- 44net - mailman.ardc.net

by Steve L

Since there are people talking about revamping how we are doing this with the amprnet it might not be a bad idea to look at what others are doing. Here is one: https://en.wikipedia.org/wiki/Decentralized_network_42 https://dn42.eu/Home

4 years, 3 months

1
0
0 0

Updated setup instructions for vyos

by Kevin Hastings

Hello all, Does anyone have up to date setup instructions for Vyos? I have been able to get ampir-rip installed and it appears to be creating routes and can receive pings via one of my IPs with a DNS address configured however pings to that address from a non 44 machine are being responded to via the wrong interface. I have so far been unable to ping anything on the 44 side but am not currently convinced the routing is configured correctly. Thanks, Kevin VA3PSL

4 years, 3 months

2
1
0 0

BGP/openvpn finally all ok.

by pete M

I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to distribute the /24 that was assigned to me. I played a lot with the openvpn and wireguard software up to a point I had to redo the whole install of the VPS. here is the receipy I have been able to use for the task. I am running a Debian10 that was updated to the latest software First I have use the tutorial at https://www.vultr.com/docs/configuring-bgp-on-vultr Be aware that on my version of bird I was not able to open the "/var/log/bird.log" files because of a propriatary right. the file belongned to root and it was supposed to belong to bird it is a known bug that I hope will be fixed soon. this helped me create that information into my bird.conf ------------------------------------------------------------------------------ log "/var/log/bird.log" all; router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps protocol device { scan time 60; } protocol static { route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the ipv4 from your vps } protocol bgp vultr { local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on your dashboard on myvultr.com for your vps source address xxx.xxx.xxx.xxx; import none; export all; graceful restart on; next hop self; multihop 2; neighbor 169.254.169.254 as 64515; password "YourSecretPassword" ; } ------------------------------------------------------------------------------ On the openvpn side of thing I have use the install script from angristan available at https://github.com/angristan/openvpn-install just followed the instruction and all was good. from there I changed some things on my network at etc/network/interfaces -------------------------------------------------------------------------- # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). #source /etc/network/interfaces.d/* auto lo iface lo inet loopback auto ens3 allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet static address 44.135.59.1/32 --------------------------------------------------------------------- the last line point at the first address of my /24 put yours into your file. then on the openvpn server I changed into the server.conf file only one line the file is at /etc/openvpn/server.conf i switched the server line from server 10.8.0.0 255.255.255.0 to server 44.135.59.0 255.255.255.0 the 44 address is my /24 put yours if you follow my exemple. that's it! it was not that complicated. But I had to dig a bit to understand the whole thing. My next step will be to split my /24 in parts. one section will be for the single connections like now, but I want to have connection that are like blocks of /28 or /29. I know I will have to make another instence of the openvpn server That is the part that is the less clear for me yet. The conf file is more clear. As I want to strat and stop each instence easily I will have to make a new starting script for systemd And that is where I will need to read more. If this helps someone I will be happy! If you see a problem with my setup please let me know! Pierre VE2PF

4 years, 3 months

7
27
0 0

44.170.120.59

by Rob PE1CHL

Who is 44.170.120.59? And why is (s)he portscanning for SSH servers? I think everyone should register their addresses in DNS and have reverse lookup working. Rob

4 years, 3 months

5
12
0 0

IPIP-Mesh routes 44.103.0.0/19 and 44.103.32.0/21

by Jann Traschewski

Hi, 44.103.34.4 (dvswitch.org) isn't reachable on the IPIP-Mesh (tested from 44.130.60.100). Who can fix it? (remove routes or make the host available) Thank you, 73, Jann -- Jann Traschewski, Faber-Castell-Str. 9, D-90522 Oberasbach, Germany Tel.: +49-911-99946898, Mobile: +49-170-1045937, E-Mail: jann(a)gmx.de Ham: DG8NGN / DB0VOX / DB0FOX / DB0ZM / DB0DBA / DB0HZS

4 years, 3 months

1
0
0 0

Ping: Is the list down?

by Roland Schwarz

-- __________________________________________ _ _ | Roland Schwarz |_)(_ | | \__) | mailto:roland.schwarz@blackspace.at ________| http://www.blackspace.at

4 years, 3 months

1
1
0 0

Re: [44net] Test Script for ipip Gateway

by Mark Herson, N2MH

> If anyone wants to test my incoming access, you can try n2mh.ampr.org > or http://n2mh-web.ampr.org. Please let me know the results. Sorry, that web url is a typo. It should be http://n2mh-web.n2mh.ampr.org I have received several emails to n2mh(a)n2mh.ampr.org. 73, Mark, N2MH

4 years, 4 months

8
12
0 0

Scope, limited scope, and policies

by Jeff Goeke-Smith

So, I'm going to continue to harp on the question of what capabilities/services are we attempting to enable? On that note, I'm going to point out the ARDC ToS which expressly indicates that the entirety of connectivity is outside the scope of what ARDC does. Specifically, section 3, "ARDC DOES NOT provide network services. Specifically, we do NOT provide network connectivity,"... [1]. While that document does cover address assignment agreements, it doesn't talk about the IPIP mesh at all. Is it out of scope? Is the IPIP tunnel service in scope and a thing that should be covered by the ToS? Secondly, and less critically, that document has an inaccurate assessment of AMPRNet as far as I understand: > “AMPRNet” means the network 44/8; that is, all Internet IP addresses from 44.0.0.0 through 44.255.255.255. So, is the IPIP mesh network gateway an actual service from ARDC? Should it be? How is it related to address assignment service? I'm putting forward this question because of the following reasoning: The primary resource of interest is the IPv4 address space. Those that already know how to work with allocations of address on the internet, either personally or by proxy, can and do get allocations of /24 and greater regularly and utilize them. Anybody who can do this prefers to do this. (I'm willing to be told that I'm wrong here, but I haven't seen that case.). The substantial problems show up in the form of addresses being used over IPIP or VPN connections, due to bandwidth, latency (to California and back!), and configuration complexity (610 IPIP tunnels last I counted). What if we give up on that, and just start pushing users to regional operators with local connectivity solutions? What if we spent the time here building the parts for those local connectivity solutions? To some extent, that's already the discussions underway. Because I think regional operators will be completely happy to just announce address space out of their existing infrastructure. Seeing the variety of framings regarding protocol and hardware choices leads me to think that there's not much agreement at all about the scale (Hardware vs Software, ISP / Enterprise / SMB / roll-your-own devices) of the solution that's needed. How those regional operations interconnect, also a regional to regional question. Is this whole question out of scope for ARDC/AMPRnet? [1] https://www.ampr.org/terms-of-service/

4 years, 4 months

1
1
0 0

Contact request

by G1FEF

I need to contact Ian - VE7BST urgently. Ian, if you are reading this please can you contact me off list asap. If anyone knows how to contact Ian, please could they pass this on. Thank you, Chris - G1FEF

4 years, 4 months

1
0
0 0

IPEncap (proto 4) - how to add to UFW?

by nasluch＠jestok.com

Hello I am using the UFW firewall on Debian Buster. What rule do I have to use to enable protocol 4 (ipencap) for the ampr-ripd script to work? Tom SQ4BJA

4 years, 4 months

3
3
0 0

Re: [44net] ipencap routing question

by Rob Janssen

> If we replaced the IPIP mesh with a collection of geographically > distributed VPN servers (OpenVPN?) which advertised routes for /24 (or > larger) subnets, and dual homed each subnet to two or more VPN servers we > would have pretty good redundancy and could end the distribution of IPIP > endpoints and just let the Internet route between subnets. That, or alternatively we could setup a number of routers across the globe with a tunnel mesh between them (similar to what is now done on IPIP, but probably better to use something like GRE/IPsec tunnels), with BGP talking between all those routers, and let users connect their router to one or more of them as they desire. When one, they could use a VPN with static routing of their subnet, when they use 2 or 3 connections they could use BGP as well to advertise their own subnet plus maybe local people's subnets they have routed over radio. (in the above, with BGP I mean BGP on private AS with only AMPRNet routes, not full internet BGP) In such a setup, a single router failing would have little or no impact on the network as a whole. And everyone can participate with simpler or more complex setups without having to forcibly deal with a 600-tunnel mesh (that still does not allow redundancy of the internet connection, i.e. the current IPIP tunnel mesh cannot handle redundant internet connections that present a different internet IP to the tunnel system). Routers in this system could also announce, directly or via their ISP, subnets from AMPRnet directly to internet. That would just mean there is a more direct path between AMPRNet users and internet users in that region. But it is not a firm requirement to do so. But well, it has all been discussed several times already. In the beginning, the counter-argument was "it would cost money and who is going to pay that??". I think that is resolved now. The next one was "but we won't have a full mesh, traffic to my buddy is going to take 2 or 3 tunnel hops instead of one". Well, not really true, one can always setup a direct tunnel to someone else, and a BGP session over that, and direct traffic will take that path because it has less visible hops. So then we usually end up in the "it has always been done this way (IPIP mesh) and I am not going to change". Where the discussion usually stops until the next new user turns up that has difficulty getting connected to the mesh, e.g. because they are behind a NAT router they cannot change, their address is very dynamic, they want to use an off-the-shelf router, etc etc. By now it appears to be the classical "it was difficult for me should it should be difficult for everyone else trying to join" that has also been abused for so long in the battle to get rid of CW exams when obtaining a ham radio license... Rob

4 years, 4 months

16
38
0 0

hsmm-gw.kb9mwr.ampr.org

by Mark Herson, N2MH

Hi Steve, First of all, thanks for checking out my connectivity as requested in my post to Net44 Second, I notice that your hostname begins with hsmm. Have you done anything with that or advanced to AREDN? Third, I'm interested in your report of gateways with errors. Is that a custom script that you wrote that inspects incoming frames from the tunnel? Lastly, I tried calling your sip phone on 44.92.21.20 but there was no response. Is that an active device? 73, Mark, N2MH

4 years, 4 months

2
1
0 0

Test Script for ipip Gateway

by Mark Herson, N2MH

To the List, I have my ipip gateway set up and working. I can get to a lot of hosts/networks. However, I am not sure I have it set up completely right. Is there a test script that I can run to test out its functionality? Or, even a list of hosts/networks known to be reachable via a properly operating ipip gateway? There's a lot of destinations that I can not reach. Unfortunately, I can't tell if an individual destination is unreachable or simple off the air. A known-hosts list will tell me a lot. If anyone wants to test my incoming access, you can try n2mh.ampr.org or http://n2mh-web.ampr.org. Please let me know the results. Thanks and 73, Mark, N2MH

4 years, 4 months

3
2
0 0

Re: [44net] ipencap routing question -> What about the future ?

by Rob Janssen

> I don't really agree. IMHO, the key for mass adoption is the > availability of ready-to-use images for tiny computers such as Raspberry > Pi. Such images can be made as a by-product of a new network design, but please understand that the main objective of the network changes should be that such special images should become unnecessary to get a working network connection. It should work with a normal router. "normal" in the sense that it requires a little more than basic home NAT router functionality, but any commercial router that is able to setup a VPN like L2TP/IPsec, SSTP, PPTP etc should be able to join the network just using its standard configuration interface. And when it supports BGP, it should be able to participate in routing towards others. So, no special tricks required like we now have multipoint tunnels, ampr-ripd, etc and which would require preparation of an image for a newbie to be able to join. Sure it can be done as one of the options, as a project for someone who likes to make such images (with an initial configuration dialog etc) and loves to keep such things uptodate. A simple router like the MikroTik RB750Gr3 is in the same price class as a Raspberry Pi (when SD card, housing and power supply are included) and it conveniently provides 5 ethernet ports and a USB connector. For such a router, just an example configuration is required and the software is kept uptodate by someone else. Rob

4 years, 4 months

10
22
0 0

Re: [44net] ipencap routing question -> What about the future ?

by Rob Janssen

> Yes, a 44 BGP network would do the trick, but I am certainly not willing > to pay hundreds of USD per month for such an endeavor. BGP peering is > not cheap and not readily available in the whole wide world unless it is > not piggy backed on another preexisting AS for a select few working in > the network business. Aside from the discussion "what it really costs", this is one reason why I think the deployment of access routers around the world should be coordinated by ARDC instead of being an individual effort by hams around the world each serving only their local region. Certainly there should be room for that, but it should not be the only option. ARDC can investigate and find one or more VPS providers where they can order a number of VPS including BGP announcement of a subnet at several datacenters, for some fixed price which should be within the ARDC budget. In the network structure as I see it, there would be routers connected by tunnels and serving a VPN service for the users, but they would not all need to have BGP announced subnets. When it is too expensive to have that in some country, that can be done in a nearby country instead. The private-AS internal BGP routing of all AMPRnet addresses will handle that. Of course one usually would want a country subnet to be announced somewhere nearby, to reduce latency for the users not connected to AMPRnet. With a well-connected router mesh in good datacenters, the latency will be in the millisecond region, and not like the values we now see for traffic going via amprgw. Rob

4 years, 4 months

6
9
0 0

GL.iNet openWRT Rip44 support?

by Tracy Markham

I had reached out to the good people at GL.iNet and asked for help getting one of their openWRT routers to run my 44 net assignment. I referred them to the page explaining openWRT setup ( wiki.ampr.org/wiki/Setting_up_a_gateway_on_OpenWRT) and requested they compile an executable for the processor in the router. Apparently they did it. It will be a bit before I can try to configure it but its a one click installation. It's available to anyone with a GL.iNet router product, just navigate to Applications -> Plugins and Update, then navigate to the R section. I have a screencap of all the dependencies it installed if anyone is interested. I reached out to them because I've failed on my previous attempts to set up an EdgerouterX for my assignment... I am by no means a network engineer, this is my foray into getting a gateway going. If anyone could confirm this works that would be great. If you're willing to help me get mine going that would be even better. Tracy N4LGH

4 years, 4 months

7
10
0 0

Re: [44net] - > What about the future ?

by Rob PE1CHL

> Previously, we were talking about network topology. Here, we are talking > about applications. This is one of the drawbacks of the current 44net : > lots of applications are installed on 44net addresses, but there's no > current catalog, and no way to find them. > Maybe an idea of a project that can be handled by ARDC : a search engine > / catalog of all existing applications on 44net. I have been thinking about that before. My idea was to setup a search site which has a database of existing services, where a visitor could search by different attributes of an entry, where possible with a user interface that suggests valid values. So not a "google" style textbox where you can only search for things of which you already know the name, but also can "explore" and find new unknown things (e.g. a service type is a dropdown list or there is a page with all known types and links that you can click to search them). Now the major problem is "how do we keep this uptodate". It is quite common that someone newly active on the Dutch network experiments and installs something like a "HamServer Pi" and would register it in the database. But maybe after a couple of weeks he reprograms the Pi for something else and that entry would remain in the database and people trying to visit it would encounter a timeout. As I also do not really like systems that are constantly probing and scanning to find new services, my idea was to devise some way where a service would automatically refresh its entry by re-submitting it, and the search engine would only display entries that have been recently refreshed. (e.g. once per week or so) With such a system, the risk of stale entries is a lot less. But I have not yet devised a way to refresh entries without limiting the platform on which they can run (a Linux or Windows system can easily schedule a job that runs some program to post a form, but I do not want to limit too much what platforms can provide and auto-refresh services) Rob

4 years, 4 months

3
8
0 0

Re: [44net] ipencap routing question -> What about the future ? (many messages in 44Net Digest, Vol 9, Issue 139)

by Stuart W. Card

On 12/29/2020 3:00 PM, 44net-request(a)mailman.ampr.org wrote: > > Today's Topics: > ... > 7. Re: ipencap routing question -> What about the future ? > (Toussaint OTTAVI) I would like to comment briefly on several points made in this thread. Has the 44NGN list been shut down? Concurrently with it being mentioned in this thread on this list, I received a message indicating I had been unsubscribed from that list. If lurkers like myself, who post very rarely, only when we feel we really have something to add, are welcome on the TAC, I will apply. Please take a look at the Host Identity Protocol (HIP) as one way of providing a persistent identity with a reputation (like a call sign) on the Internet, and dynamically establishing tunnels as needed to the corresponding IP addresses (despite changes due to DHCP or mobility). _Inter alia_, this would obviate moving from a resilient flat mesh to a fragile, congestion-prone hierarchy. It would also facilitate using 44 and non-44 addresses as needed. It uses strong crypto to mutually authenticate endpoints. Yes, HIP enables encryption, automagically establishing IPsec ESP tunnels, but it does not force encryption to be used _over the air_. See these IETF documents (neither experimental nor obsoleted) on HIP: RFC 4423 architecture RFC 5207 NAT firewall issues RFC 7401 HIPv2 protocol specification RFC 7402 ESP RFC 8002 certificates RFC 8003 registration extension RFC 8004 rendezvous extension RFC 8005 DNS extension RFC 8046 mobility RFC 8047 multicast a draft addressing how to deal with the issues in RFC 5207 https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ and especially the draft update to the 1st doc above https://datatracker.ietf.org/doc/draft-ietf-hip-rfc4423-bis/ I have a ton of other materials I am willing to share explaining how HIP deconflates identities ("names") from logical locations (IP addresses used for actual packet routing) in the Internet, and naturally integrates cryptographic authentication of said identities, thereby solving many of the problems with current practice that motivated the "clean slate Internet redesign" hype several years ago. Our company has used it for lots of things, military and commercial, including mesh WANs. Currently I am working with various standards development organizations, government agencies, commercial product and service providers, _et al_, to standardize/promote its use to identify observed [unmanned] aircraft (and other cyber-physical systems) in a trustworthy manner, enabling authorized observers to immediately establish mutually authenticated communications with the parties responsible for their safe operation. There is 1 commercial product line that explicitly admits to being HIP based (some others formerly admitted that but no longer disclose the basis of their secret sauce): Tempered Networks https://discover.tempered.io/webinars/how-tempered-uses-hip-to-achieve-zero… There are 2 arguably usable open source implementations, one of which is being updated to HIPv2 and enhancements currently being standardized: OpenHIP https://bitbucket.org/openhip/openhip/branches/ 73, AC2WH (long ago WB2IEP) -- Stuart W. Card, PhD: VP & Chief Scientist, Critical Technologies Inc. * Creativity * Diversity * Expertise * Flexibility * Integrity * Suite 400 Technology Center, 4th Floor 1001 Broad St, Utica NY 13501 315-793-0248 x141 FAX -9710 <Stu.Card(a)critical.com> www.critical.com

