Hi Eric,
I've done a lot of work making openwrt based hotspot networks in the past. ddwrt is useful, but there's a couple of issues that come to mind.
Firstly with ddwrt using openvpn you'd have to make changes to mirrorshades to support openvpn and do you really need the overhead of encryption?
Secondly with ddwrt the ability to tune to the ham band is only possible by using a paid for version that has 'superchannel' functionality.
It should be fairly simple to create an openwrt image that sets up an unencrypted tunnel to mirrorshades, however I've never toyed with setting odd frequencies on them. Also given that you wouldn't have unused packages installed you could use the space to install something amateur radio related.
Finally how would you stop non-ham access?
-Max G7UOZ.
On Thu, 2012-06-07 at 12:00 -0700, 44net-request@hamradio.ucsd.edu wrote:
Has anyone used ddwrt, especially the vpn version to setup a tunnel to ucsd
then run rip to get routing announcements? just sounds like a neat low cost way to get a gateway running. This would be trivial if one could run openvpn to mirrorshades.
Eric AF6EP
Answers threaded below:
On Thu, Jun 7, 2012 at 12:51 PM, Max Lock max@technoghetto.net wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hi Eric,
I've done a lot of work making openwrt based hotspot networks in the past. ddwrt is useful, but there's a couple of issues that come to mind.
Firstly with ddwrt using openvpn you'd have to make changes to mirrorshades to support openvpn and do you really need the overhead of encryption?
the mention of using openvpn was mostly intended as a nudge. While IPIP seems to be the defacto standard for amprnet tunneling, it's about the only place I've seen it used much. The tools for tunnels/vpn links are out there but something such as openvpn is much more widely supported than ipip.... now before all those still running nos scream - the whole intent of running such a device is at your network edge. such a device ELIMINATES the need for any tunnels within the local network as the local network just simply becomes a /xx of net 44. in the cases that we tunnel, especially when one has dedicated and easily managed hardware a group of widely supported tunneling (or vpn protocols) ought be employed. the suggestion of open vpn in this case is simply because it's already there in ddwrt-vpn builds, ipip is not (exactly).
Secondly with ddwrt the ability to tune to the ham band is only possible by using a paid for version that has 'superchannel' functionality.
This tuning functionality I believe is somewhat chipset dependent but no matter as my intent with the rf part of most boxes on which this runs is not to run 44net over the wireless interface provided on the box. most of the wifi radios on this consumer hardware are subpar anyway. note this is intended as an edge device that connects to one's broadband modem and provides the house network as it always has and the 44net /xx lan on a seperate vlan'd switch port. from there I'd attach servers and carrier class radios over ethernet.
It should be fairly simple to create an openwrt image that sets up an unencrypted tunnel to mirrorshades, however I've never toyed with setting odd frequencies on them. Also given that you wouldn't have unused packages installed you could use the space to install something amateur radio related.
I really don't see why you'd need to set odd frequencies. also see above.
Finally how would you stop non-ham access?
in light of the above I don't see what the problem is. If I used the wifi radio on said device at all it wouldn't be on 44net but instead a local nonroutable subnet such as 10/8 that was nat to the devices public ip. further, use of mac address filtering, and wpa/radius for authentication and in addition possibly requiring vlan authentication to the node all stand as ways to keep those who are not supposed to have access out. That said, what are you doing to keep non-hams from setting up a 1200 baud tnc attached to a hamband tranciever, assigning it something that looked like a callsign and using your node. I presume nothing, thus the above is or at least could be far more secure.
Eric
-Max G7UOZ.
On Thu, 2012-06-07 at 12:00 -0700, 44net-request@hamradio.ucsd.edu wrote:
Has anyone used ddwrt, especially the vpn version to setup a tunnel to
ucsd
then run rip to get routing announcements? just sounds like a neat low cost way to get a gateway running. This would be trivial if one could
run
openvpn to mirrorshades.
Eric AF6EP
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
On Thu, Jun 07, 2012 at 01:36:50PM -0700, Eric Fort wrote:
the mention of using openvpn was mostly intended as a nudge. While IPIP seems to be the defacto standard for amprnet tunneling, it's about the only place I've seen it used much. The tools for tunnels/vpn links are out there but something such as openvpn is much more widely supported than ipip....
As a historical note, we used IPIP tunnels because that's all there was when we got started. This was early; we were using tunnels even before a protocol ID byte value had been assigned to IPIP. VPNs hadn't been invented yet.
Indeed, we've discussed using openvpn before and the response was generally favorable. It would be a great step forward for the tunneled parts of the network. - Brian
We don't want a tunnel. We want them sent through our Tier 1 upstream provider to our ISP, which I own and provide service to other Hams on. That is why we contacted you in the first place Brian.
44 Net is not just for tunneling Use the allocation or lose it, just like 220 (tm)
-----Original Message-----
the mention of using openvpn was mostly intended as a nudge. While IPIP seems to be the defacto standard for amprnet tunneling, it's about the only place I've seen it used much. The tools for tunnels/vpn links are out there but something such as openvpn is much more widely supported than ipip....
As a historical note, we used IPIP tunnels because that's all there was when we got started. This was early; we were using tunnels even before a protocol ID byte value had been assigned to IPIP. VPNs hadn't been invented yet.
Indeed, we've discussed using openvpn before and the response was generally favorable. It would be a great step forward for the tunneled parts of the network. - Brian te: 06/07/12
Agreed,
there will be places where tunnels are needed however as well as a time of transition. For that use having a tunnel protocol that is widely used across a number of independent platforms is useful. Really we are talking about 2 seperate things though... one being the network core, the second being connections into the core. for the second some kind of tunnels will likely be with us for the forseeable future (until you or someone with much more money than I can build dedicated circuits between all the disjoint lans (isLANdS) of 44 net. Something like GRE or openvpn could help in that as a compliment to IPIP, but yes in the core, tunnels should disappear, at the edge, we may still need them for the forseeable future.
Eric AF6EP
On Thu, Jun 7, 2012 at 5:25 PM, Ralph ralphlists@bsrg.org wrote:
(Please trim inclusions from previous messages) _______________________________________________ We don't want a tunnel. We want them sent through our Tier 1 upstream provider to our ISP, which I own and provide service to other Hams on. That is why we contacted you in the first place Brian.
44 Net is not just for tunneling Use the allocation or lose it, just like 220 (tm)
-----Original Message-----
the mention of using openvpn was mostly intended as a nudge. While IPIP seems to be the defacto standard for amprnet tunneling, it's about the only place I've seen it used much. The tools for tunnels/vpn links are out there but something such as openvpn is much more widely supported than ipip....
As a historical note, we used IPIP tunnels because that's all there was when we got started. This was early; we were using tunnels even before a protocol ID byte value had been assigned to IPIP. VPNs hadn't been invented yet.
Indeed, we've discussed using openvpn before and the response was generally favorable. It would be a great step forward for the tunneled parts of the network. - Brian te: 06/07/12
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
I would rephrase that to: "allocation right or loose it" Ham addresses (out of the 44/8 space) should be regarded as spectrum.
You should not use it commercia
On 2012-06-08 02:25, Ralph wrote:
(Please trim inclusions from previous messages) _______________________________________________ We don't want a tunnel. We want them sent through our Tier 1 upstream provider to our ISP, which I own and provide service to other Hams on. That is why we contacted you in the first place Brian.
44 Net is not just for tunneling Use the allocation or lose it, just like 220 (tm)
-----Original Message-----
the mention of using openvpn was mostly intended as a nudge. While IPIP seems to be the defacto standard for amprnet tunneling, it's about the only place I've seen it used much. The tools for tunnels/vpn links are out there but something such as openvpn is much more widely supported than ipip....
As a historical note, we used IPIP tunnels because that's all there was when we got started. This was early; we were using tunnels even before a protocol ID byte value had been assigned to IPIP. VPNs hadn't been invented yet.
Indeed, we've discussed using openvpn before and the response was generally favorable. It would be a great step forward for the tunneled parts of the network.
- Brian
te: 06/07/12
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
I would rephrase that to "use the allocation right or loose it".
Ham addresses (out of the 44/8 space) should be regarded as spectrum. You cannot use it commercially or you loose your license.
Why would hams get to keep a /8 space if it is no different than other spaces? If you do not want to tunnel, arrange for the peering/transit you need.
