a few weeks ago somone linked to a really good youtube video on setting up a vm as a bgp router with bird and open vpn.
now I cant find the post, the video or the link. could someone please repost this or at least send me the link. I want to get 44.18.28/22 routed as I have a network which it was ontained for now needing built. bgp is working TO my vm at vultr but I need to get the vpn side working out to the sites.
Eric
af6ep
This one?
https://www.youtube.com/watch?v=OxsmGaFZ2MM
Ron W6RZ
On 5/16/21 8:06 PM, Af6ep via 44Net wrote:
a few weeks ago somone linked to a really good youtube video on setting up a vm as a bgp router with bird and open vpn.
now I cant find the post, the video or the link. could someone please repost this or at least send me the link. I want to get 44.18.28/22 routed as I have a network which it was ontained for now needing built. bgp is working TO my vm at vultr but I need to get the vpn side working out to the sites.
Eric
af6ep _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Perfect, thanks!......
Actually it's this one I was looking for:
https://youtu.be/OxsmGaFZ2MM?t=1500
but only because I've now adjusted the start time to cut out / skip over the issue of WHAT 44NET is, and WHY you may want to do this so as to get direct to the lesson on actually doing. I'm doing this on Vultr and debian so it will be a bit different...... but not by much..... It is my hope that when I'm done I'll have a debian image one can simply ask for, use cookbook directions to modify the appropriate files, and be quickly up and running. I'll also include directions to build the most current image starting with a bare bones install of debian current or testing. (my version of building the image should go something like bring up the debian vps, apt-get update; apt-get upgrade; apt-get install bird2 bird2-doc openvpn bind9 bind9-doc ufw resolvconf dnsutils....... that way this one vps can act to route the one or more bgp subnets to their subsubnet locations via vpn and act as a stealth primary forward and reverse nameserver for the ip space it handles.) Mail, net-news, and https et al can have their own servers wherever on your network.
Eric
AF6EP
On 2021-05-16 23:07, Ron Economos via 44Net wrote:
This one?
https://www.youtube.com/watch?v=OxsmGaFZ2MM
Ron W6RZ
On 5/16/21 8:06 PM, Af6ep via 44Net wrote:
a few weeks ago somone linked to a really good youtube video on setting up a vm as a bgp router with bird and open vpn.
now I cant find the post, the video or the link. could someone please repost this or at least send me the link. I want to get 44.18.28/22 routed as I have a network which it was ontained for now needing built. bgp is working TO my vm at vultr but I need to get the vpn side working out to the sites.
Eric
af6ep _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Glad my talk will be helpful. A lot of people use VULTR, so you should be successful.
On Mon, May 17, 2021 at 2:55 PM Af6ep via 44Net 44net@mailman.ampr.org wrote:
Perfect, thanks!......
Actually it's this one I was looking for:
https://youtu.be/OxsmGaFZ2MM?t=1500
but only because I've now adjusted the start time to cut out / skip over the issue of WHAT 44NET is, and WHY you may want to do this so as to get direct to the lesson on actually doing. I'm doing this on Vultr and debian so it will be a bit different...... but not by much..... It is my hope that when I'm done I'll have a debian image one can simply ask for, use cookbook directions to modify the appropriate files, and be quickly up and running. I'll also include directions to build the most current image starting with a bare bones install of debian current or testing. (my version of building the image should go something like bring up the debian vps, apt-get update; apt-get upgrade; apt-get install bird2 bird2-doc openvpn bind9 bind9-doc ufw resolvconf dnsutils....... that way this one vps can act to route the one or more bgp subnets to their subsubnet locations via vpn and act as a stealth primary forward and reverse nameserver for the ip space it handles.) Mail, net-news, and https et al can have their own servers wherever on your network.
Eric
AF6EP
On 2021-05-16 23:07, Ron Economos via 44Net wrote:
This one?
https://www.youtube.com/watch?v=OxsmGaFZ2MM
Ron W6RZ
On 5/16/21 8:06 PM, Af6ep via 44Net wrote:
a few weeks ago somone linked to a really good youtube video on setting up a vm as a bgp router with bird and open vpn.
now I cant find the post, the video or the link. could someone please repost this or at least send me the link. I want to get 44.18.28/22 routed as I have a network which it was ontained for now needing built. bgp is working TO my vm at vultr but I need to get the vpn side working out to the sites.
