22 Feb
2021
22 Feb
'21
2:02 a.m.
Le 17/02/2021 à 20:56, pete M via 44Net a écrit :
But that is not 44net.
Why ? 44Net will be what we want it to be :-)
44 net is a routable network and many ham want it to
be exposed to the whole internet so that the service they offer to the community can be
accessible and they deal with the auth at the service level. Like repeater linking voip
server, file server. Name it.
44net must be routable, that's obvious. Then, deciding what will be
exposed to public Internet and what will remain private is just a matter
of firewall rules.
The main thing about the amprnet is that we need to
offer it for all ham to use in an easy way. We need to have a way for people to join into
the adress space easily and reliably with enoug bandwith and low latency so that any
project can work on it. THEN people will start using it a lot more.
+1000 !!!
Could there be a way that we can have some block of 16
or 32 adress accessible from a simple wireguard link that would be created by a request to
the portal, and that block of adress be accessible only to 44 net or to the whole
internet.
In previous discussions, we agreed to split what we called "network" and
"Access" in two separate topics. Wiregard is an "Access" tool. It will
be handled at the country/regional gateway level.
I dont know if it is manageable or even doable. We
surely need more programmer and more network guru to come to that level of integration.
Our current iteration here in Corsica uses two separate subnets with
different network access policies :
- 44.190.11.0/24, which is fully routed on Internet, and is intended for
things that do require Internet access, such as Echolink, XLX, public
WEB, etc...
- 44.168.80.0/23, which is an internal, private network for hams, and
which is not reachable from public Internet
This allows for clear distinction about what is on Internet and what is
not, and it simplifies firewall policy management.
I don't know if it's the best way to do things. It's just a local
experiment, and an iterative attempt to find solutions to a problem :-)
Our gateway provides VPN for site-to-site, but also for remote users.
We're currently using both OpenVPN and Wireguard. So, YES, it's doable,
HI :-) Several of us are already doing that in various places of the
world. The main problem here is to define a common topology which will
be versatile enough to cover all possible user cases, while being quite
"standardized" all over the world, and easy to implement for local teams
/ application developers / repeater maintainers etc...
73 de TK1BI