On 06/08/2012 02:25 AM, Ralph wrote:
(Please trim inclusions from previous messages) _______________________________________________ We don't want a tunnel. We want them sent through our Tier 1 upstream provider to our ISP, which I own and provide service to other Hams on. That is why we contacted you in the first place Brian.
44 Net is not just for tunneling Use the allocation or lose it, just like 220 (tm)
Actually, I did not say "loose". I said "lose". But I agree that we should use it properly.
It isn't up to one person to say what properly is, though The world has come a long way since you could hide a little router at a big institution and route/control the entire world. Unfortunately as you know it is not spectrum and has no FCC (or similar) protection. It is not beyond comprehension for us to be approached and asked "nicely" to use it or lose it.
If I am a Ham, and have the right to use the space, and it is provided to me over Non-Amateur-Radio means (i.e. Routed to me by my ISP over wireless, fiber, tin cans and a string), then I feel that I can and will use it for what I want. It is an IP address not a radio channel.
We tie up over 16 million valuable addresses. Large companies have given up address space like this, for the greater good of the Internet. But WE need to keep every one of these addresses to connect up our little BBS's with 1.2k analog modems. Or maybe the odd one-in-a-million experimenter actually might use 56k.
I would encourage us to use this resource to the maximum benefit of Hams, not sit on it so we can say "look at us, rest of the Internet, I have a /8 and you don't".
I feel positive that we will come to some sort of conclusion that mill mostly satisfy everyone.
Maybe we should begin a list of the wants and needs of at least this group so far.
I wonder what sort of attention we would get if this whole story were posted over on /. or the like. Let's try to solve this properly and quickly and with as little amount of outside "help" if possible.
Ralph
44 Net is not just for tunneling Use the allocation (right) or lose it, just like 220
-----Original Message----- From: Bjorn Pehrson [mailto:bpehrson@kth.se] Sent: Friday, June 08, 2012 2:32 AM To: AMPRNet working group; Ralph Subject: Re: [44net] OpenVPN
I would rephrase that to "use the allocation right or loose it".
Ham addresses (out of the 44/8 space) should be regarded as spectrum. You cannot use it commercially or you loose your license.
Why would hams get to keep a /8 space if it is no different than other spaces? If you do not want to tunnel, arrange for the peering/transit you need.
On 06/08/2012 02:25 AM, Ralph wrote:
(Please trim inclusions from previous messages) _______________________________________________ We don't want a tunnel. We want them sent through our Tier 1 upstream provider to our ISP, which I own and provide service to other Hams on. That is why we contacted you in the first place Brian.
44 Net is not just for tunneling Use the allocation or lose it, just like 220 (tm)
----- No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2178 / Virus Database: 2433/5055 - Release Date: 06/07/12
sorry for my loose vs lose....I'm "lysdexic" aka dyslexic and things slip thru spell check sometimes when I'm in a hurry. L
On Fri, Jun 8, 2012 at 7:53 AM, Ralph ralphlists@bsrg.org wrote:
(Please trim inclusions from previous messages) _______________________________________________ Actually, I did not say "loose". I said "lose". But I agree that we should use it properly.
It isn't up to one person to say what properly is, though The world has come a long way since you could hide a little router at a big institution and route/control the entire world. Unfortunately as you know it is not spectrum and has no FCC (or similar) protection. It is not beyond comprehension for us to be approached and asked "nicely" to use it or lose it.
If I am a Ham, and have the right to use the space, and it is provided to me over Non-Amateur-Radio means (i.e. Routed to me by my ISP over wireless, fiber, tin cans and a string), then I feel that I can and will use it for what I want. It is an IP address not a radio channel.
We tie up over 16 million valuable addresses. Large companies have given up address space like this, for the greater good of the Internet. But WE need to keep every one of these addresses to connect up our little BBS's with 1.2k analog modems. Or maybe the odd one-in-a-million experimenter actually might use 56k.
I would encourage us to use this resource to the maximum benefit of Hams, not sit on it so we can say "look at us, rest of the Internet, I have a /8 and you don't".
I feel positive that we will come to some sort of conclusion that mill mostly satisfy everyone.
Maybe we should begin a list of the wants and needs of at least this group so far.
I wonder what sort of attention we would get if this whole story were posted over on /. or the like. Let's try to solve this properly and quickly and with as little amount of outside "help" if possible.
Ralph
44 Net is not just for tunneling Use the allocation (right) or lose it, just like 220
-----Original Message----- From: Bjorn Pehrson [mailto:bpehrson@kth.se] Sent: Friday, June 08, 2012 2:32 AM To: AMPRNet working group; Ralph Subject: Re: [44net] OpenVPN
I would rephrase that to "use the allocation right or loose it".
Ham addresses (out of the 44/8 space) should be regarded as spectrum. You cannot use it commercially or you loose your license.
Why would hams get to keep a /8 space if it is no different than other spaces? If you do not want to tunnel, arrange for the peering/transit you need.
On 06/08/2012 02:25 AM, Ralph wrote:
(Please trim inclusions from previous messages) _______________________________________________ We don't want a tunnel. We want them sent through our Tier 1 upstream provider to our ISP, which I own and provide service to other Hams on. That is why we contacted you in the first place Brian.
44 Net is not just for tunneling Use the allocation or lose it, just like 220 (tm)
No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2178 / Virus Database: 2433/5055 - Release Date: 06/07/12
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
-- Lin Holcomb
Office: +1 404 806 5412 Mobile: +1 404 933 1595 Fax: +1 404 348 4250
Or maybe the odd one-in-a-million experimenter actually might use 56k.
Doesn't everybody on this list have at least 2 of the new 56K data radios on order?
http://nwdigitalradio.com/?page_id=24
Bill - WA7NWP
On Fri, Jun 08, 2012 at 09:42:17AM -0700, Bill Vodall wrote:
Doesn't everybody on this list have at least 2 of the new 56K data radios on order?
Heh, I still have a couple of the WA4DSY 56K modem/radios from a few decades ago. We had them as part of the San Diego Metropolitan network. I think there were a total of five in town. - Brian
On 12-06-08 11:05 AM, Brian Kantor wrote:
(Please trim inclusions from previous messages) _______________________________________________ On Fri, Jun 08, 2012 at 09:42:17AM -0700, Bill Vodall wrote:
Doesn't everybody on this list have at least 2 of the new 56K data radios on order?
Heh, I still have a couple of the WA4DSY 56K modem/radios from a few decades ago. We had them as part of the San Diego Metropolitan network. I think there were a total of five in town.
- Brian
We had close to 20 modems in different revisions (maybe 2/3's got built & tested) here and 3 repeaters, most of which now resides in my garage ... hard to believe it was 20 years ago !
... Niall
I just sold 3 transverters at Dayton. And I still talk to WA4DSY occasionally. He lives in the next town over.
-----Brian sez: -----
Heh, I still have a couple of the WA4DSY 56K modem/radios from a few decades ago. We had them as part of the San Diego Metropolitan network. I think there were a total of five in town. - Brian
Why would I or anyone else for that matter use anything that slow over wireless when multi megabit radios that will link reasonably long distances can be had for $50-100ea. These radios connect via ethernet with no special software. No I don't have any 56k radios on order, I don't see them as worth the cost to salvage from the trash bin next door.
Eric AF6EP
On Fri, Jun 8, 2012 at 8:42 AM, Bill Vodall wa7nwp@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________
Or maybe the odd one-in-a-million experimenter actually might use 56k.
Doesn't everybody on this list have at least 2 of the new 56K data radios on order?
http://nwdigitalradio.com/?page_id=24
Bill - WA7NWP _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Why would I or anyone else for that matter use anything that slow over wireless when multi megabit radios that will link reasonably long distances can be had for $50-100ea. These radios connect via ethernet with no special software. No I don't have any 56k radios on order, I don't see them as worth the cost to salvage from the trash bin next door.
Compare the range of a 25 watt radio using 100 KHz bandwidth on 440 MHz to any of the faster, higher frequency alternatives. The "reasonably long distances" doesn't really pan out when dealing with actual conditions. We're talking home to home or car - not peak to peak. The cheap radios will be running up to a watt and you're losing many dB from the higher frequencies and wider bandwidth. For a half mile or so wifi is great but more is needed for the 5 to 20+ mile range. I have one fellow active ham in range of my most robust Part 15 radio (1 W at 900 MHz), none in range of all my WRT54G's and Merakis - but perhaps a dozen or more fellow Digital Hams in range of the 56K system.
