9 May
2019
9 May
'19
5:13 a.m.
I cant figure out where to go
from here. Can anyone point me in the right direction in how to get the
routes set up for my little subnet?
You can't.
Such a VPN offers you a connection, with an IP, and routes traffic for that IP to you.
You cannot route arbitrary subnets over that because you cannot setup routes on the VPN
server
pointing to your subnet.
If that is what you want, you need to setup a gateway on the IPIP tunnel mesh.
Or, find someone else who has done that and arrange for some VPN between you two.
Rob
9 May
9 May
5:30 a.m.
New subject: VPN Question
If the subnet is routed to the openvpn server, the openvpn server can route that network
to the endpoint.
Ruben - ON3RVH
On 9 May 2019, at 11:14, Rob Janssen <pe1chl(a)amsat.org> wrote:
I cant figure
out where to go
from here. Can anyone point me in the right direction in how to get the
routes set up for my little subnet?
You can't.
Such a VPN offers you a connection, with an IP, and routes traffic for that IP to you.
You cannot route arbitrary subnets over that because you cannot setup routes on the VPN
server
pointing to your subnet.
If that is what you want, you need to setup a gateway on the IPIP tunnel mesh.
Or, find someone else who has done that and arrange for some VPN between you two.
Rob
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net 
10 May
10 May
11:29 a.m.
New subject: VPN Question
On Thu, 9 May 2019, Ruben ON3RVH wrote:
If the subnet is routed to the openvpn server, the
openvpn server can
route that network to the endpoint.
This particular openvpn server (that I run) does not offer such a service.
It allows you to get connected to AMPRnet, but I don't have the time to do
custom configurations to route subnets or do other per-user manual
tweaking at this time.
So, Rob's "You can't" answer is correct. You'll get the dynamic
44.139.11.x IP address and you can use that to communicate with the
amprnet. Sorry!
- Hessu
On 9 May 2019, at 11:14, Rob Janssen
<pe1chl(a)amsat.org> wrote:
>> I cant figure out where to go
>> from here. Can anyone point me in the right direction in how to get the
>> routes set up for my little subnet?
>
> You can't.
> Such a VPN offers you a connection, with an IP, and routes traffic for that IP to
you.
> You cannot route arbitrary subnets over that because you cannot setup routes on the
VPN server
> pointing to your subnet.
>
> If that is what you want, you need to setup a gateway on the IPIP tunnel mesh.
> Or, find someone else who has done that and arrange for some VPN between you two.
>
> Rob
11:51 a.m.
New subject: VPN Question
Ok thank you! So the ip in the 44.139.11.x range becomes the gateway, then
just set up ipencap like normal?
-Nate
On Fri, May 10, 2019 at 8:29 AM Heikki Hannikainen <hessu(a)hes.iki.fi> wrote:
On Thu, 9 May 2019, Ruben ON3RVH wrote:
If the subnet is routed to the openvpn server,
the openvpn server can
route that network to the endpoint.
This particular openvpn server (that I run) does not offer such a service.
It allows you to get connected to AMPRnet, but I don't have the time to do
custom configurations to route subnets or do other per-user manual
tweaking at this time.
So, Rob's "You can't" answer is correct. You'll get the dynamic
44.139.11.x IP address and you can use that to communicate with the
amprnet. Sorry!
- Hessu
On 9 May 2019, at 11:14, Rob Janssen
<pe1chl(a)amsat.org> wrote:
>> I cant figure out where to go
>> from here. Can anyone point me in the right direction in how to get the
>> routes set up for my little subnet?
>
> You can't.
> Such a VPN offers you a connection, with an IP, and routes traffic for
that IP
to you.
> You cannot route arbitrary subnets over that
because you cannot setup
routes on the VPN server
> pointing to your subnet.
>
> If that is what you want, you need to setup a gateway on the IPIP
tunnel
mesh.
> Or, find someone else who has done that and
arrange for some VPN
between you two.
>
> Rob
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
5:27 p.m.
New subject: VPN Question
Hi,
No. If you're using ipencap to join the amprnet tunnel mesh, you don't
need to use my VPN service.
If you use the VPN, you can't use ipencap at the same time.
With the VPN you get a single tunnel to the Amprnet, and you'll be
assigned a dynamic 44.139.11.x IP address during the VPN session.