Eric
af6ep ___
I would not build a Debian image. It will never be updated and will lead to security issues. A good walkthrough with all the commands and some scripts or demo config files is a far better option and a good firewall setting walk-through is also a big plus.
There is a really good Vultr blog post on how to configure your VPS for BGP. The only thing it has not is the VPN config. Extra tip: ditch Bind, use PowerDNS. It is more secure and still very easy to configure.
73
Ruben ON3RVH
-----Original Message----- From: 44Net 44net-bounces+on3rvh=on3rvh.be@mailman.ampr.org On Behalf Of Af6ep via 44Net Sent: Monday, May 17, 2021 23:53 To: 44Net general discussion 44net@mailman.ampr.org Cc: eric.fort.listmail@fortconsulting.org Subject: Re: [44net] bgp router setup
Perfect, thanks!......
Actually it's this one I was looking for:
https://youtu.be/OxsmGaFZ2MM?t=1500
but only because I've now adjusted the start time to cut out / skip over the issue of WHAT 44NET is, and WHY you may want to do this so as to get direct to the lesson on actually doing. I'm doing this on Vultr and debian so it will be a bit different...... but not by much..... It is my hope that when I'm done I'll have a debian image one can simply ask for, use cookbook directions to modify the appropriate files, and be quickly up and running. I'll also include directions to build the most current image starting with a bare bones install of debian current or testing. (my version of building the image should go something like bring up the debian vps, apt-get update; apt-get upgrade; apt-get install bird2 bird2-doc openvpn bind9 bind9-doc ufw resolvconf dnsutils....... that way this one vps can act to route the one or more bgp subnets to their subsubnet locations via vpn and act as a stealth primary forward and reverse nameserver for the ip space it handles.) Mail, net-news, and https et al can have their own servers wherever on your network.
Eric
AF6EP
On 2021-05-16 23:07, Ron Economos via 44Net wrote:
This one?
https://www.youtube.com/watch?v=OxsmGaFZ2MM
Ron W6RZ
On 5/16/21 8:06 PM, Af6ep via 44Net wrote:
a few weeks ago somone linked to a really good youtube video on setting up a vm as a bgp router with bird and open vpn.
now I cant find the post, the video or the link. could someone please repost this or at least send me the link. I want to get 44.18.28/22 routed as I have a network which it was ontained for now needing built. bgp is working TO my vm at vultr but I need to get the vpn side working out to the sites.
Eric
af6ep _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
On 2021-05-17 22:38, Ruben ON3RVH via 44Net wrote:
I would not build a Debian image. It will never be updated and will lead to security issues.
This just means that myself and the community will have to keep it updated which I do not envision to be to difficult as all it is is a specific selection of current debian packages preselected for the task at hand. The beginning image should be able to auto generate for that matter.
A good walkthrough with all the commands and some scripts or demo config files is a far better option and a good firewall setting walk-through is also a big plus.
the walkthrough will still be required. again all the image is is the proper package files selected such that openvpn and bird are already there and updatable from the standard repos. all the config files will still require editing at least or until someone writes some fancy scripts to compose all the config filesfrom user input.
There is a really good Vultr blog post on how to configure your VPS for BGP. The only thing it has not is the VPN config.
yes, I have that part working.
Extra tip: ditch Bind, use PowerDNS. It is more secure and still very easy to configure.
Thanks, Ill look at it. I do really like Bind though.
Eric, AF6EP
73
Ruben ON3RVH
-----Original Message----- From: 44Net 44net-bounces+on3rvh=on3rvh.be@mailman.ampr.org On Behalf Of Af6ep via 44Net Sent: Monday, May 17, 2021 23:53 To: 44Net general discussion 44net@mailman.ampr.org Cc: eric.fort.listmail@fortconsulting.org Subject: Re: [44net] bgp router setup
Perfect, thanks!......