Eric AF6EP
Bill, WA7NWP
On Fri, Jun 8, 2012 at 8:42 AM, Bill Vodall wa7nwp@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________
Or maybe the odd one-in-a-million experimenter actually might use 56k.
Doesn't everybody on this list have at least 2 of the new 56K data radios on order?
http://nwdigitalradio.com/?page_id=24
Bill - WA7NWP _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
On 6/8/2012 12:00 PM, Eric Fort wrote:
Why would I or anyone else for that matter use anything that slow over wireless when multi megabit radios that will link reasonably long distances can be had for $50-100ea. These radios connect via ethernet with no special software. No I don't have any 56k radios on order, I don't see them as worth the cost to salvage from the trash bin next door.
Two reasons: long point-to-point hops and mobile.
I can see a real utility for a 56k backbone with 100+ mile hops which can easily be done on 420 with fewer complications (except in PAVE PAWS areas) than on the higher bands. Likewise, mobile service with omni antennas is practical over 20+ miles on 420.
David WA6NMF
On Fri, Jun 08, 2012 at 07:53:10AM -0400, Ralph wrote:
If I am a Ham, and have the right to use the space, and it is provided to me over Non-Amateur-Radio means (i.e. Routed to me by my ISP over wireless, fiber, tin cans and a string), then I feel that I can and will use it for what I want.
That is precisely why it is necessary to have contractual restrictions to keep the network limited to ham radio related activities.
One proposal was that all endpoints must be ham stations or facilities primarily provided by and for hams.
I rather like that; it's fairly non-restrictive and allows for just about any kind of transport or intermediate routing but should keep the netspace from being subverted to commercial interests. - Brian
One proposal was that all endpoints must be ham stations or facilities primarily provided by and for hams.
I rather like that; it's fairly non-restrictive and allows for just about any kind of transport or intermediate routing but should keep the netspace from being subverted to commercial interests.
- Brian
Brian
In theory this sounds great!
But when we see **loose cannons** on the list making threats toward the space it sometime make you wonder if we can even fully trust our brethren Hams.
Jerry, KD4YAL
What "network" Brian? What "subversion"? Me thinks thou art a bit paranoid, lol.
We are talking about IP addresses on the Internet, not your private tunneled network. As we said when we first asked you months ago, we happen to be an ISP who serves Hams as well as others. N O T H I N G was ever said about converting anything to commercial, but E V E R Y T H I N G was said about routing through devices that are not Ham radios. The end users are Hams. Almost every Dstar radio in Georgia is within range of our network, as are most IRLP nodes. Why deprive them of 44 Space just because it gets there over a commercial network?
We (and I am sure others) are offering to have this resource ride on redundant, fast, fiber and other networks AT NO CHARGE and you still keep thinking that someone is trying to steal "your network", or "your addresses".
No one is threatening anything and no one is a loose cannon. But you still seem to be unwilling to listen to anything else.
Ralph
-----Original Message----- From: 44net-bounces+ralphlists=bsrg.org@hamradio.ucsd.edu [mailto:44net-bounces+ralphlists=bsrg.org@hamradio.ucsd.edu] On Behalf Of Brian Kantor Sent: Friday, June 08, 2012 9:40 AM To: AMPRNet working group Subject: Re: [44net] Use of the network
(Please trim inclusions from previous messages) _______________________________________________ On Fri, Jun 08, 2012 at 07:53:10AM -0400, Ralph wrote:
If I am a Ham, and have the right to use the space, and it is provided to me over Non-Amateur-Radio means (i.e. Routed to me by my ISP over wireless, fiber, tin cans and a string), then I feel that I can and will use it for what I want.
That is precisely why it is necessary to have contractual restrictions to keep the network limited to ham radio related activities.
One proposal was that all endpoints must be ham stations or facilities primarily provided by and for hams.
I rather like that; it's fairly non-restrictive and allows for just about any kind of transport or intermediate routing but should keep the netspace from being subverted to commercial interests. - Brian _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
----- No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2178 / Virus Database: 2433/5055 - Release Date: 06/07/12
Ralph,
Could you consider formulating your generous offer as some sort of sponsoring of a link level infrastructure for a part of AMPRnet but leave the network level involving 44/8 addresses to some sort of association of the involved hams or local ham club that negotiates a delegation with the AMPRNet root?
Bjorn
On 06/08/2012 05:02 PM, Ralph wrote:
(Please trim inclusions from previous messages) _______________________________________________ What "network" Brian? What "subversion"? Me thinks thou art a bit paranoid, lol.
We are talking about IP addresses on the Internet, not your private tunneled network. As we said when we first asked you months ago, we happen to be an ISP who serves Hams as well as others. N O T H I N G was ever said about converting anything to commercial, but E V E R Y T H I N G was said about routing through devices that are not Ham radios. The end users are Hams. Almost every Dstar radio in Georgia is within range of our network, as are most IRLP nodes. Why deprive them of 44 Space just because it gets there over a commercial network?
We (and I am sure others) are offering to have this resource ride on redundant, fast, fiber and other networks AT NO CHARGE and you still keep thinking that someone is trying to steal "your network", or "your addresses".
No one is threatening anything and no one is a loose cannon. But you still seem to be unwilling to listen to anything else.
Ralph
-----Original Message----- From: 44net-bounces+ralphlists=bsrg.org@hamradio.ucsd.edu [mailto:44net-bounces+ralphlists=bsrg.org@hamradio.ucsd.edu] On Behalf Of Brian Kantor Sent: Friday, June 08, 2012 9:40 AM To: AMPRNet working group Subject: Re: [44net] Use of the network
(Please trim inclusions from previous messages) _______________________________________________ On Fri, Jun 08, 2012 at 07:53:10AM -0400, Ralph wrote:
If I am a Ham, and have the right to use the space, and it is provided to me over Non-Amateur-Radio means (i.e. Routed to me by my ISP over wireless, fiber, tin cans and a string), then I feel that I can and will use it for what I want.
That is precisely why it is necessary to have contractual restrictions to keep the network limited to ham radio related activities.
One proposal was that all endpoints must be ham stations or facilities primarily provided by and for hams.
I rather like that; it's fairly non-restrictive and allows for just about any kind of transport or intermediate routing but should keep the netspace from being subverted to commercial interests.
- Brian
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2178 / Virus Database: 2433/5055 - Release Date: 06/07/12
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net .
Ralph, I see nothing in the suggested restriction that would prevent you from doing what you propose. Your proposal specifies that the endpoints would be ham radio operators and ham radio repeaters and nodes, so they'd fit the picture quite well. What's the problem? - Brian
On Fri, Jun 08, 2012 at 11:02:38AM -0400, Ralph wrote:
(Please trim inclusions from previous messages) _______________________________________________ What "network" Brian? What "subversion"? Me thinks thou art a bit paranoid, lol.
We are talking about IP addresses on the Internet, not your private tunneled network. As we said when we first asked you months ago, we happen to be an ISP who serves Hams as well as others. N O T H I N G was ever said about converting anything to commercial, but E V E R Y T H I N G was said about routing through devices that are not Ham radios. The end users are Hams. Almost every Dstar radio in Georgia is within range of our network, as are most IRLP nodes. Why deprive them of 44 Space just because it gets there over a commercial network?
We (and I am sure others) are offering to have this resource ride on redundant, fast, fiber and other networks AT NO CHARGE and you still keep thinking that someone is trying to steal "your network", or "your addresses".
No one is threatening anything and no one is a loose cannon. But you still seem to be unwilling to listen to anything else.
Ralph
-----Original Message----- From: 44net-bounces+ralphlists=bsrg.org@hamradio.ucsd.edu [mailto:44net-bounces+ralphlists=bsrg.org@hamradio.ucsd.edu] On Behalf Of Brian Kantor Sent: Friday, June 08, 2012 9:40 AM To: AMPRNet working group Subject: Re: [44net] Use of the network
(Please trim inclusions from previous messages) _______________________________________________ On Fri, Jun 08, 2012 at 07:53:10AM -0400, Ralph wrote:
If I am a Ham, and have the right to use the space, and it is provided to me over Non-Amateur-Radio means (i.e. Routed to me by my ISP over wireless, fiber, tin cans and a string), then I feel that I can and will use it for what I want.
