44net

44net@mailman.ampr.org

1 participants
3179 discussions

by kb9mwr＠gmail.com

bryan at bryanfields.net wrote: >I'd ask, why only one gateway to 44/8? Why not setup some tunnel/peering >points globally? That is a plan. There just needs to be some folks to step forward to make it happen. Until recently, there wasn't a formal way to seek permission from ARDC to have the high level BGP routing changed to support this. I have been curious since ARDC announced that option, how many/which local subnets are not being announced locally. Maybe Brian Kantor can chime in on that. Steve

11 years, 10 months

Re: [44net] Cisco/juniper configs?

by Bryan Fields

Awesome, please send me the script. Ill have time tear into it this weekend. As for hardware, I'll bet testing on a 2800 series with 1gb of ram. Jason R Begley <jayray(a)digitalgoat.com> wrote: >(Please trim inclusions from previous messages) >_______________________________________________ >With regard to using Cisco routers for integration into the AMPRNET, if > >you are going to load full tunnels be ready to throw some descent >hardware at the task. The first issue is the config length, you need >config compression on and no less than a 2600 due to nvram size. The >other issue is number of interfaces, you also need at least a 2600 to >configure the number of tunnels needed to be fully meshed. I am >currently running a 2651xm and it does an ok job. Let me know if you >are >interested in a script to convert the encap.txt into a loadable config. >73, >Jason KY9J >_________________________________________ >44Net mailing list >44Net(a)hamradio.ucsd.edu >http://hamradio.ucsd.edu/mailman/listinfo/44net >http://www.ampr.org/donate.html -- Bryan Fields 727-409-1194 http://bryanfields.net

11 years, 10 months

Re: [44net] Cisco/juniper configs?

by Bryan Fields

On 6/17/13 2:04 AM, kb9mwr(a)gmail.com wrote: > > Many gateway opperators only allow inbound 44-net IP addresses. > > Maintain a local route table alleviates bandwith issues at ucsd, and > the single point of failure. Thanks, this is good info. I think I can change the "munge" script to generate a working 44/net config. Cisco/etc is going to need a tunnel interface for each destination, but I think it will work. Perhaps a template interface might be the best way. I'll post my results back here. I'd ask, why only one gateway to 44/8? Why not setup some tunnel/peering points globally? -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

11 years, 10 months

Re: [44net] Cisco/juniper configs?

by kb9mwr＠gmail.com

Bryan, I have some archived resources here: http://www.qsl.net/kb9mwr//wapr/tcpip/index.html --- But if I can reach all of 44/8 via ucsd via the internet, why bother with tunnels in the first place? -- Many gateway opperators only allow inbound 44-net IP addresses. Maintain a local route table alleviates bandwith issues at ucsd, and the single point of failure.

11 years, 10 months

Re: [44net] Cisco/juniper configs?

by Bryan Fields

On 6/17/13 1:53 AM, C.J. Adams-Collier KF7BMP wrote: > If you decided to go this way, you could use a perl script with Net::SSH > to update the router's config. At least with IOS. I'm not familiar > with JunOS. Yea, I was thinking this. I have RANCID running on all the routers now, so it's trivial to get it to push configs out once a day or so. But if I can reach all of 44/8 via ucsd via the internet, why bother with tunnels in the first place? -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

11 years, 10 months

Re: [44net] Cisco/juniper configs?

by Bryan Fields

On 6/17/13 1:25 AM, Heikki Hannikainen wrote: > It's intended to be totally separate, but there's a single gateway in > the US announcing all of 44/8 and relaying packets from the Internet > to amprnet hosts which have an ampr.org DNS entry in place. Also, a > few local subnets are announced locally by the gateways using BGP, > after signing the TOS (http://www.ampr.org/tos.txt) and obtaining > permission documents from ARDC. > > Upstream amprnet->internet packets should be routed, if possible, from > the local gateway directly to the Internet, but ISP anti-spoofing > filters / uRPF typically prohibit it these days (which is a very good > thing in the botnet/DDOS respect). Unless, of course, you've arranged > a BGP peering and announcing the subnet yourself, in which case you > can send packets out from that subnet. My intention was just to use a VRF on my main colo router for the 44net space, and keep it separate from everything else. I'm routing this over a tunnel back to my home and from there out to my wireless links. Right now I have 5 links all running with 172.17/16 space and thought it would be cool to link it all with "real" IP's. So for the exception of the 44/net space directly announced, can everything be reached via the gateway at ucsd? Does this gateway have tunnels to the rest of the network behind it? -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

