Le 17/02/2021 à 20:56, pete M via 44Net a écrit :
But that is not 44net.
Why ? 44Net will be what we want it to be :-)
44 net is a routable network and many ham want it to be exposed to the whole internet so that the service they offer to the community can be accessible and they deal with the auth at the service level. Like repeater linking voip server, file server. Name it.
44net must be routable, that's obvious. Then, deciding what will be exposed to public Internet and what will remain private is just a matter of firewall rules.
The main thing about the amprnet is that we need to offer it for all ham to use in an easy way. We need to have a way for people to join into the adress space easily and reliably with enoug bandwith and low latency so that any project can work on it. THEN people will start using it a lot more.
+1000 !!!
Could there be a way that we can have some block of 16 or 32 adress accessible from a simple wireguard link that would be created by a request to the portal, and that block of adress be accessible only to 44 net or to the whole internet.
In previous discussions, we agreed to split what we called "network" and "Access" in two separate topics. Wiregard is an "Access" tool. It will be handled at the country/regional gateway level.
I dont know if it is manageable or even doable. We surely need more programmer and more network guru to come to that level of integration.
Our current iteration here in Corsica uses two separate subnets with different network access policies : - 44.190.11.0/24, which is fully routed on Internet, and is intended for things that do require Internet access, such as Echolink, XLX, public WEB, etc... - 44.168.80.0/23, which is an internal, private network for hams, and which is not reachable from public Internet This allows for clear distinction about what is on Internet and what is not, and it simplifies firewall policy management.
I don't know if it's the best way to do things. It's just a local experiment, and an iterative attempt to find solutions to a problem :-)
Our gateway provides VPN for site-to-site, but also for remote users. We're currently using both OpenVPN and Wireguard. So, YES, it's doable, HI :-) Several of us are already doing that in various places of the world. The main problem here is to define a common topology which will be versatile enough to cover all possible user cases, while being quite "standardized" all over the world, and easy to implement for local teams / application developers / repeater maintainers etc...
73 de TK1BI