4 years, 4 months

2
1
0 0

Re: [44net] ipencap routing question

by lleachii＠aol.com

Roland, I guess the best way to answer this is, what Network Operating System are you using? - Windows - unknown (I last attempted in 2012) - *nix - only one tunnel need to be enumerated - Cisco - multiple tunnels are needed You can see this from the relevant Wikis. 73, - Lynwood KB3VWG

4 years, 4 months

5
17
0 0

Re: [44net] ipencap routing question -> What about the future ?

by Rob Janssen

> I think Rob, PE1CHL, had some approach to offer 44net VPN access using > LOTW certificate for authentication if I remember correctly... Maybe he > could tell us more on how people where attracted to it. No, that is not me. I think it is a Finnish ham who is doing that. Over here we have OpenVPN access with locally issued certificates, not connected to any officially trusted source. When a Dutch amateur wants to use OpenVPN, they request a certificate (usually via me) and there is a script which generates a certificate for the requested callsign and makes an OpenVPN config file containing the correct parameters, the user certificate, and the CA certificate. When the user uses this to connect to the OpenVPN server, their IP address is retrieved from DNS (based on the certificate name which is their callsign), so they get their fixed IP address. A route is distributed via BGP to route the traffic to their OpenVPN connection from anywhere within the network, as long as the connection is up. While such a system could be used to "give all amateurs their own fixed IP address" (either via this locally issued certificate or with something like LOTW) I agree that there is little point in doing that "to make use of our IP space". Such a bank of allocated but rarely ever used addresses should not be considered "used" just for sake of "use it or lose it". Rob

4 years, 4 months

1
0
0 0

Re: [44net] ipencap routing question -> What about the future ?

by Rob Janssen

> I don't know if "44NGN" is related to "DG8NGN", but Jann is a reference here : European HamNet already has thousands of nodes with iBGP routing, and he's the inititor of 44.190 routing policy. Lots of things already exist. I think we don't need to reinvent the wheel. Just find out the right wheel diameter that could be adopted worldwide No, this is not at all related I think. It was just made to mean "Next Generation Network". You are right that most of the things being proposed here already exist regionally. In the Netherlands we have a similar network to "European HamNet" except that it also routes from/to internet. (HamNet uses NAT routers placed at some points in the network, making the routing asymmetric) The proposed new topology would allow HamNet to join in and maybe get a bit better connected when desired. (and maybe resolving some of the difficulties that arise from the setup as it is now with combined BGP and IPIP/AMPR-RIP routing) Rob

4 years, 4 months

2
1
0 0

Re: [44net] ipencap routing question -> What about the future ?

by Rob Janssen

> This is exactly the sort of thing we would like to have the TAC get together for. Why don’t any interested parties email me and maybe we can finally get this going. If we’re going to do this properly it will needs some structure and the extra noise it will generate should be moved to a separate list. > Chris - G1FEF That has been done before. Brian created the 44NGN list one of the previous times this discussion ran. I surely want to share my ideas about that but frankly I am not prepared to argue against the "what we have is good and we don't want change" gang. That is why I did not take part in what happened before on 44NGN. Rob

4 years, 4 months

3
2
0 0

Re: [44net] ipencap routing question -> What about the future ?

by Rob Janssen

> The main issue is to separate regular users from a backbone infrastructure. > What is done in the infrastructure and how it is interconnected is not > important to the end user. It can be mesh, direct routing, whatever. > But the user needs to be able to connect his subnet to the backbone via > a (local) point of presence (POP) using a easy to use way, a way that is > supported by regular, or at least some commercial routers out of the box > or regular operating systems, without scripts and custom code running on > them. > From my point of view, It should be the choice of the operator of the > POP to decide what user access protocol they choose. For example L2TP is > still supported on many devices and is a good candidate, and even the > old PPTP will do. > There is no need to find a single universal solution for everything. If > the backbone works (and the current mesh could be the base of this > backbone, with simple users just opting out as other connection options > become available). I fully agree with what Marius has written there. We already operate such a POP, and there are others in the world. The implementation and connection options need not be the same all over the world, as long as some of the base requirements ("works behind NAT router, does not require to open ports or protocols in router, works well with a dynamic endpoint address") are satisfied by at least one of the offered connection options. And in my opinion, there should be the option to use BGP over the endpoint connections so that locally routed networks can be advertised over links to the POP. Operators can choose whether they want to offer a static routing option but of course it will limit the versatility and redundancy options. At the same time, I think it would be worthwhile to have a standard solution and deployment of that solution in datacenters all over the globe (in the form of a VPS so that no physical visits are required) so that everyone can have a good connection even when there is no local activity to setup a POP. Those would be managed by/via ARDC in a similar way as how the UCSD gw is managed now. This network of POPs would replace the current IPIP mesh as the connection option for users. The effort now spent on maintaining the IPIP mesh, RIP, gateway list can be spent on such a system instead and it will make it much easier for people to join and use the network. Rob

4 years, 4 months

1
0
0 0

Re: [44net] ipencap routing question

by Rob Janssen

> I am trying to learn how ipip routing works by studying the various > setup scripts and wiki pages. Now I came upon a FAQ answer in > https://wiki.ampr.org/wiki/FAQ which I do not quite understand: > " > Can I just route all 44net traffic via a single tunnel? > No. The main AMPRNET gateway does not provide this functionality - you > must have a tunnel to each system you wish to contact. > " > Does this mean that I will need to create that many tunnel devices or > will a single device be able to handle all the required multiple tunnels? That depends on your device. A plain Linux system will not require multiple tunnel devices because on device tunl0 it can use the routing table to define the endpoints for all the different destinations. So you don't set a tunnel endpoint on the device, it is set in the routing table. And the routing table preferably is maintained by a program that processes the AMPR RIP packets. However, when you have some other router, like Cisco or MikroTik, this mode is often not offered and you *do* require a separate tunnel device for each destination (currently about 600...) It is all a bit outdated. I hope the community sometime soon decides to migrate to a somewhat more modern setup that does not mandate a full mesh tunnel network when users do not desire to have it. (i.e. establish a number of routers in datacenters around the world so one can connect to one or a few routers instead of to all individual end users, many of whom are not even operational) Rob

4 years, 4 months

1
0
0 0

ipencap routing question

by Roland Schwarz

Dear all, I am trying to learn how ipip routing works by studying the various setup scripts and wiki pages. Now I came upon a FAQ answer in https://wiki.ampr.org/wiki/FAQ which I do not quite understand: " Can I just route all 44net traffic via a single tunnel? No. The main AMPRNET gateway does not provide this functionality - you must have a tunnel to each system you wish to contact. " Does this mean that I will need to create that many tunnel devices or will a single device be able to handle all the required multiple tunnels? Thank you for considering my question. vy 73 de Roland oe1rsa -- __________________________________________ _ _ | Roland Schwarz |_)(_ | | \__) | mailto:roland.schwarz@blackspace.at ________| http://www.blackspace.at

4 years, 4 months

1
0
0 0

AMPR / HAMNET Spain?

by Volker Kerkhoff

Hello, AMPR / HAMNET Spain seems to be defunct... No active radio nodes anywhere, last update on website https://hamnetspain.wordpress.com/ is from 1 year ago... Our national and local ham radio associations seem to be quite uninterested and indifferent to AMPR as well. IF the current co-ordinators for Spain are impeeded, gone or overworked, well, I would love to jump in. I am an IT engineer, have some time and some resources and and I would be glad to assist and help with any tasks, and also do some advocacy for AMPR / HAMNET with local fellow OMs and the local and national associations. I have really great internet at home (1Gb symmetric fiber) and could initially give VPN access to quite some hams unable to connect via radio. Any suggestions, requests or pointers are welcome! 73 de EA7KLK, Volker

4 years, 4 months

1
0
0 0

Re: [44net] JNOS and IP forwarding?

by Chris Maness

I am trying to create a local LAN, and I can get it to work in pure Linux using 9k6 modems and kissattach. However, it does not seem that JNOS is allowing forwarding or IP access. It also looks like the help ip info may be depreciated because I tried the examples allowing access, and they did not seem to work. Any hints would be appreciated. 73 de KQ6UP On Tue, Dec 22, 2020 at 12:10 PM Stuart Longland <stuartl(a)longlandclan.id.au> wrote: > > kq6up, > > On 23/12/20 5:56 am, kq6up via 44Net wrote: > > _________________________________________ > > 44Net mailing list > > 44Net(a)mailman.ampr.org > > https://mailman.ampr.org/mailman/listinfo/44net > > > > Your email message got lost, the above quoted section is all I received > this end, maybe try sending the email unsigned to see if the mailing > list software is stripping your message body by mistake. > > Regards, > -- > Stuart Longland (aka Redhatter, VK4MSL) > > I haven't lost my mind... > ...it's backed up on a tape somewhere.

4 years, 4 months

1
0
0 0

JNOS and IP forwarding?

by chris＠chrismaness.com

4 years, 4 months

1
0
0 0

Anyone running Linux Kernel 5.4.* using on 44-net (or Raspberry Pi)?

by Chris Maness

I am having a major headache trying to get my encap tunnels going. Old commands don't seem to work correctly. I can make single tun* devices for each IPIP route and they work, but I know I should be able to add routes to tunl0 device and have them all encapsulated when I use the gw flag in routes add command. This is not working on the Raspberry Pi. -Chris KQ6UP

4 years, 4 months

3
4
0 0

ARDC now accepting applications for Technical and Grants Advisory Committees - due Jan. 7, 2021

by Rosy Wolfe

Hello 44net, In addition to welcoming new board members - Keith Packard (KD7SQG) and Bob McGwier (N4HY) - ARDC is now welcoming applications for 2021 Technical and Grants Advisory Committee members. **Grants Advisory Committee (GAC)** The job of the GAC is to review and provide advice to the Board regarding inbound grant proposals and other grantmaking opportunities. In 2021, ARDC is looking to process likely hundreds of grant applications for quality projects. The job of the GAC is to review and provide feedback on eligible proposals. **Technical Advisory Committee (TAC)** The Technical Advisory Committee (TAC) plans and executes improvements in the 44net technology, architecture, and policy. In 2021, some of the TAC's primary goals will be: * oversee a complete rewrite of the Portal * improve address allocation policies and responsiveness * investigate and instigate next steps toward making IPv6 usable in the Amateur Radio service * investigate options for RPKI or other automated subnet verifications **How to Apply** If you are interested in joining either of these committees, please send a resume and brief cover letter to contact(a)ampr.org by Thursday, Jan. 7, with the name of the committee you'd like to join in the subject line. We'll review all applications and seek to make a determination by Friday, Jan. 29. * These committees meet twice a month for at least an hour. There is also email correspondence and reviews that happen between meetings. Estimated level of effort (LOE) is about 2-3 hours/week. * The term for each of these is a year. For more information about the roles and duties of these committees, you can read the Advisory Committee Policy in full here: https://www.ampr.org/advisory-committee-policy/ Feel free to ask any questions here on 44net or email us at contact(a)ampr.org. We're looking forward to seeing your application! All the best, Rosy -- Rosy Wolfe - KJ7RYV Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

4 years, 4 months

2
1
0 0

ARDC welcomes Bob McGwier N4HY and Keith Packard KD7SQG to our Board of Directors

by Phil Karn

Hello 44net, ARDC is delighted to announce two new members of our Board of Directors: * Robert McGwier, N4HY, of Opelika, AL, and * Keith Packard, KD7SQG, of Portland, OR. Both bring long and valuable experience in ham radio, digital communications and open source development to ARDC's mission of managing the amateur TCP/IP network and its new grantmaking foundation. Keith Packard, KD7SQG, was first licensed as a Novice (WB7OQI) in 1977. Keith has developed free software since 1986, working on the X Window System, Linux, amateur rocketry and educational robotics. Mr. Packard and fellow board member Bdale Garbee design rocketry electronics with GPS receivers and amateur radio digital telemetry systems in the 70cm band. Keith volunteers in local schools teaching computer programming and robotics to students from ages 10-17. He received the Usenix Lifetime Achievement award in 1999, an O'Reilly Open Source award in 2011 and sits on the X.org foundation board. Dr. Robert McGwier, N4HY, has been licensed since 1964. He holds a PhD in Applied Mathematics from Brown University. He was an early pioneer of software defined radio (SDR) for both government and amateur applications through his position at the Institute for Defense Analyses Center for Communication Research, as a long time technical contributor to AMSAT and GNU Radio, and as an architect and software author for Flex Radio. Bob founded Federated Wireless Inc in 2012 and Hawkeye 360 Inc in 2017. He holds major awards from the Dayton Hamvention and the Central States VHF Society. Bob recently moved back to his home state of Alabama after retiring from Virginia Tech as a professor, Director of Research and Chief Scientist of the Hume Center. He has most recently served as a member of the ARDC Grant Advisory Committee. The rest of the ARDC board welcomes Bob and Keith, and we look forward to working with them. The ARDC Board now has the following members: Phil Karn, KA9Q (President and Chair), San Diego, CA Bdale Garbee, KB0G, Black Forest, CO John Gilmore W0GNU, San Francisco, CA Kimberly Claffy, KC6KCC, San Diego, CA Bob McGwier, N4HY, Opelika, AL Keith Packard, KD7SQG, Portland, OR ARDC's Executive Director is Rosy Wolfe, KJ7RYV, Portland, OR. If you have any questions, please don't hesitate to reach out: contact(a)ampr.org. Please join us in welcoming Bob and Keith! Sincerely, Phil Karn, KA9Q President and Chair, ARDC

4 years, 4 months

1
0
0 0

Munge Script Still a thing?

by Chris Maness

I have been inactive for a long time, and I am trying to get my Raspberry Pi to talk to 44 net the way I did with my slackware boxes 10-15 years ago. I am not having a lot of luck doing things the way I did back in the day. Maybe a bruit force munge script is the way to go. What is the current way to pull the encap.txt? 73 de Chris KQ6UP

4 years, 4 months

7
9
0 0

gmail bounces

by G1FEF

A bit off-topic, but does anyone know anything about what’s going on with gmail currently? I’m getting hundreds of bounce messages from posts sent to this list but only for @gmail.com emails. It’s not specific to us either, a groups.io <http://groups.io/> group I’m a member of is experiencing the same issue. Chris

4 years, 4 months

4
3
0 0

PGP Signature (and text) stripped?

by Chris Maness

For some reason my whole email content was stripped out. I am guessing some issue with PGP signed mime content. Ouchie -Chris KQ6UP

4 years, 4 months

4
5
0 0

ampr-rip2d on Raspberry Pi?

by Chris Maness

I was able to compile the above daemon on my Pi 4. My Pi is exposed to the wild with a static IP. When I run the daemon with the -dg option (to hang in the foreground) , it does not exit or crash. But I get no notices of traffic or nothing happens in the system's routing tables. Is a password needed? I do see a flag for that, but the website for the daemon has it showing output even without a password. Any help would be greatly appreciated. -73 de Chris KQ6UP SK..

