44net-request@hamradio.ucsd.edu wrote:
Subject: Re: [44net] getting a debian wheezy host connected to 44net From: Eric Fort eric.fort@gmail.com Date: 07/26/2014 06:42 PM
To: AMPRNet working group 44net@hamradio.ucsd.edu
ok it seems everyone is missing the point of the question here. see my threaded comments below:
On Sat, Jul 26, 2014 at 3:41 AM, Marius Petrescumarius@yo2loj.ro wrote:
(Please trim inclusions from previous messages) _______________________________________________ Eric,
Actually you can use any stateful VPN tunnel: OpenVPN, PPtP, L2TP, SSTP etc. OpenVPN is kind of complicated to set up (certifcates and other details).
The idea is to initiate the connection from the dynamic IP to a static IP, and reconnect on IP change from the new dynamc IP.
I personally favor PPtP or L2TP (optional with MPPE encryption), since this protocol is supported by almost any OS (Windows, Mac, Linux) and is light on the processor.
yes I get that the tunnel type is mostly irrelevant and I'm pretty agnostic as to it's type as hey I could tunnel over dns, http, or even icmp if I had to. The question is tunnel to where? If I had a box somewhere with a static endpoint / static ip address a big part of this question would not be being asked and yes, I'd use it as a vpn server - problem solved. at present, I do not have that luxury.
is there no possible way to connect hosts to amprnet that are behind a nat firewall router that has a dynamic public ip without the use of a (my own) vpn server with a static ip placed elsewhere?
Eric
It depends on where you are and what kind of address you want to have. Here in the Netherlands I have just setup an OpenVPN server that can be used for this for addresses within 44.137.0.0/16. Anyone with such an address can just mail me and I'll send them a certificate and example config file.
I plan to enable PPTP, L2TP/IPsec and IPsec as well as demand arises.
There is an OpenVPN service in Finland as well, see http://wiki.ampr.org/index.php/AMPRNet_VPN I think they are open for registration from anywhere (not just Finland).
Of course best is when you start a server in your own area.
Rob