On a somewhat related note: people, please include some filtering in your gateways to drop the packets with an RFC1918 source or destination address (the 192.168 networks etc) before forwarding them over tunnels. There are several other filters that you can apply, depending on the position of your gateway in the network, including the verification that the source address of packets is within your gatewayed subnet.
I have filters with logging on the tunnel interfaces and it is unbelievable how many 192.168.88.x and 10.x.y.z packets I see being dropped. A little output filtering does not hurt!
Rob
please include some filtering in your gateways
Good practices and how to filter with the various platforms would be good wiki pages:
http://wiki.ampr.org/index.php/Special:AllPages
Bill
The wiki threw an error
A database query error has occurred. This may indicate a bug in the software.
at the page
http://wiki.ampr.org/index.php?search=Macintosh&title=Special%3ASearch&a...
as I was looking for instructions on how to set up a net 44 tunnel from my Macbook running Mavericks and Tunnelblick.
On Thu, Feb 11, 2016 at 2:52 PM, Bill Vodall wa7nwp@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________
please include some filtering in your gateways
Good practices and how to filter with the various platforms would be good wiki pages:
http://wiki.ampr.org/index.php/Special:AllPages
Bill _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Should be fixed now?
Chris
On 14 Feb 2016, at 15:55, Edward Vielmetti emv@monkey.org wrote:
(Please trim inclusions from previous messages) _______________________________________________ The wiki threw an error
A database query error has occurred. This may indicate a bug in the software.
at the page
http://wiki.ampr.org/index.php?search=Macintosh&title=Special%3ASearch&a...
as I was looking for instructions on how to set up a net 44 tunnel from my Macbook running Mavericks and Tunnelblick.
On Thu, Feb 11, 2016 at 2:52 PM, Bill Vodall wa7nwp@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________
please include some filtering in your gateways
Good practices and how to filter with the various platforms would be good wiki pages:
http://wiki.ampr.org/index.php/Special:AllPages
Bill _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
-- Edward Vielmetti.
eep eep.
-
Bill Vodall -
Edward Vielmetti -
G1FEF -
Rob Janssen