4 years, 4 months

1
0
0 0

ampr-rip2d on Raspberry Pi?

by chris＠chrismaness.com

4 years, 4 months

1
0
0 0

Re: [44net] 44NET Route Objects IRR

by James Colderwood

Hi Pierre, Thank you for the heads up. I was aware of altdb but it hadn't crossed my mind. Hopefully one of these solutions will work :-). On 2020-12-13 17:32, Pierre Emeriaud wrote: > Le dim. 13 déc. 2020 à 12:04, G1FEF via 44Net <44net(a)mailman.ampr.org> > a écrit : >> >> > On 13 Dec 2020, at 09:54, James Colderwood via 44Net <44net(a)mailman.ampr.org> wrote: >> > >> > Hi All, >> > >> > May I wish you all happy holidays! >> > >> > Quick question, I'm working on establising my 3rd upstream but hit a snag. The suppliers validation automation prohibits announcing AMPR addresses as the system can't qualify validity. >> >> Are you talking about automatically checking entries in an IRR, or >> RPKI? > > For service providers requesting an IRR route object to automate > filter creation I've been using altdb. While it has not a lot of value > in terms of authorization (anyone can create objects about any > resource - a proper LOA has more value here) it is usually enough for > provisioning tools to create appropriate filters / prefix-lists: > > $ whois -h whois.altdb.net 44.151.210.0 > route: 44.151.210.0/24 > descr: F4INU > origin: AS206155 > mnt-by: MAINT-AS206155 > > $ bgpq3 -4 -l F4INU as206155 > no ip prefix-list F4INU > ip prefix-list F4INU permit 44.151.210.0/24 > > > 73 de F4INU > -- > pierre -- Kind Regards James B Colderwood M0ZAH

4 years, 4 months

3
2
0 0

44NET Route Objects IRR

by James Colderwood

Hi All, May I wish you all happy holidays! Quick question, I'm working on establising my 3rd upstream but hit a snag. The suppliers validation automation prohibits announcing AMPR addresses as the system can't qualify validity. This isn't a deal breaker for me as they can announce my PA/PI IPv6 space. My question is, what are the future plans as many operators are going this route? -- Kind Regards James B Colderwood M0ZAH

4 years, 4 months

4
5
0 0

WWconvers Chat Clients

by n2nov＠n2nov.ampr.org

I am looking to put together a list of what can be used as a client interface for the WWconvers servers like Hub_NA, Hub_EU, etc. So far I have: WinConvers (circa 2000) [WINDOWS] http://www.nyc-arecs.org/WinConvers.zip xConvers-0.8.3-26 (updated 2020) [LINUX Fedora/RedHat] https://fedora.pkgs.org/rawhide/fedora-aarch64/xconvers-0.8.3-26.fc33.aarch… COLRCONV-0.99.3-4 [LINUX Debian/Ubuntu/Raspbian] https://packages.debian.org/jessie/colrconv HexChat 2.14.3 [WINDOWS] http://hexchat.github.io Pidgin 2.13.0 [WINDOWS] http://pidgin.im/ WebConvers [ANY O/S AND ANY BROWSER] http://www.n2nov.net/webconvers/frame.php?jsflag=yes KiwiIRC Web Client [ANY O/S AND ANY BROWSER] https://kiwiirc.com/ Mozilla Thunderbird email software built-in chat tab -- 73 de N2NOV

4 years, 4 months

5
4
0 0

Can't reach raqi.ca

by Jean-Pierre Desilets

Hi group We are many ham in the 44.135.0.0 (Canada) who can't reach raqi.ca (radio amateur du Quebec ) using ipip to the ucsd gateway . the reverse way won't work ether . Elsewhere is fine . Can you ping or traceroute to raqi.ca from your 44 address ? Let me know . Need help to solve this issue. The traceroute raqi.ca to ve2se.ampr.org : $ traceroute ve2se.ampr.org traceroute to ve2se.ampr.org (44.135.198.1), 30 hops max, 60 byte packets 1 66.159.41.1 (66.159.41.1) 0.195 ms 0.262 ms 0.294 ms 2 mtl.core-a3.cronomagic.com (66.159.42.25) 1.050 ms 1.133 ms 1.157 ms 3 161-81-55-206.static.cogecodata.net (206.55.81.161) 2.051 ms 2.090 ms 2.340 ms 4 199-167-152-144.beanfield.net (199.167.152.144) 2.507 ms 2.519 ms 2.521 ms 5 hu0-0-1-0.pe04.1250RenelevesqueBl01.YUL.beanfield.com (199.167.152.63) 2.636 ms 2.647 ms 2.709 ms 6 hu0-0-1-0.pe05.1250RenelevesqueBl01.YUL.beanfield.com (199.167.152.65) 2.376 ms 2.976 ms 2.836 ms 7 et52-1.lsr01.1250ReneLevesqueBl01.YUL.beanfield.com (199.167.152.67) 2.269 ms 2.347 ms 2.392 ms 8 lo0-1.bdr01.1250ReneLevesqueBl01.YUL.beanfield.com (72.15.48.50) 2.655 ms 2.775 ms 2.777 ms 9 et-1-0-29.edge2.NewYork6.Level3.net (4.30.176.121) 11.466 ms 11.516 ms 11.496 ms 10 * * * 11 CENIC.ear1.SanJose1.Level3.net (4.15.122.46) 77.857 ms 77.901 ms 76.474 ms 12 dc-svl-agg8--svl-agg10-300g.cenic.net (137.164.11.81) 75.180 ms 75.216 ms 75.823 ms 13 dc-lax-agg8--svl-agg8--100ge--2.cenic.net (137.164.11.20) 76.697 ms lax-agg8--svl-agg8-100g-3.cenic.net (137.164.11.66) 76.713 ms dc-lax-agg8--svl-agg8-100ge-1.cenic.net (137.164.11.0) 77.384 ms 14 * * * 15 dc-sdg-agg4--tus-agg8-300g.cenic.net (137.164.11.85) 77.520 ms 77.092 ms 76.981 ms 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * 73's de Jean-Pierre ve2se

4 years, 4 months

8
11
0 0

Re: [44net] GRE tunnels

by Rob Janssen

>GRE works just fine depending on your system. We've never had any problems with GRE except using Mikrotik devices. There is a bug in the GRE implementation on MikroTiks where you will experience a 20-30% packet loss when the system is under any non-trivial use (e.g. multiple audio streams or a file transfer). Several versions of the OS and several different hardware platforms all experienced the same issue. We changed to IPIP and IPIP6 and the issue disappeared with no other reconfiguration. We're using a mix of IPIP, IPIP6, and GRE6 tunnels to a number of sites fed out of our VPS gateway. I cannot confirm that at all. We use GRE tunnels inside our network to connect isolated areas back to our gateway over internet tunnels, and it works very well. The gateway router is a MikroTik CCR1009 and most users use MikroTik RB750Gr3 or comparable routers. No packet loss issues at all. There are of course a couple of things you need to watch for: - the "keepalive" mechanism is a defacto-standard thingy that is not working in standard Linux systems so it has to be kept disabled when the other side is not a MikroTik or maybe Cisco or comparable router - as for any tunnel, the MTU is always lower than 1500 and you cannot send fullsize packets through it without fragmentation. it is best to install a TCP MSS clamping rule to limit the MTU of most traffic - there is a bug in the firewall of more recent RouterOS versions which causes GRE traffic not to be matched by Established/Related firewall rules, and be stamped as Invalid. So when you have the default ruleset of "accept Established/Related, drop Invalid, then accept certain incoming traffic" you need to insert a rule that accepts GRE traffic from your peers BEFORE the "drop Invalid" rule. Of course you can always use IPIP instead. I have chosen GRE in the hope that it is more widely available on other makes of routers, and also it can transport IPv6 in the future. But as GRE usually requires fixed public addresses on each end of the tunnel and also is often a bit troublesome to pass through NAT routers, we also offer the additional option of L2TP/IPsec tunnels, which can be setup from a dynamic address and have no issues with NAT on the client side. (the gateway router itself of course is directly on a fixed address) Rob

4 years, 5 months

4
3
0 0

GRE tunnels

by pete M

Hi everyone, Anyone been playing with GRE tunneling? I am looking at that solution to bring part of my /24 to sites where I have multiple machine that each need a 44 address. GRE have no encryption, it is only an encapsulation of a Layer 2 packet. This lower the actual possible MTU size lowering the throughput slightly. But it is an easy way to connect a site to the VPS. At the same time, we dont need encryption as all the data that are passing into that tunnel is supposed to be ok to route on the internet. and if they contain special thing they should already be encrypted with tls/ssl or other mean of securing the connection. Anyone have experience with this? I would then use openvpn is its normal way for simple client. Then I imagine I will need to bridge both tunnel so that every one could talk to each other at the VPS level. Sounds plausible? Pierre VE2PF

4 years, 5 months

6
16
0 0

Re: [44net] OT: Any OpenVPN Guru here?

by lleachii＠aol.com

Pierre, I'd personally suggest OpenVPN Access Server. There's a straightforward web GUI to setup everything. I think DHCP/Layer 2 requires Windows clients. https://openvpn.net/download-open-vpn/ 73, - Lynwood KB3VWG

4 years, 5 months

3
3
0 0

OT: Any OpenVPN Guru here?

by pete M

Hi, me again with an OT kind of topic. I have been pretty happy with the way the vps at vultr and the bgp announce been doing, this did not missed a beat since it been fix, again thanks to every one that helped. Now I need a push in the right direction for OpenVpn. Went on the openvpn forum, asked a noob question, got shamed post by a prick, waited for someone else to try to help me. Now I am asking the ham community for help. I have seen many tutorial/video/explanation and how to's for OpenVpn. Most are tutorial where, you start a script, enter some magic numbers its start installing package after package and it start working. Youhou! NOT! That ain't the kind of stuff I am looking for. If I want to support the server and be able to debug it in case it fail I need to know where and how all this works. Let me tell you my goal. I will have multiple site that will connect to the vpn server. on those site Multiple machine will need a 44net address. some will have fix address but I want to also have some assigned by dhcp. Now I could also have some simple client that will connect and those will have dhcp address. How do I manage that into OpenVpn. Does the dhcp vs fix address is managed by the OpenVpn config? Or does I need to have a local dhcp server at the site (the router that will connect as the client) will I have to do some bridging between my site (client to client communication)? And finally is there a real good how to that is not 300 page long, as hard to read as the U.N. whole bylaws and treaty and that a layman can understand somewhere& hopefully that is not a recipe that say, add some pixi dust here, open notepad 3 time while typing "I will not read my sister's diary in front of the whole class" Copyright the Simpson's . 200 time, without saving the file between each opening and closing, and hoping that it will do the job. >From a pretty tired guy of searching the answer to life. Yeah I know its 42. Pierre VE2PF

4 years, 5 months

3
2
0 0

Re: [44net] Proposed WWconvers Channel Scheme

by n2nov＠n2nov.ampr.org

That is why the discussion and exposing the long dormant system to new users. These are not rules but logical suggestion on using the system while playing nice in the sandbox called the entire planet. Time will tell, but not if we do not talk about it in the open. I agree about chat clients. I use HexChat. -- 73 de N2NOV

4 years, 5 months

3
2
0 0

Proposed WWconvers Channel Scheme

by n2nov＠n2nov.ampr.org

PROPOSED WWCONVERS CHANNEL SCHEME There are 32767 possible channels in the WWconvers with channel 0 reserved for a local bbs to use as it's default when users log onto their system. Finding other stations by area, interest or any other special use can get a little confusing. Some countries have settled on a scheme where their users can find each other based on the second number of their assigned 44Net (AMPR) address. For example, Greece is assigned 44.154.0.0/16 and they can be found on channel 154. In the USA (because of sheer numbers of systems over the years) the second number in the address is typically an entire state with some having multiple subnets (California has 6). There has been an effort in recent years to clean up the numbers and subnets no longer in use and this resulted in the range from 44.191.0.0/16 to 44.255.0.0/16 to be sold to Amazon. To make things easier, I am proposing a somewhat logical layout to the channel usage, not only by the 44Net addresses but also by specilized uses for activities and watering holes like HF/VHF/UHF frequencies. As you can see, there will be plenty of space for adhoc arrangements. Discussions are welcomed and encouraged as how to use this space for the benefit of many different groups and interests. DEFAULT Channel 0 . default local use and not propagated across the WWconvers system. REGIONAL Channel 1 through 190 . based on second number in the 44Net/AMPR addresses MATCHING TO RF FREQUENCY USED (ie: net on 7240 kHz would use channel 7240) 1800-1999 160m Channels 3500-3999 80m Channels 7000-7299 40m Channels 10100-10149 30m Channels 14000-14349 20m Channels 18068-18167 17m Channels 21000-21449 20m Channels 24890-24989 12m Channels 28000-29699 10m Channels 5000-5399 6m Channels 14400-14799 2m Channels 22200-22499 1.25m Channels 4200-4499 70cm Channels 9020-9279 33cm Channels 12400-12999 23cm Channels CURRENT SPECIALTY USERS 625 . UHF Amateur TV Channel in UK 10177 . OK2KOJ Club Channel in Czech Republic 14736 . WC2OEM Channel for NYC Amateur Radio Emergency Communications Service SET AS LOCAL BBS USE (ie. JNOS Systems, etc) 211 . Local NCS/ALT Channel for nets 411 . Local WX Event Channel (Skywarn nets) 911 . Local Emergency Net Activation Channel -- 73 de N2NOV

4 years, 5 months

2
1
0 0

Re: [44net] Routing from and to the internet

by Andy Holland

Andy, I have the ExgeRouter X… would the config file also work on my router? Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10

4 years, 5 months

1
0
0 0

Hub_NA WWconvers Available For Use

by n2nov＠n2nov.ampr.org

For those who have the capability to link their systems for WWconvers/chat, I host the Hub_NA chat server that links to various chat hubs in Europe. We are hoping that systems in other parts of the world get set up for chat. Hub_NA can be reached at 44.68.41.2 or convers.n2nov.net, both on port 3600. If you are using the non-44Net address, you have to contact me first at n2nov(a)n2nov.net to be added to the permissions file. -- 73 de N2NOV

4 years, 5 months

1
0
0 0

Non-stop DNS requests

by lleachii＠aol.com

All, Can the operator of 44.178.0.0/30 contact me off thread and/or reconfigure their gateway's public 93.123.xxx.xxx address - as to stop sending incessant DNS requests. This traffic is blocked at my firewall and using the resources of AMPRGW. As an FYI and reminder, operators should use 44net IPs to access the DNS service. (times UTC) 09:06:20.787664 IP (tos 0x0, ttl 44, id 61193, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:21.788026 IP (tos 0x0, ttl 44, id 52880, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:22.788096 IP (tos 0x0, ttl 44, id 40377, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:23.792789 IP (tos 0x0, ttl 44, id 52426, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:24.787615 IP (tos 0x0, ttl 44, id 8877, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) Is this the normal behavior of a MikroTik device? 73, - Lynwood KB3VWG

4 years, 5 months

2
5
0 0

Help with tunnel

by Rodrigo Pérez CD5RPY

Hi, Some time ago I requested a /24 subnet. I have my network and I'm trying to make it work but with no success. I follow this tutorial https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_MikroTik_Routers but it doesn't work. After this, I read that I need a dns record in ampr.org and fill the contact form in portal.ampr.org without answer yet. My other option is to change the network to bgp (my datacenter supports bgp). Can anyone help me to make my network work? Thanks ! -- Rodrigo Pérez R. CD5RPY

4 years, 5 months

4
3
0 0

now what is he next step

by pete M

Hi I finally got my bpg annonce working, bird do works i have 2 interface on the machine, as stated here: ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic ens3 valid_lft 72787sec preferred_lft 72787sec 3: dummy1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether 9e:fe:80:f5:a5:e2 brd ff:ff:ff:ff:ff:ff inet 44.135.59.0/24 brd 44.135.59.255 scope global dummy1 valid_lft forever preferred_lft forever when I list my route I have this: route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 207.246.122.1 0.0.0.0 UG 0 0 0 ens3 44.135.59.0 0.0.0.0 255.255.255.0 U 0 0 0 dummy1 169.254.169.254 207.246.122.1 255.255.255.255 UGH 0 0 0 ens3 207.246.122.0 0.0.0.0 255.255.254.0 U 0 0 0 ens3 Now my next thing is to have an openvpn server so that the client can use address from the /24 as there ip adress to the world. (openvpn is a vpn solution, but if you have other/better solution I am open). one little other thing. will the connection by the vpn be limited to one ip address by tunel or can I specify the number of address available by client configuration? one other thing, is there a dashboard to control/monitor by a web interface a server like openvpn? thanks Pierre VE2PF

4 years, 5 months

6
31
0 0

Re: [44net] now what is he next step

by lleachii＠aol.com

Pete, Before you mess anything up. Your traffic is NOT going toward AMPRGW on this side of the Earth: user@machine:~$ tracepath 44.135.59.1 1?: [LOCALHOST] pmtu 1500 1: router7.lan 0.393ms 1: router7.lan 0.347ms 2: no reply 3: B3352.WASHDC-LCR-21.verizon-gni.net 1.831ms 4: no reply 5: 0.ae1.BR1.IAD8.ALTER.NET 3.582ms 6: 204.148.11.238 5.714ms 7: ae1.cr2-nyc4.ip4.gtt.net 7.653ms 8: ip4.gtt.net 21.672ms 9: no reply 10: vl20-br2.pnj1.choopa.net Some larger looking glasses you are pointing toward AS20473 - Choopa, LLC, not UCSD. 73, - Lynwood KB3VWG

