I am starting to hear from folks in my area that we are starting to
allocate IPV6 addresses? From what I have read on the reflector that is
not true. There were some testing from limited folks, but that is all.
As far as I can tell there is really no need to start issuing IPv6
addresses since we have not dish out all of the current available IPv4
addresses.
K6DLC
--
Daniel Curry
IPV6 Sage Certified
PGP: AD5A 96DC 7556 A020 B8E7 0E4D 5D5E 9BA5 C83E 8C92
San Francisco/Silicon Valley AmprNet Co-coordinator [44.4.0.0/16]
I need some help with where to download jnos from. Seems all the websites
I find to download JNOS are offline.
I have Debian loaded on computer and working, but JNOS software is eluding
me.
Thanks & 73s
--
Leo Salas
PO Box 6103
Paris, TX 75461-6103
972-510-5157
n5jep1(a)gmail.com
Hey all I have to older but still working fine still.
These devices have been upgraded to Advanced edition and will support 500 IPSEC tunnels each
They do BGP, OSPF, RIP, GRE Tunnels etc.
I was thinking with all of the VPN talk on here do we want to use these to setup either 2 highly available IPSEC termination point or 2 one in NA and 1 in Europe so that we have to concentration points.
If anyone has a 1 or 2 U rack space in a data center which can host these devices please let me know and we can try and set something up.
Note Devices cost 0$
http://n1uro.ampr.org/cgi-bin/safe-config.cgi will set up a *very* basic
system for amprnet ipencap routing pending you have a tunnel interface
already configured.
Field 1: 169.228.66.251 <- ucsd
Field 2: 44.0.0.1 <- ucsd
Field 3: 44.x.x.x <- your amprnet gw IP
Field 4: eth0/wlan0/wifi0/etc
The rest gives you basic IPTable rules to allow IPEncap and ax25 frames
through your firewall, route rules, and a basic route table. Load your
favorite ripv2-daemon and configure it to populate "table 1" and you'll
be off and running within the first rip broadcast (faster if you run the
munge script - no need to wait for a broadcast).
Mine looks exactly as the cgi prints:
Add this to your rc.local, or whatever init script you wish to make:
# allow IPEncapsulation and ax25 frames to gate through...
iptables -I INPUT 1 -j ACCEPT --proto 4
iptables -I INPUT 1 -j ACCEPT --proto 93
iptables -I OUTPUT 1 -j ACCEPT --proto 4
iptables -I OUTPUT 1 -j ACCEPT --proto 93
iptables -I FORWARD 1 -j ACCEPT --proto 4
iptables -I FORWARD 1 -j ACCEPT --proto 93
# Create a policy to encap forward to your host...
ip rule add from 44/8 pref 1 table 1
ip rule add to 44/8 pref 1 table 1
# Now let's set the routing accordingly...
ip route add 44/8 via 169.228.66.251 dev tunl0 onlink src 44.88.0.9
table 1
ip route add default via 169.228.66.251 dev tunl0 onlink table 1
*Whether or not you're SAFed (source address filtered) this should work
for you.
--
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Massachusetts, New Hampshire,
Pennsylvania, Rhode Island,
and Vermont.
So how are people dealing with running BGP over home class internet service?
With ISPs becoming more and more restrictive, I can't see any ISP in the US
allowing this. While not 100% sure, I believe running BGP would be in
violation of the garden variety usage agreement that is tailored towards
"home use" and prohibits any service that falls into the business class
traffic. Also, how does BGP interoperate with the current default route of
non 44 op to mirrorshades? Did Brian remove any BGP advertised subdomain
from the default route?
Assi KK7KX/4X1KX
(www.kiloxray.com)
-----Original Message-----
>
> I don't agree with that.
> People who want to experiment with BGP are free and welcome to do
> that, but there is no and there should not be any "deprecating IPIP
> tunnels".
> Subject:
> Re: [44net] amprnet routing made simple
> From:
> K7VE - John <k7ve(a)k7ve.org>
> Date:
> 09/06/2013 06:58 PM
>
> To:
> n1uro(a)n1uro.ampr.org, AMPRNet working group <44net(a)hamradio.ucsd.edu>
>
>
> This may be a stop gap for low traffic sites, but I think the goal is to
> avoid sending everything through 44.0.0.1.
This solution is not sending "everything through 44.0.0.1"
Only traffic incoming from non-44 internet addresses to your net-44 station is replied via that path.
All other traffic is going via direct tunnels.
> We should be working toward deprecating hacked solutions, like the IPIP
> tunnel set.
I don't agree with that.
People who want to experiment with BGP are free and welcome to do that, but there is no and
there should not be any "deprecating IPIP tunnels".
Rob
Hi all,
Firstly, if this has been done to death before please forgive me. I could
not find anything in the archive.
Secondly, I have noticed an "issue" with the routing and encap within JNOS.
It would seem that if a 44 station tries to contact me all works fine. For
example I can communicate with N2NOV and GB7CIP exactly how you would
expect.
However, if a "public" address contacts me, I get their connect requests in
encap format via uscd but then I send them my response directly rather than
back the same way it came.
This means that there can be no public access to my system via the Internet.
What have I missed? JNOS will not allow me to set the default route via
encap/uscd and I don't really want to send all my traffic (eg DNS lookups)
via there anyway. How can I respond to connections in the same way that I
received them?
Thinking about it, it makes sense that JNOS replies directly. Once it
unpacks the packet and discovers an encap'd one inside it will work on that
one exclusively.
Thanks
Mark
I am interested in something simple. I am not interested in creating a
Linux box to do my routing, as I see no need for it. It's almost worse than
having a network that is vendor specific!! I don't tell you how to run your
internet.. you don't tell me what router I have to use.
I use Mikrotik for my edge technology, just because it's what I am familiar
with. For me it's easy enough. I am interested in creating some links with
others, hopefully in the NW towards the Seattle area. I have my own system
design that I am planning on implementing starting early this fall. I have
no interest however in trying to use some script (nice work on it though..)
to make it work, but would rather have some common assembly of networks
that can connect to each other. Unfortunatley, until this is done in a
large enough fashion, it looks like i am talking static routes to and from
some other networks.
My intention is not to rock the boat of what has been done here, but it
seem like there is little direction of how the network is assembled and
coming to a common point of presence. until one person or gorup comes up
and offers some stability of how to route the network accordingly, I fear
my use of AMPR is only for some of it's tunneling ability with the use of
our 44/8 addressing. I had no intentions of it before, so if I end up not
using them later, now loss on my end.
Let me know if anyone is interested in creating some more static links, and
/ or trying to do some sort of edge router that can have an open
communications standard, and not a customized (could otherwise spelled
proprietary) protocol in the middle.
Thanks to you all and have a great day!
--
Rod Ekholm
KC7AAD
kc7aad(a)gmail.com
Spokane, WA
(509) 435-3400