Actually it's this one I was looking for:
https://youtu.be/OxsmGaFZ2MM?t=1500
but only because I've now adjusted the start time to cut out / skip over the issue of WHAT 44NET is, and WHY you may want to do this so as to get direct to the lesson on actually doing. I'm doing this on Vultr and debian so it will be a bit different...... but not by much..... It is my hope that when I'm done I'll have a debian image one can simply ask for, use cookbook directions to modify the appropriate files, and be quickly up and running. I'll also include directions to build the most current image starting with a bare bones install of debian current or testing. (my version of building the image should go something like bring up the debian vps, apt-get update; apt-get upgrade; apt-get install bird2 bird2-doc openvpn bind9 bind9-doc ufw resolvconf dnsutils....... that way this one vps can act to route the one or more bgp subnets to their subsubnet locations via vpn and act as a stealth primary forward and reverse nameserver for the ip space it handles.) Mail, net-news, and https et al can have their own servers wherever on your network.
Eric
AF6EP
On 2021-05-16 23:07, Ron Economos via 44Net wrote:
This one?
https://www.youtube.com/watch?v=OxsmGaFZ2MM
Ron W6RZ
On 5/16/21 8:06 PM, Af6ep via 44Net wrote:
a few weeks ago somone linked to a really good youtube video on setting up a vm as a bgp router with bird and open vpn.
now I cant find the post, the video or the link. could someone please repost this or at least send me the link. I want to get 44.18.28/22 routed as I have a network which it was ontained for now needing built. bgp is working TO my vm at vultr but I need to get the vpn side working out to the sites.
Eric
af6ep _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
I have seen too much distro's or "base images" that have been abandoned after a year or a few years because of losing interest, or just lack of time. Therefore it would be better imho to just have people download the base Debian minimal installer and go from there. You could also provide scripts for installing the base packages like Bird, OpenVPN, basic firewall rules etc Much like the KM4ACK rPi scripts/git repo.
73
Ruben ON3RVH
-----Original Message----- From: 44Net 44net-bounces+on3rvh=on3rvh.be@mailman.ampr.org On Behalf Of Af6ep via 44Net Sent: Tuesday, May 18, 2021 08:02 To: 44Net general discussion 44net@mailman.ampr.org Cc: eric.fort.listmail@fortconsulting.org Subject: Re: [44net] bgp router setup
On 2021-05-17 22:38, Ruben ON3RVH via 44Net wrote:
I would not build a Debian image. It will never be updated and will lead to security issues.
This just means that myself and the community will have to keep it updated which I do not envision to be to difficult as all it is is a specific selection of current debian packages preselected for the task at hand. The beginning image should be able to auto generate for that matter.
A good walkthrough with all the commands and some scripts or demo config files is a far better option and a good firewall setting walk-through is also a big plus.
the walkthrough will still be required. again all the image is is the proper package files selected such that openvpn and bird are already there and updatable from the standard repos. all the config files will still require editing at least or until someone writes some fancy scripts to compose all the config filesfrom user input.
There is a really good Vultr blog post on how to configure your VPS for BGP. The only thing it has not is the VPN config.
yes, I have that part working.
Extra tip: ditch Bind, use PowerDNS. It is more secure and still very easy to configure.
Thanks, Ill look at it. I do really like Bind though.
Eric, AF6EP
73
Ruben ON3RVH
-----Original Message----- From: 44Net 44net-bounces+on3rvh=on3rvh.be@mailman.ampr.org On Behalf Of Af6ep via 44Net Sent: Monday, May 17, 2021 23:53 To: 44Net general discussion 44net@mailman.ampr.org Cc: eric.fort.listmail@fortconsulting.org Subject: Re: [44net] bgp router setup
Perfect, thanks!......
Actually it's this one I was looking for:
https://youtu.be/OxsmGaFZ2MM?t=1500
but only because I've now adjusted the start time to cut out / skip over the issue of WHAT 44NET is, and WHY you may want to do this so as to get direct to the lesson on actually doing. I'm doing this on Vultr and debian so it will be a bit different...... but not by much..... It is my hope that when I'm done I'll have a debian image one can simply ask for, use cookbook directions to modify the appropriate files, and be quickly up and running. I'll also include directions to build the most current image starting with a bare bones install of debian current or testing. (my version of building the image should go something like bring up the debian vps, apt-get update; apt-get upgrade; apt-get install bird2 bird2-doc openvpn bind9 bind9-doc ufw resolvconf dnsutils....... that way this one vps can act to route the one or more bgp subnets to their subsubnet locations via vpn and act as a stealth primary forward and reverse nameserver for the ip space it handles.) Mail, net-news, and https et al can have their own servers wherever on your network.