4 years, 5 months

1
1
0 0

Bird Wont start.

by pete M

I know it is not 44 net fully related, but I've been searching for some time. I have a vultr vps and I am trying to bgp announce my /24. When I look at the status I have this. systemctl status bird.service ● bird.service - BIRD Internet Routing Daemon (IPv4) Loaded: loaded (/lib/systemd/system/bird.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Sun 2020-11-22 18:50:13 UTC; 16min ago Process: 25329 ExecStartPre=/usr/lib/bird/prepare-environment (code=exited, status=0/SUCCESS) Process: 25335 ExecStartPre=/usr/sbin/bird -p (code=exited, status=0/SUCCESS) Process: 25336 ExecStart=/usr/sbin/bird -f -u $BIRD_RUN_USER -g $BIRD_RUN_GROUP $BIRD_ARGS (code=exited, status=1/FAILURE) Main PID: 25336 (code=exited, status=1/FAILURE) Nov 22 18:50:13 hamrad.ca systemd[1]: Starting BIRD Internet Routing Daemon (IPv4)... Nov 22 18:50:13 hamrad.ca systemd[1]: Started BIRD Internet Routing Daemon (IPv4). Nov 22 18:50:13 hamrad.ca bird[25336]: /etc/bird/bird.conf:1:5 Unable to open log file `/var/log/bird.log': Permission denied Nov 22 18:50:13 hamrad.ca bird[25336]: bird: /etc/bird/bird.conf:1:5 Unable to open log file `/var/log/bird.log': Permission denied Nov 22 18:50:13 hamrad.ca systemd[1]: bird.service: Main process exited, code=exited, status=1/FAILURE Nov 22 18:50:13 hamrad.ca systemd[1]: bird.service: Failed with result 'exit-code'. I understand that my log file is the problem. But I did set the rights of the log file properly. If I list the log file i have ls -l bir** -rw-r--r-- 1 root bird 0 Nov 20 18:55 bird.log Anyone can help? Pierre VE2PF

4 years, 5 months

4
3
0 0

One year from WB6CYT Brian departure

by renzorossi＠libero.it

4 years, 5 months

8
9
0 0

HTTP and DNS Server Changes

by lleachii＠aol.com

All, I am testing a AWS server that runs the DNS and HTTP services for my node. NTP (kb3vwg-001.ampr.org/44.60.44.1) was not moved. Please verify: ~ AMPR DNS (44.60.44.3) - OPEN ACCESS for AMPRNet hosts, 44 hosts can also AXFR 44.in-addr.arpa. and ampr.org - **if you accessed DNS via your WAN IP and it's now fails, let me know off thread about why and/or reconfigure to use your AMPRNet IP for inquires** - **If you used HTTP on this address, it now fails** --- ~ AMPR HTTP (44.60.44.10): - http://whatismyip.ampr.org - you will only receive your valid 44 SRC IP on AMPRNet, all other IPs receive the non-Internet-reachable 44.60.44.254 - http://speedtest.ampr.org - currently Error 302 redirects to https://speedtest.org/ - Main landing (http://kb3vwg-010.ampr.org / http://44.60.44.10) - amprdocs and tools pages should be visible here if you're on AMPRNet - **The 44-Trace and Ping tools to 44 IPs ONLY should work as intended - please message me off thread if not** - other IPs (and 44.0.0.1/32) use the AWS interface now - **Since this server is now hosted...I am able to add my device as an official Slave DNS of AMPRNet on its real interface...if you all desire (and it's approved)** - I'd like to test transfer on a temporary basis before we make it a go...I do pay for if it spikes, LOL --- ~ WAN HTTP (<IP>): - http://kb3vwg.ampr.org (WAN HTTP) - is no longer CMS-based - Main landing (http://<IP>/) - currently Error 302 redirects to https://speedtest.org/ (HINT: you can nslookup kb3vwg.ampr.org for the current WAN IP) NOTE: if you accessed NTP via your WAN IP, this may change in the future. Please migrate to using AMPRNet SRC IPs access to ALL AMPRNet services [on the KB3VWG node]. (This temp test may lead to proof-of-concept for a FREE/donated permanent site [for more services/CPUs] for VMs.) 73, - Lynwood KB3VWG

4 years, 5 months

1
1
0 0

Re: [44net] Lost Packets

by lleachii＠aol.com

Chris et. al., You noted something possible loss along a path. Close to AMPRGW, I notice dc-tus-agg8--lax-agg8-300g.cenic.net is constantly giving me packet loss. Also CENIC.ear1.LosAngeles1.Level3.net is somewhat dropping (also dc-lax-agg8--lax-agg6-100ge-2.cenic.net). I'm able to see this loss running with the command 'mtr -u gw.ampr.org' (UDP seems to show more packet loss than 'mtr -T'). user@machine:~$ tracepath gw.ampr.org 1?: [LOCALHOST] pmtu 1500 1: OpenWrt.lan 0.540ms 1: OpenWrt.lan 0.824ms 2: no reply 3: B3352.WASHDC-LCR-21.verizon-gni.net 20.242ms 4: no reply 5: 0.ae1.BR1.IAD8.ALTER.NET 8.127ms 6: no reply 7: no reply 8: CENIC.ear1.LosAngeles1.Level3.net 65.995ms asymm 11 9: dc-lax-agg8--lax-agg6-100ge-2.cenic.net 71.811ms asymm 11 10: dc-tus-agg8--lax-agg8-300g.cenic.net 70.475ms asymm 11 11: dc-sdg-agg4--tus-agg8-300g.cenic.net 67.237ms 12: dc-ucsd-100ge--sdg-agg4.cenic.net 69.696ms 13: mcore-flow-bypass-mx0-p2p.ucsd.edu 68.723ms 14: sdsc-7710-7--mcore-vl2995-p2p.ucsd.edu 72.042ms 15: no reply - Lynwood KB3VWG

4 years, 5 months

12
28
0 0

Re: [44net] Lost Packets

by Rob Janssen

I can only confirm that the amount of "network probing" traffic is ever increasing. We have the 44.137.0.0/16 network BGP routed towards us so we do not experience the described issues, but at the firewall there is a massive amount of incoming probes and I do use some techniques to auto-block these. For example, I have a static list of known probers (the likes of shodan.io, internet-census.org, binaryedge.ninja, etc etc. a total of 674 entries, 90 of them subnets (often /24). Additionally, I have an automatic blacklist of servers sending 10 or more probes per minute to any address in our /16 that is not in use (similar to the "are you in DNS" check in amprgw) and keeps the address blacklisted for an hour. That list usually contains about 75000 addresses! In the past I have tried several times to mail those "researchers" and "services that allow you to search for open ports" guys to get our subnet removed from their scan range. The results are limited. Sometimes it works, usually for limited time, sometimes just nothing changes. Maybe the contacts for the AMPRnet could try some of those requests as well. We get several Mbit/s of useless crap on our /16 so I can guess what it looks like for amprgw. Pity that there are so many of those jerks around. Rob

4 years, 5 months

1
0
0 0

Talking 44net Maintenance/Improvement + TAC at this week's Office Hours

by Rosy Wolfe

Hello, 44net! This week we're doing our first office hours: Thurs. 12 Nov 18:00 UTC (10am PT / 1pm ET / 6pm GMT / 7pm CET) Will go to about 20:00 UTC Full Zoom invite below this message. Following our community call on Oct. 10, folks at ARDC have started to put together some thinking around 44net maintenance and improvement. This is especially true for Chris (G1FEF), who knows the most about the technological and administrative aspects of running the portal. Some items from his list include: * Improving logic using Laravel open source framework (Laravel framework enables easy internationalization) * Improving presentation, e.g. for use on mobile * Create workflows to improve admin tasks ...and that really just scratches the surface. Learn more on Thursday! If you are someone who is interested in 44net development, please join us at this Thursday's meeting! If you can't make it, feel free to share your thoughts via email. Note that we have a growing list of thoughts from previous messages and the survey to be prioritized as part of this work. Speaking of prioritization, as part of this effort to improve 44net, we'll be putting the Technical Advisory Committee (TAC) back together. The first job of the TAC will be to discuss, test, review, and collaborate on the work being done on the Portal. More information for how to apply to the TAC to come as soon as possible. In the meantime, hope you can join us on Thursday and share your thoughts here. Many thanks, Rosy // ARDC is inviting you to a scheduled Zoom meeting. Topic: ARDC Office Hours Time: Nov 12, 2020 10:00 AM Pacific Time (US and Canada) Join Zoom Meeting https://us02web.zoom.us/j/85376459195?pwd=TmpZQ2FqVW13TEU3VmpjNHp1TlhhUT09 Meeting ID: 853 7645 9195 Passcode: 440088 One tap mobile +13462487799,,85376459195#,,,,,,0#,,440088# US (Houston) +16699006833,,85376459195#,,,,,,0#,,440088# US (San Jose) Dial by your location +1 346 248 7799 US (Houston) +1 669 900 6833 US (San Jose) +1 253 215 8782 US (Tacoma) +1 312 626 6799 US (Chicago) +1 929 205 6099 US (New York) +1 301 715 8592 US (Washington D.C) Meeting ID: 853 7645 9195 Passcode: 440088 Find your local number: https://us02web.zoom.us/u/kd4rPrWKJX -- Rosy Wolfe - KJ7RYV Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

4 years, 5 months

1
1
0 0

Re: [44net] Lost Packets

by G1FEF

Hi David, > Chris: Are you the official administrator of the AMPRGW FreeBSD host now? Yes, I am. I’ve been doing some tests from the gw and it looks like there is some packet loss upstream depending on which route the packets are going, for example I ran a 100 count ping to one of my servers in the UK and got no packet loss at all with a consistent RTT: --- 85.199.212.83 ping statistics --- 100 packets transmitted, 100 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 147.366/147.491/151.369/0.409 ms Then I ran a test to 98.143.158.201 (the IP WB7AWL was using for his test) and I got 2% loss with varying RTT: --- 98.143.158.201 ping statistics --- 100 packets transmitted, 98 packets received, 2.0% packet loss round-trip min/avg/max/stddev = 3.514/12.592/209.460/30.918 ms I’ve repeated these tests a few times and looked at the routes taken and it does seem to indicate that the gw machine itself is not the issue. I will have a discussion with the folks at UCSD and let you know what transpires. Regards, Chris

4 years, 5 months

1
0
0 0

Lost Packets

by Albert Lawson

Good Evening Folks, Is something going on with the gateway...????? I just noticed this today: --- ampr.org ping statistics --- 92 packets transmitted, 72 received, 21% packet loss, time 91427ms rtt min/avg/max/mdev = 33.320/41.448/51.167/2.890 ms As opposed to: --- aa6hf.ampr.org ping statistics --- 100 packets transmitted, 100 received, 0% packet loss, time 99146ms rtt min/avg/max/mdev = 47.409/56.381/70.304/4.552 ms Pings to my commercial IP (from my network at work) are 100%.....but pings to ampr.org (from my network at work) are showing dropped packets as well. 73's -Albert WB7AWL

4 years, 5 months

3
3
0 0

Re: [44net] 44Net Digest, Vol 9, Issue 111

by Mark Stevenson

Hi, My pings seem stable, although high at around 200ms, they are consistent. Endpoint is in the UK Mark - 2W0YMS On Fri, 6 Nov 2020, 20:00 , <44net-request(a)mailman.ampr.org> wrote: > Send 44Net mailing list submissions to > 44net(a)mailman.ampr.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mailman.ampr.org/mailman/listinfo/44net > or, via email, send a message with subject or body 'help' to > 44net-request(a)mailman.ampr.org > > You can reach the person managing the list at > 44net-owner(a)mailman.ampr.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of 44Net digest..." > Today's Topics: > > 1. Lost Packets (Albert Lawson) > > > > ---------- Forwarded message ---------- > From: Albert Lawson <wb7awl(a)lawsonpc.com> > To: AMPRNet working group <44net(a)mailman.ampr.org> > Cc: > Bcc: > Date: Fri, 6 Nov 2020 02:14:49 +0000 > Subject: [44net] Lost Packets > Good Evening Folks, > > Is something going on with the gateway...????? I just noticed this today: > > --- ampr.org ping statistics --- > 92 packets transmitted, 72 received, 21% packet loss, time 91427ms > rtt min/avg/max/mdev = 33.320/41.448/51.167/2.890 ms > > As opposed to: > > --- aa6hf.ampr.org ping statistics --- > 100 packets transmitted, 100 received, 0% packet loss, time 99146ms > rtt min/avg/max/mdev = 47.409/56.381/70.304/4.552 ms > > Pings to my commercial IP (from my network at work) are 100%.....but pings > to ampr.org (from my network at work) are showing dropped packets as > well. > > 73's > > -Albert > WB7AWL > > > _______________________________________________ > 44Net mailing list > 44Net(a)mailman.ampr.org > https://mailman.ampr.org/mailman/listinfo/44net >

4 years, 5 months

3
2
0 0

Re: [44net] 44Net Digest, Vol 9, Issue 111

by lleachii＠aol.com

Albert, Yes, something is wrong: root@OpenWrt:~# ping 44.0.0.1 -I 44.60.44.1 -A -c 100 -s 22 -q PING 44.0.0.1 (44.0.0.1) from 44.60.44.1: 22 data bytes --- 44.0.0.1 ping statistics --- 100 packets transmitted, 79 packets received, 21% packet loss round-trip min/avg/max = 66.029/66.446/69.157 ms You all can test from my end: http://kb3vwg-010.ampr.org/tools/ping/php-ping44.php 73, - Lynwood KB3VWG

4 years, 5 months

1
0
0 0

Trying to contact VE3JGL

by G1FEF

Hi, If anyone is in touch with Luc - VE3JGL please could they ask him to drop me a private email asap. Thanks, Chris - G1FEF

4 years, 6 months

1
0
0 0

Network topology and vpn connection.

by pete M

Hi! First I want to thanks the ampr group and especially G1FEF for providing me a /24 that I am in the process of being bgp annonce with a vultr vps in NJ. If what I am about to talk dont fit in the group, please let me know, I will move this else where. I am in no mean a network guru but I understand concept pretty easily. SO I am planning my /24 as this. the VPS at vultr will use Bird to annonce the route, I will use only the default route provided by vultr. >From there I created a dummy interface that have my /24 as its IP. I then want to make a VPN server to distribute the net and ip to remote site I have that use a mix of hardwired and wireless connection. The routers are all edgerouter-x from ubiquity they will all eventually be interconnected by 2 sources, the hardwired provided by many ISP and the wireless that I am building as a redundancy. If one sources fail, the router will fall back to the other link. the prefered links will always be the hardwired, the wireless is the backup. (some of the links are 40 Km long, but most are 5-6 Km and the smallest is under 1 Km.) >From those edge router I will have connection to the vpn and every router will have a dhcp server that will serve a part or the /24 like 16 ip for each site. (I have 3 site right now) and I will have fixed IP at each site for the repeaters and aprs gateways. Now the configuration of the vpn is my first problem. should I have the vpn server listening on the ipv4 address of vultr or should I made it listen to the dummy interface? I think this is juste the beginning of my quest! Pierre VE2PF

4 years, 6 months

3
2
0 0

How long for attribution of a ip segment?

by pete M

Hi! I asked a few months ago for a /24 so I could advertise it by BGP on a vultr server. I had receive a request to fill up a form, but for personal reason I was not able to pursue the project. rewind to end of september and I redo the request, fill out the form and do everything in order, well I hope, but it was delayed cause the emails I was receiving kept going into the spam folder.. Sent a few email back to ask the status, if my form was filled ok, I had no answer. I am just wondering if I did something wrong or if the request is en route. Sorry if this is the wrong forum to ask. Pierre VE2PF

4 years, 6 months

5
5
0 0

ARDC Office Hours: Thurs Nov. 12 @ 17:00 UTC

by Rosy Wolfe

Hello 44net! In our video call on Oct. 10, I heard from folks that they were interested in more regular meetings and office hours. So - let's give the office hours a try! I'll be online for two hours on Thurs. Nov. 12 @ 17:00 UTC (10am PT / 1pm ET / 6pm BST). Link to the video call will be posted in advance. Looking forward to chatting with you soon! All the best, Rosy -- Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

4 years, 6 months

1
1
0 0

Re: [44net] Thanks to everyone for a good 44net community call!