That is precisely why it is necessary to have contractual restrictions to keep the network limited to ham radio related activities.
One proposal was that all endpoints must be ham stations or facilities primarily provided by and for hams.
I rather like that; it's fairly non-restrictive and allows for just about any kind of transport or intermediate routing but should keep the netspace from being subverted to commercial interests.
- Brian
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2178 / Virus Database: 2433/5055 - Release Date: 06/07/12
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Easy Restrict it to ASN's that belong to Radio Groups / Clubs individuals ----- Original Message ----- From: "Brian Kantor" Brian@UCSD.Edu To: "AMPRNet working group" 44net@hamradio.ucsd.edu Sent: Friday, June 08, 2012 11:39 PM Subject: Re: [44net] Use of the network
(Please trim inclusions from previous messages) _______________________________________________ On Fri, Jun 08, 2012 at 07:53:10AM -0400, Ralph wrote:
If I am a Ham, and have the right to use the space, and it is provided to me over Non-Amateur-Radio means (i.e. Routed to me by my ISP over wireless, fiber, tin cans and a string), then I feel that I can and will use it for what I want.
That is precisely why it is necessary to have contractual restrictions to keep the network limited to ham radio related activities.
One proposal was that all endpoints must be ham stations or facilities primarily provided by and for hams.
I rather like that; it's fairly non-restrictive and allows for just about any kind of transport or intermediate routing but should keep the netspace from being subverted to commercial interests.
- Brian
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Hi Ralph,
Just a few of questions? How are you going to control the content of the traffic to meet the Amateur Radio Rules and Regulations from the various countries on the Internet traffic to radio via your Internet Service Provider business? How are you going to preserve the AX.25a packets currently required under ITU rules? How are you going to work with those who are required to have a tunnel system? There are many countries that do not allow various content form or to the Internet by radio networks. There must be a control or gateway. This is not a US issue or community, It is a world group.
Also, could you please add at least your call sign to your posts? I am not sure which Ralph is speaking.
Jim Fuller N7VR -- http://www.n7vr.org International TCP/IP Gateways Robot Operator -- http://www.ampr-gateways.org
MTAPRS NET Server Operator -- http://www.mtaprs.net CWOP-2 -- http://www.wxqa.com IRLP Node 3398 - http://irlp.fuller.net Original ARECC contributor
-----Original Message----- From: Ralph [mailto:ralphlists@bsrg.org] Sent: Thursday, June 07, 2012 6:26 PM To: 'AMPRNet working group' Subject: Re: [44net] OpenVPN
(Please trim inclusions from previous messages) _______________________________________________ We don't want a tunnel. We want them sent through our Tier 1 upstream provider to our ISP, which I own and provide service to other Hams on. That is why we contacted you in the first place Brian.
44 Net is not just for tunneling Use the allocation or lose it, just like 220 (tm)
-----Original Message-----
the mention of using openvpn was mostly intended as a nudge. While IPIP seems to be the defacto standard for amprnet tunneling, it's about the only place I've seen it used much. The tools for tunnels/vpn links are out there but something such as openvpn is much more widely supported than ipip....
As a historical note, we used IPIP tunnels because that's all there was when we got started. This was early; we were using tunnels even before a protocol ID byte value had been assigned to IPIP. VPNs hadn't been invented yet.
Indeed, we've discussed using openvpn before and the response was generally favorable. It would be a great step forward for the tunneled parts of the network. - Brian te: 06/07/12
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Sent from my iPhone
On Jun 8, 2012, at 5:16 PM, "Jim Fuller - N7VR" n7vr@n7vr.org wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hi Ralph,
Just a few of questions? How are you going to control the content of the traffic to meet the Amateur Radio Rules and Regulations from the various countries on the Internet traffic to radio via your Internet Service Provider business? How are you going to preserve the AX.25a packets currently required under ITU rules? How are you going to work with those who are required to have a tunnel system? There are many countries that do not allow various content form or to the Internet by radio networks. There must be a control or gateway. This is not a US issue or community, It is a world group.
Also, could you please add at least your call sign to your posts? I am not sure which Ralph is speaking.
Jim Fuller N7VR -- http://www.n7vr.org International TCP/IP Gateways Robot Operator -- http://www.ampr-gateways.org
MTAPRS NET Server Operator -- http://www.mtaprs.net CWOP-2 -- http://www.wxqa.com IRLP Node 3398 - http://irlp.fuller.net Original ARECC contributor
-----Original Message----- From: Ralph [mailto:ralphlists@bsrg.org] Sent: Thursday, June 07, 2012 6:26 PM To: 'AMPRNet working group' Subject: Re: [44net] OpenVPN
(Please trim inclusions from previous messages) _______________________________________________ We don't want a tunnel. We want them sent through our Tier 1 upstream provider to our ISP, which I own and provide service to other Hams on. That is why we contacted you in the first place Brian.
44 Net is not just for tunneling Use the allocation or lose it, just like 220 (tm)
-----Original Message-----
the mention of using openvpn was mostly intended as a nudge. While IPIP seems to be the defacto standard for amprnet tunneling, it's about the only place I've seen it used much. The tools for tunnels/vpn links are out there but something such as openvpn is much more widely supported than ipip....
As a historical note, we used IPIP tunnels because that's all there was when we got started. This was early; we were using tunnels even before a protocol ID byte value had been assigned to IPIP. VPNs hadn't been invented yet.
Indeed, we've discussed using openvpn before and the response was generally favorable. It would be a great step forward for the tunneled parts of the network.
- Brian
te: 06/07/12
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
To all your questions, Jim:
Not my job, man. Responsibility belongs to those who place it on the air on Ham frequencies. The Internet is license free. I am just transport, not the Radio Police.
This is the Ralph I am, :-) Ralph, N4NEQ APRS Pioneer The 8th IRLP node in the US Worked for the 1996 Olympics (first use of APRS in the Olympics) http://bsrg.org/aprs/pres.html Co-wrote 900 MHZ bandplan for the Southeastern US And a bunch more things http://ralphfowler.com
_____________________________________________
Hi Ralph,
Just a few of questions? How are you going to control the content of the traffic to meet the Amateur Radio Rules and Regulations from the various countries on the Internet traffic to radio via your Internet Service Provider business?
How are you going to preserve the AX.25a packets currently required under ITU rules?
How are you going to work with those who are required to have a tunnel system? There are many countries that do not allow various content form or to the Internet by radio networks. There must be a control or gateway. This is not a US issue or community, It is a world group.
Also, could you please add at least your call sign to your posts? I am not sure which Ralph is speaking.
Jim Fuller N7VR -- http://www.n7vr.org International TCP/IP Gateways Robot Operator -- http://www.ampr-gateways.org
MTAPRS NET Server Operator -- http://www.mtaprs.net CWOP-2 -- http://www.wxqa.com IRLP Node 3398 - http://irlp.fuller.net Original ARECC contributor
-----Original Message----- From: Ralph [mailto:ralphlists@bsrg.org] Sent: Thursday, June 07, 2012 6:26 PM To: 'AMPRNet working group' Subject: Re: [44net] OpenVPN
(Please trim inclusions from previous messages) _______________________________________________ We don't want a tunnel. We want them sent through our Tier 1 upstream provider to our ISP, which I own and provide service to other Hams on. That is why we contacted you in the first place Brian.
44 Net is not just for tunneling Use the allocation or lose it, just like 220 (tm)
-----Original Message-----
the mention of using openvpn was mostly intended as a nudge. While IPIP seems to be the defacto standard for amprnet tunneling, it's about the only place I've seen it used much. The tools for tunnels/vpn links are out there but something such as openvpn is much more widely supported than ipip....
As a historical note, we used IPIP tunnels because that's all there was when we got started. This was early; we were using tunnels even before a protocol ID byte value had been assigned to IPIP. VPNs hadn't been invented yet.
Indeed, we've discussed using openvpn before and the response was generally favorable. It would be a great step forward for the tunneled parts of the network.
