 1 month

4
3
0 0

Re: [44net] OpenVPN

by Steve L

I haven't heard back from Tal. Is there anyone else who share the details on how to build the server keys so that they work with lotw client based certificates? Steve, KB9MWR >Hello, >The time here is 23:53 and i'm not next to my computer. >Tomorrow I'll send configuration file for the openvpn server and one to the >client, also i have script that generate key files & config files for >clients. > >Sorry that i can't send them now. > >Regards, >Tal. > >>Brian, thanks for the update. >> >>I know I asked before on how to build openvpn server keys and other >>configuration details that will let a openvpn server I build work with >>any hams lotw key clients that has previously documented: >> >>http://wiki.ampr.org/wiki/AMPRNet_VPN >> >>This is what I have built my own generated certificate authority, >>server keys, with before using the >> >>./clean-all >>./build-ca >>./build-key-server server >>./build-key client1 >>./build-dh >> >>I could really use something detailed on the values for the keys and >>certificates parameters to make a server work with the lotw based keys >> >>Its not clear to me where one gets the the LoTW root CA certificate(s) >>that need to be installed on the server. And I assume these are >>Diffie hellman parameters? >> >>Steve

9 years, 1 month

1
0
0 0

Re: [44net] Documentation on the AMPRNet network

by Brian Kantor

I wish there were. There was an explanation in the NOSIntro book by Ian Wade which is out of print (but PDFs of it have shown up on line - for example, there is something at QSL.net, and it's available used from Amazon). There really should be an article in the wiki but no one has written it yet. - Brian On Wed, Mar 09, 2016 at 07:08:52PM -0500, Jerry Kutche (N9LYA) wrote: > Is there any reading material online for NET44 and how it works.. > Documentation, maybe also for the Ip Coordinator to gain a grip.. Thanks...

9 years, 1 month

1
1
0 0

Re: [44net] FW: Making Packet Node with Pi ?

by Leon Zetekoff

I apologize to everyone been extremely busy and other things have cropped up taking my time away from pulling the tnc out. I'll definitely try to get it out this weekend and report back thanks 73 leon On 3/9/2016 7:10 PM, Assi Friedman wrote: > Hi Leon: > How much are you asking for the TNC? I assume this is the model consisting > of the TNC + the 9600 G6RUH card? > Thanks, > Assi kk7kx > > -----Original Message----- > From: 44Net [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On > Behalf Of Leon Zetekoff > Sent: Wednesday, March 02, 2016 4:23 PM > To: 44net(a)hamradio.ucsd.edu > Subject: Re: [44net] Making Packet Node with Pi ? > > (Please trim inclusions from previous messages) > _______________________________________________ > I have a paccomm 9600 which i really never used much way back when. I'd > unload it if anyone wants it. please contact me off list. > > Leon WA4ZLW > > On 3/2/2016 6:43 PM, Jerry Kutche (N9LYA) wrote: >> (Please trim inclusions from previous messages) >> _______________________________________________ >> Yes I have an SCS Tracker and yes it too can do 9600 baud.. >> >> A lot of miss information going on here... >> >> That's two TNCs... Still in production.... Any more probably... >> >> 73 jerry n9lya >> >> -----Original Message----- >> From: 44Net >> [mailto:44net-bounces+n9lya=uronode.n9lya.ampr.org@hamradio.ucsd.edu] >> On Behalf Of Bill Vodall >> Sent: Wednesday, March 2, 2016 6:18 PM >> To: AMPRNet working group <44net(a)hamradio.ucsd.edu> >> Subject: Re: [44net] Making Packet Node with Pi ? >> >> (Please trim inclusions from previous messages) >> _______________________________________________ >>> I'd LOVE a 9K6+++ modem but they just don;t seem to be available. >> SCS TNC tracker (http://www.p4dragon.com/en/Modems.html#widget4) and >> the sound card modes such as DireWolf and UZ7HO now claim to support >> 19,200 so 9600 should be doable. >> >> Bill, WA7NWP >> _________________________________________ >> 44Net mailing list >> 44Net(a)hamradio.ucsd.edu >> http://hamradio.ucsd.edu/mailman/listinfo/44net >> >> _________________________________________ >> 44Net mailing list >> 44Net(a)hamradio.ucsd.edu >> http://hamradio.ucsd.edu/mailman/listinfo/44net > _________________________________________ > 44Net mailing list > 44Net(a)hamradio.ucsd.edu > http://hamradio.ucsd.edu/mailman/listinfo/44net >

