I cant figure out where to go from here. Can anyone point me in the right direction in how to get the routes set up for my little subnet?
You can't. Such a VPN offers you a connection, with an IP, and routes traffic for that IP to you. You cannot route arbitrary subnets over that because you cannot setup routes on the VPN server pointing to your subnet.
If that is what you want, you need to setup a gateway on the IPIP tunnel mesh. Or, find someone else who has done that and arrange for some VPN between you two.
Rob
If the subnet is routed to the openvpn server, the openvpn server can route that network to the endpoint.
Ruben - ON3RVH
On 9 May 2019, at 11:14, Rob Janssen pe1chl@amsat.org wrote:
I cant figure out where to go from here. Can anyone point me in the right direction in how to get the routes set up for my little subnet?
You can't. Such a VPN offers you a connection, with an IP, and routes traffic for that IP to you. You cannot route arbitrary subnets over that because you cannot setup routes on the VPN server pointing to your subnet.
If that is what you want, you need to setup a gateway on the IPIP tunnel mesh. Or, find someone else who has done that and arrange for some VPN between you two.
Rob
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
On Thu, 9 May 2019, Ruben ON3RVH wrote:
If the subnet is routed to the openvpn server, the openvpn server can route that network to the endpoint.
This particular openvpn server (that I run) does not offer such a service. It allows you to get connected to AMPRnet, but I don't have the time to do custom configurations to route subnets or do other per-user manual tweaking at this time.
So, Rob's "You can't" answer is correct. You'll get the dynamic 44.139.11.x IP address and you can use that to communicate with the amprnet. Sorry!
- Hessu
On 9 May 2019, at 11:14, Rob Janssen pe1chl@amsat.org wrote:
I cant figure out where to go from here. Can anyone point me in the right direction in how to get the routes set up for my little subnet?
You can't. Such a VPN offers you a connection, with an IP, and routes traffic for that IP to you. You cannot route arbitrary subnets over that because you cannot setup routes on the VPN server pointing to your subnet.
If that is what you want, you need to setup a gateway on the IPIP tunnel mesh. Or, find someone else who has done that and arrange for some VPN between you two.
Rob
Ok thank you! So the ip in the 44.139.11.x range becomes the gateway, then just set up ipencap like normal? -Nate
On Fri, May 10, 2019 at 8:29 AM Heikki Hannikainen hessu@hes.iki.fi wrote:
On Thu, 9 May 2019, Ruben ON3RVH wrote:
If the subnet is routed to the openvpn server, the openvpn server can route that network to the endpoint.
This particular openvpn server (that I run) does not offer such a service. It allows you to get connected to AMPRnet, but I don't have the time to do custom configurations to route subnets or do other per-user manual tweaking at this time.
So, Rob's "You can't" answer is correct. You'll get the dynamic 44.139.11.x IP address and you can use that to communicate with the amprnet. Sorry!
- Hessu
On 9 May 2019, at 11:14, Rob Janssen pe1chl@amsat.org wrote:
I cant figure out where to go from here. Can anyone point me in the right direction in how to get the routes set up for my little subnet?
You can't. Such a VPN offers you a connection, with an IP, and routes traffic for
that IP to you.
You cannot route arbitrary subnets over that because you cannot setup
routes on the VPN server
pointing to your subnet.
If that is what you want, you need to setup a gateway on the IPIP
tunnel mesh.
Or, find someone else who has done that and arrange for some VPN
between you two.
Rob
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Hi,
No. If you're using ipencap to join the amprnet tunnel mesh, you don't need to use my VPN service.
If you use the VPN, you can't use ipencap at the same time.
With the VPN you get a single tunnel to the Amprnet, and you'll be assigned a dynamic 44.139.11.x IP address during the VPN session.
It is not possible to route your own 44.x.y.z subnet via this VPN. You're limited to communicating with the dynamic 44.139.11.x address assigned to you by the VPN server. Sorry!