- Brian
te: 06/07/12
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
----- No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2178 / Virus Database: 2433/5057 - Release Date: 06/08/12
As Ralph said, this is not the responsibility of the transporter. As one of the stations who will be interfacing to Ralph's ISP and putting it on the air, my plan is to block encrypted traffic to the Internet as this is not allowed in the US (unless the key is published) or other system control reasons. Beyond that, it is up to the user to obey the regulations of ham radio for each country. Just as a repeater owner cannot control the content of the traffic on a repeater.
In fact, in the U.S. under part 97, I would not even be held responsible for any traffic that violates the rules, unless it is my own. All that said, if I see that someone is violating the rules, I would block their traffic and have a serious talk with them. The portal I would be using is compliant with US law to trap and record traffic. If I suspect some one of breaking FCC rules I would kick them off the network.
Lin N4YCI The other guy who wrote the 900 band plan for the South East US. Had the first 25mhz split 12.5 khz repeater in the South East on 900 Worked for DataRadio and a whole bunch of other stuff.
On Fri, Jun 8, 2012 at 11:45 PM, Ralph ralphlists@bsrg.org wrote:
(Please trim inclusions from previous messages) _______________________________________________ To all your questions, Jim:
Not my job, man. Responsibility belongs to those who place it on the air on Ham frequencies. The Internet is license free. I am just transport, not the Radio Police.
This is the Ralph I am, :-) Ralph, N4NEQ APRS Pioneer The 8th IRLP node in the US Worked for the 1996 Olympics (first use of APRS in the Olympics) http://bsrg.org/aprs/pres.html Co-wrote 900 MHZ bandplan for the Southeastern US And a bunch more things http://ralphfowler.com
Hi Ralph,
Just a few of questions? How are you going to control the content of the traffic to meet the Amateur Radio Rules and Regulations from the various countries on the Internet traffic to radio via your Internet Service Provider business?
How are you going to preserve the AX.25a packets currently required under ITU rules?
How are you going to work with those who are required to have a tunnel system? There are many countries that do not allow various content form or to the Internet by radio networks. There must be a control or gateway. This is not a US issue or community, It is a world group.
Also, could you please add at least your call sign to your posts? I am not sure which Ralph is speaking.
Jim Fuller N7VR -- http://www.n7vr.org International TCP/IP Gateways Robot Operator -- http://www.ampr-gateways.org
MTAPRS NET Server Operator -- http://www.mtaprs.net CWOP-2 -- http://www.wxqa.com IRLP Node 3398 - http://irlp.fuller.net Original ARECC contributor
-----Original Message----- From: Ralph [mailto:ralphlists@bsrg.org] Sent: Thursday, June 07, 2012 6:26 PM To: 'AMPRNet working group' Subject: Re: [44net] OpenVPN
(Please trim inclusions from previous messages) _______________________________________________ We don't want a tunnel. We want them sent through our Tier 1 upstream provider to our ISP, which I own and provide service to other Hams on. That is why we contacted you in the first place Brian.
44 Net is not just for tunneling Use the allocation or lose it, just like 220 (tm)
-----Original Message-----
the mention of using openvpn was mostly intended as a nudge. While IPIP seems to be the defacto standard for amprnet tunneling, it's about the only place I've seen it used much. The tools for tunnels/vpn links are out there but something such as openvpn is much more widely supported than ipip....
As a historical note, we used IPIP tunnels because that's all there was when we got started. This was early; we were using tunnels even before a protocol ID byte value had been assigned to IPIP. VPNs hadn't been invented yet.
Indeed, we've discussed using openvpn before and the response was generally favorable. It would be a great step forward for the tunneled parts of the network.
- Brian
te: 06/07/12
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2178 / Virus Database: 2433/5057 - Release Date: 06/08/12
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
-- Lin Holcomb
Office: +1 404 806 5412 Mobile: +1 404 933 1595 Fax: +1 404 348 4250
What about an ipip server that links openvpn to the mirrorshades ipip link?
This would allow coexistence of both protocols.
73 de KD5JFE Elias
Sent from my iPhone
Using a tunneling protocols that are also available on current routers & built into Linux/FreeBSD distros would certainly facilitate making tunnel termination easier. For example on our Cisco routers were I would foreseeably terminate tunnels we have the following: (GRE being by far the most popular & easiest)
thrt06(config-if)#tunnel mode ? aurp AURP TunnelTalk AppleTalk encapsulation cayman Cayman TunnelTalk AppleTalk encapsulation dvmrp DVMRP multicast tunnel eon EON compatible CLNS tunnel gre generic route encapsulation protocol ipip IP over IP encapsulation ipsec IPSec tunnel encapsulation iptalk Apple IPTalk encapsulation ipv6 Generic packet tunneling in IPv6 ipv6ip IPv6 over IP encapsulation nos IP over IP encapsulation (KA9Q/NOS compatible) rbscp RBSCP in IP tunnel
Tim Osburn www.osburn.com 206.812.6214 W7RSZ
On Fri, 8 Jun 2012, Elias V. Basse III wrote:
Date: Fri, 8 Jun 2012 18:28:50 -0500 From: Elias V. Basse III kd5jfe@gmail.com Reply-To: AMPRNet working group 44net@hamradio.ucsd.edu To: "n7vr@arrl.net" n7vr@arrl.net, AMPRNet working group 44net@hamradio.ucsd.edu Cc: AMPRNet working group 44net@hamradio.ucsd.edu Subject: Re: [44net] OpenVPN
(Please trim inclusions from previous messages) _______________________________________________ What about an ipip server that links openvpn to the mirrorshades ipip link?
This would allow coexistence of both protocols.
73 de KD5JFE Elias
Sent from my iPhone _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
I agree, anyone who is serious about tunneling would have a static ip making gre tunneling a viable and reliable option. Almost every os can do it and it is very hinternet (hsmm) friendly.
Also a client certificate can be created guaranteeing identities of clients.
I am more in favor of this than open VPN. It is also well documented.
Also gre is less processor intense than openvpn.
A test would of course be in order but seems simple enough.
Anyone experiment with the 1 watt cards on 430mhz from xagyl or others that are basically wifi on 70cm? Be interested in what legal and regulatory ramifications are for using for a non fast scan tv operation. Before I buy them for testing of course.
KD5JFE Elias
Anyone experiment with the 1 watt cards on 430mhz from xagyl or others that are basically wifi on 70cm?
Here's some related info on the UHF cards: http://kb9mwr.blogspot.com/2012/01/doodle-labs-dl435-30-reports.html
Be interested in what legal and regulatory ramifications are for using for a non fast scan tv operation.
Fortunately Video isn't Data (sigh) and the silly bandwidth rules are different. :)
Bill, WA7NWP
Static IP isn't necessary for the "client"/LAN router with some VPN protocols. I have a "portable" LAN /27 that I just plug in and turn on using whatever local access I can get (wired or wireless) using L2TP. Especially for Emcomm you wouldn't want the LANs tied to a specific or even static public IP. Certs are nice, but would be burdensome, if you suspect a set of credentials are compromised, delete them and reissue to the designated "owner".
------------------------------ John D. Hays K7VE PO Box 1223, Edmonds, WA 98020-1223 http://k7ve.org/blog http://twitter.com/#!/john_hays http://www.facebook.com/john.d.hays
On Fri, Jun 8, 2012 at 5:06 PM, Elias V. Basse III kd5jfe@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ I agree, anyone who is serious about tunneling would have a static ip making gre tunneling a viable and reliable option. Almost every os can do it and it is very hinternet (hsmm) friendly.
Also a client certificate can be created guaranteeing identities of clients.
I am more in favor of this than open VPN. It is also well documented.
Also gre is less processor intense than openvpn.
A test would of course be in order but seems simple enough.
Anyone experiment with the 1 watt cards on 430mhz from xagyl or others that are basically wifi on 70cm? Be interested in what legal and regulatory ramifications are for using for a non fast scan tv operation. Before I buy them for testing of course.
KD5JFE Elias
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Ooh! Wifi on 70cm!? Sign me up! Where can I get a pair? Mini-PCI, I take it? I'm north of Line A, so I've only got 430-450, but still, it would be fun. Not a lot going on in the 70cm band around these parts.
