- 44net - mailman.ardc.net

Re: [44net] Is there raceroutre machine on 44 net available for public ?

by Rob Janssen

> Subject: > Re: [44net] Is there raceroutre machine on 44 net available for public ? > From: > Antonio Querubin <tony(a)lavanauts.org> > Date: > 03/07/2016 08:52 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > > You should NOT assume that all gateways actually have the entire mesh encap table loaded. Some only load a partial table to those networks they want to reach. You'd have to check with each gateway operator to verify which encap routes are > actually loaded if you can't reach any of the net-44 nodes behind their gateway. And of course the encap table does not tell you anything about which 44-net address is used by the gateway itself. So there is no way you can check if you can reach the gateway. (even if you would know the address of the gateway there is no guarantee that it will reply to detection attempts) It has already been made clear to mr "Please Advice" that lots of operators do not appreciate what he is doing. Unfortunately, he rarely listens to the advice he is constantly asking for.... Rob

9 years, 1 month

2
1
0 0

Misconfiguration of gateway tunnel interfaces

by Rob Janssen

> Is there a amprnet wiki page with recommendations and notes on just > how to do this? It depends too much on the layout of your network and the equipment and software you are using how to do this. I normally use tshark (terminal version), unfortunately it can only display a condensed version of each packet that does not show how it is tunneled, or a way-to-verbose version where one packet takes up multiple screens full of data. The GUI version 'wireshark' can nicely fold and unfold all levels of detail but of course it is more difficult to run it inside a router or small Linux system used as a router. Rob

9 years, 1 month

2
1
0 0

Re: [44net] Misconfiguration of gateway tunnel interfaces

by Steve L

I just use tcpdump: tcpdump -i eth0 -vvv host amprgw.sysnet.ucsd.edu or ip proto \\icmp tcpdump -vvv -s0 -n proto ipencap > I would recommend amprnet operators starting a network analyzer on your > network > (like wireshark) every time you have made a configuration change, added some > equipment, > or just have a few minutes of time to spend.

9 years, 1 month

1
0
0 0

Re: [44net] Is there raceroutre machine on 44 net available for public ?

by Steve L

Ronen, Feel free to use mine: http://44.92.21.1/tools/ These tools reside on my gateway (IPIP not BGP) and it does have a DNS entry so it should be accessible from the world wide internet as well as 44net. I have a ip route lookup tool, so you can see what my local routing table has for a return route. 73 Steve KB9MWR >Hi there > >I have unexplained 44 net routing problem > >There are some gateways i can reach from my 44 net address and others not ... > >I can access any of my 44 net equipment from any non 44 net IP with no problem > >the Encap text is most updated.... > >The gateways i cant reach are accessible from their non AMPRNET side > >I need a tool (beside this one http://44.60.44.10 ) to be able to do traceroute and ping to me and > to other 44 net > >Is there anyone that have such a thing open for the public (or willing to give me access ) on his >machine (that sit on 44 net IP via tunnel (not via BGP) ? > >Please Advice > >Thanks Forward > >Ronen - 4Z4ZQ > >http://www.ronen.org

9 years, 1 month

1
0
0 0

Re: [44net] OpenVPN

by Steve L

Thanks Tal.. I'll be looking forward to the email. It should help. >Hello, >The time here is 23:53 and i'm not next to my computer. >Tomorrow I'll send configuration file for the openvpn server and one to the >client, also i have script that generate key files & config files for >clients. > >Sorry that i can't send them now. > >Regards, >Tal. > >> Brian, thanks for the update. >> >> I know I asked before on how to build openvpn server keys and other >> configuration details that will let a openvpn server I build work with >> any hams lotw key clients that has previously documented: >> >> http://wiki.ampr.org/wiki/AMPRNet_VPN >> >> This is what I have built my own generated certificate authority, >> server keys, with before using the >> >> ./clean-all >> ./build-ca >> ./build-key-server server >> ./build-key client1 >> ./build-dh >> >> I could really use something detailed on the values for the keys and >> certificates parameters to make a server work with the lotw based keys >> >> Its not clear to me where one gets the the LoTW root CA certificate(s) >> that need to be installed on the server. And I assume these are >> Diffie hellman parameters? >> >> Steve

9 years, 1 month

1
0
0 0

Is there raceroutre machine on 44 net available for public ?

by R P

Hi there I have unexplained 44 net routing problem There are some gateways i can reach from my 44 net address and others not ... I can access any of my 44 net equipment from any non 44 net IP with no problem the Encap text is most updated.... The gateways i cant reach are accessible from their non AMPRNET side I need a tool (beside this one http://44.60.44.10 ) to be able to do traceroute and ping to me and to other 44 net Is there anyone that have such a thing open for the public (or willing to give me access ) on his machine (that sit on 44 net IP via tunnel (not via BGP) ? Please Advice Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org

9 years, 1 month

2
1
0 0

Misconfiguration of gateway tunnel interfaces

by Rob Janssen

> I've been observing the following: > a. - gateways sending RFC1918 addresses in the inside header (e.g. > 192.168.11.0/24) Unfortunately it is very common. Not only on IPIP tunnels but also on other connections we have (OpenVPN, IPsec tunnels, radio access points). Some weeks ago I mentioned it on the list, the sender claimed he would act on it, but it just continues. Unfortunately not many users understand iptables well enough to just block invalid traffic on their own gatewat and even fewer are actively monitoring their equipment so they would notice they are sending stuff like this and receiving "prohibited" replies all the time :-( I would recommend amprnet operators starting a network analyzer on your network (like wireshark) every time you have made a configuration change, added some equipment, or just have a few minutes of time to spend. It will teach you a lot and make the other operators happy. Rob

9 years, 1 month

3
2
0 0

OpenVPN

by Rob Janssen

> Phil has dropped the project. I doubt he'll take it up again. > - Brian Why? It was quite easy to implement on our gateway. And I did some extra work to make it easier for me to maintain, else it would have been even simpler. Maybe there were other reasons? Rob

9 years, 1 month

4
4
0 0

OpenVPN

by Rob Janssen

> I suspect they were personal reasons; Phil has retired from networking > entirely and between battling cancer and turning his remaining time to > teaching high-school students about science and engineering, I know he's > not interested in AMPRNet anymore. He said so when we had dinner a few > weeks ago. > - Brian I'm sorry to hear that... please send him my best wishes when you have contact with him. It is his work that made the AMPRNet possible in the early days... Rob

9 years, 2 months

1
0
0 0

Re: [44net] OpenVPN?

by Steve L

About 5 years ago I thought I read that Phil Karn was working on getting OpenVPN implemented on the AMPRGW. Is there a status update on that? The reason I ask is once again, I have a situation where we could really use some sort of statefull way to connect some HSMM links. There is always a lot of arm twisting needed to convince folks who are donating us an internet connection that we need access to the firewall to forward ports for IRLP and the like. Steve

9 years, 2 months

2
1
0 0

Cisco config questions

by Martin A Flynn

We are finally setting up the gateway at N2MO - the plan is to use an existing Cisco 2811 Integrated Services Router for AMPRnet. After reading the config notes at: http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Cisco_Routers , I had several questions 1) For the FQDN of the commercial internet connection, is there an accepted naming convention ? 2) Our 2811 ISR has both serial and Ethernet WIC (WIC-2T and HWIC-2FE). Is there any benefit to using the serial connection? 73 Martin A Flynn / W2RWJ Ocean-Monmouth Amateur Radio Club, Inc 2300 Marconi Road Wall Township, NJ 07719 Tel: +01 732-428-7373 Email: mflynn(a)n2mo.org Visit us online at: www.n2mo.org

9 years, 2 months

2
1
0 0

Doing IPIP with Ubiquiti ?

by R P

Hi there I started to config my Bullet2 to be access point for delivering the AMPRNET to the HAMS and saw that there is tunnel and ipip in the commands Does it mean it support by default IPIP tunneling and can serve as Gateway ? I couldn't succeeded to find the correct syntax of the command whatever i have done it gave me error that something is "garbage" Please Advice Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years, 2 months

2
6
0 0

GRE over IPsec tunnel in Linux

by Rob Janssen

On our gateway system we try to offer tunneling technologies that are easily usable on the equipment the users have available. For example, we deployed OpenVPN because it is so easy for the users to install and use. For use on routers like MikroTik, IPsec is more convenient. We offer IPsec tunnels for subnets and individual addresses, in AH and ESP mode, and the latter also over NAT-T. A number of users have such a tunnel working over NAT-T without problem. We use setkey/racoon. To connect a radio network router that uses BGP to provide it with a fallback in case the radio network is down or when it has not yet been deployed, it is more convenient to use a GRE tunnel over IPsec transport. BGP can then consider the GRE tunnel as an alternative path. This is easily configurable on a MikroTik in ESP mode, but AH is also possible. (AH mode uses less CPU because there is no encryption, only authentication) After deploying some GRE over IPsec transport connections, of course the first site appeared who has the MikroTik router behind a NAT router which cannot be removed. GRE over IPsec transport does not work over NAT. So, I researched the matter and found that there are examples of the use of GRE over IPsec tunnel mode, which in turn can operate over NAT-T (when ESP is used). Of course terribly inefficient in terms of header size, but it should work. Ok, back to the configuration drawing board and implement this on the Linux gateway. I cannot get it to work. The whole IPsec tunnel is established correctly (of course, this already worked), I can add the GRE interface and make it use the tunnel, but when GRE traffic comes in on the IPsec tunnel it does not appear on the GRE interface. Which worked fine when using IPsec transport instead of tunnel. When I ping from the gateway to a connected test router (MikroTik), I can see the pings arrive on the GRE interface there, being returned to the gateway, arrive as ESP-over-UDP, matched in the firewall, sent to an iptables entry that matches on protocol 47, I can even dump them to the log with -j LOG where they appear: Mar 5 18:23:43 gw-44-137 kernel: [17858.781986] IN=eth0 OUT= MAC=00:0c:29:cc:5a:2a:dc:38:e1:f6:2f:f0:08:00 SRC=10.0.1.43 DST=10.11.12.13 LEN=148 TOS=0x00 PREC=0x00 TTL=255 ID=81 DF PROTO=47 The corresponding GRE tunnel with these addresses is present, it works in the outgoing direction, but not incoming. My guess is that it is a problem to match the SRC and DST addresses in an IPsec tunnel packet to the remote and local addresses of a GRE interface, and it never finds its way. Probably the wrong addresses are matched, the outside rather than the inside addresses of the IPsec tunnel. Does anyone have experience with this and know what might be the problem and how it can be fixed? The Linux kernel is version 3.2.0 (Debian Wheezy) in case that matters. Rob

9 years, 2 months

1
0
0 0

Making Gateway with OpenWRT with home routers ?

by R P

Hi there Has anyone try or doing a Gateway with home router (like TP-LINK) that he has Flashed it to work With OpenWRT ? If yes how is are results ?can it hold the 520 Gateways routes on its memory and still function ? Please Advice Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years, 2 months

1
0
0 0

rip daemon update

by Marc, LX1DUC

Hello, I added 2 new gateways yesterday afternoon (static public commercial IP addresses, no firewall) but I'm still waiting to receive RIP broadcasts on those IP addresses. I think to remember that new gateway IP addresses are only added to the broadcast list every few hours. How can I verify that my gateways actually did make it into the list? 73 de Marc, LX1DUC

9 years, 2 months

3
5
0 0

Making Packet Node with Pi ?

by R P

Hi there Is there a way to have a Packet Node with Pi (or any other small size solution that will not require a PC) ? If yes How do I connect TNC (serial port) to PI is the Pi support USB to serial external interface (like the profilic ones) ? Or (preferred) something can be done to do the TNC on Sound card (can be an External sound card that connect to the USB of the PI) Please Advice Thanks Forward Ronen - 4Z4ZQ jttp://www.ronen.org