It is not possible to route your own 44.x.y.z subnet via this VPN. You're
limited to communicating with the dynamic 44.139.11.x address assigned to
you by the VPN server. Sorry!
On Fri, 10 May 2019, Nate Sales wrote:
Ok thank you! So the ip in the 44.139.11.x range
becomes the gateway, then
just set up ipencap like normal?
-Nate
On Fri, May 10, 2019 at 8:29 AM Heikki Hannikainen <hessu(a)hes.iki.fi> wrote:
- Hessu
On Thu, 9 May 2019, Ruben ON3RVH wrote:
If the subnet is routed to the openvpn server,
the openvpn server can
route that network to the endpoint.
This particular openvpn server (that I run) does not offer such a service.
It allows you to get connected to AMPRnet, but I don't have the time to do
custom configurations to route subnets or do other per-user manual
tweaking at this time.
So, Rob's "You can't" answer is correct. You'll get the dynamic
44.139.11.x IP address and you can use that to communicate with the
amprnet. Sorry!
- Hessu
On 9 May 2019, at 11:14, Rob Janssen
<pe1chl(a)amsat.org> wrote:
>> I cant figure out where to go
>> from here. Can anyone point me in the right direction in how to get the
>> routes set up for my little subnet?
>
> You can't.
> Such a VPN offers you a connection, with an IP, and routes traffic for
that IP
to you.
> You cannot route arbitrary subnets over that
because you cannot setup
routes on the VPN server
> pointing to your subnet.
>
> If that is what you want, you need to setup a gateway on the IPIP
tunnel
mesh.
> Or, find someone else who has done that and
arrange for some VPN
between you two.
>
> Rob
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
8:24 p.m.
New subject: VPN Question
Thank you for explaining, I totally misunderstood the purpose. Either way,
thanks for the quick responses, I really appreciate it. I was mainly
looking at https://qsl.net/k/kb9mwr//wapr/tcpip/lotw-vpn.html which led me
to believe that was possible.
-Nate
On Fri, May 10, 2019 at 2:28 PM Heikki Hannikainen <hessu(a)hes.iki.fi> wrote:
Hi,
No. If you're using ipencap to join the amprnet tunnel mesh, you don't
need to use my VPN service.
If you use the VPN, you can't use ipencap at the same time.
With the VPN you get a single tunnel to the Amprnet, and you'll be
assigned a dynamic 44.139.11.x IP address during the VPN session.
It is not possible to route your own 44.x.y.z subnet via this VPN. You're
limited to communicating with the dynamic 44.139.11.x address assigned to
you by the VPN server. Sorry!
On Fri, 10 May 2019, Nate Sales wrote:
- Hessu
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
Ok thank you! So the ip in the 44.139.11.x range
becomes the gateway,
then
just set up ipencap like normal?
-Nate
On Fri, May 10, 2019 at 8:29 AM Heikki Hannikainen <hessu(a)hes.iki.fi>
wrote:
> On Thu, 9 May 2019, Ruben ON3RVH wrote:
>
>> If the subnet is routed to the openvpn server, the openvpn server can
>> route that network to the endpoint.
>
> This particular openvpn server (that I run) does not offer such a
service.
> It allows you to get connected to AMPRnet,
but I don't have the time to
do
> custom configurations to route subnets or do
other per-user manual
> tweaking at this time.
>
> So, Rob's "You can't" answer is correct. You'll get the
dynamic
> 44.139.11.x IP address and you can use that to communicate with the
> amprnet. Sorry!
>
> - Hessu
>
>
>> On 9 May 2019, at 11:14, Rob Janssen <pe1chl(a)amsat.org> wrote:
>>
>>>> I cant figure out where to go
>>>> from here. Can anyone point me in the right direction in how to get
the
>> routes set up for my little subnet?
>
> You can't.
> Such a VPN offers you a connection, with an IP, and routes traffic for
that IP
to you.
> You cannot route arbitrary subnets over that
because you cannot setup
routes on the VPN server
> pointing to your subnet.
>
> If that is what you want, you need to setup a gateway on the IPIP
tunnel
mesh.
> Or, find someone else who has done that and
arrange for some VPN
between you two.
>
> Rob
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
11 May
11 May
2:38 a.m.
New subject: VPN Question
Nate,
If you run your own VPN server, which is connected to the ipencap tunnel
mesh, it is possible to further route subnets to VPN clients. So,
technically, it is *possible*.