by Rob Janssen

> Is the European Asterisk/DUNDI/AMPRNet voip network you describe below documented somewhere? I tried to google around but did not find anything. There is some scattered information, e.g. this at DB0WA: https://www.afu.rwth-aachen.de/projekte/hamnet/anwendungen/sip-telefonie https://www.afu.rwth-aachen.de/projekte/hamnet/infos-fuer-betreiber/dundi-n… This page also describes a crawler for such nodes and shows a map, but I think this crawler is dead as the map shows information from last year and has not been updated since. That is probably related to the renumbering of the German/Austrian network. (as you know these networks ended up being in the part that was sold) I don't know if the network itself is still actively maintained or if it is just an experiment that is not interesting to its inventers anymore and just keeps running until the servers crash, someone turns them off, or a disruption such as the renumbering occurs. At least locally for me it works fine, but I use it mainly for calls to one other person who is on the same PBX as I am. Rob

4 years, 6 months

1
0
0 0

Re: [44net] Thanks to everyone for a good 44net community call!

by Rob Janssen

> If you're offering to organize, create and open-source a conferencing > system that does what Zoom does AND SCALES UP, be my guest! You could > even apply to us for a grant... I don't know how wide its coverage is, but here in Europe we have a network of Asterisk PABXes on AMPRnet that have interconnecting trunks between them that allow you to call anyone on the network on their roaming number. Phone numbers are allocated based on the callsign (using a scheme based on the letters printed on DTMF keypads. based on my callsign, my phone number is 713210234253 for "1st letter on key 7, 2nd letter on key 3, digit 1, 3rd letter on key 2, 2nd letter on key 4, 3rd letter on key 5" giving PE1CHL ). The DUNDi trunk protocol distributes the information about the home server for each number across the network, so all Asterisk servers know how to route the calls. It is easy to host a conference on one or more of the Asterisk servers and have everyone dial in to that. There is such a conference running on my local server where I have my IP phone connected all the time. I think such systems can do low-bandwidth video as well, but I have never tried that. For audio it works perfectly. > Seriously, this touches on one of my pet topics: IP multicasting. A huge > amount of work went into the development of IP multicast protocols in > the 1980s and 1990s, yet nearly all of it has been stillborn. It sees > use only in walled gardens like AT&T Uverse (an IPTV over VDSL service > in the US) and in degenerate form for intra-net resource discovery on LANs. I agree that would be much more efficient than having the basic star-type structure where everyone gets the same stream from one server. That would be one thing that could be implemented in AMPRnet to show the world that it really has advantages. For phone quality voice and the number of attendees we would expect, running this over AMPRnet in the star configuration should be no issue. Rob

4 years, 6 months

5
4
0 0

Recap from Oct. 10 Video Call

by Rosy Wolfe

Hi 44net, Thanks again to everyone who joined us on Saturday's call. I really enjoyed getting to share about what we've been doing with all of you. A recap of the meeting has been posted here, including links to slides, survey results, and the chat. We've also provided answers to all of the questions brought up in the chat, to make sure we got them all covered. https://www.ampr.org/recap-ardc-44net-oct-10-community-call/ The one thing that's not posted is the video - we are having an issue with the file and will post it as soon as it's resolved. Thanks for your patience! In the meantime, please enjoy rest of the materials and written Q+A. Looking very forward to the next call! All the best, Rosy -- Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

4 years, 6 months

1
0
0 0

HNAP4PlutoSDR - HAMNET on 70cm with the PlutoSDR

by Jann Traschewski

Hello AMPRNet, we like to announce a new open source HAMNET-access solution for the 70-cm-band making use of the popular ADALM Pluto SDR. Lukas Ostendorf recently finished his master thesis "Design of a Radio Communications Protocol for HAMNET Access in the 70cm Amateur Radio Band" at our employer Rohde & Schwarz in Munich. We are pleased to publish his work and further material today: https://hnap.de/2020/09/08/master-thesis-released.html There are still some tasks like signal amplification on the roadmap, but the community is growing and helping to move on. It seems the telegram group chat is currently the best place to exchange: https://t.me/hamnet_access_protocol Most communication is in German, however I'm pretty sure English is fine as well. At least you will find nice pictures of current experiments in the backlog :) Looking forward to your contribution, for the HNAP-Team, Jann DG8NGN -- Jann Traschewski, Faber-Castell-Str. 9, D-90522 Oberasbach, Germany Tel.: +49-911-99946898, Mobile: +49-170-1045937, E-Mail: jann(a)gmx.de Ham: DG8NGN / DB0VOX / DB0FOX / DB0ZM / DB0DBA / DB0HZS

4 years, 6 months

2
3
0 0

Re: [44net] Thanks to everyone for a good 44net community call!

by Rob Janssen

> Mikrotik is the only one among cheaper gear to have a PIM (only Sparse mode) implementation. It is a bit clumsy but with a few tweaks it is (from my experience so far) manageable. Do you have a description somewhere how you set it up in a 44Net network? We have a national network over here with many (mostly) MikroTik routers linked by radio links and VPNs. It could be an interesting experiment... Rob

4 years, 6 months

2
1
0 0

Re: [44net] Thanks to everyone for a good 44net community call!

by Rob Janssen

> We also have a network of PBX's tied together here in the US but using > AREDN Mesh connectivity. Phone numbers are a flat 4-digits for local > calling. For wide area calls, the person's (or service) 3-digit area > code is prepended to the 4-digit local number. There are around 40 pbx's > scattered around the world on this network. There is a White Pages > directory to determine a person's (or service) phone number. > It would be interesting to try to connect the two systems together. Of course it is always tricky to interconnect two systems that have a different and potentially conflicting numbering plan. I actually like the numbering plan they use here. You number is not tied to the PBX you have registered on, but it roams with you wherever you connect. So when the local situation changes (someone stops providing the service or some more nearby PBX appears where you have better connectivity or better services) you can just port your existing number without problem. And no directory is required, I can just dial numbers on the keypad knowing only the callsign. For you it would be 62206142 It would have been even better when they had thought of having some unique prefix that makes it recognizable as a HAM number and not a POTS phone number, and that avoids collisions with other numbering plans. Rob

4 years, 6 months

1
0
0 0

Re: [44net] Thanks to everyone for a good 44net community call!

by Rob Janssen

> Sorry about the glitches at the beginning. Jitsi was giving us problems > (frozen or long-delayed video, etc) so I made the call to switch to > Zoom. We regularly use zoom internally within ARDC for Board and Grant > Advisory Committee meetings and it has performed well; it also seemed to > work well today. I am a bit disappointed that, as a group of radio amateurs active in IP networking, supposedly the people who know all about how to setup a communication system all by themselves, we have to resort to a system like zoom.us to hold a conference. Rob

4 years, 6 months

8
12
0 0

Re: [44net] Thanks to everyone for a good 44net community call!

by Phil Karn

On 10/11/20 14:03, Stuart Longland wrote: > > I'd imagine for repeater linking, you'd be wanting sufficient bandwidth > for RTP streams. Would DMR be capable of this or would we have to look > to other solutions? I hadn't even considered DMR (by which I assume you mean C4FM). Waaaay too slow and inefficient. I was thinking either of WiFi on point-to-point microwave a la AREDN, or some new medium speed modem on UHF non-line-of-sight links. NPR could be a candidate, though I don't know about its multipath tolerance. > None of that is any use for linking internationally, which is one of the > draw-card use cases for things like IRLP, EchoLink, AllStarLink, … etc. > I'd imagine we'd need some sort of high-speed trunk links over HF radio > for that. Seems like a tall order in solar minimum. Admittedly I am biased by living in southern California, but I was thinking about the large linked repeater networks we have here. Some networks include dozens of mountaintop repeaters spread across several states linked full time. Traditionally a lot of that linking was done directly between hilltops on (hidden) analog UHF links, and I'm sure that today much of it is done over the commercial Internet. At least until the US gets its own QO-100, the regular Internet is likely to remain the only practical approach for long haul links, but it's certainly within the realm of possibility to move many of the intrastate or adjacent-state links to an IP network on ham frequencies. Phil

4 years, 6 months

1
0
0 0

Thanks to everyone for a good 44net community call!

by Phil Karn

Thanks to everyone who participated in today's online meeting! Sorry about the glitches at the beginning. Jitsi was giving us problems (frozen or long-delayed video, etc) so I made the call to switch to Zoom. We regularly use zoom internally within ARDC for Board and Grant Advisory Committee meetings and it has performed well; it also seemed to work well today. Thanks for all the helpful comments and suggestions on our grantmaking activities. I invite everyone interested in ARDC and its mission to further amateur radio and related digital technologies to continue to make your helpful thoughts and suggestions known and to consider becoming more involved. But I want to reiterate: you might think that giving money away is the easiest thing in the world. It's not! (I keep thinking of the old Badfinger song, "Come and Get It!") It's surprisingly hard work to do it legally, effectively and efficiently, and I think those of you on the call today got a taste of that. Some of it is WAY too much like real work, like managing our finances and understanding and complying with the myriad IRS and state rules for nonprofit grant-making foundations like ours. As we explained, we do NOT want to limit our activities to the United States, but we have to jump through a lot of extra hoops when making grants to organizations in other countries. But we are determined to do this, just as we are determined to eventually give grants to individuals and groups that aren't formal charities. The terms of our IP address sale required an NDA (Non-Disclosure Agreement) that kept many details confidential for a time. We didn't like it, but there would have been no sale without it. Now that our 2019 tax returns and financial audit statements are a matter of public record, we won't have to be cagey about our finances. Except for Rosy, our executive director, and Chris, our 44net support guy, all of us are doing this as volunteers. Rosy has really hit the ground running in her new position, working with prospective grantees, politely reminding the rest of us of our action items and in general keeping things running smoothly. We do anticipate getting additional paid help as our work expands. Our treasurer, Bdale Garbee, NB0G, has done a stellar job of managing our finances, dealing with the regulatory and tax authorities, lawyers, auditors, grantees and support organizations. Our endowment, which we are conservatively managing ourselves, is split between low cost US and international stock and bond index funds as well as short term reserves. The reserves cover our expected expenses for the next few years. We hope the rest will generate enough income to keep us going indefinitely, but that depends on the markets. Our plan right now is to grant at least US $5 million every year. No other amateur radio foundation has ever operated on this scale, and we're still just getting started. Since we don't know what will pay off, we want to cast our nets broadly. We can afford to take risks with some high-risk, high-reward projects knowing full well that some -- maybe even most -- won't pan out. There's simply no other way to find out what works. What makes it all worthwhile is seeing the results of our work. We've only gotten started, but the new ARISS (Amateur Radio on the International Space Station) gear that we helped support is installed and operational. The power supply carries a plaque memorializing our founder, Brian Kantor WB6CYT, and his family was delighted to see the pictures. And I've just been going through the thank-you cards and letters (56 at last count) we've received from this year's recipients of ARRL Foundation scholarships. Back to where it all began -- the 44 net -- we invite suggestions on how it should evolve and expand. We certainly have the money to support a solid and growing infrastructure. So...we're just getting started! 73, Phil Karn, KA9Q ARDC President

4 years, 6 months

2
2
0 0

!! Switching from Jitsi to Zoom this morning

by Rosy Wolfe

Hi folks, Due to some technical difficulty, we are switching to Zoom this morning: Please use the information below, and many apologies for the last-minute switch. Rosy // ARDC is inviting you to a scheduled Zoom meeting. Join Zoom Meeting https://us02web.zoom.us/j/3100460055?pwd=RS9SMlFRZTBXbjZCT2c2Y2llY09KQT09 Meeting ID: 310 046 0055 Passcode: 655698 One tap mobile +12532158782,,3100460055#,,,,,,0#,,655698# US (Tacoma) +13462487799,,3100460055#,,,,,,0#,,655698# US (Houston) Dial by your location +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 669 900 6833 US (San Jose) +1 301 715 8592 US (Germantown) +1 312 626 6799 US (Chicago) +1 929 205 6099 US (New York) Meeting ID: 310 046 0055 Passcode: 655698 Find your local number: https://us02web.zoom.us/u/ko6SfVytQ -- Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

4 years, 6 months

3
2
0 0

2019 Financial report + Amazon sale + Brokerage

by Paul Sladen

2019 financial filings for the ARDC, Inc. have been published by the Californian Register of Charities: * http://rct.doj.ca.gov/Verification/Web/Download.aspx?saveas=Amateur+Radio+D… * http://rct.doj.ca.gov/Verification/Web/Download.aspx?saveas=Amateur+Radio+D… * https://www.ampr.org/about/legal/ (links) TL;DR summary: 1. Sale price of $26/IP (to Amazon) minus 0.5% brokage commission [1] 2. $109 million raised, $545 thousand paid to Nationwide as broker 3. Funds now classified as Board-designated Endowment 4. Majority raised now invested in government bonds Trustees for 2019 are listed as: Brian Kantor - Former president Bdale Garbee - Treasurer Phil Karn - New president John Gilmore - Secretary KC Claffy is listed as a non-officer director---possibly for CAIDA conflict-of-interest handling(?) Erin Kenneally is no longer listed (nor referenced at all). (Suspect that a clear answer may not be easier to find). During Financial Year 2019, two grants were disbursed: 1. $10k - TAPR student scholarships 2. $110k - ARISS (International Space Station HAM) Variations of the wording use in different places (paraphrased): * "[support of] Amateur Radio Digital Communications" * "[support of] Amateur Radio _and_ Digitial Communcations". The latter is much wider than the former. Hopefully the trustees can make their own announcement in due course; but this should pre-answer the quick questions that people may have, [2] Before laying into the Trustees, this is pretty positive---cash was raised, and has been sensibly invested. The way the sale was handled was sub-optimal---picking the most dense/actively used part (HamNET) to sell...; but hopefully lessons from that have been learnt. Plus John Gilmore's long statement this week about the MoU with CAIDA/UCSD, will hopefully allow Amprnet's most significant R&D/ experimentation/academic contribution over the last 20 years to be finally be acknowleged openly, -Paul [1] To put things into perspective; had estimated was $24/IP, minus 1% brokage commission---so the amount realised by the Trustees was significantly higher; probably related to the size of the block sold, and clean nature of the IPs. [2] E&OE---refer to the actual documents for exact numbers + wording! Do not rely on this TL;DR---spend your own time, and do your own reading!

4 years, 6 months

1
0
0 0

Please let us know if you're coming to Saturday's call!

by Rosy Wolfe

Hi 44net, Given how many people have responded to the survey (68!), I want to make sure that Jitsi can handle the number of people who might show up to our call on Saturday. In service of collecting a head count, please let us know if you're planning to join the call by filling out your name here: https://www.ampr.org/community-meeting/ Many thanks! If it looks like we're going to exceed the 75 person limit, we may switch to a Zoom call. In either case, we're planning on recording the meeting for anyone who can't make it. I'll post information here if anything changes. I'm looking forward to e-meeting many of you and am compiling ideas from your emails and the survey as we speak. All the best, Rosy PS here's the survey link in case you haven't taken it yet: https://www.mysurveygizmo.com/s3/5789610/ARDC-Grantmaking-Feedback-Survey -- Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