9 years, 2 months

17
30
0 0

Re: [44net] STAs

by Steve L

For anyone interested in considering a STA you should go to this site: https://apps.fcc.gov/oetcf/els/forms/STANotificationPage.cfm STAs are only good for six months, but they can be extended by filing another application. The filing fee is $60, and you will need your FRN and password to file it. It is not a simple process, but it is doable. You should have a narrative explanation of what you propose to do in PDF format to upload as an attachment as well as filling out the form completely. ________________________________ >Is this how STAs now work? > >When we were implementing packet radio in Canada in the late seventies, >American hams claimed that the STA process was slow and difficult, the >equivalent to getting an act through Congress that was difficult and slow > >Was this real at the time? Is it better now? > >I may have to go through this to push a new mesh protocol through as STA >(yah, gotta do my local exams first!) and what to know what I'll be up >against. > >- Richard > > >On 3/4/16 10:30 PM, ve1jot wrote: >> (Please trim inclusions from previous messages) >> _______________________________________________ >> +1 >> >> On 16-03-04 08:16 PM, kd6oat wrote: >>> (Please trim inclusions from previous messages) >>> _______________________________________________ >>> Regarding an STA for higher data rates experimentation: I would think a >>> well written proposal accompanied by the signature of a number of >>> licensed >>> operators willing to participate in experiments would go a long way. >>> Count >>> me in as one who would be willing to sign on. >>> Ken - KD6OAT >>> >>> On Thu, Mar 3, 2016 at 11:22 AM, Brian Kantor <Brian at ucsd.edu> wrote: >>> >>>> (Please trim inclusions from previous messages) >>>> _______________________________________________ >>>> In the FCC arena, one of the better ways to get technical restrictions >>>> removed is to apply for and operate under an STA - Special Temporary >>>> Authority, a document from the FCC that basically allows you to operate >>>> an exception to the normal rules. Typically the only requirement is >>>> that you make a good case for it technically and that you write up a >>>> report afterwards. In the past, STAs have been the basis for >>>> changes to >>>> the rules. Someone who writes well may want to consider submitting >>>> one to >>>> allow higher data rates based solely on bandwidth and then >>>> experimenting >>>> with it. >>>> >>>> Another possibility is to apply for a Experimental Radio Service >>>> license >>>> which basically allows you to do just about anything if you can make a >>>> good case for it. They used to be a little expensive and they require >>>> a written report on what you found out with your experiments but it >>>> does >>>> allow nearly anything you can think of. >>>> - Brian

9 years, 2 months

2
1
0 0

TNC-Pi

by Rob Janssen

> Beyond what others have mentioned like the TNC-Pi (nice kit), using a $7 > USB soundcard and Direwolf will provide superior decodes. Yes, I wonder why on earth they use a hardware AFSK modem chip in that design... I can see a place for an adapter board that provides PTT keying, possibly isolated audio interface, etc for the Pi, but it should always just do A/D and D/A conversion of the audio and leave the processing to software. That works so much better, and it enables the development of alternative modem designs without having to change the hardware every time. Rob

9 years, 2 months

2
1
0 0

Symbol rate

by Steve L

There were some attempts/news a couple years ago to modernize this: http://www.arrl.org/news/arrl-files-symbol-rate-petition-with-fcc http://www.arrl.org/news/arrl-s-symbol-rate-petition-nears-top-of-fcc-s-mos… The problem is it takes a very long time for the FCC to act on pretty much anything ham radio related. It took 3 years for the Mototrbo/TDMA rule change. Prior to that I recall the spread spectrum automatic power control rule change took about half that. I agree though, a STA is a good idea to make a case and bring the issue to the forefront. >In the FCC arena, one of the better ways to get technical restrictions >removed is to apply for and operate under an STA - Special Temporary >Authority, a document from the FCC that basically allows you to operate >an exception to the normal rules. Typically the only requirement is >that you make a good case for it technically and that you write up a >report afterwards. In the past, STAs have been the basis for changes to >the rules. Someone who writes well may want to consider submitting one to >allow higher data rates based solely on bandwidth and then experimenting >with it. > >Another possibility is to apply for a Experimental Radio Service license >which basically allows you to do just about anything if you can make a >good case for it. They used to be a little expensive and they require >a written report on what you found out with your experiments but it does >allow nearly anything you can think of. >- Brian > > >On Thu, Mar 03, 2016 at 07:42:09PM +0200, Demetre - SV1UY wrote: >> Not good for US though, "thanks" to FCC's 300baud symbol rate restrictions of HF.

9 years, 2 months

2
1
0 0

DROWN attack

by Rob Janssen

portal.ampr.org and www.portal.ampr.org are listed (as the only hosts in ampr.org) as vulnerable to the DROWN attack published today. it is not a high-priority issue but it is a good idea to have a look and fix the software and/or settings. Rob* *

9 years, 2 months

8
10
0 0

Re: [44net] Making Packet Node with Pi ?

by Assi Friedman

High speed packet radio collapsed at 9.6 kbps because hams were no longer able to hack modems into surplus land mobile radios. For the first time, one needed full channel equalization and plug and pray no longer worked. That was pretty much the end of packet radio circa mid 1990's. The only thing that survived was APRS which is based on cheap land mobile radios, PIC microcontrollers, and AX25/UI. Assi kk7kx -----Original Message----- From: 44Net [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On Behalf Of Mark Phillips Sent: Wednesday, March 02, 2016 2:19 PM To: AMPRNet working group <44net(a)hamradio.ucsd.edu> Subject: Re: [44net] Making Packet Node with Pi ? (Please trim inclusions from previous messages) _______________________________________________ According to the TNC-X website, John Hansen claims to be working on a 9K6 modem but that was quite a few years back and nothing has been heard since. I'd LOVE a 9K6+++ modem but they just don;t seem to be available. I've looked at quite a few of the old designs that came out of German and Slovenia back in the late 90's and early 2K's. They are either no longer available, require an SCC card to provide clocks etc, have no driver support any more or require firmware which is unavailable. Whilst the soundcard road is somewhat acceptable, a hardware modem can't be beat.. Mark NI2O/G7LTT

9 years, 2 months

2
1
0 0

Re: [44net] Making Packet Node with Pi ?

by Assi Friedman

A few notes: 1) There is a TNC board for the RPi: http://tnc-x.com/TNCPi.htm and it supports stacking multiple TNCs on a single RPi. It's a pretty elegant solution. 2) The RPi has UART pins on the I/O connector. All you need is a RS232 to LVCMOS level converter. The only disadvantage to that is that you can only connect a single TNC unless you go to NETROM firmware on the TNCs. 3) Using USB<->RS232 converters should work but do yourself a favor and avoid any adapter that is based on the Prolific chipset. The number of fake Prolific devices on the market is unreal and their drivers are very suspect. Use FTDI based devices as they have done a good job of protecting their IP and maintaining a stable driver set for Windows and Linux. Assi kk7kx -----Original Message----- From: 44Net [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On Behalf Of R P Sent: Tuesday, March 01, 2016 10:25 PM To: AMPRNet working group <44net(a)hamradio.ucsd.edu> Subject: [44net] Making Packet Node with Pi ? (Please trim inclusions from previous messages) _______________________________________________ Hi there Is there a way to have a Packet Node with Pi (or any other small size solution that will not require a PC) ? If yes How do I connect TNC (serial port) to PI is the Pi support USB to serial external interface (like the profilic ones) ? Or (preferred) something can be done to do the TNC on Sound card (can be an External sound card that connect to the USB of the PI) Please Advice Thanks Forward Ronen - 4Z4ZQ jttp://www.ronen.org

9 years, 2 months

1
0
0 0

Wiki page text format problem

by R P

Hi there Is anyone know why the Wiki Page behave different then a regular notepad or Wordpad ? The problem is mainly when i publish scripts it look different then it look if i see it in a notepad Please Advice Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years, 2 months

2
1
0 0

Network Monitor Of Gateways ?

by R P

Hi There Is there any Network monitor tool (like WhatsUp Gold) or HP Openview ) that someone run and monitor all the Gateways ? and available for the public to see the network status ? Long ago telneting to UCSD router to some port return status of ping to all the Gateway Any Way Im running WhatsUpGold for my purposes and u can add (if needed ) Gateways to monitor It can Even send Email of events like Down Up and much more it can be seen here http://4z4zq.no-ip.org:81/whatsup1.wup.cgi It require login name and password Just leave them blank This is what left from our Network that was working long ago hope soon it will return to operation About the Project Can be read here http://www.qsl.net/4z4zq/wlan.html 73;s<http://www.qsl.net/4z4zq/wlan.html> Ronen - 4Z4ZQ<http://www.qsl.net/4z4zq/wlan.html> <http://www.qsl.net/4z4zq/wlan.html>http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com <http://www.qsl.net/4z4zq/wlan.html> The Wireless Lan Project page - QSL.net<http://www.qsl.net/4z4zq/wlan.html> www.qsl.net For the Commercial companies. You have a wireless lan cards/equipment that you want to test ? we are ready to make cooperation on a NON PROFIT base

9 years, 2 months

6
17
0 0

Re: [44net] Network Monitor Of Gateways ?

by Rob Janssen

> Is making 3Pings to about 400 Gateways worldwide from non AMPR IP to their AMPR ip every 5 minutes consider acceptable thing to do ? Please do not perform any coninuous monitoring or other probing of any other networks than your own without the explicit desire and consent of the operators of the other network. We are blacklisting all sources of unwanted monitoring and probing traffic like research scanners, shodan.io etc etc and I regularly send opt-out messages to those. Still we get over 1 megabit/s of such crap all day. Rob

9 years, 2 months

2
1
0 0

Getting the encap file by FTP (or any other autometed way) ?

by R P

Hi there Is there any way to get the encap file with FTP or any automated way that a machine do it automaticly ? I want to upload my Cisco with updated encap file without doing it manually ? Please Advice Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

9 years, 2 months

2
1
0 0

Re: [44net] BGP stats for AMPRNet

by Rob Janssen

> No one has permission to announce that subnet. It is apparently > being announced by TINET in Italy. I shall have to write to them > to find out what's going on. It may be a mistake or it may be a > prefix hijack; it wouldn't be the first. > Thank you for calling it to my attention. Somehow our BGP monitoring > missed it. I have 4 snapshots of the BGP routed subnet situation here, and this entry is present in all of them. It apparently is not a recent change. ampr/bgpnets-201406:44.68.52.0/24 ampr/bgpnets-201406:44.68.52.0, 44.68.52.255, "AS12637 Seeweb s.r.l." ampr/data-add-ARIN-201508: 12637 44.68.52.0/24 ampr/data-add-ARIN-201512: 12637 44.68.52.0/24 ampr/data-add-ARIN-201601: 12637 44.68.52.0/24 Rob