Sent from my PDP-11
On Jun 8, 2012, at 5:06 PM, "Elias V. Basse III " kd5jfe@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ I agree, anyone who is serious about tunneling would have a static ip making gre tunneling a viable and reliable option. Almost every os can do it and it is very hinternet (hsmm) friendly.
Also a client certificate can be created guaranteeing identities of clients.
I am more in favor of this than open VPN. It is also well documented.
Also gre is less processor intense than openvpn.
A test would of course be in order but seems simple enough.
Anyone experiment with the 1 watt cards on 430mhz from xagyl or others that are basically wifi on 70cm? Be interested in what legal and regulatory ramifications are for using for a non fast scan tv operation. Before I buy them for testing of course.
KD5JFE Elias
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
If you run Debian on these 1U chassis I've got, most of those would be supported. I've set us up the ipip, gre, ipv6ip and IPSec, personally.
I've still got a whole horde of them for the asking. And enough 512M flash disks for about 10. Plus Debian Squeeze or Wheezy disk images customized for the equipment.
They are *not* silent, quiet or even bearable. Put it in your garage or existing equipment cabinet.
Sent from my PDP-11
On Jun 8, 2012, at 4:44 PM, Tim Osburn 44net@osburn.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ Using a tunneling protocols that are also available on current routers & built into Linux/FreeBSD distros would certainly facilitate making tunnel termination easier. For example on our Cisco routers were I would foreseeably terminate tunnels we have the following: (GRE being by far the most popular & easiest)
thrt06(config-if)#tunnel mode ? aurp AURP TunnelTalk AppleTalk encapsulation cayman Cayman TunnelTalk AppleTalk encapsulation dvmrp DVMRP multicast tunnel eon EON compatible CLNS tunnel gre generic route encapsulation protocol ipip IP over IP encapsulation ipsec IPSec tunnel encapsulation iptalk Apple IPTalk encapsulation ipv6 Generic packet tunneling in IPv6 ipv6ip IPv6 over IP encapsulation nos IP over IP encapsulation (KA9Q/NOS compatible) rbscp RBSCP in IP tunnel
Tim Osburn www.osburn.com 206.812.6214 W7RSZ
On Fri, 8 Jun 2012, Elias V. Basse III wrote:
Date: Fri, 8 Jun 2012 18:28:50 -0500 From: Elias V. Basse III kd5jfe@gmail.com Reply-To: AMPRNet working group 44net@hamradio.ucsd.edu To: "n7vr@arrl.net" n7vr@arrl.net, AMPRNet working group 44net@hamradio.ucsd.edu Cc: AMPRNet working group 44net@hamradio.ucsd.edu Subject: Re: [44net] OpenVPN (Please trim inclusions from previous messages) _______________________________________________ What about an ipip server that links openvpn to the mirrorshades ipip link?
This would allow coexistence of both protocols.
73 de KD5JFE Elias
Sent from my iPhone _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Tim Osburn wrote:
Using a tunneling protocols that are also available on current routers & built into Linux/FreeBSD distros would certainly facilitate making tunnel termination easier. For example on our Cisco routers were I would foreseeably terminate tunnels wehave the following: (GRE being by far the most popular & easiest)
thrt06(config-if)#tunnel mode ? aurp AURP TunnelTalk AppleTalk encapsulation cayman Cayman TunnelTalk AppleTalk encapsulation dvmrp DVMRP multicast tunnel eon EON compatible CLNS tunnel gre generic route encapsulation protocol ipip IP over IP encapsulation ipsec IPSec tunnel encapsulation iptalk Apple IPTalk encapsulation ipv6 Generic packet tunneling in IPv6 ipv6ip IPv6 over IP encapsulation nos IP over IP encapsulation (KA9Q/NOS compatible) rbscp RBSCP in IP tunnel
Tim Osburn www.osburn.com 206.812.6214 W7RSZ
While this seems obvious, note that it is not sufficient to have compatability. As I wrote, Cisco seem to see tunnels as a strictly one-point-to-one-point thing, at least for protocols like ipip. So even though Cisco supports the tunnels that we use now, we cannot reasonably use a Cisco router as an endpoint because it cannot handle the large and always changing list of endpoint addresses.
When we want Cisco compatability, we would use their DMVPN solution, which is a GRE multipoint tunnel combined with the NHRP protocol that manages a meshed tunnel system like we have now. We would only need one or more central systems where the amateur stations connect to, and the protocol automatically registers the public IP address of the stations and handles the setup of the meshed tunnels between all of them. No more need for encap.txt etc.
In my opinion, whatever a small but vocal group is claiming, we need to support tunnels. Not everyone is in the position to announce BGP routes, and many radio amateurs have no intention to become network buffs.
Rob
In my opinion, whatever a small but vocal group is claiming, we need to support tunnels. Not everyone is in the position to announce BGP routes, and many radio amateurs have no intention to become network buffs.
Rob
Rob,
You made a very good point by appeasing one group this may push other away.
Diversity and a delicate balance is needed.
Jerry, KD4YAL
Many Radio Amateurs may not be in a position to become network buffs, but oh pleeze, the ones that work with this stuff are. And since this is now the 21st century, many Radio Amateurs actually have Internet connections now. They may not be in a position to hit some packet network that will give them 44 space access for whatever they plan to do, but they darn sure have an ISP.
There is no appeasing needed because there is no group demanding tunnels go away. The idea is that 44net is not J U S T for tunnels anymore. Did you not understand that? Why do you guys act like someone is trying to kidnap your mama?
Ralph N4NEQ
Some people sed:
In my opinion, whatever a small but vocal group is claiming, we need to support tunnels. Not everyone is in the position to announce BGP routes, and many radio amateurs have no intention to become network buffs.
Rob
Rob,
You made a very good point by appeasing one group this may push other away.
Diversity and a delicate balance is needed.
Jerry, KD4YAL
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
----- No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2178 / Virus Database: 2433/5060 - Release Date: 06/10/12
Everybody overeacts... Some want an exclusive tunnelling environment, probably because they don't know what changes are implied and they fear that their long established environment and their routine will change. Others again sense any oposition to change as an attack on their freedom instead of an oportunity of constructive ideas exchange.
So in short. IMHO: - carving out a part of the 44 address space and routing it directly has NO impact on the tunnel part since those hosts will not listed in amprgw's routes and encap files. - those "independent" hosts are reacheable via the default internet route of your system, without any additional change, like any other host on the internet. - the only thing you have to take care of is not to have a route for 44.0.0.0/8 via amprgw (which doesn't work anyway, even if it's set that way in the munge script).
So fear not! It will still work.
73s de Marius, YO2LOJ
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Ralph Sent: Sunday, June 10, 2012 19:25 To: kd4yal@tampabay.rr.com; 'AMPRNet working group' Subject: Re: [44net] OpenVPN
There is no appeasing needed because there is no group demanding tunnels go away. The idea is that 44net is not J U S T for tunnels anymore. Did you not understand that? Why do you guys act like someone is trying to kidnap your mama?
Marius Petrescu wrote:
- those "independent" hosts are reacheable via the default internet route of
your system, without any additional change, like any other host on the internet.
- the only thing you have to take care of is not to have a route for
44.0.0.0/8 via amprgw (which doesn't work anyway, even if it's set that way in the munge script).
This is not going to work on my system, because my ISP does not allow me to spoof my IP. So if I have to send traffic from 44.x.x.x addresses, I have to tunnel it to somewhere (e.g. to amprgw) when I cannot send it in a direct tunnel to its destination. That is why I need a default rote for 44.0.0.0/8
Rob
No spoofing. Just plain and simple NAT to your public IP.
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Rob Janssen Sent: Sunday, June 10, 2012 23:38 To: AMPRNet working group Subject: Re: [44net] OpenVPN
This is not going to work on my system, because my ISP does not allow me to spoof my IP. So if I have to send traffic from 44.x.x.x addresses, I have to tunnel it to somewhere (e.g. to amprgw) when I cannot send it in a direct tunnel to its destination. That is why I need a default rote for 44.0.0.0/8
Rob _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
On Mon, 11 Jun 2012 02:52:55 +0300, "Marius Petrescu" marius@yo2loj.ro wrote:
No spoofing. Just plain and simple NAT to your public IP.
If you are using NAT you don't need a 44.x.x.x address. In that case there is no difference between hiding a 44net address and a 10net address behind the NAT.