4 years, 6 months

3
4
0 0

Re: [44net] Education about networking (Was Re: Inviting you

by f6cnb＠hutin.org

Just to clarify. 44.168.x.y/16 IS ROUTED via BGP on Internet. But the firewall is blocking most of the communications from outside the 44 world. 73 Remi F6CNB N5CNB Message: 1 Date: Wed, 7 Oct 2020 14:51:12 +0200 From: Toussaint OTTAVI <t.ottavi(a)bc-109.com> To: <44net(a)mailman.ampr.org> Subject: Re: [44net] Education about networking (Was Re: Inviting you to ARDC Grantmaking Survey + Community Jitsi Call) Message-ID: <68fa5d64-3b71-2326-3ab5-1a20b0c61d0d(a)bc-109.com> Content-Type: text/plain; charset="utf-8"; format=flowed Le 05/10/2020 ? 10:40, Rob Janssen via 44Net a ?crit?: > > Please understand that in the topology I am proposing (and have > proposed several times in the past) you don't need to do that as an > individual, it is left to local groups or ARDC to do that. +1 We are using a similar topology here. Anyway, the details of our implementation differ : - We are currently testing Wireguard as a replacement for OpenVPN (too much odd behaviors with OpenVPN) - Our endpoints are $20-$50 OpenWRT routers. We configure them, and send them to the local users / sites. - On any site, we typically route /29 (5 usable IPs) on small sites and /28 (13 usable IPs) on more important sites - We typically route a 44.190 subnet for things that requite public Internet addressing (D-Star, DMR, XLX) (as defined by DG8NGN), and a 44.168 subnet for all ham-related machines. - Any site can have a 44.190 subnet, a 44.168 subnet, or both. - There's no more dual adressing. All machines only have a 44.168 or 44.190 IP. Except for the central gateway, no machine / no server is using public Internet IP anymore. - Due to the highly experimental nature of the network and the tiny size, we do not have full internal dynamic routing yet, and we use static routing for now. Our dynamic experiments on some sites are using OSPF. - 44.190 subnet is routed on Internet with BGP via a Vultr VPS (which costs $5/month, is easy to implement, and is independent of local ISP BGP capabilities) - 44.168 subnet is currently not routed on Internet via BGP, because this does not have much sense. For now, it's not routed outside of our island. But we plan to implement IP-IP routing on the central gateway (as we had in our previous iteration) Maybe we should try to identify all people using this kind of topology all over the world (what I called a "Regional" or "local" gateways) ? Then, we may try to "normalize" our implementations : - Adoption of dual-addressing : 44.190 for things that require Internet access, and 44.<country> for other things - Choice of internal VPN tunneling protocol(s) - Choice of internal routing protocol - Choice of external routing method (tunnels and routing between gateways) 73 de TK1BI ------------------------------ Message: 2 Date: Wed, 7 Oct 2020 15:27:49 +0200 From: Toussaint OTTAVI <t.ottavi(a)bc-109.com> To: <44net(a)mailman.ampr.org> Subject: Re: [44net] Inviting you to ARDC Grantmaking Survey + Community Jitsi Call Message-ID: <6833ec63-d59d-530b-3ffa-ef2b5585a99f(a)bc-109.com> Content-Type: text/plain; charset="utf-8"; format=flowed Le 03/10/2020 ? 18:55, Corey Dean via 44Net a ?crit?: > Part of the BrandMeister network is using some of the 44 range. The > main bm webpage is using it. Here are some quick and dirty stats : XLX is an open-source digital gateway used all over the world to interconnect D-Star and DMR repeaters (and many other protocols) XLX API provides a "hosts" file of all registered XLX nodes with their IP This file has approx. 1700 lines. Due to triple REF, DCS, XRF naming, we can assume there are roughly 560 independent nodes. The file contains only 36 entries using AMPR 44.x IP addressing, and among them, only 12 are unique *-> Only 2% of the XLX-connected reflectors are using AMPR addresses !!!* And this is only for reflectors (=servers), who are managed by people with more than average skills. I didn't find how to obtain stats for all the repeaters connected to all the reflectors, but adoption rate will be even lower ! COMMENTS : - AMPR addressing is used on country-wide servers, and by isolated teams around the world (including myself, HI)? mostly because people who maintain servers have the skills and equipment to do that. - We still have some work until mass adoption by the local reflectors and repeaters SysOps - And even more work for mass adoption by any HAM in the world... CONCLUSION : As I already said, IMHO, our #1 goal should be : make AMPR addressing easier to use, both for local SysOps/teams, and for end users. 73 de TK1BI ------------------------------ Message: 3 Date: Wed, 7 Oct 2020 14:01:29 +0000 From: pete M <petem001(a)hotmail.com> To: AMPRNet working group <44net(a)mailman.ampr.org> Subject: Re: [44net] Inviting you to ARDC Grantmaking Survey + Community Jitsi Call Message-ID: <MWHPR2201MB14551B41D83E8BD2DF4F56A9970A0(a)MWHPR2201MB1455.namprd22.prod.outl ook.com> Content-Type: text/plain; charset="iso-8859-1" I am 100% with you. I don't count myself as top sys admin. But I am far from being a noob. And I have been struggling to have Ipip or other ways of connecting to the net. I have multiple site connected by VPN to my vps . I run multiple wireless link with fallback to lte modem. In case of a trouble with the link and yet, the only way I think I will achieve a stable way to have a connection and 44 net IP will be by bgp. That bring that I need a /24 at a minimum. Do I need a /24? Not at first and I hope I will be able to have other hams in my region to take some of my /24 ( will give them with the VPN server) but frankly this also mean the I will be responsible for there action on the 44 net. And that is putting some pressure on me. T?l?chargez Outlook pour Android<https://aka.ms/ghei36> ________________________________ From: 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> on behalf of Toussaint OTTAVI via 44Net <44net(a)mailman.ampr.org> Sent: Wednesday, October 7, 2020 9:27:49 AM To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org> Cc: Toussaint OTTAVI <t.ottavi(a)bc-109.com> Subject: Re: [44net] Inviting you to ARDC Grantmaking Survey + Community Jitsi Call Le 03/10/2020 ? 18:55, Corey Dean via 44Net a ?crit : > Part of the BrandMeister network is using some of the 44 range. The > main bm webpage is using it. Here are some quick and dirty stats : XLX is an open-source digital gateway used all over the world to interconnect D-Star and DMR repeaters (and many other protocols) XLX API provides a "hosts" file of all registered XLX nodes with their IP This file has approx. 1700 lines. Due to triple REF, DCS, XRF naming, we can assume there are roughly 560 independent nodes. The file contains only 36 entries using AMPR 44.x IP addressing, and among them, only 12 are unique *-> Only 2% of the XLX-connected reflectors are using AMPR addresses !!!* And this is only for reflectors (=servers), who are managed by people with more than average skills. I didn't find how to obtain stats for all the repeaters connected to all the reflectors, but adoption rate will be even lower ! COMMENTS : - AMPR addressing is used on country-wide servers, and by isolated teams around the world (including myself, HI) mostly because people who maintain servers have the skills and equipment to do that. - We still have some work until mass adoption by the local reflectors and repeaters SysOps - And even more work for mass adoption by any HAM in the world... CONCLUSION : As I already said, IMHO, our #1 goal should be : make AMPR addressing easier to use, both for local SysOps/teams, and for end users. 73 de TK1BI _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net ------------------------------ Message: 4 Date: Wed, 7 Oct 2020 09:54:30 -0700 From: Rosy Wolfe <rosy(a)ampr.org> To: Amprnet 44 Net <44net(a)mailman.ampr.org> Subject: [44net] Please let us know if you're coming to Saturday's call! Message-ID: <745510ee-aeb4-0cad-7ace-8ec9abe9b0d5(a)ampr.org> Content-Type: text/plain; charset=utf-8; format=flowed Hi 44net, Given how many people have responded to the survey (68!), I want to make sure that Jitsi can handle the number of people who might show up to our call on Saturday. In service of collecting a head count, please let us know if you're planning to join the call by filling out your name here: https://www.ampr.org/community-meeting/ Many thanks! If it looks like we're going to exceed the 75 person limit, we may switch to a Zoom call. In either case, we're planning on recording the meeting for anyone who can't make it. I'll post information here if anything changes. I'm looking forward to e-meeting many of you and am compiling ideas from your emails and the survey as we speak. All the best, Rosy PS here's the survey link in case you haven't taken it yet: https://www.mysurveygizmo.com/s3/5789610/ARDC-Grantmaking-Feedback-Survey -- Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org ------------------------------ Message: 5 Date: Wed, 7 Oct 2020 17:01:41 +0000 From: Ruben ON3RVH <on3rvh(a)on3rvh.be> To: AMPRNet working group <44net(a)mailman.ampr.org> Subject: Re: [44net] Please let us know if you're coming to Saturday's call! Message-ID: <AM0PR01MB3890CE45891B0A0C5286F569D30A0(a)AM0PR01MB3890.eurprd01.prod.exchange labs.com> Content-Type: text/plain; charset="us-ascii" Rosy, If I may give a suggestion: have everyone turn off their camera's and things will go much smoother with Jitsi. Most of the issues come from everyone sharing their camera and having a smallband internet connection, thus filling up that pipe with everyone's camera is a bad idea ;) 73 Ruben ON3RVH -----Original Message----- From: 44Net <44net-bounces+on3rvh=on3rvh.be(a)mailman.ampr.org> On Behalf Of Rosy Wolfe via 44Net Sent: Wednesday, October 7, 2020 18:55 To: Amprnet 44 Net <44net(a)mailman.ampr.org> Cc: Rosy Wolfe <rosy(a)ampr.org> Subject: [44net] Please let us know if you're coming to Saturday's call! Hi 44net, Given how many people have responded to the survey (68!), I want to make sure that Jitsi can handle the number of people who might show up to our call on Saturday. In service of collecting a head count, please let us know if you're planning to join the call by filling out your name here: https://www.ampr.org/community-meeting/ Many thanks! If it looks like we're going to exceed the 75 person limit, we may switch to a Zoom call. In either case, we're planning on recording the meeting for anyone who can't make it. I'll post information here if anything changes. I'm looking forward to e-meeting many of you and am compiling ideas from your emails and the survey as we speak. All the best, Rosy PS here's the survey link in case you haven't taken it yet: https://www.mysurveygizmo.com/s3/5789610/ARDC-Grantmaking-Feedback-Survey -- Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net ------------------------------ Message: 6 Date: Wed, 7 Oct 2020 10:17:25 -0700 From: Rosy Wolfe <rosy(a)ampr.org> To: 44net(a)mailman.ampr.org Subject: Re: [44net] Please let us know if you're coming to Saturday's call! Message-ID: <aeffc385-d2ac-781f-b2c5-8bf4c656eeca(a)ampr.org> Content-Type: text/plain; charset=utf-8; format=flowed On 10/7/20 10:01 AM, Ruben ON3RVH via 44Net wrote: > Rosy, > > If I may give a suggestion: have everyone turn off their camera's and things will go much smoother with Jitsi. Most of the issues come from everyone sharing their camera and having a smallband internet connection, thus filling up that pipe with everyone's camera is a bad idea ;) Copy! The suggestion is most welcome. Thank you, Ruben. Rosy Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org > > -----Original Message----- > From: 44Net <44net-bounces+on3rvh=on3rvh.be(a)mailman.ampr.org> On Behalf Of Rosy Wolfe via 44Net > Sent: Wednesday, October 7, 2020 18:55 > To: Amprnet 44 Net <44net(a)mailman.ampr.org> > Cc: Rosy Wolfe <rosy(a)ampr.org> > Subject: [44net] Please let us know if you're coming to Saturday's call! > > Hi 44net, > > Given how many people have responded to the survey (68!), I want to make sure that Jitsi can handle the number of people who might show up to our call on Saturday. > > In service of collecting a head count, please let us know if you're planning to join the call by filling out your name here: > > https://www.ampr.org/community-meeting/ > > Many thanks! If it looks like we're going to exceed the 75 person limit, we may switch to a Zoom call. In either case, we're planning on recording the meeting for anyone who can't make it. I'll post information here if anything changes. > > I'm looking forward to e-meeting many of you and am compiling ideas from your emails and the survey as we speak. > > All the best, > Rosy > > PS here's the survey link in case you haven't taken it yet: > https://www.mysurveygizmo.com/s3/5789610/ARDC-Grantmaking-Feedback-Survey > > -- > Rosy Wolfe > Executive Director > Amateur Radio Digital Communications (ARDC) ampr.org _________________________________________ > 44Net mailing list > 44Net(a)mailman.ampr.org > https://mailman.ampr.org/mailman/listinfo/44net > > _________________________________________ > 44Net mailing list > 44Net(a)mailman.ampr.org > https://mailman.ampr.org/mailman/listinfo/44net > ------------------------------ Subject: Digest Footer _______________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net ------------------------------ End of 44Net Digest, Vol 9, Issue 97 ************************************

4 years, 6 months

1
0
0 0

Re: [44net] Education about networking (Was Re: Inviting you to ARDC Grantmaking Survey + Community Jitsi Call)

by Rob Janssen

>Yeah this thread kinda went off the rails. Originally we WERE talking about global Internet BGP. That is what the folks need that are using net-44 for IRLP, Allstar, Echolink, D-Star and various types of DMR. 44-net addresses that need access to and from the global Internet. >It took my local data center provider about three weeks to set up advertising one of my /23. Mostly waiting for all of their upstream providers to accept the newly advertised routes. Vultr.com has a very slick set of tools allowing one to get it going in a few hours, assuming proper license from ARDC is obtained. Neither one charges anything extra for doing that. >But it is nothing anyone here can do on their own from home. Basically it requires support from a large data center or ISP. All of my blocks are globally routable, courtesy of my data center providers. I run an implementation of OpenVPN on a Linux VM to pass individual addresses (/32) to client IRLP nodes. Please understand that in the topology I am proposing (and have proposed several times in the past) you don't need to do that as an individual, it is left to local groups or ARDC to do that. You would have a local router in some datacenter that advertises some segment of the net-44 space on internet (or preferably, the ISP does the advertising and just statically routes the incoming traffic to you). Then in that datacenter you have a router that allows incoming VPN connections from small routers at the individual's homes or repeater locations. Those individual routers talk BGP as well, but that only travels between their router and the datacenter router. It is used to tell the datacenter router what subnet(s) of the net-44 space each one wants to receive. It does not influence what happens on the internet side, there it always receives the full /16../24 that is advertised on internet. Now, the individuals and repeaters can build radiolinks between them, they will form the AMPRnet over radio for that region. Traffic will (with proper setup) select those radiolinks first, the link to the datacenter is used for traffic towards internet or when there is no radiolink available. ARDC would arrange there is a full mesh (or almost full mesh) of GRE tunnels between all those datacenter routers where BGP is running as well. That means that redundancy can be built into the network, so you would not be dependent on a single router when you don't like that. You could setup a VPN to more than one datacenter router and again BGP will arrange that you will receive your network traffic, at least the AMPRnet traffic, at any time even when your main router is down. In my opinion that is a much better solution than the IPIP mesh we have now, which is completely static and has your gateway system as a single point of failure. Also it requires a mostly static IP, and possibility to forward the protocol 4 traffic to the gateway system. This is ever harder to get going on a modern internet connection that has a dynamic address and maybe even CGNAT. A VPN system does not suffer from that. Rob

4 years, 7 months

2
1
0 0

Update on AmprGW, UCSD, and Network Telescope

by John Gilmore

Someone asked a few weeks ago: ... the Trustees would presumably be completely free to give an update on the planned relationship with CAIDA (UCSD Network Telescope), and long-term sustainable plans for AmprGW? The relationship between ARDC and UCSD's CAIDA research group remains as it was before Brian Kantor's death. There is a Memorandum of Understanding (MoU) between UCSD and ARDC that defines this relationship. The MoU was negotiated between Brian (for ARDC), and the UCSD management (for CAIDA). In particular, Brian wanted and succeeded to get this arrangement nailed down before he retired from being on staff at UCSD. The Network Telescope and the amateurs-to-Internet relay operate from the same network infrastructure in a lab at UCSD. Both parties gain from the arrangement. UCSD observes traffic sent to a large section of unused address space, and has created an analysis environment to facilitate its sharing of this data with vetted researchers. ARDC gets a well maintained, high speed interconnect between its users and the Internet. Typical amateur tunneled traffic through AmprGW is well under a gigabit per second, averaging about 30-60 megabits/sec, with bursts 60-90Mbps. (This traffic occupies twice that bandwidth, since every packet that comes in, then goes back out through one of hundreds of tunnels; and vice verse.) Typical non-amateur, Telescope traffic, bursts to 800Mbps and averages between 500 and 600 megabits/sec. There are currently no plans to change this arrangement. However, the main source of funding for the Telescope project expired this year, and it is not yet clear whether or how the data-sharing (i.e., the expensive) aspect of the project will continue. On the plus side, the existing hardware and software that supports ARDC is all paid for, installed, and running; it would involve work to tear it down. From the ARDC side, Chris Smith, G1FEF, has full access to AmprGW from the UK, and continues to maintain it as Brian did, with intermittent "hands-on" help from a local CAIDA sysadmin. As BDale recently reminded us, Chris also maintains other ARDC infrastructure such as the Portal and the website, which run in virtual machines hosted in various data centers. If UCSD and CAIDA ever decided to cancel the MoU, shut down the Telescope, and/or stop collaborating with ARDC, ARDC could move AmprGW to a virtual machine in a well connected data center anywhere in the world. Now that ARDC has more than nominal amounts of money, it can afford to pay for bandwidth and servers. AmprGW remains at UCSD today, partly because continuing that arrangement was simplest while scrambling to pick up the pieces after Brian died; and partly to honor the MoU, and Brian's history there, and to continue enabling Internet research worldwide, since CAIDA provides access to telescope data to vetted academic researchers. There are 4 pages of explanation, signatures, etc in the MoU, which is a public record of the Regents of the University of California, accessible under the California Public Records Act. Here are the relevent bits: This agreement is not intended to be legally binding, and instead is an aspirational document between the parties outlining responsibilities, and expectations of the parties. UCSD SHALL: o Operate network hardware and software to provide colocation services for the AMPRNet(TM) TCP/IP networks for Amateur Radio on UCSD infrastructure. o Agree to safeguard the UCSD equipment and network resources using best practices for network management. o Agree to use and comply with best practices for safeguarding data to mitigate privacy and security concems and to comply with legal requirements when using the data collected on AMPRnet's network for research critical to the Center for Applied Internet Analysis (CAIDA) research group located at the San Diego Super Computer Center. COLLABORATOR SHALL: o Agree to allow UCSD to collect, filter and curate data destined for the AMPRNet(TM) network for the purposes of network research and responsible data sharing with the network and security research communities. COMMENCEMENT/EXPIRATION DATE. This agreement is executed as of the date of last signature and is effective through [July 31, 2023] at which time it will expire unless extended. The U.S. federal research funding that supports the Telescope is: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1730661 The proposal that NSF funded is this one: https://www.caida.org/funding/stardust/ CAIDA's most recent slide deck about the Telescope is: https://www.caida.org/publications/presentations/2019/stardust_dust/stardus… The Principal Investigator of the Network Telescope is Alberto Dainotti <alberto(a)caida.org>. He intends to release a new web site and documentation for this project by the end of 2020. This will include a list of research enabled by the telescope (papers, data, analysis tools). In the meantime, there is a preliminary Grafana dashboard that shows that the Network Telescope is seeing (in real time, or from the past). https://explore.stardust.caida.org/d/ClIeIwOMk/stardust-public-protocols (It's work in progress! BTW, it uses Keycloak for authentication, so people can now use github or globus credentials to log in). Access to the Telescope data is controlled to preserve the privacy of the users all over the Internet whose (typically malware-contaminated) sites originated the packets. Researchers who use the data must sign a contract agreeing to maintain that privacy. Note that none of the data in this Network Telescope is the traffic of authorized amateur users. All that traffic is filtered out before it is recorded for researchers by the Telescope. We are happy to take questions or feedback on this list or at the community meeting next week. John Gilmore, W0GNU Board member and Secretary, ARDC