9 years, 2 months

6
15
0 0

Re: [44net] BGP stats for AMPRNet

by Charles Hargrove

Tom, Could you tell me who has the 44.68.52/24 subnet? I am the coordinator for 44.68/16 (NY State) and I have not issued anything in that range. On Wed, February 17, 2016 6:50 pm, Tom Hayward wrote: > route-views>show ip route 44.0.0.0 Routing entry for 44.0.0.0/8, 74 known > subnets Variably subnetted with 8 masks ... > B 44.68.52.0/24 [20/10] via 89.149.178.10, 3w5d -- Charles J. Hargrove - N2NOV NYC ARECS/RACES Citywide Radio Officer/Skywarn Coord. NYC-ARECS/RACES Net Mon. @ 8:30PM 147.360/107.2 PL http://www.nyc-arecs.org and http://www.nyc-skywarn.org NY-NBEMS Net Saturdays @ 10AM & USeast-NBEMS Net Wednesdays @ 7PM on 7.036 Mhz USB/1500 hz waterfall spot; Olivia 8/500 check-ins "Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders." - Ronald Reagan "The more corrupt the state, the more it legislates." - Tacitus "Molann an obair an fear" - Irish Saying (The work praises the man.) "No matter how big and powerful government gets, and the many services it provides, it can never take the place of volunteers." - Ronald Reagan "We are fast approaching the stage of ultimate inversion: the stage where the government is free to do anything it pleases, while the citizens may act only by permission." - Ayn Rand

9 years, 2 months

3
2
0 0

Re: [44net] Looking for Net/Rom Node

by William Lewis

Yes, I run a gateway and also 2 RF NetRom RF Radio ports. Bill / KG6BAJ At 01:33 PM 2/26/2016, you wrote: >(Please trim inclusions from previous messages) >_______________________________________________ >Is there anyone who operate on his gateway NEt/Rom Node that connected >also to Radio Port ? >Or those days of the Packet has gone and replaced with high speed >WIFI links only ? > >If there is still someone with Net/Rom I would like to try and connect >to him >Thanks Forward >Ronen- 4Z4ZQ >jttp://www.ronen.org > > > >_________________________________________ >44Net mailing list >44Net(a)hamradio.ucsd.edu >http://hamradio.ucsd.edu/mailman/listinfo/44net

9 years, 2 months

1
0
0 0

Re: [44net] NTP server for 44 Net ?

by Brian Kantor

> >Is there any NTP in the 44 net ? It occurs to me that you'd get better results using a non-44 NTP service such as pool.ntp.org, as the traffic wouldn't have to travel over your tunnel with its variable delays and congestion. Likely it's a better stratum as well. - Brian

9 years, 2 months

2
2
0 0

Re: [44net] NTP server for 44 Net ?

by Rob Janssen

> I've heard about some other NTP server on AMPRNet but I don't remember > their IP. We are running NTP on 44.137.0.1 Stratum 2, offset well within 1ms. Rob

9 years, 2 months

1
0
0 0

Re: [44net] Example of nodes monitoring

by Rob Janssen

> Subject: > Re: [44net] Example of nodes monitoring > From: > lleachii(a)aol.com > Date: > 02/26/2016 04:02 PM > > To: > 44net(a)hamradio.ucsd.edu > > > I'm not sure if your solution if free; I use Cacti on Ubuntu: We use Nagios+Nagiosgrapher for monitoring and graphing, and also Cacti for switchport traffic graphing. At the moment someone is experimenting with Zabbix as an alternative solution. For monitoring the routers I am also looking at MikroTik's "the Dude", but I am not yet sure if it is useful. In Nagios we have 114 hosts and 297 services being monitored. Rob

9 years, 2 months

1
0
0 0

Re: [44net] Example of nodes monitoring

by Steve L

Thanks for the info. I had not heard of mutiny before. I have played with Cacti though. A couple years back I tried to nmap all the connected address space to get an idea of what is out there: http://www.qsl.net/kb9mwr/wapr/tcpip/amrprnet-nmap-2014.txt Looking back I feel a bit guilty about doing this as some of the radio links are slower ones. I wish under the gateways tab of the portal there was a check box to signify 1200 baud or hsmm. Of course I wish a lot of things. I had a script grab an encap file and merged that with the 44 BGP list and had a script incrementally nmap each connected subnet.

9 years, 2 months

2
1
0 0

Example of nodes monitoring

by Jean-Marc Magnier

Hi, For those interested, the following link shows how can be monitored nodes/gateways. http://44.151.178.254/views/index.do?view=cvwg Only hardware is monitored. 73 de F1SCA

9 years, 2 months

3
4
0 0

split subnet

by Tal Raveh

Hello, I got subnet 44.138.2.0/24 Can I split it to few defrent subnet ( i have few locations) ?ind it in my portal something like: 44.138.2.0/29 (which give me 0-7 ) 44.138.2.8/29 (which give me 8-15) in the portal I can take my full segment. another question, where can I enter dns record ? ( I can't see it in my portal). Best Regards, Tal Raveh 4z7tal

9 years, 2 months

2
3
0 0

Making Gateways With Home Routers ?

by Rob Janssen

> I'm testing this with Marius...the script is cpu intensive and most > likely not a candidate for a MIPS type processor. I'm testing with a > 1200mhz celeron (old watchguard hardware since cpu) and it goes 100% Ok... is there any obvious reason why this would happen? It did not appear to be all that complicated, and it is scheduled as a repeating job so even when it uses some resources for some time it should be idle most of the time. I have no immediate intention to use it. Marius also suggested the use of metarouter, but of course this does not make things easier for those users who want a simple system. (with 2 different environments to configure and the need to have either binary compiled ampr-ripd or a cross-compilation environment on a PC or similar) After all, the Raspberry Pi may be the simpeler solution :-) Rob

9 years, 2 months

1
0
0 0

where can i find Startampr ?

by Tal Raveh

Hello, From where can i download Startampr? regards, Tal 4z7tal

9 years, 2 months

1
0
0 0

Re: [44net] Making Gateways With Home Routers ?

by Rob Janssen

Sorry for the layout mess in the previous post!! > I saw that Microtik Routers support IPIP by default > Is it possible to make a gateway with home routers ? > If yes how to deal with 300 tunnels lines to the rest of the gateways on the net ? will a home router have enough memory for that ? Look what Marius posted yesterday. He has made a script for MikroTik routers that updates the configuration using the AMPR RIP transmissions! This is a very nice solution because it will receive all current routes automatically without requiring an external computer. MikroTik routers are very versatile. They can run user-written programs (scripts) to do things like this. I have a MikroTik RB2011UiAS-2HnD here, which would classify as a home router. It has 128MB RAM and 128MB flash which is more than enough for this purpose. I paid 125 euro for this nice box. They also exist in rackmount version, and we use these in our digital network. And they have a nice web interface that actually is usable also for advanced things. (contrary to some other manufacturers products where the web interface is only for rudimentary tasks and advanced things are only possible via the command line) I have no experience with the script that Marius posted yet, as I do not run IPIP here at home, I use IPsec VPN from the MikroTik to my Raspberry Pi in a datacenter which does IPIP. Notice that for best results (and less headaches) you need to put this router directly on a public IP, not behind a provider-supplied router that does NAT. Either put the provider router in transparent (bridge) mode or omit it completely. (depending on what connection you have) Rob

9 years, 2 months

4
4
0 0

Re: [44net] Making Gateways With Home Routers ?

by Rob Janssen

> I saw that Microtik Routers support IPIP by default > Is it possible to make a gateway with home routers ? > If yes how to deal with 300 tunnels lines to the rest of the gateways on the net ? will a home router have enough memory for that ? Look what Marius posted yesterday. He has made a script for MikroTik routers that updates the configuration using the AMPR RIP transmissions! This is a very nice solution because it will receive all current routes automatically without requiring an external computer. MikroTik routers are very versatile. They can run user-written programs (scripts) to do things like this. I have a MikroTik RB2011UiAS-2HnD here, which would classify as a home router. It has 128MB RAM and 128MB flash which is more than enough for this purpose. I paid 125 euro for this nice box. They also exist in rackmount version, and we use these in our digital network. And they have a nice web interface that actually is usable also for advanced things. (contrary to some other manufacturers products where the web interface is only for rudimentary tasks and advanced things are only possible via the command line) I have no experience with the script that Marius posted yet, as I do not run IPIP here at home, I use IPsec VPN from the MikroTik to my Raspberry Pi in a datacenter which does IPIP. Notice that for best results (and less headaches) you need to put this router directly on a public IP, not behind a provider-supplied router that does NAT. Either put the provider router in transparent (bridge) mode or omit it completely. (depending on what connection you have) Rob

9 years, 2 months

2
1
0 0

RIP broadcast based AMPR gateway script for Mikrotik routers

by Marius Petrescu

Hello, For thos who like experimenting... I managed to implement the complete AMPR gateway tunnelling setup on a Mikrotik router by a scheduled script on the router only. Tested on my RB100AHx2 with ROS 6.34.2 You can find it on http://www.yo2loj.ro/hamprojects/ Direct link: http://www.yo2loj.ro/hamprojects/ampr-gw-1.0.txt Setup details are in the initial comments of the script. Enjoy. Marius, YO2LOJ

9 years, 2 months

2
6
0 0

Re: [44net] RIP broadcast based AMPR gateway script for Mikrotik routers

by Rob Janssen

> I managed to implement the complete AMPR gateway tunnelling setup on a Mikrotik router by a scheduled script on the router only. That is a great idea Marius! Using that method to get the RIP data is much better than trying to download and parse the encap file. Maybe we can try again to convince MikroTik to implement mesh IPIP (I know you have tried in the past), because with this method we don't need to convince them to include ampr-ripd as well. With this method and multipoint IPIP in the router you would have the ideal combo to run amprnet on a commercial router. Rob

9 years, 2 months

6
6
0 0

Re: [44net] Cisco router Config File for use as Gateway

by Rob Janssen

> If anyone needs assistance with a Cisco config, let me know. Out of curiosity (I have no intention to run a Cisco as an IPIP gateway): Did you write a script that finds the minimum config changes to go from one encap file version to the next? (that is, change existing tunnel endpoint addresses, delete tunnel interfaces, add new tunnel interfaces, delete routes, add routes) Or do you generate a fresh config from the encap you downloaded and just reload the router from that? And, how often do you download the encap and update the router config? Rob

9 years, 2 months

1
0
0 0

Re: [44net] Cisco router Config File for use as Gateway

by Rob Janssen

> I have some questions (most are not technically) > 1)how much downtime you had lets say the last year (i mean downtime not because of server upgrade) i mean because server failure or software failure Nearly zero, as far as I am aware. We were offline for about 20 minutes because of the installation of the second machine that required everything to be moved and that did not go as planned because the server rack mounting rails did not fit and a solution had to be found. Last night there was router maintenance in the datacenter and we were offline for a few seconds for the VRRP (I think) switchover. This means a few alerts appeared in our monitoring. But normally we are always on. The mobile device Echolink traffic of half the globe passes through this server... (we are hosting the Echolink Relays 44.137.75.240 - 44.137.75.249 and 200 Echolink Proxy servers) > 2) where do you get budget for buying such a server and hosting at ISP farm is it a donation ? or the amateur pay this? We get the machines for free, they are left-overs from datacenters that get donated to us via amateurs working in that business. Those companies replace their servers after 3 years or so, and they are still in good condition to use. The ISP XS4ALL generously gives us the BGP announcing for free, there are radio amateurs working there who arranged this for us. Other running costs are covered by donations from amateurs. We run a lot of services that the amateur community appreciates, like a country-wide 2m and 70cm FM relay with 3 co-channel transmitters on high sites and 17 receivers spread over the country. It attracts a lot of activity, you can talk to anyone here on 70cm with just a portable from most locations. Also relays for DMR, D-Star, ATV etc. The amprnet is used as a network for that. Of course the work hours are free :-) But of course those in the team always pay a lot of the small costs, which add up as well. Fortunately the team is quite large. You can find some detail at our website http://hobbyscoop.nl/ At the moment this is only in Dutch, of course you can visit it via Google Translate. > and after all i solute you for all the services you provide there (im now trying to connect our only P25 repeater to a world wide network) its consider minor to what you do there . I am interested in that as well... we do not run P25 here I think, what network is that? Does it use some form of VPN to secure the connection? (usually this is done because those devices are not hardened enough to put directly on the internet of today) Of course everyone experiments with the things he is interested in and can collect the resources for. So I really encourage you to do experiments with what you have available! (except trying to make a fully functional IPIP gateway with a Cisco router... but that is my personal opinion:-) Rob