It's just not the intention of this particular VPN server to provide that
service, as it would require custom configs to be edited and maintained
for all clients wishing to get those subnets routed, and I don't have the
time to do that for everyone. The VPN server in it's current form requires
about zero maintenance (apart from operating system security upgrades) as
I don't need to tell the server about all possible clients, it just trusts
the LotW certificates and lets anyone with a valid cert & private key to
connect.
The size of my family increased by slightly over 30% this week (volumetric
increase wasn't that big though), so I'm a bit more busy than before. :)
On Fri, 10 May 2019, Nate Sales wrote:
Thank you for explaining, I totally misunderstood the
purpose. Either way,
thanks for the quick responses, I really appreciate it. I was mainly
looking at https://qsl.net/k/kb9mwr//wapr/tcpip/lotw-vpn.html which led me
to believe that was possible.
-Nate
On Fri, May 10, 2019 at 2:28 PM Heikki Hannikainen <hessu(a)hes.iki.fi> wrote:
- Hessu
Hi,
No. If you're using ipencap to join the amprnet tunnel mesh, you don't
need to use my VPN service.
If you use the VPN, you can't use ipencap at the same time.
With the VPN you get a single tunnel to the Amprnet, and you'll be
assigned a dynamic 44.139.11.x IP address during the VPN session.
It is not possible to route your own 44.x.y.z subnet via this VPN. You're
limited to communicating with the dynamic 44.139.11.x address assigned to
you by the VPN server. Sorry!
On Fri, 10 May 2019, Nate Sales wrote:
- Hessu
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
Ok thank you! So the ip in the 44.139.11.x range
becomes the gateway,
then
just set up ipencap like normal?
-Nate
On Fri, May 10, 2019 at 8:29 AM Heikki Hannikainen <hessu(a)hes.iki.fi>
wrote:
> On Thu, 9 May 2019, Ruben ON3RVH wrote:
>
>> If the subnet is routed to the openvpn server, the openvpn server can
>> route that network to the endpoint.
>
> This particular openvpn server (that I run) does not offer such a
service.
> It allows you to get connected to AMPRnet,
but I don't have the time to
do
> custom configurations to route subnets or do
other per-user manual
> tweaking at this time.
>
> So, Rob's "You can't" answer is correct. You'll get the
dynamic
> 44.139.11.x IP address and you can use that to communicate with the
> amprnet. Sorry!
>
> - Hessu
>
>
>> On 9 May 2019, at 11:14, Rob Janssen <pe1chl(a)amsat.org> wrote:
>>
>>>> I cant figure out where to go
>>>> from here. Can anyone point me in the right direction in how to get
the
>>> routes set up for my little subnet?
>>
>> You can't.
>> Such a VPN offers you a connection, with an IP, and routes traffic for
that IP to you.
>> You cannot route arbitrary subnets over that because you cannot setup
routes on the VPN server
>> pointing to your subnet.
>>
>> If that is what you want, you need to setup a gateway on the IPIP
tunnel mesh.
>> Or, find someone else who has done that and arrange for some VPN
between you two.
>>
>> Rob
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
3:59 a.m.
New subject: VPN Question
On 11/05/19 16:38, Heikki Hannikainen wrote:
Nate,
If you run your own VPN server, which is connected to the ipencap
tunnel mesh, it is possible to further route subnets to VPN clients.
So, technically, it is *possible*.
Possible, yes. I have done this in a corporate
network setting.... BUT.
It's just not the intention of this particular VPN server to provide
that service, as it would require custom configs to be edited and
maintained for all clients wishing to get those subnets routed, and I
don't have the time to do that for everyone. The VPN server in it's
current form requires about zero maintenance (apart from operating
system security upgrades) as I don't need to tell the server about all
possible clients, it just trusts the LotW certificates and lets anyone
with a valid cert & private key to connect.
Correct. Your approach saves you a
lot of work in maintaining custom
configs. They are a lot of work, if you have a lot of users.
Fortunately, I only had a couple of subnets to route and a couple of
single PC users, which wasn't too onerous. But a public or semi-public
system is a different ball game, and your decision is a sound one from a
sustainability POV.
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
1833
days inactive
1835
days old
7 comments
5 participants
participants (5)
-
Heikki Hannikainen -
Nate Sales -
Rob Janssen -
Ruben ON3RVH -
Tony Langdon