After completing a successful experiment that demonstrated just how easy it can be to connect to amprnet without any need for a static public ip address and by just a few peers working together I'm looking for interested parties that may be interested in sharing the cost of a cloud based vpn server which would then host a 44/24 netblock routed via bgp. use of standard vpn tools makes this setup extremely easy and usable/compatable with NAT firewalls, and standard dynamic routing protocols and tools make things easy as well. I'd like to set this up based in the usa on plenty of bandwidth. please speak up if you would be willing to share cost and help make a go of this.
Eric AF6EP
Hi Eric,
Do you have any particular services in mind? Depending on your application (such as scale/data requirements) it looks like you could use on-demand services from Amazon for something like this (via Direct Connect), should you really really want to do it.
With that said, I am not sure what the advantage of this is (aside from perhaps the dynamic IP issue you mention), though, since you could always write a script to login to the AMPRNet portal and tweak the IPIP tunnels with any WAN IP address updates. When you have the free gateway over in California already, it seems like that would be the way to go aside from directly advertising your own BGP CIDR block.
-Andrew Kc2LTO
On Tue, May 12, 2015 at 8:01 PM, Eric Fort eric.fort@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ After completing a successful experiment that demonstrated just how easy it can be to connect to amprnet without any need for a static public ip address and by just a few peers working together I'm looking for interested parties that may be interested in sharing the cost of a cloud based vpn server which would then host a 44/24 netblock routed via bgp. use of standard vpn tools makes this setup extremely easy and usable/compatable with NAT firewalls, and standard dynamic routing protocols and tools make things easy as well. I'd like to set this up based in the usa on plenty of bandwidth. please speak up if you would be willing to share cost and help make a go of this.
Eric AF6EP
there are 2 problems here which I'm working to address. The first being that even though ipip tunneling is defined via rfc it's still relitively nonstandard and I can't think of anywhere other than amateur radio / 44net where it is used, much less used widely. It's also not generally handeled well by many consumer grade household nat routers. I can't go to the web interface on my cheapo whatever name consumer router and set up the tunnel(s) I need to import a link to amprnet. If Tunnels are done with something like IPSec, PPTP, or OpenVPN it's much better supported and is easier to setup. the edge connections can simply establish their link(s) to one or more hubs with known static IP, be assigned/connected to a netblock, and be in business just by using their basic consumer grade router and no other fancy or overly technical setup. the second is the issue of static ip and roaming nodes. it would be incredibly useful to where I am, given some form of internet connection to have access to ampr resources and netblock. this simply does not work with the present system of static allocation. immagine an app for your phone that lit up the 44/x you have been allocated by your cordinator on a hotspot created by your phone. I can think of more than just a few places where that could be useful. Having this BGP announced helps reduce latency and relieves traffic from SDSU while following best networking practice. That said, who might like to share in lighting up such a service for the amateur radio amprnet networking community? Really this is no different than supporting your favorite voice repeater. as a shared community resource that costs money to run and maintain it's a project that's deserving of support by the community and those who would make use of it.
Eric AF6EP
On Tue, May 12, 2015 at 7:55 PM, Andrew Ragone (RIT Alumni) <ajr9166@rit.edu
wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hi Eric,
Do you have any particular services in mind? Depending on your application (such as scale/data requirements) it looks like you could use on-demand services from Amazon for something like this (via Direct Connect), should you really really want to do it.
With that said, I am not sure what the advantage of this is (aside from perhaps the dynamic IP issue you mention), though, since you could always write a script to login to the AMPRNet portal and tweak the IPIP tunnels with any WAN IP address updates. When you have the free gateway over in California already, it seems like that would be the way to go aside from directly advertising your own BGP CIDR block.
-Andrew Kc2LTO
On Tue, May 12, 2015 at 8:01 PM, Eric Fort eric.fort@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ After completing a successful experiment that demonstrated just how easy
it
can be to connect to amprnet without any need for a static public ip address and by just a few peers working together I'm looking for
interested
parties that may be interested in sharing the cost of a cloud based vpn server which would then host a 44/24 netblock routed via bgp. use of standard vpn tools makes this setup extremely easy and usable/compatable with NAT firewalls, and standard dynamic routing protocols and tools make things easy as well. I'd like to set this up based in the usa on plenty
of
bandwidth. please speak up if you would be willing to share cost and
help
make a go of this.