9 years, 2 months

5
10
0 0

Re: [44net] Cisco router Config File for use as Gateway

by Rob Janssen

> What happned if I want to connect your DMR repeaters to ours (we have one DMR connected to the MARC network) and my DMR sit on Non AMPR adress ? I am not an expert on the DMR network, but I think it works with a "master" server that everyone connects his repeater to. We are running the BrandMeister master server. It is not the MARC network, it is an open network. (a 3rd network exists, it is called DMR+ ) Our new master server (currently being setup) is dual-homed, it has both an AMPR and a normal IP address. However that does not really matter as our AMPR addresses are BGP routed on internet as well. > as for the P25 it is a solution that was done by by few hams last year it consist of a server software Free one (i know of only one server currently and there are about 13 repeaters connected world wide ) you can read it herehttp://communications.support/threads/4798-IP-link-Quantar-V-24-systems-using-Cisco-routers Ok, it apparently has a serial port and the Cisco routers are used to tunnel that over IP. Nice when you already have them, if not I would go for a Raspberry Pi and a USB Serial cable. Much cheaper, much more power efficient. A 2600 or 2800 can do more useful things than working as a serial server, but of course it can do this and routing in parallel. The DMR and D-Star repeaters have an ethernet connection so they are easier to integrate with the network. We also have some Yaesu System Fusion repeaters (they are cheap), but this is crap. No network interface. They require a separate box to interface to the outside world. This still has no network interface, it has USB. Then you need a computer with USB and network to connect it. But this computer has to run Windows :-( Not good for a repeater site... And the whole thing is far, far from finished. Updates to implement even basic functionality are being promised and then being postponed all the time. I think it will not be usable before some amateurs roll up their sleeves and re-do the entire software, much like DMR+ and BrandMeister. > I still didnt leave the Cisco Gateway idea i will get tomorrow hopefully Cisco 2800 and see if it can work with 300 Tunnels if not it will go to the P25 connection Project Please understand that (also written by Brian in the meantime) that your router will never be able to perform this task standalone, you will need to have a second computer that is reconfiguring the router all the time, for every change in IP address of a gateway or other change in the gateway list you will need to make a config change. A good script can do that automatically, but you will need something like a Raspberry Pi to run it on. And the Raspberry Pi can do a better job itself, because it can track the AMPR RIP packets and does not need to download the encap file all the time. > however some good guy saw my request on the local hams facebook about the Pi Board (with the link you provided) and willing to give me a configured board for tests , if it will be reliable it tern out that ill leave the cisco idea Reliability will not be a problem (unless you have a bad SD card or bad powersupply). The only thing to worry about is if you can sysop the system on the long run. I.e. install updates sometimes, configure firewall rules as needed, etc. This will require some study but it is part of the fun, I think. > one more question (Personal one) are you the Rob Jebsen who was involved in the Jnos Software long ago ? I think I used one of your Jnos version the call sign was PE1CHL in the Days that our gateways was a Jnos/Dos Yes I am the same person, see mail address. I was not active with JNOS but I maintained a version of KA9Q NET that was used on many hybrid IP / NET/ROM nodes and BBS systems. I still run that program on the hosted Raspberry Pi that is also my gateway. Rob

9 years, 2 months

1
0
0 0

Cisco router Config File for use as Gateway

by Rob Janssen

> I'm trying to understand why you change the net so I need separate tunnel > to every GW. > In this case what are the benefit of using 44 net instead of "regular" ip ? > i think that adding some main GW (maybe main router to each country ) and > by that add the connectivity to 44 networks easily and every endpoint will > take care to single tunnel. That is exactly what we did here in the Netherlands. We put a machine in a datacenter that serves as an IPIP gateway for 44.137.0.0/16, and everyone who is interested in a simple tunnel can get a connection to there using one of the VPN techniques that are more in use today: OpenVPN, IPsec tunnel, GRE over IPsec transport, or also IPIP. And, this system routes towards the radio network that is in quick development right now. (Ubiquiti and MikroTik equipment for 6cm) The provider XS4ALL that hosts this system also advertises the 44.137.0.0/16 space on their routers using BGP (in close cooperation with Brian Kantor), and they statically route this traffic to the machine. So we are directly reachable from Internet as well. We explicitly chose this method because we are no experts on Internet BGP and those people at the provider are, it is their daily business. We run BGP on the 44-network as well (the radio side), but that is a different thing. There is no BGP communication across our gateway. The machine is a HP Proliant DL380 server so it is not as failure prone as the home PCs that Ronen has used. And just this weekend I have migrated it to a newer HP server that we installed with VMware ESXi on which this is one of the Virtual Machines, now we will soon install VMware ESXi on the old machine as well and we will have failover capability (manually operated cold standby, for now). We also host Echolink Proxy and Relay servers and several services related to the new digital modes, like a BrandMeister Master server, D-Star reflectors, etc, on other Virtual Machines on the same server. Of course the advantage of an IPIP mesh direct to every gateway is that there is no central point of failure. When our gateway is down, we mostly become isolated. When a gateway serving only a local subnet would be down, the other gateways can still communicate amongst eachother. That is one reason that architecture was chosen. This has not "changed". It has always worked like this. However, not everyone has understood that, and they believed that they could just send all traffic to the UCSD gateway (which is the gateway for the entire 44.0.0.0/8 subnet towards internet), and it would forward it to the proper destination. That was always a bad thing to do, because you would load that single system with all the traffic. But it worked. Now it does not work anymore and you have to do the right thing: route the traffic to where it has to go. This of course also means it will work better, because when you send traffic to a regional system it will no longer travel via California, and you will have a much shorter delay. Using our architecture it is still possible for a Dutch station to setup IPIP routing for their local subnet, because they will just become part of the IPIP mesh and the Dutch gateway is also part of that mesh. Traffic will still flow correctly. However, it is no longer a good idea to run IPIP on a regional gateway (as someone asked for this weekend), because the individual VPN routes are not known to that gateway and the routing for those will break. Therefore we route those regional gateways using BGP (on private AS numbers) so they receive all routing information dynamically. For that, they are connected to the gateway using GRE. (the situation was explained off-list to the one asking here) Of course setting this all up requires a bit more knowledge of routing and a lot more perseverance than configuring a simple IPIP gateway on a Raspberry Pi. Linux routing is really powerful, also when compared to the most established professional routers. But you have to read documentation, sometimes written by Russian and Japanese volunteers and researchers, not having English as their main language (just like me). It can be challenging, but I thing it is very rewarding to get it operating perfectly. It is like building your own station for amateur radio: some people like to build from small parts, others from a kit, and some like to buy a shiny box. They all enjoy the hobby, but building from small parts is not for everyone. To me, finding out how to do it is a big part of all the fun, and the end result ("what are the benefit of using 44 net instead of "regular" ip ?") is much less important. That is why I do not always understand those that just want directions on how to do it and copy what someone else has tinkered with. Sure it will bring you online quickly, but then leave you with the question what to do next. Rob

9 years, 2 months

2
1
0 0

Re: [44net] Cisco router Config File for use as Gateway

by Rob Janssen

> Of course that following should be a route command for every 44 net gateway No... A separate "interface Tunnel" command for every 44 net gateway, and a separate route command for every subnet routed via those gateways. In all, you will need 324 "interface Tunnel" commands (each with the 5 subcommands) and 512 "route" commands to describe the IPIP network as it is today. Your 1005 router has not enough memory capacity to hold all that. I could understand you when you had a 3800 series or similar. But this one... really no! It has been end-of-life for over 10 years and it really is not up to par for this kind of job. (if any Cisco is, because this is a job not suited for general-purpose routers) Rob

9 years, 2 months

3
2
0 0

Re: [44net] route lines from encap file for CISCO Router

by Rob Janssen

> I relay don't know why you are so objecting a gateway with CISCO > I used to work a lot with Cisco when i have worked at the System team of Israel largest ISP . Because a Cisco is not suitable for setting up an IPIP gateway. It is reliable, but it cannot do this job. It can do other jobs but that is not relevant. You would not recommend a truck when someone asks what car to use to get to the office, either. > Indeed it is much more complicated these days that UCSD dont do anymore 44 net forwarding and a routing line needed for every gateway .. This is crucial. And also, the fact that more people now use dynamic addresses. > I get a very reliable solution with Zero money (my Cisco 1005 was taken from the trash cost me nothing) I recommend you to put it back there... and I think most people here will agree. The Raspberry Pi was developed 15 years after this box, has a 10 times faster CPU, 10 times more memory and uses a lot less power. (and costs less than a 10th of what this thing must have cost when it was new) > However im willing to listen to your advice and test the Rasberry Pi > If there is someone here that can direct me step by step until a working system and then i may consider testing it As I said, it can be found on www.ampr.org More specific, on this page: http://wiki.ampr.org/index.php/Ubuntu_Linux_Gateway_Example I have a Raspberry Pi running as a gateway for over 2.5 years now and it has been without any problem. It has never crashed. Good, because I have never touched it nor ever seen it. It has been mail-ordered and directly sent to a datacenter where it was powered up may 25, 2013 and has worked ever since (of course sometimes rebooted for updates). The above example was written by someone partly drawing from the example configuration I posted on this mailinglist some years ago. > Im not familiar with what have been told about the multi tunnel that a Cisco can not do ... (actually im not understand what the problem or the limitation is ) It is clear from your posted example (btw, it is not a good idea to post Cisco config files because now everyone can log in to your router, the passwords are in the config!). In a Cisco, a Tunnel interface has a "tunnel destination". One. But there are 324 tunnel destinations in the network. So you need 324 tunnel interfaces. In Linux, a single tunnel interface can serve as many destinations as you want, by setting a route with a nexthop that serves the function of the "tunnel destination" in Cisco. Every route has its own nexthop (gateway). And this route table can be updated automatically with ampr-ripd, so you never need to download any encap file. > I know that at least two gateways are running and operating currently with CIsco But most likely not a 1005! Rob

9 years, 2 months

3
2
0 0

Re: [44net] route lines from encap file for CISCO Router

by Rob Janssen

> Hi there Cisco Gateways operators > Has anyone of you a Mechanism that take the encap fiile which is not a Cisco route routing line syntax and makes from it route lines for Cisco ? A Cisco cannot use route lines to operate a multipoint IPIP encap interface like Linux can (and JNOS). Marius has already explained that yesterday. I know it may be a disappointment to you, but your Cisco router really is not a good choice for use as an IPIP amprnet gateway. A Raspberry Pi will be much easier to get going, especially when you are not a software guy. And it will perform better in the real world where some people are on dynamic addresses, because the nice ampr-ripd software that Marius has written will automatically maintain the routes immediately when they are changing, instead of the oldfashioned method of downloading an encap file. (directions can be found how to do this on www.ampr.org, that you just need to copy and modify the IP addresses) Rob

9 years, 2 months

3
2
0 0

Pings from 44.151.178.254

by lleachii＠aol.com

All, Is anyone else receiving pings from 44.515.178.254? Approximately two echo-requests are received every 2-5 minutes. - Lynwood KB3VWG

9 years, 2 months

3
3
0 0

Pings from 44.151.178.254

by Rob Janssen

> Approximately two echo-requests are received every 2-5 minutes. I would not notice them in the 2 megabits/second of crap coming in all day... And certainly not worry. Rob

