Gents,
If we’re going to go with the shared VPN model, which is something I also do like, then we should do this properly, because personal non-transferable connections set-up per BGP announced router simply will be another historical mess.
Professional VPN solutions provide an application for the computer or the mobile phone where an exit through Net44 can be selected from a list of VPN endpoints. You can choose one exist node on-the-go to get a connection established from a pool. Then you disconnect and resources are freed. Easy. We should do something like that in order to take the most from the BGP announces we currently have.
Technologically speaking, we have all the necessary in server side (I know for sure I’m not the only one that it’s sharing full server configurations from GitHub), we lack the VPN application in client side. But this can be easily worked out in a reasonable amount of time.
My 2 cent. Best regards,
Vy73 de EA1HET, Jonathan 0x539C9FAF
Sent from my tablet/mobile. Please, excuse my brevity and the presence of typos.
El 22 jul 2019, a las 11:02, Antonios Chariton via 44Net 44net@mailman.ampr.org escribió:
Of course, I forgot to mention, I am able to allocate a /56 of IPv6, or a /48, or any other size from the same tunnel to that person, as well.. Usually a /56, with 256 /64 subnets is enough. This includes reverse zone forwarding for PTR records, with DNSSEC.
On 22 Jul 2019, at 11:58, Antonios Chariton daknob.mac@gmail.com wrote:
What I would do is the following:
Ask the IP space owner (person allocated to) to send an e-mail to Brian, requesting the block to be advertised over BGP (needs to be /24+, or collection of networks /24+) and Cc me in this e-mail. I reply with the ASN, route objects that need to be created, etc. Brian hopefully approves the request.
Afterwards, I advertise the /24 via BGP to the Internet.
Then, I arrange with the IP space owner how the space will be router to them. I can support OpenVPN, PPTP, L2TP, GRE, IPSec, etc.
We setup the tunnel (by any means, it does not matter), and then I add a static route for the /24 to the other ham’s router.
If they want to speak BGP, it is supported. However, I am only sending a default route, not the full table of course. If they do not speak BGP, they just add a default route to myself.
I am not adding any ACLs or firewalls to the traffic, it is being passed unfiltered.
On 22 Jul 2019, at 11:00, R P via 44Net 44net@mailman.ampr.org wrote:
How do i manage to get my allocated addresses from someone else VPN ? what about transferring a whole network block via a VPN server ? specially to a home which uses a dynamic IP ?
i dont know how it can be done outside of the main 44 Net router that currently route my allocation space and do IPIP to me ...
has anyone have solution for what i want to do ?
Regards Ronen - 4Z4ZQ
From: 44Net 44net-bounces+ronenp=hotmail.com@mailman.ampr.org on behalf of Brian Kantor via 44Net 44net@mailman.ampr.org Sent: Monday, July 22, 2019 12:29 AM To: Antonios Chariton Cc: Brian Kantor; AMPRNet working group Subject: Re: [44net] Adding VPN server at UCSD ?
There is the Services page on the wiki, which already lists a VPN provider. http://wiki.ampr.org/wiki/Services
That might do as a start.
- BrianOn Mon, Jul 22, 2019 at 10:14:54AM +0300, Antonios Chariton wrote:
Maybe we should coordinate a list of hams that provide VPN / tunnels from their BGP setup to fellow hams including a location, etc.
For example, I am able and willing to provide such service, however there hasn’t been any place I can really publish that information.
There can be tens or hundreds of others, and we may never know..
Antonis
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net