9 years, 1 month

1
0
0 0

Re: [44net] Is there raceroutre machine on 44 net available for public ?

by Rob Janssen

> Even APRS would be useful for folks that have 44net services to share. > (Re-inventing bonjour/ZeroConf....) Perhaps this is a good reason to > revive the HTPP convsers server (IRC clone) and use it for > announcements like the DStar folks do with IRC technology. I think there would be some slightly different approaches: 1. a written announcement like writing "I have this nice webserver" on convers and requiring people to read the discussion there. of course this information will get lost over time as other services are announced there. 2. a more static approach like putting all available services on a WiKi page that can be edited by everyone. (possibly in a hierarchic way with a page linking to other regional pages) 3. an automatic system like bonjour where every active service is regularly announcing itself on the network and some page is dynamically updated when services appear and disappear. It certainly is something that is worthwhile to take up because it is a frequent question when having new users. "what can I find on the net and where" Rob

9 years, 1 month

11
15
0 0

Re: [44net] RIP packet loss

by Rob Janssen

> Subject: > Re: [44net] Is there raceroutre machine on 44 net available forpublic ? > From: > Brian Kantor <Brian(a)UCSD.Edu> > Date: > 03/09/2016 02:37 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > I've never found the cause of this; the rip sender would report protocol > buffer overflows and never has. The UCSD network can easily take the > amount of traffic that the rip transmissions constitute, and is not rate > limited, so I am led to the conclusion that the loss must be along the > transit path somewhere. Of course, being UDP inside IP, we don't get > notified of in-transit packet drops so it remains a mystery why this > is/was happening. Well, when you send a few thousand UDP packets from a fast system on a gigabit ethernet it does not really surprise me that there can be drops somewhere. Probably not within the fast infrastructure of a university network, but maybe further along the path. There could be queues on interfaces that are slower or loaded with other traffic and that drop some of the packets. At that time there was an obscure second transmission of the same RIP data and when that was dropped, the situation appeared to improve. The gateway where I was observing the problem is on a 100 Mbit line shared with several other systems, maybe the drops were occurring locally due to some rate limiting in place to achieve fair sharing of the bandwidth. I don't think I observed it on our gigabit connected gateway, that was installed later. You could put a small delay between sending the packets or after each small group of packets. Also when you are sending the series of packets to all the gateways, consider to make the inner loop by gateway and the outer loop by packet of the series, not sending all packets for 1 gateway first and then the series to the next gateway. The small delay could then be in the outer loop, and each gateway receives its packets somewhat spaced. Rob

9 years, 1 month

1
0
0 0

amprnet routing

by Rob Janssen

> For a mesh this information gathering step can not be circumvented. Even if > we change routing protocols, you still need to know your peers BEFORE being > able to set up BGP or OSPF. > And if you know your peers, you can know their subnets, too. So there is > actually no need for a routing protocol running on a limited bandwidth > network, because the information is already there, in your peering data. Way back in the days of the previous packet radio network and NETCHL I started to code a solution for this. I implemented multicast in NETCHL and created a simple info protocol that multicasted information about the local system to address 224.0.1.31 port 1535 (look them up in DNS and /etc/services!) These announcements were sent with a TTL of 5 or so, so the neighborhood in the then existing IP/AX.25/NETROM network learned some details about the nodes, like the sysop call, the frequencies it was operating on, and the subnets it was serving. The info could be displayed when connected to the NETROM. The intention was to create an automatic IP routing protocol from there, and then replace IP-over-NETROM and plain connects over NETROM by an automatically routed IP network and a service to encapsulate plain user AX.25 connects (user1-node1-node2-user2) in TCP/IP connects between the nodes. (replacing NETROM) This never materialized, and in neighboring Germany a network was deployed (Flexnet) that stuck to the AX.25 routing, and it became quite popular. The author was not interested in IP at all. More and more operators wanted to switch to that network so further development on NETCHL was mostly halted. Of course, now this change has been made anyway (the network is IP with AX.25 running on top of it instead of under it), but quite some time has passed... Of course we could again embark on such a project, but there is always the issue of migration to a new method without breaking the whole network in the transition phase. Rob