9 years, 2 months

1
0
0 0

Configure tunnel on Pfsense

by Tal Raveh

Hello, I'm trying to configure my gateway to 44 net on my pfsense FW. I configure GRE tunnel: Remote tunnel endpoint IP address:169.228.66.251 Local tunnel IP address: 44.138.2.254 (my segment is 44.138.2.0 ) Remote tunnel IP address: 44.0.0.0/8 Mobile encapsulation: check (also try to unchecked) The firewall is open but i cannot ping any address on 44 net. any idea? Best Regards, Tal 4z7tal

9 years, 2 months

6
5
0 0

ICMP: A small request

by Marius Petrescu

Since we are trying to tackle connectivity problems a lot of times, could you please enable ICMP replies on your gateways, at least for other 44net requestors? It will certainly not ruin the gateway’s safety and security and would help a lot other OMs. Tnx, Marius, YO2LOJ

9 years, 2 months

4
3
0 0

another OpenWrt gateway

by Daftcho Tabakov

Hi, I have tried to put my gateway in a new box - my tp-link 1043 nd router. I used to use an old pc with Debian for this purpose. I followed this wiki article http://wiki.ampr.org/index.php/Setting_up_a_gateway_on_OpenWRT and i can ping to different 44net IPs from the router's console. The gateway's IP is 44.185.22.1 аnd I would someone to test if it is reachable. I am also a little bit confused how my other devices will connect to the gateway. There was a pptpd server on the pc and it was easy. Now there is another VLAN on the router and I assume that I need to configure some of the lan ports (the switch) to use this new VLAN. This is good for the local connections. Can I use again pptpd and connect to my gateway from Internet like I used to do? -- 73! Daftcho, LZ1DAF

9 years, 2 months

5
9
0 0

Re: [44net] DNS cleanup

by Rob Janssen

Arno Verhoeven wrote: > I just want to add 44.137.24.0/22 to a gateway but noticed that it had > been deleted from my list of allocations. Please don't route regional subnets this way anymore. because then it can be reached both over radio and via the gateway. It is now routed with BGP to PE1RDP who will route it to the access point until arrangements have been made for a more direct routing. IPIP is still available for user subnets when you wish to route a network. > In its place I now have 44.137.27.193/32 in my allocation list. Which is > strange because I never requested it and it is a single host assigned to > someone who has his own gateway. This was probably a copy/paste error made when updating the portal entry. I have corrected it (it belongs to PE5YES) Rob

9 years, 2 months

1
0
0 0

Re: [44net] DNS cleanup

by Rob Janssen

> Prior to flaming me, perhaps you should get your facts straight? > I have done several maintenance jobs and bug fixes on the Portal over the past couple of years, as and when they are reported to me. I’m working on a new feature right now that was requested. > If you have a problem you only need to contact me and ask for assistance, but I am not good at reading minds I’m afraid. > As for the DNS code in the Portal, it has been ready for over a year now, but Brian wanted me to hold off making it live until the current DNS can be cleaned up - hence this push to do just that. > As to your other comments regarding how the portal operates, that’s your opinion, which you are entitled to, but I originally wrote the code based on requirements and input from other folk, I didn’t just “make it up” myself. > Of course, if you want to offer your time re-write some of the code, or add new functionality then please lets talk, I’ve been asking for help on this for some time now, but apart from Tom who kindly provided (and still provides) the Polish translation, no-one else has done anything. And before anyone goes on about “open source” again, the code IS open source to the amateur radio community, just not the general public as it doesn’t need to be, if you want access to the code repository you only need to ask and it will be provided. Chris, I have brought up the topic of (impossibility of) editing subnets a long time ago. I have also reported the problem with registration of existing allocations (the user cannot specify what they want to register, only request a new allocation), and requested a way to delete open requests that cannot be completed. And a few months ago I requested that, facing the impossibility to delete a subnet without also deleting all its children and realizing that adding this may be nontrivial, you manually delete the 44.137.24.0/22 subnet that was erroneously created long ago, without deleting the subnets that are now under it. Apparently in the requirements and input you received the migration of existing allocations was not included. I seem to remember that this has been discussed and apparently it was downplayed as not important, but I don't agree with that. In my opinion, it should be possible to migrate existing allocations to the portal system when the holder desires to do that. Without such functionality, we cannot request all the existing users to register themselves and find out what to do next. I am doing a lot for the local amateur digital network here, and I have to select what other projects I join. I cannot be active in all of them. You have to understand that, contrary to some other areas, we are actively developing and using the network, and we require a system that works for us. So until now we have chosen to not register all the IP allocations via the portal, but only the required minimum that is the IPIP tunneled space, waiting for suitable functionality. In the DL/OE HAMNET the situation is the same, and there they developed their own system, HamnetDB. I understand that it is a spare time effort and other activities have priority, but we cannot live with a system part that keeps us back from progress forever. When there are problems or changes, there has to be some outlook that they will be fixed some day. Does not need to be tomorrow. Maybe you should join efforts with the HamnetDB people to merge the part that now handles the IPIP tunnel system with their system, which in other areas is much much more flexible and more like what we require. (although of course there always are wishlist items, e.g. because of things that are incompatible with our local license system) Rob

9 years, 2 months

2
2
0 0

Re: [44net] ICMP: A small request

by Rob Janssen

> Subject: > Re: [44net] ICMP: A small request > From: > "Marc, LX1DUC" <lx1duc(a)laru.lu> > Date: > 02/19/2016 06:37 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > Especially as we are all running tunnels, you (well your systems) really want to receive ICMP 3:4 (Fragmentation required, and DF flag set) messages. > > The "Ping of death" is not an issue anymore, and ICMP Flooding isn't really frequent anymore either. Nowadays neither of both require rejecting all kind of ICMP messages. Usually a fair rate limiting in the INPUT chain does the trick. > > 73 de Marc, LX1UDC Unfortunately people like Steve Gibson have done a lot of damage by misinformation - likely more than the damage ever caused by replying to a PING. It is still hard to convince some people they should not block all ICMP. At work I am currently trying to solve a problem caused by dropping the above ICMP packet combined with the "blackhole detect" misfeature that means the connection is not just completely breaking down (and the bad firewall operator noticing his mistake), but becoming much slower. As bad as a site that has IPv6 in DNS but not actually working... Rob

9 years, 2 months

2
1
0 0

Re: [44net] ampr-ripd for openwrt

by Peter Mallett

I can not ping or access the http page yet again. I wonder if Jean-Marc has taken it down ? Regards ..... Peter ZL2BAU

9 years, 2 months

7
49
0 0

Re: [44net] another OpenWrt gateway

by lleachii＠aol.com

Daftcho, Your configuration appears to be correct; but you performed traceroute on your WAN IP address, and not the 44net IP. Attempt to perform traceroute using the interface argument: 'traceroute whatismyip.ampr.org -i br-amprlan' 73, - Lynwood KB3VWG

9 years, 2 months

1
0
0 0

BGP stats for AMPRNet

by Assi Friedman

Hi Brian: I am curious about BGP routing; since the agreements all go through you, here are a few questions: 1) How many AMPRNet subnets are currently being advertised via BGP? 2) Do you have any notion if specific ISPs are more open to allow BGP advertising than others? 3) Have any AMPRNet users had luck getting BGP agreements with home class service? Assi

9 years, 2 months

6
19
0 0

Re: [44net] another OpenWrt gateway

by lleachii＠aol.com

Absolutely. Anything using Internet Protocol should work. BTW, I was unable to traceroute you. Feel free to use: http://44.60.44.10/tools/trace/php-trace44.php - Lynwood KB3VWG -----Original Message----- Can I use again pptpd and connect to my gateway from Internet like I used to do?

9 years, 2 months

1
0
0 0

Re: [44net] how can i know what network allocated to me ?;

by Rob Janssen

> Subject: > Re: [44net] how can i know what network allocated to me ?; > From: > R P <ronenp(a)hotmail.com> > Date: > 02/18/2016 07:14 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > Dear Marius > There are several solutions for that > i did it with Cisco 20 years ago and I know that there is at least one gateway that use Cisco active and running now > So im not the first one who use Cisco > Best Regards > Ronen - 4Z4ZQ Maybe you will be able to get it to work between your net-44 network and outside internet, but to get connectivity to the other IPIP gateways will be very difficult for you. Getting an IPIP gateway to work requires some understanding of networking and system configuration, and it is a lot easier to do it on Linux than on your Cisco. But in any case you will need to study the matter and learn how to solve problems. In fact, that is most of the fun. As soon as it starts working, it is time to move on to other things... When you don't like it, you have probably chosen the wrong project. Rob

9 years, 2 months

1
0
0 0

Re: [44net] Obtaining a /16 network for a specific DXCC country (TK) ?

by Rob Janssen

> Subject: > [44net] Obtaining a /16 network for a specific DXCC country (TK) ? > From: > Toussaint OTTAVI <t.ottavi(a)bc-109.com> > Date: > 02/15/2016 10:31 AM > > To: > <44net(a)hamradio.ucsd.edu> > > > Hi, > > I'm TK1BI, and I'm living in Corsica. It's a small island in the Mediterranean sea. It's a French "department". But it's a specific DXCC country : TK. > > With my friend TK5EP, we are managing the TK5KP radio-club, which has been very active for years. We are now designing a hamnet network for our island. I'm wondering if it would be possible to obtain a /16 subnet for our "country". If so, what > would be the requirements ? How many radio amateurs are there in Corsica, and how many of them are likely to be active on the digital network? There are 134 callsigns in the QRZ.COM list for TK*. Maybe only those that voluntarily listed themselves are there? I think other countries of similar population size got a /20 assigned... Not that we have a shortage of address space, and not that I want to withhold you a /16, but it seems a bit large. Rob

9 years, 2 months

10
26
0 0

Re: [44net] BGP announcement questions ?

by Rob Janssen

> Subject: > Re: [44net] BGP announcement questions ? > From: > R P <ronenp(a)hotmail.com> > Date: > 02/17/2016 09:14 AM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > Thank you Edgar > I look for Hardware solutions for making our gateways > I know Cisco can serve as Gateway > Now i start to understand that Microtik also can do it > Do you know if anyone is doing a GateWay with Microtik ? if yes may I get the config to do IPIP for the 44 net ? > Thanks Forward > Ronen - 4Z4ZQ I would not recommend Cisco or MikroTik to run an IPIP gateway. It is all much too complicated. Get a Linux box. Seriously. Or BSD when you like that better. With a few simple configuration steps you have an IPIP router that works automatically and does not need manual attention or complicated scripts to update its configuration all the time. MikroTik is ideal for use as internal router in a radio network: point-to-point links and user accesses, and running BGP on the private AS numbers. That is not the same as running BGP towards internet! To announce BGP subnets on internet I would recommend to get this service from an ISP. They know this matter because they use it to advertise their own subnets, and a good ISP can advertise your subnet to internet and statically route the traffic to your router. Rob

9 years, 2 months

5
5
0 0

Re: [44net] BGP stats for AMPRNet

by Steve L

curl -s http://thyme.rand.apnic.net/current/data-add-ARIN | grep " 44\." >And if we talk on the subject >is there any tool on the net that can show the Sub nets that advertised for the BGP for the >AMPRNET ? >I used to see BGP advertisements in one of the looking glass tools of the biggest ISP tools page >Regards >Ronen - 4Z4ZQ >http://www.ronen.org

9 years, 2 months

1
0
0 0

Re: [44net] BGP announcement questions ?

by Steve L

Ronen, I am with Tom on this. Cisco routers/Mikrotik have their place later down in the network. By far the most logical way to do an IPIP gateway is with a Linux box. Look into the the various single board computers, you don't need a spinning hard drive if you are worried about dish crashes etc. Brian Kantor runs the whole thing at UCSD on a dual-core 3.2 Ghz Xeon processor with two 1 GbE ports running a BSD variant on a Compact flash storage device, if I remember correctly.

