Ciao Hessu,To answer shortly...a) Connecting via OpenVPN we permit to access to all of
44/8 amprnet, to all our "private" management network 10/8; we are vorking just
these days to publish to big Internet radioham services reaching CisarNet via OpenVPN,
using static 44.208/16 ip addresses directly routed to big Internet (under amprnet
agreement);b) More or less we are using the same verify procedure around amprnet...We
could not say that it is a strong authentication or biometrics solution, but it's
working ;-): are you interested on ?c) We are using 44.208/16 addresses also directly on
radio link, for radioham purpose but exposed on big Internet. In some case VPN links are
used to backup radio link (using OSPF routing protocol with different weighted routes),
and we are simply considering big Internet as Radio...so, same rules! Full compliance to
regulatories and amprnet policy.
Concluding, at the beginning we supported OpenVPN extension to try to find an easy
"workaround" when you have not radio connection to CisarNet/amprnet, nor a
public ip address for tunneling using ip2ip, but at the same time you'd like to
connect to CisarNet and/or amprnet. Now, in a classic solution, you have a main gateway
using OpenVPN client connect to CisarNet backbone, and your "local" ham wireless
network around you covering your near towns. In this way we consolidated new isolated
wireless radioham small networks, using ready-to-connect CisarNet ip addressing, rules,
services, and so on.
Ciao from Italy.
Thank you for this opportunity to "compare" different approach, I believe anyway
both of them are interesting.
IW0SAB Renzo.
I'm not sure if I understood right... just to check, are you allowing access to all of
44/8 amprnet via this VPN? Or just to your local 10.x network over there?
Are you giving VPN access to anyone with a common signed key? Do you somehow verify that
those users are amateurs, or can anyone download the key+certificate from somewhere?
Our regulations over here prevent us from using crypto on radio, which is good and fine.
The regulations don't prohibit using crypto on the Internet. The VPN provides strong
authentication, the encryption is a side-effect which does not really matter much to one
direction or the other. We need to do authentication and license verification to prevent
non-ham access to the radio channels - looking up from logs afterwards isn't of much
use.
- Hessu