11 years, 10 months

CentOS 5-Baycom-Card I/O Help please

by Janusz Przybylski SP1LOP

POL: Potrzebuje pomocy. Jak modem podłączę pod ttyS0 (iobase 3f8 irq 4) na płycie głównej modem działa idealnie nadaje i odbiera. A jak podłączę go do ttyS1 (iobase 2400 irq 177) na karcie I/O to tylko odbiera nie chce nadawać ENG: I need help. How do I plug the modem into ttyS0 (iobase 3f8 irq 4) on the main board modem works perfectly transmits and receives. And when I connect it to ttyS1 (iobase 2400 irq 177) on the I/O just does not want to give answers ------ POL: Mam komputer z 2 modemami Baycom Linux CentOS 5, Kernel 2.6.18-274.18.1.el5ax25.2, używam sterownik: baycom_ser_fdx ENG: I have a computer with two modems Baycom Linux CentOS 5 Kernel 2.6.18-274.18.1.el5ax25.2, I use the driver: baycom_ser_fdx ------ POL: Używam modemów Baycom, podłączone do karty I/O PCI Modemy tylko odbierają (Rx) ale nie nadają (not Tx) ENG: I use Baycom modems, connected to the I/O PCI Modems only receive (Rx), but does not transmit (Tx not) ------ POL: A to konfiguracja karty I/O z komendy: lspci -vvv ENG: And this is the configuration I/O card with the command: lspci-vvv Serial controller: Device 4348:3253 (rev 10) (prog-if 02 [16550]) Subsystem: Device 4348:3253 Control: I/O+ Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Interrupt: pin A routed to IRQ 177 Region 0: I/O ports at 2400 [size=8] Region 1: I/O ports at 2000 [size=8] Kernel driver in use: serial ------ ttyS0, iobase: 0x03f8, irq: 4 (mainboard) ttyS1, iobase: 0x2400, irq: 177 (Card I/O) ttyS2, iobase: 0x2000, irq: 177 (Card I/O) ------ baycom_ser_fdx: version 0.10 compiled hdlcdrv: version 0.8 compiled POL: Może ktoś mi powie dlaczego na ttyS0 działa idealnie a na karcie I/O tylko odbiera .... Gdzie mam błąd. Może w baycom_ser_fdx.c ??? ENG: Can someone tell me why the ttyS0 works perfectly and on the I/O only .... Where do I receive an error. Maybe baycom_ser_fdx.c??? -- 73 de Janusz / SP1LOP ===== Janusz J. Przybylski, SP1LOP ================== Poland AMPRNet Co-ordinator [44.165/16] from Mar 2003 =====================================================

11 years, 10 months

VPN access to AMPRNet using amateur X.509 certificates

by Heikki Hannikainen

Hi, The AMPRNet might be more useful if it had: (1) more services which would be interesting to hams (2) more access to the AMPRNet Tonight I tried to attack (2) a bit. Access to the AMPRNet over the Internet could maybe be made easier to hams by allowing them to connect over VPNs instead of setting up their own IPIP tunnels at home, or trying to find a working radio gateway. After getting a VPN running it might be easier for them to set up a radio gateway, or some services. As discussed on the other mailing list, VPNs are easier to get up on NATed residential networks than IPIP tunnels. Setting up VPN user accounts and maintaining them can be a pain. It doesn't take a lot of weekly or monthly maintenance work to run a VPN service, but it can be a major pain to manage an user account database for thousands of hams and check if your users around the Internet are, in fact, licensed. It turns out that ARRL's Logbook of the World has already given out cryptographic X.509 certificates to 57334 amateur users, after verifying their license status against the FCC database (they send a postcard with a random token code to the FCC-listed snail-mail address to make sure they give the certificate to the right guy) or after looking at a paper photocopy of a license + a photo ID. I had to physically mail in a photo of my ham license and my driver's license and wait a couple weeks to get the cert. If they can get 50k contesters and DXers to work with certificates, maybe certs can work for the AMPRnet, too. Technically, we can validate if a VPN user is in possession of one of those certificates and the respective private key. Politically, K4JH asked the ARRL guys, and they said that they don't mind if we use them for other ham authentication needs. We can start accepting other CAs too once they come around. I plan to help SRAL, the Finnish amateur radio union, to set up a CA within their web site (they already have user accounts for members). I know ARRL isn't for everyone, but smaller clubs could set up CAs too, or even commercial entities - as long as we trust them to do the license validation in a proper manner. Tonight I hacked up an OpenVPN setup which authenticates users with LoTW certs, and wrote a little documentation: http://wiki.ampr.org/index.php/AMPRNet_VPN What do you think? Technically, it seems to work - try it out if you like. It's not very straightforward to set up, but the license validation is pretty strong, and running the service shouldn't be a lot of work. There can be many VPN servers around the world, serving the whole customer base (VPN servers do not need access to any central user database, they just need the certificates of the trusted CAs). With a little Dynamic DNS magic, you could get a oh7lzb.vpn.ampr.org hostname on DNS within a few seconds after connecting (I've got code for that in another project). (Yes, eventually certificates need to be revoked after they accidentally get into wrong hands, or ham licenses are revoked. Technically that can be done using CRLs and/or OCSP, but ARRL apparently does not do those yet. Maybe they will, if the need arises. We can also set up a blocked certificates list of our own.) - Hessu, OH7LZB

11 years, 10 months

Fwd: JNOS / RIP

by kd6oat

It's been a while since I encountered this problem I have forgotten the fix. My JNOS has stopped populating routes broadcast by the rip server. I've verified that I am receiving the broadcasts through tun0 and there have been no changes to my autoexec.nos file in a long time. I think routing via rip stopped sometime within the past few days. Any ideas ? tx ~Ken

11 years, 10 months

[newbie] So I'm all connected...

by Matt Grice

...I have my machine all set up to route packets through my local gateway(I was originally going to tinker with high speed mesh networks but an equipment supplier let me down) and I got thinking: what kind of services are intended to run over the new improved 44net? I've being lurking, and I see are discussions on VPNs, routing and stuff but nothing higher up the stack. Web servers? Twitter-like services? Bulletin boards? POP3? What can we *do* with it? Please forgive me for asking this question! I get the feeling everyone else is up to speed except me! 73 de Matt M0ZAI

11 years, 10 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net