The whole point of this discussion, as I understand it, is how to implement peering between AMPRNET and other autonomous systems on the net. This would allow routing of 44net addresses without need for NAT or tunneling.
The difficulty lies in getting ISPs to allow "ordinary users" to maintain 44net IP addresses or networks and advertise routes from within that ISP.
I think here is a misunterstanding. Those providers that would allow these 44 addresses to be hosted in their network will have to set up those addresses. So in their view they assign them to you as a customer, exactly as they would with a regular address.
From other ISP nets, you will access those addresses as any other host in
the internet, via your public IP. And exactly, there is NO DIFFERENCE in that case. So if your provider does not host a part of the 44 address space in their network, you will still need tunnels to get access and to reach ampr hosts. Except that those hosted "specially" will allow direct access from anywhere.
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Geoff Joy Sent: Monday, June 11, 2012 07:46 To: AMPRNet working group Subject: Re: [44net] OpenVPN
(Please trim inclusions from previous messages) _______________________________________________ On Mon, 11 Jun 2012 02:52:55 +0300, "Marius Petrescu" marius@yo2loj.ro wrote:
No spoofing. Just plain and simple NAT to your public IP.
If you are using NAT you don't need a 44.x.x.x address. In that case there is no difference between hiding a 44net address and a 10net address behind the NAT.
The whole point of this discussion, as I understand it, is how to implement peering between AMPRNET and other autonomous systems on the net. This would allow routing of 44net addresses without need for NAT or tunneling.
The difficulty lies in getting ISPs to allow "ordinary users" to maintain 44net IP addresses or networks and advertise routes from within that ISP.
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
I think you hit the nail on the head, Geoff.
I have been using my 44-net addresses as "private" IP addresses on my local LAN for years. There is absolutely no reason why you can't do this and it simplifies an awful lot of things. IP addresses are just numbers. Private IP addresses can be anything you want them to be. And if this design can serve double duty for you, then that's even better.
I had modified my own gateway software to set up a default SAFe (source address filtering) tunnel and then make the LAN smart enough (by dividing the IP address space in half) to know what part of the LAN produced 44-net traffic and what part of the LAN didn't. The LAN part that didn't produce 44-net traffic simply used its 44-net address privately (like any other private IP address) and defined its outgoing default IP route to the LAN router. The LAN part that did produce 44-net traffic simply defined its outgoing default IP routes to the IPIP gateway (instead of the LAN router).
Once the outgoing 44-net traffic was at the gateway, if its destination was a non 44-net IP address, then it chose the default SAFe tunnel I had set up to a well-connected IPIP gateway somewhere else (which I managed) that was itself not source address filtered and was able to put 44-net sourced frames on its network without them being considered spoofed. This was back in the day when we could not use mirrorshades for that purpose. Now, I understand that the newer amprgw does have this capability and that is a very good thing for the community.
Geoff, you are absolutely correct that as things stand now, peering could not be implemented between the traditional IPIP network and other autonomous 44-net systems on the internet, precisely because of the SAFe issue. You would otherwise continue to have to use amprgw as a destination for bouncing your 44-net sourced frames to this kind of system, and, this kind of system would still have to set up an IPIP gateway anyway just to accommodate the rest of the 44-network and it would become another IPIP-encapped destination for their 44-net address block(s) just like all of the others in the encap.txt file.
No doubt the folks who want to accomplish doing this have already figured all this out because they are very smart folks, but I believe it is the idea that the possibility exists for part of our network to become isolated and not connected with the rest of it that has some people wanting to go slowly with this. This is already happening with the few subnets that are being BGP-advertised off UCSD-site, and I think the gateways community needs to be prepared to deal with the issue of increasing non-connectivity when the numbers of these autonomous systems starts increasing.
If neither the traditional IPIP gateways community nor the folks who want to BGP-advertise don't care about the connectivity divide between the two, then there is probably no reason they cannot have their "slice of the pie" but that is not my decision to make.
-- 73, de Barry, K2MF >> k2mf.bgs@gmail.com
On Mon, Jun 11, 2012 at 12:45 AM, Geoff Joy geoff@windowmeister.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ On Mon, 11 Jun 2012 02:52:55 +0300, "Marius Petrescu" marius@yo2loj.ro wrote:
No spoofing. Just plain and simple NAT to your public IP.
If you are using NAT you don't need a 44.x.x.x address. In that case there is no difference between hiding a 44net address and a 10net address behind the NAT.
The whole point of this discussion, as I understand it, is how to implement peering between AMPRNET and other autonomous systems on the net. This would allow routing of 44net addresses without need for NAT or tunneling.
The difficulty lies in getting ISPs to allow "ordinary users" to maintain 44net IP addresses or networks and advertise routes from within that ISP.
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
On Mon, 11 Jun 2012, Barry wrote:
I have been using my 44-net addresses as "private" IP addresses on my local LAN for years. There is absolutely no reason why you can't do this and it simplifies an awful lot of things. IP addresses are just numbers. Private IP addresses can be anything you want them to be.
Going a bit OT, but there are some small caveats:
A number of folks apparently decided to use IP addresses starting with 1. as their private addresses. Like, 1.2.3.4 and 1.1.1.1 instead of 10.2.3.4 and 10.1.1.1. And use them for example configurations and tests of all sorts.
Recently the 1.0.0.0/8 network was allocated to APNIC, and if you've configured 1.0.0.0/8 as your local network, you won't be able to talk to the guys in Asia-Pacific who have now an official allocation for those addresses. It might have been wiser to use 10.0.0.0/8 instead.
So, let's rephrase a bit:
Private IP addresses can be anything you want them to be, as long as you are not running NAT and trying to talk to someone else who is running the same addresses as their public ones.
- Hessu
Of course that would be the case.
One of the reasons we can do this with 44-net is because of the unique nature of how its separate parts communicate with each other under the existing system.
-- 73, de Barry, K2MF >> k2mf.bgs@gmail.com
On Mon, Jun 11, 2012 at 8:13 AM, Heikki Hannikainen hessu@hes.iki.fiwrote:
(Please trim inclusions from previous messages) _______________________________________________ On Mon, 11 Jun 2012, Barry wrote:
I have been using my 44-net addresses as "private" IP addresses on my
local LAN for years. There is absolutely no reason why you can't do this and it simplifies an awful lot of things. IP addresses are just numbers. Private IP addresses can be anything you want them to be.
Going a bit OT, but there are some small caveats:
A number of folks apparently decided to use IP addresses starting with 1. as their private addresses. Like, 1.2.3.4 and 1.1.1.1 instead of 10.2.3.4 and 10.1.1.1. And use them for example configurations and tests of all sorts.
Recently the 1.0.0.0/8 network was allocated to APNIC, and if you've configured 1.0.0.0/8 as your local network, you won't be able to talk to the guys in Asia-Pacific who have now an official allocation for those addresses. It might have been wiser to use 10.0.0.0/8 instead.
So, let's rephrase a bit:
Private IP addresses can be anything you want them to be, as long as you are not running NAT and trying to talk to someone else who is running the same addresses as their public ones.
- Hessu
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
I use shorewall with great success as a natting router:
http://packages.debian.org/squeeze/shorewall
and it's IPv6 ready (Thanks Tom!)
http://packages.debian.org/squeeze/shorewall6
Super documentation:
plus, there's an IRC channel for those of you who like to talk with your fingers.
http://webchat.freenode.net/?channels=shorewall
On Mon, 2012-06-11 at 02:52 +0300, Marius Petrescu wrote:
(Please trim inclusions from previous messages) _______________________________________________ No spoofing. Just plain and simple NAT to your public IP.
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Rob Janssen Sent: Sunday, June 10, 2012 23:38 To: AMPRNet working group Subject: Re: [44net] OpenVPN
This is not going to work on my system, because my ISP does not allow me to spoof my IP. So if I have to send traffic from 44.x.x.x addresses, I have to tunnel it to somewhere (e.g. to amprgw) when I cannot send it in a direct tunnel to its destination. That is why I need a default rote for 44.0.0.0/8
Rob _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
This is addressed primarily to N4NEQ...
I am really glad I don't do this anymore. 17 years was enough. The amount of bickering that is going on here now is just about more than I've ever heard in the past and I am relieved that I'm no longer involved.
