44net

44net@mailman.ampr.org

3194 discussions

Re: [44net] Cisco/juniper configs?
by Bryan Fields 17 Jun '13

17 Jun '13

On 6/17/13 1:25 AM, Heikki Hannikainen wrote: > It's intended to be totally separate, but there's a single gateway in > the US announcing all of 44/8 and relaying packets from the Internet > to amprnet hosts which have an ampr.org DNS entry in place. Also, a > few local subnets are announced locally by the gateways using BGP, > after signing the TOS (http://www.ampr.org/tos.txt) and obtaining > permission documents from ARDC. > > Upstream amprnet->internet packets should be routed, if possible, from > the local gateway directly to the Internet, but ISP anti-spoofing > filters / uRPF typically prohibit it these days (which is a very good > thing in the botnet/DDOS respect). Unless, of course, you've arranged > a BGP peering and announcing the subnet yourself, in which case you > can send packets out from that subnet. My intention was just to use a VRF on my main colo router for the 44net space, and keep it separate from everything else. I'm routing this over a tunnel back to my home and from there out to my wireless links. Right now I have 5 links all running with 172.17/16 space and thought it would be cool to link it all with "real" IP's. So for the exception of the 44/net space directly announced, can everything be reached via the gateway at ucsd? Does this gateway have tunnels to the rest of the network behind it? -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

1 0

CentOS 5-Baycom-Card I/O Help please
by Janusz Przybylski SP1LOP 09 Jun '13

09 Jun '13

POL: Potrzebuje pomocy. Jak modem podłączę pod ttyS0 (iobase 3f8 irq 4) na płycie głównej modem działa idealnie nadaje i odbiera. A jak podłączę go do ttyS1 (iobase 2400 irq 177) na karcie I/O to tylko odbiera nie chce nadawać ENG: I need help. How do I plug the modem into ttyS0 (iobase 3f8 irq 4) on the main board modem works perfectly transmits and receives. And when I connect it to ttyS1 (iobase 2400 irq 177) on the I/O just does not want to give answers ------ POL: Mam komputer z 2 modemami Baycom Linux CentOS 5, Kernel 2.6.18-274.18.1.el5ax25.2, używam sterownik: baycom_ser_fdx ENG: I have a computer with two modems Baycom Linux CentOS 5 Kernel 2.6.18-274.18.1.el5ax25.2, I use the driver: baycom_ser_fdx ------ POL: Używam modemów Baycom, podłączone do karty I/O PCI Modemy tylko odbierają (Rx) ale nie nadają (not Tx) ENG: I use Baycom modems, connected to the I/O PCI Modems only receive (Rx), but does not transmit (Tx not) ------ POL: A to konfiguracja karty I/O z komendy: lspci -vvv ENG: And this is the configuration I/O card with the command: lspci-vvv Serial controller: Device 4348:3253 (rev 10) (prog-if 02 [16550]) Subsystem: Device 4348:3253 Control: I/O+ Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Interrupt: pin A routed to IRQ 177 Region 0: I/O ports at 2400 [size=8] Region 1: I/O ports at 2000 [size=8] Kernel driver in use: serial ------ ttyS0, iobase: 0x03f8, irq: 4 (mainboard) ttyS1, iobase: 0x2400, irq: 177 (Card I/O) ttyS2, iobase: 0x2000, irq: 177 (Card I/O) ------ baycom_ser_fdx: version 0.10 compiled hdlcdrv: version 0.8 compiled POL: Może ktoś mi powie dlaczego na ttyS0 działa idealnie a na karcie I/O tylko odbiera .... Gdzie mam błąd. Może w baycom_ser_fdx.c ??? ENG: Can someone tell me why the ttyS0 works perfectly and on the I/O only .... Where do I receive an error. Maybe baycom_ser_fdx.c??? -- 73 de Janusz / SP1LOP ===== Janusz J. Przybylski, SP1LOP ================== Poland AMPRNet Co-ordinator [44.165/16] from Mar 2003 =====================================================

3 4

VPN access to AMPRNet using amateur X.509 certificates
by Heikki Hannikainen 07 Jun '13