On Fri, 10 May 2019, Nate Sales wrote:
Ok thank you! So the ip in the 44.139.11.x range becomes the gateway, then just set up ipencap like normal? -Nate
On Fri, May 10, 2019 at 8:29 AM Heikki Hannikainen hessu@hes.iki.fi wrote:
On Thu, 9 May 2019, Ruben ON3RVH wrote:
If the subnet is routed to the openvpn server, the openvpn server can route that network to the endpoint.
This particular openvpn server (that I run) does not offer such a service. It allows you to get connected to AMPRnet, but I don't have the time to do custom configurations to route subnets or do other per-user manual tweaking at this time.
So, Rob's "You can't" answer is correct. You'll get the dynamic 44.139.11.x IP address and you can use that to communicate with the amprnet. Sorry!
- Hessu
On 9 May 2019, at 11:14, Rob Janssen pe1chl@amsat.org wrote:
I cant figure out where to go from here. Can anyone point me in the right direction in how to get the routes set up for my little subnet?
You can't. Such a VPN offers you a connection, with an IP, and routes traffic for
that IP to you.
You cannot route arbitrary subnets over that because you cannot setup
routes on the VPN server
pointing to your subnet.
If that is what you want, you need to setup a gateway on the IPIP
tunnel mesh.
Or, find someone else who has done that and arrange for some VPN
between you two.
Rob
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
- Hessu
Thank you for explaining, I totally misunderstood the purpose. Either way, thanks for the quick responses, I really appreciate it. I was mainly looking at https://qsl.net/k/kb9mwr//wapr/tcpip/lotw-vpn.html which led me to believe that was possible. -Nate
On Fri, May 10, 2019 at 2:28 PM Heikki Hannikainen hessu@hes.iki.fi wrote:
Hi,
No. If you're using ipencap to join the amprnet tunnel mesh, you don't need to use my VPN service.
If you use the VPN, you can't use ipencap at the same time.
With the VPN you get a single tunnel to the Amprnet, and you'll be assigned a dynamic 44.139.11.x IP address during the VPN session.
It is not possible to route your own 44.x.y.z subnet via this VPN. You're limited to communicating with the dynamic 44.139.11.x address assigned to you by the VPN server. Sorry!
On Fri, 10 May 2019, Nate Sales wrote:
Ok thank you! So the ip in the 44.139.11.x range becomes the gateway,
then
just set up ipencap like normal? -Nate
On Fri, May 10, 2019 at 8:29 AM Heikki Hannikainen hessu@hes.iki.fi
wrote:
On Thu, 9 May 2019, Ruben ON3RVH wrote:
If the subnet is routed to the openvpn server, the openvpn server can route that network to the endpoint.
This particular openvpn server (that I run) does not offer such a
service.
It allows you to get connected to AMPRnet, but I don't have the time to
do
custom configurations to route subnets or do other per-user manual tweaking at this time.
So, Rob's "You can't" answer is correct. You'll get the dynamic 44.139.11.x IP address and you can use that to communicate with the amprnet. Sorry!
- Hessu
On 9 May 2019, at 11:14, Rob Janssen pe1chl@amsat.org wrote:
I cant figure out where to go from here. Can anyone point me in the right direction in how to get
the
routes set up for my little subnet?
You can't. Such a VPN offers you a connection, with an IP, and routes traffic for
that IP to you.
You cannot route arbitrary subnets over that because you cannot setup
routes on the VPN server
pointing to your subnet.
If that is what you want, you need to setup a gateway on the IPIP
tunnel mesh.
Or, find someone else who has done that and arrange for some VPN
between you two.
Rob
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
- Hessu
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Nate,
If you run your own VPN server, which is connected to the ipencap tunnel mesh, it is possible to further route subnets to VPN clients. So, technically, it is *possible*.