9 years, 1 month

1
0
0 0

Re: [44net] Is there raceroutre machine on 44 net available for public ?

by Rob Janssen

> 3-rd option is interesting. Just that there will be alot of opposition > from people worrying about 1 ping an hour should some multicast group > announcement and subscription messages appear on the network... No, it would work the other way around! Someone sets up a service on amprnet where services can announce themselves to be in the global directory of services. Anyone running a service who would want to be in that directory sends regular announcements to the central server, and those who do not want traffic simply don't annouce themselves and won't have any unwanted traffic. It can be really simple, any capable PHP or ASP programmer can write this in "one rainy sunday afternoon" as the saying is here. Of course to get it universally accepted is another matter. Design would be like this: Anyone who wants to announce their service makes a cron job that once per day posts a file to the central server (XML, JSON, whatever) using a simple call to wget or curl. The file contains the specification of the local services. It can be called manually whenever the file has been edited for quick update. The central server receives the posts (simple HTTP POST) and parses the data, if valid it creates one or more database records with services and sets the time it (last) received this announcement. The same central server provides an overview page (with search and/or selection options) that just dumps the contents of the database as a table. There is some expiration interval (a small multiple of the post interval, e.g. 3 days) after which records are deleted or no longer shown. This can also be a parameter in the selection. Bottleneck: convince everyone who provides some service on amprnet to write the corresponding XML/JSON file and setting up the cron job. Providing a working script callable by cron (i.e. the wget call with the proper parameters) will help. An indication how to write a properly formatted file and/or a tool to do this will also help. It can be made a part of www.ampr.org, for example. Then we can direct anyone there to lookup the service directory. Rob

9 years, 1 month

2
1
0 0

Re: [44net] Is there raceroutre machine on 44 net available for public ?

by Rob Janssen

> Do you have any way to check connectivity and routing problem without doing at least ping and trace route ? > I dont know ... > Whats the point to put the encap file if you cant use it ? What you have just found out is that a network by itself may be fun to construct but is not very useful on its own. That has always been a weak spot of tunneling amprnet over internet: why would you want to do that, when you can just use internet. When you want to actually use amprnet you need some way to find public services that are of interest. Then you can try to connect those, and assume that the operators have no problem with visitors. That is something different than pinging or tracerouting everything in sight. For example, enter in Google: site:ampr.org hamradio Or some other keywords after that text "site:ampr.org" (without the quotes) That way you will find websites on ampr.org (as far as they are connected to real internet), and you may find interesting pages that tell you about other things available on amprnet. Rob

9 years, 1 month

5
4
0 0

Re: [44net] Is there raceroutre machine on 44 net available for public ?

by marius

WW Converse is actually live and wll. Just more servers than users. Maybe it could be made more useful by association with some other populas service. Marius, YO2LOJ Sent from Samsung tablet. -------- Original message -------- From: Bill Vodall <wa7nwp(a)gmail.com> Date:08/03/2016 01:34 (GMT+02:00) To: AMPRNet working group <44net(a)hamradio.ucsd.edu> Subject: Re: [44net] Is there raceroutre machine on 44 net available for public ? ... Perhaps this is a good reason to revive the HTPP convsers server (IRC clone) and use it for announcements like the DStar folks do with IRC technology.

9 years, 1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net