4 years, 7 months

1
0
0 0

Re: [44net] Education about networking (Was Re: Inviting you to ARDC Grantmaking Survey + Community Jitsi Call)

by Rob Janssen

>>>/AMPRNet / HamNet routing is quite complicated for a non-IT guy... / >>/The advantage of using BGP even in this trivial case is... / >I don't think the most important question is about selling BGP or any >particular technology (I'm well versed in internetwork engineering and >worked in that field professionally for many years; I'm in academia >now). >I'm writing this because education was a specific question in the >survey. >The reason that we have amateur radio is to enable experimentation with >using the radio spectrum in a way that is otherwise not permitted or >practical. With the Internet, there are certain things that are only >possible to experiment with if you have your own addresses and other >network numbers. AMPRNet is (perhaps that's too strong, and we could >say, "can be") a way of enabling a kind of experimentation on the >Internet similar to what we do with the radio spectrum. It is not clear to me what you are getting at here! These are different layers of the cake. Your radio experimentation will result in some way to transport bits from A to B, but not in a network. To build a network you need another layer, and a way to define what you need to send where to get your message to the destination. That is what BGP is handling. By using BGP instead of static routing, we can connect many radio links and other links together and make a network out of it without getting buried in manual routing chores. Please make sure you understand that the use of BGP I am mentioning here has nothing to do with the use of BGP on internet to route all the internet networks. It is the same protocol, but they are different use cases. Don't get confused when people say they have their AMPRnet subnet BGP routed to them on internet, and other people propose to use BGP internal to the AMPRnet network to route things the correct way, these are two different things. Rob

4 years, 7 months

3
2
0 0

Re: [44net] Inviting you to ARDC Grantmaking Survey + Community Jitsi Call

by Rob Janssen

> - AMPRNet / HamNet routing is quite complicated for a non-IT guy. BGP requires huge equipment and skills. IPIP requires hacking protocol redirect on Internet boxes. Those are not easy things for people operating a voice repeater or hotspot. They just build a Pi image, plug the machine, and it works. Why should they bother with complex addressing ? We have quite some repeaters that are connected via AMPRnet. We normally use MikroTik routers. I do not consider these "huge equipment" and they are not difficult to configure with BGP. I have some example configs for setting up an endpoint with L2TP/IPsec tunnel to our gateway router and using BGP to advertise their own subnet. This is much easier to get going than IPIP, for example there is no need to touch the existing internet router (open ports/protocols not required). This even makes it suitable for installation on buildings where the owner may make available some guest internet access but would not want you to tweak their network to pass IPIP. The advantage of using BGP even in this trivial case is that the network can now be extended when the opportunity arises without having another hurdle of complexity. A WiFi link to another station can be added, e.g. in some cases people have an internet connection at an amateur nearby the repeater, and then a WiFi link to the repeater itself. I would be all for rolling out such a system worldwide to replace the IPIP mesh. Routers (e.g. MikroTik CHR that can run as a VPS) in datacenters all over the world interconnected with a static tunnel mesh and offering VPN service for local amateurs to connect, and routing using BGP on private AS (this only routes AMPRnet, not full internet). In different places those routers could have the AMPRnet subnet(s) for that region announced on internet, like we do for 44.137.0.0/16 and others do for other country networks. And each of those can offer different VPN technologies so you are able to follow the trend of the day without having to do a migration in the entire network. Rob PE1CHL

4 years, 7 months

4
4
0 0

ampr.org DNS and rDNS entries

by Marc, LX1DUC

Good evening, it's been a while since I had to add/change/delete DNS entries in the ampr.org DNS zone. The email robot I've used in the past seems to have gone. Could someone please point me into the right direction how this is done nowadays? vy 73 de Marc, LX1DUC

4 years, 7 months

11
14
0 0

ARRL/TAPR Digital Communications Virtual Conference (DCC), September 11 - 12 (THIS WEEK)

by Mark Thompson

39th Annual ARRL / TAPR Digital Communications Conference (DCC) THIS WEEK - Friday, September 11th & Saturday, 12th DCC will be a virtual conference using Zoom video communications and YouTube video-sharing platforms. DCC information, Technical Papers, Presentation Schedule & Registration Available at: DCC Information DCC Technical Papers DCC Presentation Schedule DCC Registration Registered DCC attendees participating via Zoom will be able to interact with presenters and other attendees via a chat room as well as raise a virtual hand to ask questions. (you don’t need a Zoom account to register). Non-registered DCC attendees can watch the live stream for free on YouTube, however non-registered DCC attendees will not be able to ask questions or chat. No registration is required for YouTube access. The YouTube URL will be announced and posted on this webpage preceding the DCC. DCC registration is free for TAPR members and $30 for non-members. Members receive a 100% discount at checkout. Non-members who would like to join TAPR and receive the free DCC pass can simply add TAPR membership and DCC registration to their shopping carts. After checkout, they will receive the free DCC pass when their membership is processed.

4 years, 7 months

1
0
0 0

Re: [44net] DDWRT Gateway Instructions

by lleachii＠aol.com

Mike, DD-WRT is not known to provide a method to compile/install the necessary software (i.e. a RIP44 routing daemon). Aside from this, I cannot recall if a tunnel can be established. Nonetheless, if you were to succeed standing up a tunnel, you'd need the routing daemon to properly configure your reply traffic. This routing daemon concern may be overcome by employing a Munge Script (hopefully DD-WRT has some tools like: `curl`, `ftp`, `grep`, `fgrep`, `sed`, `sort` and `diff` installed in the firmware). https://wiki.ampr.org/wiki/Munge_script You can start testing using commands from the startampr, OpenWrt, Ubuntu and/or Linux setup guides on the Wiki. Feel free to ask any questions (when you can stand up a tunnel). I've never used the Munge Script method, I'm sure others have (I should note that there's a script posted that can parse the encap.txt file - it's located on the Firewall page). The `ip tunnel` commands in `startampr` should be of help to test establishing the tunnel. https://wiki.ampr.org/wiki/Startampr#Script --- - Prior to using OpenWrt, I personally forwarded IPENCAP (IP Protocol No. 4) to a gateway running Ubuntu Server. - https://wiki.ampr.org/wiki/Firewalls#DD-WRT - Also see "Static IPENCAP Filtering of AMPR Nodes" here: https://wiki.ampr.org/wiki/Firewalls#iptables 73, - Lynwood KB3VWG

4 years, 7 months

1
0
0 0

DDWRT Gateway Instructions

by Mike Swiatkowski

Does anyone know how to set up an AMPRnet gateway on a router with DDWRT? I don't want to use OPENWRT based on previous experience. Thanks, Mike, AA9VI

4 years, 7 months

1
0
0 0

OpenWrt MSS Clamping - 19.07.4

by lleachii＠aol.com

All, First, welcome to the new Director and thanks for the work Chris! I wanted to inform those with OpenWrt-based nodes that version 19.07.4 should fix an MSS clamping bug that was reported to the developers. Some of you that setup OpenWrt routers have noted to me that MSS seemed problematic in one direction. I've worked around this with other OpenWrt operators by placing MSS clamping on the LAN as well as the tunnel-facing sides of the OpenWrt config. Hopefully 19.07.4 fixes the need for this. https://openwrt.org/releases/19.07/notes-19.07.4#major_bug_fixes 73, - Lynwood KB3VWG

4 years, 7 months

1
0
0 0

Portal maintenance

by G1FEF

The Portal, Wiki & website will be offline for some much needed maintenance for the next hour. Regards, Chris - G1FEF

4 years, 8 months

1
0
0 0

ax25ipd setup with socat

by Marius Petrescu

Since I get questions about how to use the current kernels for axip or axudp tunnel setups, here is my solution for this, using socat: Here is an example for an axip tunnel. First, create a transparent pty pair, lets say axip an kip located in /var/ax25 (names and locations can be chosen freely): /usr/bin/socat pty,link=/var/ax25/axip,raw,echo=0 pty,link=/var/ax25/kip,raw,echo=0 & Next, attach the kernel side to one end and create a ax25 port let say 'aprs' with address 44.128.1.1 and netmask /32: /usr/bin/kissattach -l /var/ax25/kip aprs 44.128.1.1 ifconfig ax0 netmask 255.255.255.255 (ax0 is the first port created by kissattach) Also, configure port 'aprs' in the ax25 daemon and start it... /usr/sbin/ax25d The other end needs to be configured in the ax25ipd daemon config file to use the other end provided by socat: mode tnc (...) device /var/ax25/axip (...) route n0call 44.128.2.3. b (...) I think this will help, Marius, YO2LOJ

4 years, 8 months

1
0
0 0

Re: [44net] Say hello to Rosy Wolfe, ARDC's new Executive Director

by Paul Sladen

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 28 Aug 2020, Phil Karn wrote: > On 8/27/20 5:12 AM, Paul Sladen wrote: Hello Phil, > point is taken. Excellent. Glad that was useful; hopefully the rest is useful too. > > * page 2, > > http://rct.doj.ca.gov/Verification/Web/Download.aspx?saveas=Founding+Docume… > This document is out of date. > ... > As you can see, the purposes of the foundation were broadened ... QED. Metamorphosis has occurred; and further metamorphosis is planned in 2021: https://www.ampr.org/amprnet/ ] (Now that we are receiving significant investment income from our ] address sale, in 2021 we will transition to a private grant-making ] foundation required to disburse at least 5% of our total assets each ] year, on average.) (Please be very, Very, careful with the wording "total assets"...) ...However, the founding document from 2011 is still /the/ founding document, which enabled charitable incorporation, and immutable, and so still to remind incoming employees/trustees of (p.5): ] All assets of this corporation are irrevocably dedicated to public ] and charitable purposes and no part of the net income or assets of ] this corporation shall ever inure to the benefit of any director, ] officer or member thereof or to the benefit of any private person. Which brings us back to the "assets of this corporation"; > > (ADRC is custodian of US$0.25+ Billion in tangible +non-tangibles). > We will be able to talk about the actual numbers as soon as ... Tangible numbers are unncessary for discussion of the quarter-billion, which is obtainable purely from remaining intangibles (unsold IPs): * US$0.25+ Billion == nominal book value of the remaining IPs (intangible assets) held by ADRC: ($20 * ~12.58 million) ...accounting for retained IPs in the "total assets" appears to be a necessary condition, to have allowed made the declaration that the sale of ~25% of total assets was "insubstantial". (p.1): https://www.ampr.org/wp-content/uploads/Courtesy-Notice-to-AG-Signed-ARDC.p… ] the Sale represents only about one-quarter of ARDC's IP Addresses ] and is therefore not a sale of substantially all of ARDC's ] assets. and thusly fall under the s.5913 non-prior-notification exception: ] Accordingly, advance written notice of this Sale was not ] required under California Nonprofit Public Benefit Corporation Law ] Section 5913. So putting together (1) the 5% disbursement plans for 2021, and (2) the necessity to account for "total assets" to claim the non-prior notification in 2019, ...: There would shortfall after 5 years, because... disbursing 5% of ~0.3 billion total assets (tangible + intangible) = US$15 million/year outgoing (cash); against investment income of say ~10% of that. Result would be ARDC, Inc. returning to being non-liquid c.2025, ...necessitating a further sale of AMPRNet IPv4 addresses. > Until then we are not contractually allowed to disclose But, the Trustees would presumably be completely free to give an update on the planned relationship with CAIDA (UCSD Network Telescope), and long-term sustainable plans for AmprGW? -Paul TL;DR: Be very, Very careful of the 5% total assets idea. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFfSRSdc444tukM+iQRAjv1AJ44Rwblo1HStD+pRTawuoeHYvuDIgCdHRtR WaquVeRqmuymtjxm/Q8sUMc= =uvsx -----END PGP SIGNATURE-----

4 years, 8 months

3
2
0 0

Say hello to Rosy Wolfe, ARDC's new Executive Director

by Phil Karn

Hello 44net, I'd like to announce that ARDC now has an Executive Director: Rosy Wolfe. She becomes ARDC's second paid employee. We initially looked for people near San Diego where fellow board member KC Claffy and I reside. Rosy, who lives in Portland, OR, came highly recommended by Board Member John Gilmore, and we discovered his instincts were good. She has hit the ground running, providing not just considerable help and support to the Board and Grant Advisory committees, but also some very useful insights from her own experiences as we figure out how to attract a new and more diverse generation not just to ham radio, but to (digital) communications and to STEM (Science, Technology, Engineering and Math) fields more broadly. This bears some emphasis: we see ARDC as not being just about ham radio, or even just about ham radio and the Internet. Ham radio is fun, but it's also a powerful tool for public service and above all, education. And we define "education" very broadly. It goes far beyond formal classroom instruction to group projects to the kind of self-motivated, individual hands-on tinkering and learning-by-doing that is the essence of ham radio. We want to bring that to as many people as possible. We know this isn't going to be easy, so we're going to need a lot of new ideas to fund. We expect many will fail, but that's OK as long as a few really succeed. Rosy definitely understands what we're trying to do. After getting her MS in Digital Media in 2011 at Georgia Tech, Rosy worked at the intersection of technology, activism, art, and design for nearly a decade. In that time (and under her birth name, Beth Schechter), she co-founded and ran an international open source map making community and worked with John Gilmore at an organization supporting open scientific data exchange in cannabis research. Through this work, Rosy has written curricula on basic HTML, CSS, JavaScript, and open source map making, drafted diagrams and educational content on design, science and regulations, the patent system, and more. She has also managed many projects, from data visualizations to installations at Burning Man. She doesn't have her ham license yet, but hey, nobody's perfect... Nevertheless, we are happy to have Rosy's experience in nonprofit administration, project management, and technical education as we move from being a small charity to a large grant-making foundation. Her email address is rosy(a)ampr.org Please join us in welcoming Rosy! And I'll let her introduce herself. 73, Phil Hello 44net! And many thanks to Phil for the kind introduction. I'm thrilled to be here and to finally e-meet all of you. I'm also incredibly excited to be working with ARDC - the organization has an opportunity to do tremendous good in the world, and it's an honor to be selected to help shepherd the process. In addition to supporting grant making for the many innovative initiatives listed on our Grant making Goals page, I'm particularly excited to support emergency communications preparedness, remote deployments, STEM, and generally expanding the demographics of amateur radio and digital communications. Speaking of communications, a key part of my role is to help increase communication and transparency between the Board and this list. To that end, and particularly as we get into administrative flow, please expect updates and reports from me. On the flip side, if you have any questions that I can answer, please don't hesitate to reach out, either on this list or by email: rosy(a)ampr.org. Like Phil mentioned, I don't have my ham license yet, but I'm happy to report that I'm studying for it. In addition to learning more about the radio spectrum, antennae, and repeaters in the coming months, I'm also looking forward to learning about this international community and the many people who are a part of it. If there are community resources or organizations you think I need to know about, I invite you to share them with me. In the meantime, thank you, again, for the warm welcome. Here's to the future of amateur radio and digital communications. Sincerely, Rosy

4 years, 8 months

2
2
0 0

POS for AMPR router configuration?

by Assi Friedman

Hi: Who took over Brian's role maintaining the router? I need implement a change that was done outside the portal's options. Thanks, Assi kk7kx

4 years, 9 months

1
0
0 0

Hello, I could use some help recovering my password to the portal

by Muriithi Njeru

In registered as M700KE, if you could help me retrieve my password to the portal the password recovery process is not completing sending email to my email address. Thankyou, Regards.

