I'm presently seeking recommendations for a consumer grade home router that
will work as both a vpn client and vpn server for PPTP, L2TP, OpenVPN, and
IPSEC protocols. support for plain GRE would be useful as well. the
router should be easy to configure with a fill in the boxes and check marks
type web interface. Ideally an unlimited number of VPN tunnels would be
supported along with support for RIP and OSPF. what does this list know of
that comes at least close to this?
Eric
AF6EP
I often experience relatively slow lookups of DNS records in .ampr.org and 44.in-addr.arpa.
Not every time, but lookup times of 2-3 seconds occur quite often, especially for the first one
in a series (the TTL in the zones is only an hour, so there is little caching).
44.in-addr.arpa also sometimes fail for existing hosts, to succeed when they are re-tried later.
Do other people see this? It looks like there are 7 DNS servers, which seems to be plenty.
Are they overloaded? Do we need or like to have more DNS servers? Should I volunteer
to provide one?
Or could there be another reason for this phenomenon?
Rob
What is the total monthly amount of traffic produced and responded to by
ALL hosts on 44/8? anyonh have a vague number for this? how much traffic
passes monthly through amprgw?
Eric
AF6EP
doing some testing here this morning and went to login to af6hf.ampr.org
and saw the following:
debian@arm:~$ telnet af6hf.ampr.org
Trying 92.242.140.21...
just curious what's going on here. can we now assign any ip addresses to
our delegated domain namespace? I had always thought that foo.ampr.org
would be placed in 44/8 ip space.
Eric
AF6EP
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> Re: [44net] VPN or Gatwaying without control of NAT router WAS: 44Net Digest, Vol 3, Issue 118
> From:
> Eric Fort <eric.fort(a)gmail.com>
> Date:
> 07/28/2014 06:16 AM
>
> To:
> AMPRNet working group <44net(a)hamradio.ucsd.edu>
>
>
> thanks geoff. I did login and look it up, then sent it on. looks
> like this subnet will finally be coming online..... even if packets
> need to route via romania on their way here! those in the us, really
> ought pitch in and find some isp willing to bgp announce for us in
> exchange for a moderate fee for hosting a vpn concentrator for the
> announced subnets. with the low expected traffic usage it "shouldn't"
> be that costly to do. anyone know a friendly us based isp?
Please note that there is no relation whatsoever between announcing via BGP and
offering an OpenVPN or other VPN access instead of IPIP tunnels.
Those are two completely ortogonal subjects. It is possible to setup an OpenVPN
or other VPN access on a gateway that is connected to others via IPIP tunnels, that
is what I have now. And it is possible to have a BGP announced gateway that does
not offer OpenVPN. And it is possible to combine the two.
You can setup an OpenVPN access system that operates as a normal IPIP gateway
on any of the low-cost virtual servers that you can get everywhere today. No need
for ISP cooperation or BGP routing. Just get a Linux virtual server, install a couple
of packages, configure them, and there you go.
Rob
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> Re: [44net] 44Net Digest, Vol 3, Issue 117
> From:
> Eric Fort <eric.fort(a)gmail.com>
> Date:
> 07/27/2014 06:49 AM
>
> To:
> AMPRNet working group <44net(a)hamradio.ucsd.edu>
>
>
> Rob,
>
> for the specific situation I'm in we ought chat. I do eventually want
> to set up my own 44net vpn hub.... but for the moment it would work
> just fine to have an ip out of finland or elsewhere. now if someone
> wanted to setup a vpn server host for various yet to be routed subnets
> that would be even cooler..... but yes, let's chat. a vpn connection
> to you would be most welcome.
>
> Thanks,
>
> Eric
Eric,
My VPN server is only configured for Dutch IP adresses, as I have configured it in such a
way that it can use existing allocated net-44 addresses, for which I am the coordinator for
44.137.0.0/16, and I am setting up a server for this network to be announced on BGP.
That is not finished (waiting for permission from the ISP and then from ARDC), but it
already operates as a gateway. On that machine I installed the OpenVPN server.
So it only works for existing adresses in the 44.137.0.0/16 network, that are not within
a subnet registered at the portal.
However, others have taken a different approach, they allocate new addresses from a
special subnet. I think the Finnish server does this as well.
Best would be if someone nearer to you provides this service, as this yields much better
performance.
Rob
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> Re: [44net] getting a debian wheezy host connected to 44net
> From:
> Eric Fort <eric.fort(a)gmail.com>
> Date:
> 07/26/2014 06:42 PM
>
> To:
> AMPRNet working group <44net(a)hamradio.ucsd.edu>
>
>
> ok it seems everyone is missing the point of the question here. see
> my threaded comments below:
>
> On Sat, Jul 26, 2014 at 3:41 AM, Marius Petrescu<marius(a)yo2loj.ro> wrote:
>> >(Please trim inclusions from previous messages)
>> >_______________________________________________
>> >Eric,
>> >
>> >Actually you can use any stateful VPN tunnel: OpenVPN, PPtP, L2TP, SSTP etc.
>> >OpenVPN is kind of complicated to set up (certifcates and other details).
>> >
>> >The idea is to initiate the connection from the dynamic IP to a static IP,
>> >and reconnect on IP change from the new dynamc IP.
>> >
>> >I personally favor PPtP or L2TP (optional with MPPE encryption), since this
>> >protocol is supported by almost any OS (Windows, Mac, Linux) and is light on
>> >the processor.
>> >
> yes I get that the tunnel type is mostly irrelevant and I'm pretty
> agnostic as to it's type as hey I could tunnel over dns, http, or even
> icmp if I had to. The question is tunnel to where? If I had a box
> somewhere with a static endpoint / static ip address a big part of
> this question would not be being asked and yes, I'd use it as a vpn
> server - problem solved. at present, I do not have that luxury.
>
> is there no possible way to connect hosts to amprnet that are behind a
> nat firewall router that has a dynamic public ip without the use of a
> (my own) vpn server with a static ip placed elsewhere?
>
> Eric
>
It depends on where you are and what kind of address you want to have.
Here in the Netherlands I have just setup an OpenVPN server that can be used for this
for addresses within 44.137.0.0/16. Anyone with such an address can just mail me and I'll
send them a certificate and example config file.
I plan to enable PPTP, L2TP/IPsec and IPsec as well as demand arises.
There is an OpenVPN service in Finland as well, see http://wiki.ampr.org/index.php/AMPRNet_VPN
I think they are open for registration from anywhere (not just Finland).
Of course best is when you start a server in your own area.
Rob