Eric AF6EP
Eric et al;
Recently I figured out a similar method of connecting an endpoint from a low grade router using NAT on the amprnet without the need for any other routing overhead except ipencap. See n1uro.ampr.org/linuxconf/ amprnat.txt and ampr-with-nat.html if you want to read more about it. It's already being used in the Boston area with success. A static host such as you mention is needed and we're using one.
As for traffic on ucsd, if that's a major problem I would think BK would mention something, but for ampr to ampr points that should be pretty much point to point bypassing ucsd. Pardon my brevity, as I'm on a smartphone. Sent through via axMail-fax by N1URO.
Sent with AquaMail for Android http://www.aqua-mail.com
You STILL need IPencap which is generally nonstandard and not well supported or easy to setup. One needs linux and the ability to configure it to make it work, and one can't host a netblock on their lan with it. After trying out and seeing how well it works with a simple supported vpn connection, I'd like to get others involved in setting up and supporting a shared resource that makes things easy and painless.
As for amprnet hosts routing point to point, many of us are still stuck on manually receiving what amounts to a hosts file and updating routes manually. those that do run a dynamic routing protocol (rip) are forced to run a bastardized and nonstandard version of said daemon such that it's compatible and works with amprnet.
What I'm proposing should be relatively plug and play with support for just about any device that speaks IP.
Eric AF6EP
On Tue, May 12, 2015 at 9:17 PM, Brian n1uro@n1uro.ampr.org wrote:
(Please trim inclusions from previous messages) _______________________________________________ Eric et al;
Recently I figured out a similar method of connecting an endpoint from a low grade router using NAT on the amprnet without the need for any other routing overhead except ipencap. See n1uro.ampr.org/linuxconf/ amprnat.txt and ampr-with-nat.html if you want to read more about it. It's already being used in the Boston area with success. A static host such as you mention is needed and we're using one.
As for traffic on ucsd, if that's a major problem I would think BK would mention something, but for ampr to ampr points that should be pretty much point to point bypassing ucsd. Pardon my brevity, as I'm on a smartphone. Sent through via axMail-fax by N1URO.
Sent with AquaMail for Android http://www.aqua-mail.com
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
On 13.5.2015. 04:55, Andrew Ragone (RIT Alumni) wrote:
With that said, I am not sure what the advantage of this is (aside from perhaps the dynamic IP issue you mention), though, since you could always write a script to login to the AMPRNet portal and tweak the IPIP tunnels with any WAN IP address updates. When you have the free gateway over in California already, it seems like that would be the way to go aside from directly advertising your own BGP CIDR block.
I guess this would allow anyone with any decent router with VPN client capability) to be able to connect to 44net without requirements for struggling with dedicated computer and very specific installation to make it run.
--- This email has been checked for viruses by Avast antivirus software. http://www.avast.com
On Wed, May 13, 2015 at 1:20 AM, Pedja YT9TP yt9tp@uzice.net wrote:
(Please trim inclusions from previous messages) _______________________________________________
On 13.5.2015. 04:55, Andrew Ragone (RIT Alumni) wrote:
With that said, I am not sure what the advantage of this is (aside from perhaps the dynamic IP issue you mention), though, since you could always write a script to login to the AMPRNet portal and tweak the IPIP tunnels with any WAN IP address updates. When you have the free gateway over in California already, it seems like that would be the way to go aside from directly advertising your own BGP CIDR block.
I guess this would allow anyone with any decent router with VPN client capability) to be able to connect to 44net without requirements for struggling with dedicated computer and very specific installation to make it run.
Yes, exactly and well said! that's exactly the point I've been pushing
for a long time. the single dedicated IP is taken care of by the cloud based hub and a relitively simple setup on your client router at your network edge simply makes 44net show up on your lan. no dedicated machine, no dedicated or special software, no having to write custom config files, just easy and instantly deployable using standard protocols used everyday that real people use often and understand.
Eric
This email has been checked for viruses by Avast antivirus software. http://www.avast.com
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
-
Andrew Ragone (RIT Alumni) -
Brian -
Eric Fort -
Pedja YT9TP