9 years, 2 months

1
0
0 0

Obtaining a /16 network for a specific DXCC country (TK) ?

by Toussaint OTTAVI

Hi, I'm TK1BI, and I'm living in Corsica. It's a small island in the Mediterranean sea. It's a French "department". But it's a specific DXCC country : TK. With my friend TK5EP, we are managing the TK5KP radio-club, which has been very active for years. We are now designing a hamnet network for our island. I'm wondering if it would be possible to obtain a /16 subnet for our "country". If so, what would be the requirements ? Here are some arguments : - In the ham radio world, Corsica is a separate DXCC country. - On an administrative point of view, Corsica is a department of France. But it's an island, and there's 300 km of sea between us and France. So, it's an independant geographical unit. - On a political point of view, Corsica has a specific language (similar to Italian), and a local government that would tend to more autonomy inside France and Europe. - On a historical point of view, Corsica has been one of the first republics in the world (30 years before France), and its Constitution, written in 1755 by Pasquale PAOLI, was used as a reference for the constitution of the United States of America (https://en.wikipedia.org/wiki/Pasquale_Paoli). - On a technical point of view, we're already using the 44.151.20.0/24 subnet (from France). And it would be technically enough to handle all our future needs. The "internal" net is built on 10.x.y.0/24 subnets, and only the external gateway has a 44.x address. Anyway, having a /16 would allow us to separate each region and city in /24 subnets, and use 44.x adresses everywhere (no more 10.x). As you can see, this request is not really based on technical needs; It's mostly a request to affirm our identity in the hamradio world. I'm a Systems Engineer, specialized in network and telecom. I'll host the backbone of the network in my professional datacenters (one in France/OVH, and one here in Corsica). My company will give free hosting, free VMs, free IP addresses and free bandwidth to the radio-club, so that the network will benefit of latest technologies at no cost. We'll also have BGP capabilities. TK5EP and I will be the sysadmins. Then, would it be possible to get a /16 subnet for Corsica ? Thank you in avance. 73 de TK1BI

9 years, 2 months

6
16
0 0

Is ENCAP.TXT available via FTP

by Jay Nugent

Greetings fellow AMPRnetters, Is the encap.txt file still available via anonymous FTP any longer? That method was sweet and easy. I find the API rather clunky and so prone to scripting errors (on my end). I'm trying to automate updating the encap routes daily, and FTP has always been tried and true. NO! Not interested in RIP as during emergencies when we need to manually make changes to the routing tables they get overwritten by RIP. So that is NOT a solution in an EMCOM environment, sorry. So is plain-jane FTP still available??? Thanks! --- Jay Nugent WB8TKL Ypsilanti, Michigan Hamgate.Washtenaw.AMPR.org () ascii ribbon campaign in /\ support of plain text e-mail o Averaging at least 3 days of MTBWTF!?!?!? o The solution for long term Internet growth is IPv6. +------------------------------------------------------------------------+ | Jay Nugent jjn(a)nuge.com (734)484-5105 (734)649-0850/Cell | | Nugent Telecommunications [www.nuge.com] | | Internet Consulting/Linux SysAdmin/Engineering & Design | | ISP Monitoring [www.ispmonitor.org] ISP Performance Monitoring | +------------------------------------------------------------------------+ 08:01:01 up 37 days, 4:49, 4 users, load average: 0.36, 0.22, 0.17

9 years, 2 months

3
2
0 0

Re: [44net] ampr-ripd for openwrt (Jean-Marc Magnier)

by F6CNB

Jean-Marc, An easy way to check your system and to know if you are going thru Internet or thru ampr.org is to ping my IPIP gateway at either 44.151.91.7 or 44.168.12.6 If the ping time is around 300ms you are coming in from Internet via ucsd.edu and if the ping time is less than 100ms you are coming in thru the IPIP tunnel. For testing purpose, you can just manually create a few IPIP tunnels and routes on your openwrt router. . Feel free to contact me directly as I am only a few km (Bures sur Yvette) from your QRA. You should even be able to connect the 44.168.x.x network via radio on the 5.7MHz band. 73 Remi F6CNB

9 years, 2 months

2
2
0 0

Filtering...

by Rob Janssen

On a somewhat related note: people, please include some filtering in your gateways to drop the packets with an RFC1918 source or destination address (the 192.168 networks etc) before forwarding them over tunnels. There are several other filters that you can apply, depending on the position of your gateway in the network, including the verification that the source address of packets is within your gatewayed subnet. I have filters with logging on the tunnel interfaces and it is unbelievable how many 192.168.88.x and 10.x.y.z packets I see being dropped. A little output filtering does not hurt! Rob

9 years, 2 months

4
3
0 0

ampr-ripd for openwrt

by Steve L

Lynwood managed to cross-compile ampr-ripd v1.13 OpenWrt-ar71xx-for-mips_34kc back in August 2015. You can look at this lists archives around that time for any other notes. His binary and some other things can be found at http://44.60.44.10/amprnet_docs/ Note: Only accessible via 44net, else 403: >Hi, > >Does anyone know where I can find a compiled version of ampr-ripd for >openwrt (backfire) ? I can't find gcc for Backfire :-( >Same nightmare about rip44d, perl multicast not available for Backfire. > >Thanks in advance > >73 from F1SCA

9 years, 2 months

3
4
0 0

Re: [44net] 44Net Digest, Vol 5, Issue 34

by Pedja YT9TP

For some reason list switched to send me digests. How can i switch back to single messages? There is no info in digest email. Pedja YT9TP --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus

9 years, 2 months

4
3
0 0

44.135.88.0/24 Toronto

by Michael Durrant (VE3PNX)

Just a heads up. I have had the Toronto, Ontario subnet 44.135.88.0/24 subnet dark for a few years now and plan to get it back online in a few weeks. For those in the GTA, Bob, etc .. please drop me a private email so I can coordinate bringing the Toronto AMPRnet GW back online. Michael Durrant ve3pnx(a)andier.com www.packetradio.ca

9 years, 2 months

1
0
0 0

banned 44.140.63.5

by Michael Fox (N6MEF)

The IP address 44.140.63.5 just tried multiple ssh attempts using invalid logins against six of our 44-net machines. The attempts were caught and blocked. But beware. Is there an abuse policy and, if so, what is it? Michael N6MEF

9 years, 2 months

5
7
0 0

Re: [44net] HAMNet France

by F6CNB

Hi Brian, My name is Remi F6CNB and I am in charge of developing the HAMNET network in France BUT I am not the IP address coordinator. The subnets are distributed by the coordinator outside the portail. I am using the hamnetdb.net to keep track of them. There are more than 50 sites currently active on the network. The network is growing fast in the Paris area with a lot of high speed backbones (typically 10 to 70Mbps). A lot of additional isolated subnets are existing in France including the very remote La Reunion island. They all are connected to the Paris area network thru gre tunnels. The main usages of the network are: VOIP, DMR/STAR repeater links, DATV repeater, Webcam, APRS ...... I got a script from our german hamnet friends to automatically update by email the main 44.0.0.0 DNS server from hamnetdb.net. I need to adapt it to handle the 44.168.0.0/16 network. Could you send me a description of the current way to update the DNS server by email and give me the privilege to do it? We also have a lot of issues with the current portail like I cannot assign 44.168.0.0/16 to my main ipip gateway (200Mbps connection both way) or the DNS registration not working. That is probably the main reason of poor DNS update. 73 Remi F6CNB (also W5/F6CNB 50% of the time)

9 years, 2 months

2
1
0 0

Re: [44net] A bit OT

by William Lewis

The method is there. It's just almost hidden. When you click "Database", you will see only data from 2011 and newer. While looking at the right-side frame, each entry has an "update" option. Look closely at the very first one, and just above the word "update" you will see the word "New" Click "New" to add your entry. When you enter your data, the website will then attempt to use your computers default email program to submit a new entry via email. Depending on your email program, it may or may not try to warn you that another device is attempting to use your email program to send data somewhere. Cheers Peter. Bill Lewis / KG6BAJ At 04:03 PM 2/9/2016, you wrote: >(Please trim inclusions from previous messages) >_______________________________________________ >Hi All, > > Sorry for my off topic question, I shall be brief. > >Does anyone know where or how to update the listing on > >http://www.ampr-gates.net/frame_e.htm

9 years, 2 months

2
2
0 0

A bit OT

by Peter Mallett

Hi All, Sorry for my off topic question, I shall be brief. Does anyone know where or how to update the listing on http://www.ampr-gates.net/frame_e.htm Is there another site ? Regards ..... Peter ZL2BAU

9 years, 2 months

1
0
0 0

Re: [44net] 44Net Digest, Vol 5, Issue 32

by f5pbg＠free.fr

Hello Brian, French Hamnet works fine on 44.151 subnet like you can see. This is the historic network, no problem on it. REF association ask for a new 44.168 subnet for their project. For 44.168 subnet, contact the coord F1TZV at f1tzv(a)evc.net I read the Hamlist of REF association http://ref-union.net/Hamnet/ and there is nothing since fews months. I just write a message on this list in order to know what happend. If i have a answer, i will put it here. Best regards, Ludovic - F5PBG. Le 09/02/2016 20:00, 44net-request(a)hamradio.ucsd.edu a écrit : > Message: 5 > Date: Tue, 9 Feb 2016 08:21:33 -0800 > From: Brian Kantor<Brian(a)UCSD.Edu> > To:44net@hamradio.ucsd.edu > Subject: [44net] HAMNet France > Message-ID:<20160209162133.GA14859(a)UCSD.Edu> > Content-Type: text/plain; charset=us-ascii > > Can anyone advise me of the status of the French HAMNet project? > > I've not heard anything from those folks in over a year, and the > coordinator for 44.168.0.0/16 hasn't logged into the portal since > May of 2015. > - Brian

9 years, 2 months

2
1
0 0

HAMNet France

by Brian Kantor

Can anyone advise me of the status of the French HAMNet project? I've not heard anything from those folks in over a year, and the coordinator for 44.168.0.0/16 hasn't logged into the portal since May of 2015. - Brian

9 years, 2 months

3
2
0 0

Re: [44net] DNS cleanup

by Rob Janssen

> Why does an hostname of an isolated system need to be resolved in a world > wide DNS? > It has no connection to the internet via the gw or to the tunnelling system, > so that DNS resolution will allways lead to an unreachable host. Because there really is no relation between IP allocation and routing. For example, back in the days when we ran a lowspeed IP packet network here and in surrounding countries (1987-2003 or thereabouts), it was strictly forbidden in the regulations to have a connection between a radio station and a public communication line. We had thousands of stations active but none reachable from internet. hostfiles were used instead of DNS, but the information in the hostsfiles was always replicated to the public DNS, to indicate what addresses are allocated to whom. Also, it would have been possible (had the software on the typical station supported it) to download a zonefile and use it offline. Now that we have linking over- and to internet, we are in fact still doing that. Our gateway downloads the zonefile from hamradio.ucsd.edu daily, and loads it in a local DNS server on 44-net, only reachable from the radio side. So even when we lose our internet connection, we can still resolve .ampr.org addresses as they were valid just before the breakdown. I don't think that "reachable from the internet" or "reachable from net-44 systems that tunnel over internet" should be a criterion for being in the .ampr.org DNS. (this does not even consider that there may be firewalls that make it impossible to detect for outsiders that a system is connected, while the system itself can perfectly make outgoing connections) Rob

