Subject: Re: [44net] easy amprnet attachemet and connection - seeking peers for cost sharing From: Eric Fort eric.fort@gmail.com Date: 05/13/2015 05:40 AM
To: AMPRNet working group 44net@hamradio.ucsd.edu
there are 2 problems here which I'm working to address. The first being that even though ipip tunneling is defined via rfc it's still relitively nonstandard and I can't think of anywhere other than amateur radio / 44net where it is used, much less used widely. It's also not generally handeled well by many consumer grade household nat routers. I can't go to the web interface on my cheapo whatever name consumer router and set up the tunnel(s) I need to import a link to amprnet. If Tunnels are done with something like IPSec, PPTP, or OpenVPN it's much better supported and is easier to setup. the edge connections can simply establish their link(s) to one or more hubs with known static IP, be assigned/connected to a netblock, and be in business just by using their basic consumer grade router and no other fancy or overly technical setup.
Eric AF6EP
True. We already offer OpenVPN and IPsec VPN connection to our BGP routed gateway in Amsterdam, the Netherlands (44.137.0.0/16). (and IPIP of course) Indeed it makes entry a lot easier for those on the typical internet connection with NAT and maybe not a fixed address (although that is not really a problem here)
What VPN protocols do you want to offer? I am considering adding support for OpenConnect (an open implementation of Cisco AnyConnect SSL VPN). That could even replace OpenVPN on the long run (I am not very happy with some aspects of it).
Do you offer connections from your VPN users to non-44 Internet addresses and back? (this makes it more tricky and error-prone for users to configure their side, as they will need some form of policy routing that is not always available or easy to setup)
Rob