07 Jun '13

Hi, The AMPRNet might be more useful if it had: (1) more services which would be interesting to hams (2) more access to the AMPRNet Tonight I tried to attack (2) a bit. Access to the AMPRNet over the Internet could maybe be made easier to hams by allowing them to connect over VPNs instead of setting up their own IPIP tunnels at home, or trying to find a working radio gateway. After getting a VPN running it might be easier for them to set up a radio gateway, or some services. As discussed on the other mailing list, VPNs are easier to get up on NATed residential networks than IPIP tunnels. Setting up VPN user accounts and maintaining them can be a pain. It doesn't take a lot of weekly or monthly maintenance work to run a VPN service, but it can be a major pain to manage an user account database for thousands of hams and check if your users around the Internet are, in fact, licensed. It turns out that ARRL's Logbook of the World has already given out cryptographic X.509 certificates to 57334 amateur users, after verifying their license status against the FCC database (they send a postcard with a random token code to the FCC-listed snail-mail address to make sure they give the certificate to the right guy) or after looking at a paper photocopy of a license + a photo ID. I had to physically mail in a photo of my ham license and my driver's license and wait a couple weeks to get the cert. If they can get 50k contesters and DXers to work with certificates, maybe certs can work for the AMPRnet, too. Technically, we can validate if a VPN user is in possession of one of those certificates and the respective private key. Politically, K4JH asked the ARRL guys, and they said that they don't mind if we use them for other ham authentication needs. We can start accepting other CAs too once they come around. I plan to help SRAL, the Finnish amateur radio union, to set up a CA within their web site (they already have user accounts for members). I know ARRL isn't for everyone, but smaller clubs could set up CAs too, or even commercial entities - as long as we trust them to do the license validation in a proper manner. Tonight I hacked up an OpenVPN setup which authenticates users with LoTW certs, and wrote a little documentation: http://wiki.ampr.org/index.php/AMPRNet_VPN What do you think? Technically, it seems to work - try it out if you like. It's not very straightforward to set up, but the license validation is pretty strong, and running the service shouldn't be a lot of work. There can be many VPN servers around the world, serving the whole customer base (VPN servers do not need access to any central user database, they just need the certificates of the trusted CAs). With a little Dynamic DNS magic, you could get a oh7lzb.vpn.ampr.org hostname on DNS within a few seconds after connecting (I've got code for that in another project). (Yes, eventually certificates need to be revoked after they accidentally get into wrong hands, or ham licenses are revoked. Technically that can be done using CRLs and/or OCSP, but ARRL apparently does not do those yet. Maybe they will, if the need arises. We can also set up a blocked certificates list of our own.) - Hessu, OH7LZB

5 5

Fwd: JNOS / RIP
by kd6oat 31 May '13

31 May '13

It's been a while since I encountered this problem I have forgotten the fix. My JNOS has stopped populating routes broadcast by the rip server. I've verified that I am receiving the broadcasts through tun0 and there have been no changes to my autoexec.nos file in a long time. I think routing via rip stopped sometime within the past few days. Any ideas ? tx ~Ken

2 2

[newbie] So I'm all connected...
by Matt Grice 28 May '13

28 May '13

...I have my machine all set up to route packets through my local gateway(I was originally going to tinker with high speed mesh networks but an equipment supplier let me down) and I got thinking: what kind of services are intended to run over the new improved 44net? I've being lurking, and I see are discussions on VPNs, routing and stuff but nothing higher up the stack. Web servers? Twitter-like services? Bulletin boards? POP3? What can we *do* with it? Please forgive me for asking this question! I get the feeling everyone else is up to speed except me! 73 de Matt M0ZAI

2 1

Re: [44net] dd-wrt and ipip
by kb9mwr＠gmail.com 20 May '13

20 May '13

I am using the standard, gateway mode. I assume yours is set to Router?

1 0

dd-wrt and ipip
by kb9mwr＠gmail.com 19 May '13

19 May '13

Well I don't know what to tell you. I should really try DD-WRT on other hardware to see if it behaves differently (I can't imagine so) I have the standard dd-wrt build, Firmware: DD-WRT v24-sp2 (08/07/10) std on a Ubiquiti Router Station pro. With two terminals open on my linux server, one running rip44d -v and the other running tcpdump, and an entry in the portal, I see nothing. Shortly after I enable DMZ, set to 192.168.1.100 (my linux servers inside address) I see them. I logged into the DD-WRT terminal and ran iptables -L, before and after enabling DMZ in the GUI to see what it changes. the magic appears to be this line: target prot opt source destination ACCEPT 0 -- anywhere 192.168.1.100 This is under the Chain FORWARD (policy ACCEPT) That line is absent without DMZ enabled. I have no rules that specify a broadcast address. That is really the only way I can imagine IPIP reaching a machine on the inside of a network, without a specific forwarding rule directing it to a specific inside IP address. Lynwood, could you share a dump of your iptables -L (sanitize as needed) Curiosity has the best of me at this point. Steve, KB9MWR

1 0

(no subject)
by kb9mwr＠gmail.com 18 May '13

18 May '13

Lynwood, Thanks for the info. It must have something to do with the mega version of DD-WRT that you are using. I am using the standard version, and it does not pass, even with the VPN passthough options enabled. I see the mega version has IPV6 support. Since that is usually tunneled, I suspect that is what makes it work for you. - Question for anyone. Is there anyway to use the ampr.org name service as a dynamic dns? For my IPIP gateway, and other ham radio related things, I have have been using dyn.com to provide a dynamic dns name. With the new http://dyn.com update policy,, makes me think the ham community could use a dynamic dns of their own.. anyone?

1 0

Mikrotik and NET44
by Claudio Chicon 18 May '13

18 May '13

Hello good evening Would you like to receive examples of configuration of network mikrotik to 44 73/s Claudio PY3NZ

2 1

(no subject)
by kb9mwr＠gmail.com 17 May '13

17 May '13

Lynwood, Please tell me more about your version of DD-WRT. I have: Firmware: DD-WRT v24-sp2 (08/07/10) std, and it does not pass IPIP rip packets, unless I enable DMZ. ------Clip---- It's noted that IPIP does not traverse firewalls, that is not the case with me, as I am traversing two firewalls to reach my Gateway server, both devices using using DD-WRT, and it appears to broadcast any packet that is not UDP or TCP. ......

1 0

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net