I realize you are probably relatively young and are a very "well-connected" individual and as such, the world doesn't quite move fast enough for you. I understand that you have an "I'm smarter than you are and either do it the way I think it should be done or get out of my way" attitude. I see this sort of thing every day now. And it seems like every 5 years or so, somebody comes along here with your intelligence and esprit de corps and tries to shake things up to make them "better" and then goes away angry when things don't quite go the way he wanted them to.
A lot of 44-net and gateways management history came BEFORE you were involved here, and I think you should try and understand a little more of that history before you start insulting people for not being as network-savvy or professionally motivated as you perhaps are.
The fact that some people who have been around this community longer than you have derived from your posts that what you are lobbying for may endanger the enjoyment of others (if it is "appeased") is perhaps more indicative of your approach rather than the actual merits of your ideas. If you start from a position of antagonism then people WILL be concerned and WILL resist change.
There is nothing wrong with discussing new ideas, or even old(er) ones that were never fully implemented in the past. Just try and tone it down a bit. I think you will find your results will improve considerably and you'll be able to get more support for what you want to do that way.
That's my contribution for today and I hope you take it in the amateur spirit that it was offered.
-- 73, de Barry, K2MF >> k2mf.bgs@gmail.com
On Sun, Jun 10, 2012 at 12:25 PM, Ralph ralphlists@bsrg.org wrote:
(Please trim inclusions from previous messages) _______________________________________________ Many Radio Amateurs may not be in a position to become network buffs, but oh pleeze, the ones that work with this stuff are. And since this is now the 21st century, many Radio Amateurs actually have Internet connections now. They may not be in a position to hit some packet network that will give them 44 space access for whatever they plan to do, but they darn sure have an ISP.
There is no appeasing needed because there is no group demanding tunnels go away. The idea is that 44net is not J U S T for tunnels anymore. Did you not understand that? Why do you guys act like someone is trying to kidnap your mama?
Ralph N4NEQ
Some people sed:
In my opinion, whatever a small but vocal group is claiming, we need to support tunnels. Not everyone is in the position to announce BGP routes, and many radio amateurs have no intention to become network buffs.
Rob
Rob,
You made a very good point by appeasing one group this may push other away.
Diversity and a delicate balance is needed.
Jerry, KD4YAL
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2178 / Virus Database: 2433/5060 - Release Date: 06/10/12
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Tunneling vs. direct routing is not mutually exclusive. Both can run together. I know folks that built out extensive backbones running over GRE tunnels. PCH / Woodynet is a good example of one that did just that.
Tim
We have never suggested that the whole 44/8 go BGP in fact I have said many times that your project is great and have even offered to host the Atlanta LAN. Additionally we have offered to be an alternate path to the internet if that is possible. This would remove the single point of failure issue.
So just to be clear we are NOT suggesting that tunneling should go away! We are even happy to support it as best we can.
No part of "44net is not just for tunneling" suggests we want to hijack your whole network. As licensed hams we have just as much of a right to use 44 addresses. No more no less.
Lin
Lin,
I appreciate and agree with what you have said.
I would not go so far as to say a ham license gives any special rights to use of IP addresses on net 44.
Here is the ARIN Entry (BTW, some contact information needs updated)
http://whois.arin.net/rest/net/NET-44-0-0-0-1/pft
No where does it give any licensed based right. That is under the purview of the "owning" body -- http://whois.arin.net/rest/org/ARDC.html
------------------------------ John D. Hays K7VE PO Box 1223, Edmonds, WA 98020-1223 http://k7ve.org/blog http://twitter.com/#!/john_hays http://www.facebook.com/john.d.hays
On Sun, Jun 10, 2012 at 2:46 PM, Lin Holcomb <LHolcomb@clearqualitygroup.com
wrote:
(Please trim inclusions from previous messages) _______________________________________________
We have never suggested that the whole 44/8 go BGP in fact I have said many times that your project is great and have even offered to host the Atlanta LAN. Additionally we have offered to be an alternate path to the internet if that is possible. This would remove the single point of failure issue.
So just to be clear we are NOT suggesting that tunneling should go away! We are even happy to support it as best we can.
No part of "44net is not just for tunneling" suggests we want to hijack your whole network. As licensed hams we have just as much of a right to use 44 addresses. No more no less.
Lin
Note: I very much appreciate the UCSD's hosting of the primary gateway for so many years.
Sent from my PDP-11
On Jun 10, 2012, at 2:46 PM, Lin Holcomb LHolcomb@clearqualitygroup.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ We have never suggested that the whole 44/8 go BGP in fact I have said many times that your project is great and have even offered to host the Atlanta LAN. Additionally we have offered to be an alternate path to the internet if that is possible. This would remove the single point of failure issue.
So just to be clear we are NOT suggesting that tunneling should go away! We are even happy to support it as best we can.
No part of "44net is not just for tunneling" suggests we want to hijack your whole network. As licensed hams we have just as much of a right to use 44 addresses. No more no less.
Lin _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
I replied privately and attempted to be polite.
Sent from my PDP-11
On Jun 10, 2012, at 1:41 PM, Rob Janssen pe1chl@amsat.org wrote:
(Please trim inclusions from previous messages) _______________________________________________ Ralph wrote:
Why do you guys act like someone is trying to kidnap your mama?
Ralph N4NEQ
I am not even going to spend any effort to try to react to you. Before you try to accomplish change, please change you own manners.
Rob _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
On Sun, Jun 10, 2012 at 03:56:30PM +0200, Rob Janssen wrote:
In my opinion, whatever a small but vocal group is claiming, we need to support tunnels. Not everyone is in the position to announce BGP routes, and many radio amateurs have no intention to become network buffs.
I expect we'll support BOTH tunnels and directly routed subnets. I don't see that they're mutually exclusive in any way, are they? - Brian
On Jun 10, 2012, at 8:51 AM, Brian Kantor Brian@ucsd.edu wrote:
(Please trim inclusions from previous messages) _______________________________________________ On Sun, Jun 10, 2012 at 03:56:30PM +0200, Rob Janssen wrote:
In my opinion, whatever a small but vocal group is claiming, we need to support tunnels. Not everyone is in the position to announce BGP routes, and many radio amateurs have no intention to become network buffs.
I expect we'll support BOTH tunnels and directly routed subnets.
Yes!
I don't see that they're mutually exclusive in any way, are they?
- Brian
No!
Sent from my PDP-11
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
On 07/06/12 22:13, Brian Kantor wrote:
the mention of using openvpn was mostly intended as a nudge. While IPIP seems to be the defacto standard for amprnet tunneling, it's about the only place I've seen it used much. The tools for tunnels/vpn links are out there but something such as openvpn is much more widely supported than ipip.... As a historical note, we used IPIP tunnels because that's all there was when we got started. This was early; we were using tunnels even before a protocol ID byte value had been assigned to IPIP. VPNs hadn't been invented yet.
Indeed, we've discussed using openvpn before and the response was generally favorable. It would be a great step forward for the tunneled parts of the network.
- Brian
Hi,
I've deliberately kept the above to keep context. There's been a large volume of emails recently which I've not been able to completely follow (due to a sudden job change), so I apologise before going over an old subject.
Other than tunneling through mirrorshades, has another workable mechanism been demonstrated? How do I participate and or help test it?
I don't work in an ISP so can't really announce 44.155.x.x/16. However, I may be able to persuade an ISP I know to let me set up something to test with i.e. pick a subnet 44.155.x/24 (where X isn't currently in use), which we could advertise to test with. It is a while since I checked though, so /24's may not be welcome in the DFZ anymore.
That said, I'm happy to wait until Brian thinks he has everything squared away with ARIN as well.
Regards John EI7IG
-
Barry -
Bill Vodall -
Bjorn Pehrson -
Brian Kantor -
C.J. Adams-Collier -
C.J. Adams-Collier KF7BMP
-
David Josephson WA6NMF -
Elias V. Basse III -
Eric Fort -
Geoff Joy -
Heikki Hannikainen -
Jerald A DeLong -
Jim Fuller - N7VR -
John Ronan -
K7VE - John -
Lin Holcomb -
Lin Holcomb -
Marius Petrescu -
Max Lock -
Niall Parker -
Ralph -
Rob Janssen -
Tim Osburn -
Tim Pozar -
VK4FQ/VK4TTT Sam