44net-request@hamradio.ucsd.edu wrote:
Subject: Re: [44net] getting a debian wheezy host connected to 44net From: Eric Fort eric.fort@gmail.com Date: 07/26/2014 06:42 PM
To: AMPRNet working group 44net@hamradio.ucsd.edu
ok it seems everyone is missing the point of the question here. see my threaded comments below:
On Sat, Jul 26, 2014 at 3:41 AM, Marius Petrescumarius@yo2loj.ro wrote:
(Please trim inclusions from previous messages) _______________________________________________ Eric,
Actually you can use any stateful VPN tunnel: OpenVPN, PPtP, L2TP, SSTP etc. OpenVPN is kind of complicated to set up (certifcates and other details).
The idea is to initiate the connection from the dynamic IP to a static IP, and reconnect on IP change from the new dynamc IP.
I personally favor PPtP or L2TP (optional with MPPE encryption), since this protocol is supported by almost any OS (Windows, Mac, Linux) and is light on the processor.
yes I get that the tunnel type is mostly irrelevant and I'm pretty agnostic as to it's type as hey I could tunnel over dns, http, or even icmp if I had to. The question is tunnel to where? If I had a box somewhere with a static endpoint / static ip address a big part of this question would not be being asked and yes, I'd use it as a vpn server - problem solved. at present, I do not have that luxury.
is there no possible way to connect hosts to amprnet that are behind a nat firewall router that has a dynamic public ip without the use of a (my own) vpn server with a static ip placed elsewhere?
Eric
It depends on where you are and what kind of address you want to have. Here in the Netherlands I have just setup an OpenVPN server that can be used for this for addresses within 44.137.0.0/16. Anyone with such an address can just mail me and I'll send them a certificate and example config file.
I plan to enable PPTP, L2TP/IPsec and IPsec as well as demand arises.
There is an OpenVPN service in Finland as well, see http://wiki.ampr.org/index.php/AMPRNet_VPN I think they are open for registration from anywhere (not just Finland).
Of course best is when you start a server in your own area.
Rob
Rob,
for the specific situation I'm in we ought chat. I do eventually want to set up my own 44net vpn hub.... but for the moment it would work just fine to have an ip out of finland or elsewhere. now if someone wanted to setup a vpn server host for various yet to be routed subnets that would be even cooler..... but yes, let's chat. a vpn connection to you would be most welcome.
Thanks,
Eric
On Sat, Jul 26, 2014 at 12:11 PM, Rob Janssen pe1chl@amsat.org wrote:
(Please trim inclusions from previous messages) _______________________________________________ 44net-request@hamradio.ucsd.edu wrote:
Subject: Re: [44net] getting a debian wheezy host connected to 44net From: Eric Fort eric.fort@gmail.com Date: 07/26/2014 06:42 PM
To: AMPRNet working group 44net@hamradio.ucsd.edu
ok it seems everyone is missing the point of the question here. see my threaded comments below:
On Sat, Jul 26, 2014 at 3:41 AM, Marius Petrescumarius@yo2loj.ro wrote:
(Please trim inclusions from previous messages) _______________________________________________ Eric,
Actually you can use any stateful VPN tunnel: OpenVPN, PPtP, L2TP, SSTP etc. OpenVPN is kind of complicated to set up (certifcates and other details).
The idea is to initiate the connection from the dynamic IP to a static IP, and reconnect on IP change from the new dynamc IP.
I personally favor PPtP or L2TP (optional with MPPE encryption), since this protocol is supported by almost any OS (Windows, Mac, Linux) and is light on the processor.
yes I get that the tunnel type is mostly irrelevant and I'm pretty agnostic as to it's type as hey I could tunnel over dns, http, or even icmp if I had to. The question is tunnel to where? If I had a box somewhere with a static endpoint / static ip address a big part of this question would not be being asked and yes, I'd use it as a vpn server - problem solved. at present, I do not have that luxury.
is there no possible way to connect hosts to amprnet that are behind a nat firewall router that has a dynamic public ip without the use of a (my own) vpn server with a static ip placed elsewhere?
Eric
It depends on where you are and what kind of address you want to have. Here in the Netherlands I have just setup an OpenVPN server that can be used for this for addresses within 44.137.0.0/16. Anyone with such an address can just mail me and I'll send them a certificate and example config file.
I plan to enable PPTP, L2TP/IPsec and IPsec as well as demand arises.
There is an OpenVPN service in Finland as well, see http://wiki.ampr.org/index.php/AMPRNet_VPN I think they are open for registration from anywhere (not just Finland).
Of course best is when you start a server in your own area.
Rob
-
Eric Fort -
Rob Janssen