4 years, 9 months

2
1
0 0

AMPRNet VPN TLS Error

by Chris Brougham

Hi List, I'm trying to setup the VPN using my LotW cert and followed the instructions on the Wiki for Windows. There was a security issue at first but I added the tls-cipher "DEFAULT:@SECLEVEL=0" line in the .ovpn file and made some progress until I got this: Wed Jul 22 20:14:59 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Searching the archives here I've tried a few things such as editing the authorities file to show the last block only as was suggested by another list member. I also edited the authorities file to show the first block only, but to no avail. Now the user and authorities certs are concatenated as per the WIki instructions, so it's all stock. Any tips for further investigation? 73 Chris VE7YSF aka VA7CAB

4 years, 9 months

2
2
0 0

Routing Help (linux/ubuntu)

by Ian Redden

Hi Everyone! I have a Ubuntu 20.04 LTS box installed with the following network configuration: *Internet/ISP* ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 209.249.157.70 netmask 255.255.255.248 broadcast 209.249.157.71 inet6 fe80::250:56ff:feb7:eeb6 prefixlen 64 scopeid 0x20<link> ether 00:50:56:b7:ee:b6 txqueuelen 1000 (Ethernet) RX packets 7916 bytes 544678 (544.6 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 975 bytes 184556 (184.5 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 *HAM Network* ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 44.135.100.10 netmask 255.255.255.248 broadcast 44.135.100.15 inet6 fe80::250:56ff:feb7:57ba prefixlen 64 scopeid 0x20<link> ether 00:50:56:b7:57:ba txqueuelen 1000 (Ethernet) RX packets 35 bytes 2558 (2.5 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 37 bytes 3152 (3.1 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 104 bytes 8024 (8.0 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 104 bytes 8024 (8.0 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 *AMPRNet IPIP* tunl0: flags=4289<UP,RUNNING,NOARP,MULTICAST> mtu 1480 inet 44.135.100.9 netmask 255.255.255.255 tunnel txqueuelen 1000 (IPIP Tunnel) RX packets 37 bytes 17484 (17.4 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5 bytes 260 (260.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Machines on my "ham" network (44.135.100.8/29 - interface ens192) can only communicate within the routes I receive via rip44. Is this normal? For example, from a machine on the ham network (ens192), I can connect to va3emt-1.ampr.org (44.135.87.1) but cannot ping 8.8.8.8 (google dns). A tcpdump shows its going out the wrong interface (ens160). Also, from my ISP, I can ping 44.135.87.1 (and retrieve the web page) but I cannot ping or access 44.135.100.9,10,11,etc .... Here are my commands I'm using to connect: ip tunnel add tunl0 mode ipip local 209.249.157.70 ttl 255 ip link set dev tunl0 up ifconfig tunl0 up 44.135.100.9 netmask 255.255.255.255 multicast ip rule add to 44.0.0.0/9 table 44 priority 44 ip rule add to 44.128.0.0/10 table 44 priority 44 ip rule add from 44.135.100.8/29 table 44 priority 45 ip route add default dev tunl0 via 169.228.34.84 onlink table 44 ip route add 44.135.100.8/29 dev ens192 table 44 /usr/sbin/ampr-ripd -s -r -t 44 -i tunl0 -a 44.135.100.8/29 -d -v Any ideas? Ian. Some debug: root@ampr-router:~# ip rule 0: from all lookup local 44: from all to 44.0.0.0/9 lookup 44 44: from all to 44.128.0.0/10 lookup 44 45: from 44.135.100.8/29 lookup 44 32766: from all lookup main 32767: from all lookup default root@ampr-router:~# ip route show default via 209.249.157.65 dev ens160 proto static 44.135.100.8/29 dev ens192 proto kernel scope link src 44.135.100.10 209.249.157.64/29 dev ens160 proto kernel scope link src 209.249.157.70 root@ampr-router:~# ip route show table 44 | more default via 169.228.34.84 dev tunl0 onlink 44.0.0.1 via 169.228.34.84 dev tunl0 proto 44 onlink window 840 44.2.0.1 via 191.183.136.1 dev tunl0 proto 44 onlink window 840 44.2.0.2 via 98.20.210.138 dev tunl0 proto 44 onlink window 840 44.2.0.3 via 36.83.94.245 dev tunl0 proto 44 onlink window 840 44.2.2.0/24 via 216.218.207.198 dev tunl0 proto 44 onlink window 840 44.2.7.0/30 via 73.116.117.178 dev tunl0 proto 44 onlink window 840 44.2.10.0/29 via 104.49.12.130 dev tunl0 proto 44 onlink window 840 44.2.11.8/29 via 47.33.29.119 dev tunl0 proto 44 onlink window 840 44.2.50.0/29 via 50.63.202.93 dev tunl0 proto 44 onlink window 840 44.4.0.48/28 via 107.3.166.19 dev tunl0 proto 44 onlink window 840 44.4.2.152/29 via 173.167.109.217 dev tunl0 proto 44 onlink window 840 ..... alot of routes here ..... 44.185.66.0/24 via 89.106.108.151 dev tunl0 proto 44 onlink window 840 44.185.69.0/24 via 80.80.140.38 dev tunl0 proto 44 onlink window 840 44.185.80.0/24 via 213.91.190.32 dev tunl0 proto 44 onlink window 840 44.185.92.0/24 via 213.91.190.32 dev tunl0 proto 44 onlink window 840 44.185.96.0/24 via 213.91.190.32 dev tunl0 proto 44 onlink window 840 44.185.103.0/24 via 89.190.200.249 dev tunl0 proto 44 onlink window 840 44.185.104.0/24 via 178.254.198.205 dev tunl0 proto 44 onlink window 840 44.185.105.0/24 via 91.139.210.119 dev tunl0 proto 44 onlink window 840 44.185.106.0/24 via 95.158.166.222 dev tunl0 proto 44 onlink window 840 44.185.107.0/24 via 77.70.122.201 dev tunl0 proto 44 onlink window 840 44.185.108.0/27 via 78.83.56.107 dev tunl0 proto 44 onlink window 840 44.185.109.0/24 via 91.92.93.15 dev tunl0 proto 44 onlink window 840 44.188.1.1 via 70.80.196.6 dev tunl0 proto 44 onlink window 840 44.188.192.222 via 176.67.24.190 dev tunl0 proto 44 onlink window 840 44.224.0.0/15 via 141.75.245.225 dev tunl0 proto 44 onlink window 840

4 years, 9 months

2
2
0 0

Trying to reach N2NOV

by G1FEF

If anyone is able to contact Charles - N2NOV please could they advise him that emails to his @n2nov.net address is bouncing. Please ask him to get in touch with me: <n2nov(a)n2nov.net <mailto:n2nov@n2nov.net>>: host mx.spamexperts.com <http://mx.spamexperts.com/>[130.117.53.188] said: 550 Your country is not allowed to connect to this server. (in reply to RCPT TO command) Thanks, Chris - G1FEF

4 years, 9 months

2
1
0 0

My view to 44net's future

by Clive Blackledge

cc: 44ngn Greetings 44net, KF6DMA checking in. Thank you for letting me join the group. I’ve been licensed since 1996 or so, but I’ve rarely spent time on the air talking. Instead, the internet seemed much more my speed at 2400 baud at the time. There seemed to be a rather insurmountable generational gap when I started, but that has become narrower as the years progressed. I now have my own health ailments I can talk about in detail. :) I’ve been into packet radio and played with radio meshes, but a majority of my time was spent on the internet. My assortment of jobs I’ve held since high school have all prepared me for the job I have today working as a systems engineer for a large company, and I love it. I bring this up, as I was reading the archives to see the challenges with AMPRnet and ARDC in general, and thought I’d throw in my 2c from an outsiders systems engineering view (although hopefully not an outsider for too long). >From the surface, it seems like AMPRnet needs a ‘one country, two systems’ approach. An external system that interfaces with the public internet and deals with the trends there (RPKI, Domain keys, firewalls, etc.) and another that the ham community prefers (open, encryption-free communication). The two are pretty much at odds with each other, especially now ‘ssl everywhere’ has become a thing on the internet. Bridging both systems becomes difficult, but not impossible. What I propose is getting the internet-side figured out first. Initially I would see what it would take to get a .ham TLD. With that, we can run our own DNS registry, free to anybody licensed. It could include DNSSEC, and possibly our own internal trust registry, maybe working with LOTW to expand how they use PKI and certificate management. Next I’d look to see how we can give address space to communities that need it without requiring BGP. It seems people fall into various buckets when it comes to requesting address space here. Some use cases that I can think of: • Static IPs for services accessed via the internet like echolink, IRLP, etc. • Provide amateur services with multiple ISPs address space to announce • Bridge unencrypted services between the internet and something like broadband hamnet, etc. One challenge is announcing 44net space on the internet when filtering becomes more common and LoAs aren’t enough anymore. The use of tunnels today bridges this gap, but it doesn’t scale very well. My proposal is to look into datacenter space in some of the major IXs (not just UCSD) today and announce large chunks of 44net far and wide. The anticipation is to get grandfathered to avoid filtering that is likely to happen increasingly in the coming years. Hopefully the nonprofit status of ARDC can get us some goodwill/discounts with network operators and datacenters, but it’s like finding the perfect repeater location… it will still cost money for hardware and rent, even with the most generous landlord. For those who wish to use BGP, that’s still an option. I would recommend most people join an overlay network (sd-wan) solution that can provide the same benefits of BGP (multiple paths, static IPs, etc) but is easy enough to assign IP blocks and route IPs without BGP. Some solutions today that are open source and create a managed VPN mesh that can be managed from a centralized location. It’s like IP-IP tunneling used today, except it abstracts away the need for a static IP tunnel endpoint, and auto-routes away from links that have bad connectivity. Using an SD-WAN also provides the ability to do malware checking, firewalling, and other features that would be normal in a network like this. People can choose if nodes can only talk to other 44net nodes or expand access to the internet as a whole. Once the internet side is sorted out, the “internal” side of 44net could implement open services for everyone, including packet gateways, DNS, etc. The anticipation is to be able to access these services without needing to leave 44net. This affords us a few things. For example, replication of the .ham TLD I mentioned above can potentially be updated over RF, so everyone can have a copy of the complete DNS zone. The idea here is while we do invest heavily on the internet side, we also invest in the ability to run 44net without the internet. By using inherent multicast abilities of RF, plus anycast, we have our own replicated decentralized internet-free DNS infrastructure. For things like mail, winlink has had a head start here. We may need to borrow a lot of technology used here or invent our own. Satellites are getting cheaper to provide IP-based communication and they have potential to avoid terrestrial internet. Could we partner with Space-X Starlink? With an overlay network, packets can go satellite, internet, cellular, or all three. >From there, the rest of services can fall in line as needed. Need a replicated wiki knowledgebase? Done. Near-time speed chat? Sure. APRS gateway without the internet? Yup. Partner with AREDN to mesh the meshes more securely and redundantly? It's possible. We can become the ISP for amateur radio and create our own walled garden while also interfacing with the wild west of the internet to protect our interests there. -Clive KF6DMA

4 years, 9 months

5
6
0 0

Re: [44net] My view to 44net's future

by Rob Janssen

It is about a year ago that I tried to discuss such a proposal. My view was like this: let's establish routers at datacenters around the world, in addition to the existing UCSD router and some others that already handle /16 networks on internet. I was thinking about around 10 routers globally. They interconnect using BGP on private AS numbers (the 32-bit AS numbering scheme we already use) over a mesh of tunnels between them, to exchange routing information for 44Net subnets, but on internet the announcing remains as it is (i.e. the whole network is announced at UCSD, and regional subnets are, but do not need to be, announced at those global routers). The "users" connect to those routers using a (small) variety of tunnel protocols to match the restrictions they face from their internet providers, e.g. forcibly being behind a NAT router, having a dynamic IP address, maybe having some enforced firewalling, etc. I was thinking of standard tunneling protocols like GRE, GRE/IPsec, L2TP/IPsec, etc. The tunnels would be operated in a point-to-point fashion by default (/30 or /31 subnets on the tunnel), and the users would use BGP to announce their own routable subnet over that. They can setup redundant tunnels to multiple global routers when they desire to do so. They can also setup tunnels directly to other users when desired, and run a BGP session with them. And of course, radio links can be incorporated in the scheme. Users could use the widely available inexpensive routers available today that can use these standard protocols without special tinkering with scripting, locally compiled executables, etc. E.g. the inexpensive models available from MikroTik, Ubiquiti, etc. More technically inclined users could install software on their own Linux system or -board. I see this as a solution for the following problems: - more and more users struggle with getting IPIP routed on their internet connection, due to them being behind ISP-managed routers, CGNAT, having dynamic addresses, etc. - non-technical users struggle to get our special IPIP mesh operational on their routers, where using industry-standard protocols would be much easier as their router config interface already knows about those. - some users requested to have redundant IPIP tunnels (multiple internet routers serving the same 44Net subnet(s) in a redundant way, which the IPIP mesh cannot do. - the IPIP mesh does not really allow to check the status of the configured gateway routers, so routers that have not been operational for a long time just remain in the tables. I expected enthousiasm from the users, but unfortunately I was met with a lot of resistance to change, e.g. from people who believed that such a system would rob them from their direct tunnel to their buddies on the other side of the world and force them to go via established and centrally managed hubs (incorrect, of course). As I see this as a hobby and not as a struggle to be right and convince those that do not want to be convinced, I did not pursue it further. I don't know if the attitude an scepticism has gone away now. We would have to see in a new discussion. Maybe some of the opponents have realized by now that it would be better to have a more flexible mechanism like this instead of going on with the IPIP mesh forever. Maybe not. I don's see the need of routing the entire 44Net from internet to all those routers. When everyone routes only their own regional subnet(s), it remains more manageble and we do not face the raised issues. Furthermore, some of us have our ISP announce the relevant regional subnet on their redundant border routers under their AS, and then route it to our "gateway" router. That relieves us from being responsible for that announcement, and we use the ISP NOC services. But of course it also means we are less integrated with the internet routing, e.g. we cannot allow that subnets from our announcement are routed to others. Of course everyone can decide if they want to announce their subnet on internet directly or via an ISP, but I would suggest that the internet side of things be kept separate from our internal routing (2 BGP instances, the 44Net one using a private AS number) W.r.t. the .ham TLD: I don't see what advantage that would bring, we already have the .ampr.org domain and we run the DNS for it. It should offer the same capabilities as a dedicated TLD, I think, at a much lower cost. Rob

4 years, 9 months

10
20
0 0

Update on ARDC Board activities

by Phil Karn

I want to provide an update on what ARDC's nonprofit board has been doing since Brian's sudden passing last November. Our three priorities have been: 1) Sustainability and continuity of the AMPRnet infrastructure. As I reported to the list 30 Dec 2019, Chris Smith, G1FEF (chris(a)g1fef.co.uk) has taken over AMPRnet portal management among other sysadmin tasks. Chris is now working under paid contract with ARDC, rather than as a volunteer. Besides keeping the infrastructure going, he is also dedicating some paid time to improving the Portal and other software. The process of contracting made us aware that we had never adopted a GDPR-compliant privacy policy, so we've engaged lawyers to write one -- as simple as they'll let us make it, given that we do actually keep personal data about hams who apply for net44 allocations, write for the mailing list or wiki, etc. Actually following this policy then requires us to make staff policies to match it (Record Retention and Data Destruction, Data Custodianship and Access), plus a Terms of Use for the website, which we are still actively trying to shorten and simplify. (I hate this legal stuff as much as anybody, but it has to be done.) 2) Gathering administrative, financial and legal records, investing our funds responsibly, and preparing for our first financial audit. Brian was a meticulous record-keeper, and we do have all his records, but clearly he had no intention of passing so soon. So this was not trivial. The audited financials and our 2019 tax return will be published on the website and announced on the mailing list. 3) Establishing processes for accepting and reviewing grant applications, awarding grants and following up on how our grants are spent. We are steadily adding process and documentation. The board appointed five volunteers to the Grants Advisory Committee for 2020 and it's up and running. They meet (virtually) every two weeks to review, discuss and evaluate the proposals that are now flowing in. The Committee (and the Board) do approve a few grants as originally submitted, but most involve some negotiation. Typically we'll ask an applicant to divide a single request into well-defined sub-projects, each with a clear objective and cost. Although ARDC did fully fund the UCSD Turing Memorial Scholarship in Brian's memory, in general we want to avoid funding other organizations' endowments. So we'll ask applicants to request only what they can usefully spend in one year, and come back next year for more. Then we can see what they've accomplished as we decide whether to grant more. For more information, see: https://www.ampr.org/giving/ Here is a list of all grants made. They total more than a million US dollars so far. https://www.ampr.org/grants/ As the Giving page describes, there is a lot more to do. We hope to increase the pace this year, but we are trying hard to get everything right, or at least not terribly wrong. I never expected to become ARDC President. Brian was a close personal friend and you can't believe how much I wish he still had this job. I have health problems of my own slowing me down, and while I've avoided Covid (so far) the pandemic certainly isn't helping. My original plans to promote ARDC at major ham gatherings like Dayton and Friedrichshafen evaporated months ago. But the entire Board remains committed to realize Brian's vision and honor his long commitment to the AMPRnet infrastructure and community, and to the Internet community. Brian stood at the intersection of both, and ARDC will continue to do the same. 73, Phil Karn, KA9Q ARDC President

4 years, 10 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net