It's just not the intention of this particular VPN server to provide that service, as it would require custom configs to be edited and maintained for all clients wishing to get those subnets routed, and I don't have the time to do that for everyone. The VPN server in it's current form requires about zero maintenance (apart from operating system security upgrades) as I don't need to tell the server about all possible clients, it just trusts the LotW certificates and lets anyone with a valid cert & private key to connect.
The size of my family increased by slightly over 30% this week (volumetric increase wasn't that big though), so I'm a bit more busy than before. :)
On Fri, 10 May 2019, Nate Sales wrote:
Thank you for explaining, I totally misunderstood the purpose. Either way, thanks for the quick responses, I really appreciate it. I was mainly looking at https://qsl.net/k/kb9mwr//wapr/tcpip/lotw-vpn.html which led me to believe that was possible. -Nate
On Fri, May 10, 2019 at 2:28 PM Heikki Hannikainen hessu@hes.iki.fi wrote:
Hi,
No. If you're using ipencap to join the amprnet tunnel mesh, you don't need to use my VPN service.
If you use the VPN, you can't use ipencap at the same time.
With the VPN you get a single tunnel to the Amprnet, and you'll be assigned a dynamic 44.139.11.x IP address during the VPN session.
It is not possible to route your own 44.x.y.z subnet via this VPN. You're limited to communicating with the dynamic 44.139.11.x address assigned to you by the VPN server. Sorry!
On Fri, 10 May 2019, Nate Sales wrote:
Ok thank you! So the ip in the 44.139.11.x range becomes the gateway,
then
just set up ipencap like normal? -Nate
On Fri, May 10, 2019 at 8:29 AM Heikki Hannikainen hessu@hes.iki.fi
wrote:
On Thu, 9 May 2019, Ruben ON3RVH wrote:
If the subnet is routed to the openvpn server, the openvpn server can route that network to the endpoint.
This particular openvpn server (that I run) does not offer such a
service.
It allows you to get connected to AMPRnet, but I don't have the time to
do
custom configurations to route subnets or do other per-user manual tweaking at this time.
So, Rob's "You can't" answer is correct. You'll get the dynamic 44.139.11.x IP address and you can use that to communicate with the amprnet. Sorry!
- Hessu
On 9 May 2019, at 11:14, Rob Janssen pe1chl@amsat.org wrote:
> I cant figure out where to go > from here. Can anyone point me in the right direction in how to get
the
> routes set up for my little subnet?
You can't. Such a VPN offers you a connection, with an IP, and routes traffic for
that IP to you.
You cannot route arbitrary subnets over that because you cannot setup
routes on the VPN server
pointing to your subnet.
If that is what you want, you need to setup a gateway on the IPIP
tunnel mesh.
Or, find someone else who has done that and arrange for some VPN
between you two.
Rob
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
- Hessu
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
- Hessu
On 11/05/19 16:38, Heikki Hannikainen wrote:
Nate,
If you run your own VPN server, which is connected to the ipencap tunnel mesh, it is possible to further route subnets to VPN clients. So, technically, it is *possible*.
Possible, yes. I have done this in a corporate network setting.... BUT.
It's just not the intention of this particular VPN server to provide that service, as it would require custom configs to be edited and maintained for all clients wishing to get those subnets routed, and I don't have the time to do that for everyone. The VPN server in it's current form requires about zero maintenance (apart from operating system security upgrades) as I don't need to tell the server about all possible clients, it just trusts the LotW certificates and lets anyone with a valid cert & private key to connect.
Correct. Your approach saves you a lot of work in maintaining custom configs. They are a lot of work, if you have a lot of users. Fortunately, I only had a couple of subnets to route and a couple of single PC users, which wasn't too onerous. But a public or semi-public system is a different ball game, and your decision is a sound one from a sustainability POV.
-
Heikki Hannikainen -
Nate Sales -
Rob Janssen -
Ruben ON3RVH -
Tony Langdon