Re: [44net] OpenVPN or *VPN

Lin, This is how it works right now. The gateway for the whole 44.0.0.0/8 network is amprgw. So any traffic directed to a 44 address from the public internet goes via amprgw. In turn, the amprgw looks up the requested address in its routing tables and tunnels the request to the proper tunnel endpoint. For a 44 host to be reachable from the internet, its IP and tunnel endpoint has to be known by amprgw, meaning that unregistered hosts or subnets are not accessible. Amprgw does not filter traffic, at least not to my knowledge. It is the responsibility of the host owner to do that filtering. The other way around, forwarding traffic from a 44 island to the public internet is again the decision of the systems owner and has to be done via its public gateway, not amprgw. And in this case, being NATed, the traffic has nothing to do with amprgw and shows up in the internet as regular traffic. And as long it is wired, it does not conflict with any ham policies. What is happening "on the air" is the responsibility of each user. So, if you want to put a up whatever server you like using 44 addresses, the only way to be accessible from the internet (at least at the moment) is via amprgw, and this is done via tunnels. There is no workaround at this time, and this is basically what the whole AS and BGP discussion in the last months is all about. If you use 44 addresses without tunneling or private addresses (10, 192.168 et.al.) for your servers it is basically just the same thing. There will be no access from the internet unless you do some forwarding. So no one restricts your right to use this space, but for public internet access you have to join the tunnel project or rely to the same means as in case of using private addresses. YO2LOJ From: 44net-bounces+marius=yo2loj.ro(a)hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Lin Holcomb Sent: Saturday, June 09, 2012 17:26 To: AMPRNet working group Subject: Re: [44net] OpenVPN or *VPN Marius, I understand that under you system a person on the radio side can reach assets on the internet, but a person on the internet cannont see or use assets on the radio side unless they route thru microshades (which blocks this trafic) BTW WD4DSY did have a webserver on his address running over a 56K link back in the day. ?Brian how did this work? We want to use 44 space for Dstar, IRLP servers, Club Webservers, Weather nodes, APRS gateways and what ever someone dreams up. Yes I know these could use other means such as 10space or other public IPs, but I am a ham the 44 net is assigned to ham radio use and our projects have just as much of a right to use it as your tunneling project. Lin