9 years, 2 months

9
11
0 0

Re: [44net] DNS cleanup

by Rob Janssen

> If you look in the file that Brian posted you will see that there are no > 44.137.X.X (or 44.130.X.X) records in the list to be deleted. > So your DNS records should be okay. I know that, and that is why I am taking up the job myself. (I think it is a bit strange that the networks that are BGP or IPIP routed would not have to be cleaned) Rob

9 years, 2 months

3
3
0 0

Re: [44net] DNS cleanup

by Rob Janssen

> Since we cleaned up 44.130/16 a while ago, we have some hints for your > first cleanup round. Maybe you should consider taking obsolete CNAME- > and MX-records into account. Example: > to-be-deleted.txt: > g7suh IN A 44.131.254.242 > ampr.org: > 2e1arm IN CNAME g7suh Yes, please take good notice of that! Some time ago I have made a lot of effort to delete all dangling CNAME and MX records, hundreds of them. Apparently there have been cleanups where entire subnets worth of A records were deleted, but many MX and CNAME records still referred to them. It looks like at some time, for every A record created in certain US subnets, a corresponding MX record (just "call IN MX 10 call") had been created. A bit pointless, but worse is that those were not removed when the A records were removed. This time around, please make sure that whenever some record is removed, all records that point to it are also removed. As Jann correctly points out, there are MX records that point to external servers (although sometimes the trailing period was forgotten, making them inoperative). During the above cleanup, I found several of those that do not exist in DNS anymore, and deleted them as well. I did not check if the ones that still resolve would offer SMTP service and would accept mail to the specific domain name (in .ampr.org!). Probably lots of them don't. This weekend I sent out a mailing about renewing registration by tacking @amsat.org @veron.nl and @vrza.nl to all callsigns (the latter are two amateur societies here) and of course I got many delivery failures back where the address at the aliasing service exists, but the address the mail is forwarded to no longer exists. We are not the only one with this cleanup problem... Rob

9 years, 2 months

1
0
0 0

encap.txt

by Don Moore

I downloaded the encap.txt file just now and it doesn't match the gateway list. Is it not being updated or has something gone wrong in the process? 73, Don

9 years, 2 months

2
1
0 0

Re: [44net] DNS cleanup

by Rob Janssen

> People -- we need the cleanup. I say, be aggressive. If an active DNS > record gets deleted, just recreate it -- Sheesh. Maybe you have not understood it, but we are actually *using* the network. For places where it is just a leftover of the packet radio days, I agree. Today I deleted a number of old BBS records, and a few hours later I got a mail back that one that was still in use. We cannot do that for all 3000 active records. Rob

9 years, 2 months

5
4
0 0

Re: [44net] DNS cleanup

by Rob Janssen

> No, expectation is that people getting AMPR address space should > have the subnet they're in registered with the portal. That includes > non-connected hosts and /32s. Is it really a good idea to base the cleanup on data in the portal? I mean, the guy running the portal clearly does not have the resources (or the motivation?) to do even minor maintenance on it, let alone finish work on features like the DNS registration that have been in incompleted state for years. Is it a good idea to make our entire network dependent on that? I cannot remove a subnet that was erroneously added in the past (and where user subnets where added inside) without deleting those, and a request to the maintainer to do that outside the portal UI that I sent months ago is still not processed. I also cannot add any regional subnets for which parts are already registered to users. The whole implementation of subnet hierarchy and record ownership is much too strict, it only works when everything is done "the correct way" on the first try, which simply is not realistic. Compare it to HamnetDB where you can simply reshuffle the whole subnetting by inserting, deleting or editing existing records within the existing hierarchy. I also don't like the idea to send a request to all users to "register themselves" and then being bombarded with allocation request mails from the portal that all need to be manually edited because the requesting user cannot specify an existing allocation to be registered. Users that do not understand the whole mechanism cannot be ignored, because either you don't process the request and it remains on the todo list, or you reject the request and those users just click the links in the rejection mail which results in the same request being posted again :-( In 44.137.0.0/16, really only the users that want to run an IPIP tunnel are registered in the portal, there are many other users that connect in a different way. Luckily we are not affected by this cleanup because we are BGP routed, but at the same time that also shows how this method is failing. After all, what does the routing method have to do with the DNS contents? Basically nothing. Why should all our inactive records remain there while those of other countries are deleted even when they may be active? When we want to clean the DNS, we should look at the situation on a country by country base. I am all for deleting entries for callsigns that have expired, and in fact I regularly do that. Probably other countries also have lists of active callsigns and a quick scan can be made to delete all expired callsigns and probably also those records that are not related to callsigns. We could request all coordinators to send a list of active callsigns, and we could process those lists to generate a deletion list like I already do for my area. We could also ask each coordinator what is the state of IP packet or other use of those addresses in their country, and maybe get whole networks deleted when they no longer exist. I will try to dig in the old data I still have saved (for my area) to generate a list of callsigns and the date of last registration or reconfirmation, and try again to contact all callsigns with records before a certain date and delete them when there is no reply. This should clean out more records than the previous run, where I only deleted those registrations where the owner replied they no longer required them. Rob

9 years, 2 months

16
26
0 0

Re: [44net] Dumb question - 44.130 IP address?

by Dg7nef

Hi group, hello Thomas, IIRC the initial assignment was in fact given to me by you and Paul, so I'm happy to hear from you again. :) On 02/07/16 23:55, Thomas Osterried wrote: > Hello, > > well, a longer tradition than the quite new portal are the country-wide IP-Koordinators. > > In DL, we have the coordination team of three people (dd9qp, dg8ngn, dl9sau) and we delegate the responsibility of the local assignments to the regional coordinators. This concept goes back to the last century. > From the regional coordinator, Wolfgang had got the initial assignment of his IP addresses. That is correct. And that was kind of "status quo" when I had to quit Packet Radio activity. But the first thing I found when I searched for infos on the current state of IP in PR was that my IP's no longer do exist (which in fact is not really the problem for me, as I really was not active for a long time. So, no complaints on that from me, that's perfectly OK if there's some need for IPs. > Some time ago, we did a clean-up of the old 44.130 packet-radio block in communication with the regional coordinators. > > What's with the portal? - I think we need discuss that. It had been no relevance for us (since no one requested it), and I'm not sure, how it fits in a concept of the country coordinator system (unless a country coordinator defines a do-what-you-want-netblock for self-allocation - but how this may be integrated in a working routing concept??). I think the portal would not work that good with a concept like the formerly used one with using the IP for granular routing over PR network. But I seem to remember discussions that the "routing feature" would not be needed any more and the whole german IP PR network should be seen as one big block (which I do not really support from my standpoint as sysadmin). > Region ofr.de (44.130.62.0/24) was resigned 2013-07-31. Regional Coordinator was DL1NAT. > The zone file of that region expired with serial 2004041601. Nine years after the last update. forward- and reverse- entries were inconsistent: the reverse file had the serial number 2002062201 (I assume 2 years before). > > I do not like to blame anyone, but it may be useful in that discussion. 9 (or 11) years after the last coordination of the subnet and 2.5 years after your regional coordinator stated that all records could be removed, you recognize that dg7nef, dg7nef-2 and dg7nef-gate ( 44.130.62.20, .18, .19) have been passed back. And that lead to my problem with portal.ampr.org as I still had my own local acting DNS serving as "Master" for the zone on requests from my network, so I could at least keep the IP adresses I did contact in a state that did work for me. Yes, split DNS and multiple masters are an ugly thing. But it did work locally then. > This emphasizes both, the difficulties we'll get, even years after a clean-up, and on the other site the need to have a clean-up (the /24 had 57 entries (22%) and we finally got one complain (Wolfgang had 3 addresses -> 5 %). For most cleaned subnets we got 0 responses at all). Well, in fact no complains from me so far, just a bit confusion on my side. ;) > And imho, it also shows the country- / regional-wide coordination concept makes sense. Currently, we've 35866 IN A records in ampr.org. Imagine we'll have 10 requests a day on the list of the pool of every user, we all will have to read the next 10 years about every individual issue.

9 years, 2 months

1
0
0 0

Dumb question - 44.130 IP address?

by Dg7nef

One kind question, first of all, after a forced break due to changing my home address and various other reasons not to be discussed here I had to learn my IP adresses assigned to me long ago and that I used for a long time ago are no longer existing. OK, maybe I can understand the reason for that. Now I'm searching for that "portal" to register myself for getting a new IP assignment for being able to start playing with Amateur Radio Packet applications and so on, so I search for the portal. Well, there is a portal. But that portal is not showing up at all when you try to contact it. Does that mean you have to have an IP to register for an AmPR IP, but no wait - I just want to register for it? Can you please enlighten me what is going on here? I just don't understand it right now. Thanks, Wolfgang

9 years, 2 months

3
2
0 0

Re: [44net] DNS cleanup

by Rob Janssen

> What would you have me do? It's clear that the majority of the entries in > the DNS are bogus. We have NOTHING to reference except the portal data. > Doesn't it make sense to try to get that data in order? Yes, but as I mentioned many times before, there is no sane way of migrating the data that *is* still valid towards the portal. There is no clear way for the user to request their existing allocation to be loaded into the portal. Not automatically (e.g. by querying the DNS), not manually (by filling in a form with existing addresses). One can only ask for new allocations and place a comment that says in fact one wants to move an existing allocation. I cannot ask the users to do that, and I don't like to edit all those requests manually. I think the portal should facilitate migration of existing data at least until that process is completed. There should also be procedures to migrate large blocks of data, as our own network infrastructure has hundreds of hosts that I do not want to enter in a webform one by one! I have recovered all update mail messages sent to the portal after 1994-01-01 and have added a date stamp to all the lines in my own hosts file with the latest date of an addition of data for each callsign. The file is available at http://pe1chl.nl.eu.org/hosts/hosts.137 Today I have done another mailing and a local amateur radio newssite has placed it on their newspage. This time I requested all the users that want to *keep* their allocation to reply by mail. When I get a reply or make a new registration I update the stamp to the current date. Next month I will just delete all records with a date before 2010. That should get rid of all the records from "the old days" and only leave those that were added during our more recent experiments. Last time I did this (two years ago) I kept the records for those that I could not reach, but this time those will get deleted. (of course they can always request to get them back when they notice it) Rob

9 years, 2 months

5
4
0 0

Re: [44net] DNS cleanup

by Steve L

Brian Kantor wrote: >That was going to be a subsequent phase of the project. At the moment, >there is no way to "mark" the data at all - it either exists or it >doesn't. What we were considering doing is importing the DNS entries >into the portal, then requiring that each be claimed by someone within >some period of time - perhaps a year or two. After that, unclaimed entries >would be deleted. Sounds logical, that seemed to work well with the gateways portal phase in. I really can't think of any other approach. So delete as much for sure dead wood as possible; import what remains to allow it to be claimed. And then finally purge all unclaimed > >The existing DNS entries have an ownership field, based on who entered >them into the DNS database. That was added a few years ago, so there >are a lot of entries with null ownership. Unfortunately, there are >older entries which are still valid but have null ownership because >they were added to the database before it had an ownership attribute. I was wondering about this. Thanks for explanation. >This brings up the question of who is to be the owner of a DNS entry. >Should it be the individual or group who asked for it to be added to >the DNS or should it be the coordinator who entered it? The former >would mean that hundreds of people would have to register with the >portal and take ownership of each of their entries. The latter would >mean that it would be up to the coordinators to keep track of who is >still active (or still alive!) and delete entries for people who are >no longer around. Neither is a satisfactory solution. > In my opinion the end user should be the owner. But it might be logical to have a group owner ship flag available too. So people like coordinators can enter and edit for other people who may be less in the know in terms of what they are doing. >The goal is to have a tidy DNS database, with only entries that are >valid as is possible. I am open to suggestions. >- Brian

9 years, 2 months

1
0
0 0

Re: [44net] DNS cleanup

by Rob Janssen

> My speicific issue here is that my local AMPR coordinator recently told me that unless all my IP addresses had a DNS entry, I risked loosing my allocations. I think this is a policy that *he* is setting himself (not a global AMPR policy) and > though I don't agree with his view, I obliged to give him ~1024 hostnames to fill things out. If other AMPR coordinators have similar approaches, then DNS entries mean everything to the IP allocation be it a subnet or a /32. > > --David > KI6ZHD This is not how I handle allocations... in the area I manage one can allocate individual addresses or subnets, and when they are subnets the address range of the subnet is reserved but not each address in the subnet needs to have a name attached. However, all traffic for addresses without associated name in .ampr.org is filtered at our internet gateway. So when you want to actually *use* an address outside the local radio network, it has to have a name. (this is the same policy as in the gateway at UCSD) Rob

9 years, 2 months

1
0
0 0

Re: [44net] DNS cleanup

by Rob Janssen

> Subject: > Re: [44net] DNS cleanup > From: > Brian Kantor <Brian(a)UCSD.Edu> > Date: > 02/07/2016 08:52 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > On Sun, Feb 07, 2016 at 08:37:23PM +0100, Rob Janssen wrote: >> >I wonder what the database structure is and if you could maybe just delete the >> >record from the database without affecting the children. > I can't; I don't really have access to the underlying database. > - Brian That is why I initally sent the request via the contact page on the portal. However, it was not processed. This makes me pessimistic about the maintenance resources at the portal, and reluctant to spend a lot of time filling it with information that apparently can never be modified. Rob

9 years, 2 months

1
0
0 0

Re: [44net] DNS cleanup

by Rob Janssen

> Rob, if you'll tell me which subnet that has "children" should be removed > and which of those "children" should be kept, I'll make a note of the > "children", delete them, delete the erroneous subnet, and add the > "children" back in. Annoying, but it should take only a few minutes, > less time and more productive than arguing about it on the mailing list. It is the 44.137.24.0/22 subnet as I mentioned before. But be careful: those children are IPIP gateways and have that subnet registered in their gateway system. I'm sure when you delete them through the UI, the subnet will be deleted from their gateway as well. That is not good. I wonder what the database structure is and if you could maybe just delete the record from the database without affecting the children. When there are all kinds of pointers back and forth between parent and child records, that would be something that needs to be fixed. It should be easy to add and delete subnet levels between existing ones, e.g. a new regional subnet between a country subnet and users. We are re-arranging things all the time as the network develops. Probably the subnets should just be stored neutrally, and the parent/child relationship should only be established at the time the records are retrieved for display. And deleting a subnet should not infer deleting everything that is in it, the contents should just be promoted to the next higher level. Rob

9 years, 2 months

2
1
0 0

Re: [44net] DNS cleanup

by Rob Janssen

> Were there multiple entries for 44.137.24.0/22 ? > I still have it in my allocation list. the whole subnet was in use for > the regional local access point I was co-sysop for. That access point is > not operational at the moment, but I would like to keep that allocation > for when it comes back in the future. It is precisely this flexibility that is missing in the portal. There is no way to insert or delete regional subnets when there already are user subnets registered below that level. And there is no way to resize a subnet or transfer ownership either. I would like to register all regional subnets for clarity of the allocation tree, and transfer them to the proper user when that is appropriate. This can be done in HamnetDB and there I have registered those subnets to make the structure of the network visible to anyone, but the portal cannot do that. This particular subnet has been planned to be used by the soon to be deployed access point at the Eindhoven UHF repeater site which will route it using BGP via radio link to PE1RDP. So I prefer to delete this entry for now, to clean the allocation list. Rob

9 years, 2 months

2
1
0 0

NTP Server Test

by lleachii＠aol.com

All, I have an NTP Server online at kb3vwg-001.ampr.org. Let me know if it's reachable from your hosts. This is currently in testing (the domain may move perhaps to tick.ampr.org.). 73, KB3VWG

9 years, 3 months

9
10
0 0

OpenWRT Security Notice

by lleachii＠aol.com

All, I've noticed that if someone performs a traceroute to a 44net address routed via an IPIP tunnel on OpenWRT versions 14 or 15 (tested) results in the router giving the Public, Commercial IP address of the device instead of a 44net IP on tunl0, or any assigned forwarded interface. Without intricate detail, this is by design of the Operating System, as the kernel re-packets an ICMP TTL Exceeded, and seems not to connect that new pack as RELATED to the Received Packet in which the TTL had Exceeded. This is fine when all local IPs are Private IPs, or should be forwarded via the Kernel's Gateway; but as they are not, and the only gateway the kernel knows is the physical WAN. The ICMP TTL Exceeded Packet is given the Kernel's source address (with Gateway), and sent hence - a leaked TTL Exceeded packet. Reason: the least computationally difficult method to protect our gateways from rogue packets is to not publicize/announce our Public WAN-facing IP address. In order to prevent this, a RAW Packet Filter rule for all packets received via tunl0 < 2 can be created, preventing processing of TTL exceeded packets for non-44net IPs: iptables -t raw -I PREROUTING -i tunl0 -m ttl --ttl-lt 2 -j DROP iptables -t raw -I PREROUTING -s 44.0.0.0/8 -d 44.xxx.xxx.xxx/xx -i tunl0 -m ttl --ttl-lt 2 -j ACCEPT Those using OpenWRT, please test and confirm issue and its fix. 73, -Lynwood KB3VWG

9 years, 3 months

3
4
0 0

Re: [44net] OpenWRT Security Notice

by Rob Janssen

The main problem with spoofing of course is not that it "attacks" our systems, but that our systems are being hit by backscatter from others that are being attacked, or that we attack others when we are used as reflectors. So be careful to have the right filters so you don't send too much traffic "back" to senders with spoofed addresses. It is correct that you need to allow protocol 4 only on the external network card and NOT on the tunl0 interface. If you do, you allow tunnel-within-tunnel packets, and they could be malicious, but in any case they are incorrect. In the past we have sometimes seen encap loops where some incorrectly configured system kept putting packets into another encap layer and forward them, and this kind of looping can easily be stopped by not allowing protocol 4 over protocol 4. There is an additonal filter that you can make, and which I explained earlier on the list. With Marius' ampr-ripd you can call an external script when the encap route table is changed, and in this script you can maintain an address list of valid IPIP peers, and use that in the firewall to accept IPIP packets only from peers that are announced by the RIP daemon. This will guard you against funny IPIP packets sent by random hackers. Of course it is not sufficient against the determined people, because they can spoof the IPIP packet to come from one of the gateways in the list, and it will be accepted anyway. Blocking "non-44 source addresses on tunnel interface" of course is only possible when you do not want to communicate between net-44 and the rest of internet. However, you can always use the regular firewalling techniques like blocking all incoming traffic with a source address that is local to your network (and of course all RFC1918 traffic like 192.168.0.0/16), and use connection tracking (-m state --state ESTABLISHED, RELATED) to block most incoming traffic that is not a reply to outgoing connections, and then carefully allow what you like to come in. This has to be done separately for the external interface and the tunnel interface, as the things you want to allow on those two interfaces are completely different. Lots of firewall howto's only show you how to put lots of rules in the INPUT or FORWARD table, which quickly make things inefficient and difficult to maintain. It is usually better to setup a number of tables with iptables -N tablename, each with the rules for a specific interface or even for a protocol, and put rules in the INPUT and FORWARD tables that match on some input/output interface and branch to the table for that case. iptables -N eth0ipip .... iptables -N eth0input iptables -A eth0input -p 4 -j eth0ipip ... iptables -N tunl0input iptables -A INPUT -i eth0 -j eth0input iptables -A INPUT -i tunl0 -j tunl0input ... Rob

9 years, 3 months

1
0
0 0

Re: [44net] OpenWRT Security Notice

by Rob Janssen

> Subject: > [44net] OpenWRT Security Notice > From: > lleachii(a)aol.com > Date: > 02/02/2016 04:11 AM > > To: > 44net(a)hamradio.ucsd.edu > > > > the least computationally difficult method to protect our gateways from rogue packets is to not publicize/announce our Public WAN-facing IP address. Of course that does not work very well. All other gateway stations know your public IP and those who really want to know it can probably obtain it. The only way to protect your system is by using appropriate filters. And yes, these can be difficult to design, especially in the world of lousy internet service providers that do not bother filtering clients that spoof addresses.... Rob

9 years, 3 months

2
1
0 0

Re: [44net] NTP Server Test

by lleachii＠aol.com

All, - Time - NTP UDP/123 - This is odd, I'm able to reach the server and 44.60.44.1 from AMPR and the Public Internet (what exactly are you trying to 'reach' at 44.60.44.1 to determine its status, as I've only announced NTP as being available there) - using 'ntpdate -q 44.60.44.1' or 'ntpdate -q kb3vwg-001.ampr.org' works for me anywhere on the Internet kb3vwg@kb3vwg:~$ ntpdate -q 44.60.44.1 server 44.60.44.1, stratum 2, offset 0.001173, delay 0.02589 30 Jan 18:00:19 ntpdate[1058]: adjust time server 44.60.44.1 offset 0.001173 sec - I have now permitted access from the Public Internet (previously, it was only available to 44 hosts), let me know - Lynwood KB3VWG

9 years, 3 months

7
11
0 0

Re: [44net] Just received allocation... next steps?

by lleachii＠aol.com

Stephen and Ed, I have setup the tunneling routers on devices using OpenWRT and Ubuntu Linux. Since OpenWRT is actually designed to be a router OS, I highly suggest it. There are instructions for setting up a gateway using both OSes at http://wiki.ampr.org/ In order to route using Ubiquiti or VyOs, you must be able to compile and run ampr-ripd in order to provide RIP44 (which is not the name as RIPv2) on the tunnel interface. Since VyOs is a distribution of Linux, there may be instructions on the Internet on how to compile and/or execute ampr-ripd or rip44d. 73, Lynwood KB3VWG

9 years, 3 months

2
2
0 0

Just received allocation... next steps?

by Stephen - K1LNX

Hi guys, I just received an allocation for 44.34.96.0/24 to begin experimenting with. I plan on doing mesh networking as well as offering services as time permits. I have two questions regarding connectivity to the network: - I understand most folks are doing IPIP tunneling, has anyone ever done this on a Ubiquiti Edgerouter Lite or VyOS? Anyone in or near Tennessee that can accomodate a tunnel for me? - BGP... thinking entirely out loud here, but are there any VPS providers anyone is aware of that will accept announcements from 44 net that I could handle with say BIRD or another BGP daemon under linux? This would be my ideal setup and I could tunnel my own connectivity, but not sure this is possible.. looking for ideas here. 73, and glad to be a part of AMPR, I love networking :) Stephen K1LNX

9 years, 3 months

4
4
0 0

NTP - Reference

by lleachii＠aol.com

An inquiry was made into the Stratum of the NTP server: - Servers referenced are Stratum 1 or Stratum 2 Servers which reference a Stratum 0 Atomic Clock maintained by a University or Government Institution in Canada, the US or Mexico time-d.nist.gov nist1-pa.ustiming.org time.nist.gov time.nrc.ca time.chu.nrc.ca gnomon.cc.columbia.edu tick.gatech.edu cronos.cenam.mx

9 years, 3 months

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net