Eric
AF6EP
On 2021-05-16 23:07, Ron Economos via 44Net wrote:
This one?
https://www.youtube.com/watch?v=OxsmGaFZ2MM
Ron W6RZ
On 5/16/21 8:06 PM, Af6ep via 44Net wrote:
a few weeks ago somone linked to a really good youtube video on setting up a vm as a bgp router with bird and open vpn.
now I cant find the post, the video or the link. could someone please repost this or at least send me the link. I want to get 44.18.28/22 routed as I have a network which it was ontained for now needing built. bgp is working TO my vm at vultr but I need to get the vpn side working out to the sites.
Eric
af6ep _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
When you want to distribute a ready configured Debian image for those that cannot get something configured by walking through an installation manual, at least make sure it has the unattended-upgrades package installed AND CONFIGURED. It requires a couple more steps after installation, see the Debian wiki.
With this, it will at least remain uptodate within the current Debian version. It installes the security updates, will auto reboot when configured to do that, etc. It will not upgrade to the next version, but an installation manual targeted to a specific Debian install (and for a topic like this) will likely also fail in the next version so has to be updated anyway.
Rob
On 5/18/21 7:38 AM, Ruben ON3RVH via 44Net wrote:
I would not build a Debian image. It will never be updated and will lead to security issues. A good walkthrough with all the commands and some scripts or demo config files is a far better option and a good firewall setting walk-through is also a big plus.
Agreed about unattended updates, they should be enabled, especially when the end user has no linux clue, but beware of package updates which make some config settings obsolete and will bail out if they find some old no longer used config statement . An installation manual describing how to install the packages and change configuration files should not fail in future versions unless the distro maintainers suddenly decide to replace systemd or make drastic changes. Package names will stay the same, config locations also stay the same. At least for OpenVPN, Bind/PowerDNS, Bird/Quagga, .. (unless you compile everything from source, but even then you can include the path to where it should store its config files)
73
Ruben ON3RVH
-----Original Message----- From: 44Net 44net-bounces+on3rvh=on3rvh.be@mailman.ampr.org On Behalf Of Rob PE1CHL via 44Net Sent: Tuesday, May 18, 2021 11:54 To: 44net@mailman.ampr.org Cc: Rob PE1CHL 44net@pe1chl.nl Subject: Re: [44net] bgp router setup
When you want to distribute a ready configured Debian image for those that cannot get something configured by walking through an installation manual, at least make sure it has the unattended-upgrades package installed AND CONFIGURED. It requires a couple more steps after installation, see the Debian wiki.
With this, it will at least remain uptodate within the current Debian version. It installes the security updates, will auto reboot when configured to do that, etc. It will not upgrade to the next version, but an installation manual targeted to a specific Debian install (and for a topic like this) will likely also fail in the next version so has to be updated anyway.
Rob
On 5/18/21 7:38 AM, Ruben ON3RVH via 44Net wrote:
I would not build a Debian image. It will never be updated and will lead to security issues. A good walkthrough with all the commands and some scripts or demo config files is a far better option and a good firewall setting walk-through is also a big plus.
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
For those packages in particular it will not be so bad, but as soon as you start describing how to setup low-level network configuration (IP addresses, additional tunnel or dummy interfaces, etc) it is very dependent on version especially due to packages like systemd and networkmanager, which like to "deprecate" all existing versatile and wellknown mechanisms and replace them with their limited view of the world. (usually limited to laptops connecting dynamically to networks)
I fully expect /etc/network/interfaces[.d] to be gone in the next Debian version, for example.
Rob
On 5/18/21 12:04 PM, Ruben ON3RVH via 44Net wrote:
Agreed about unattended updates, they should be enabled, especially when the end user has no linux clue, but beware of package updates which make some config settings obsolete and will bail out if they find some old no longer used config statement . An installation manual describing how to install the packages and change configuration files should not fail in future versions unless the distro maintainers suddenly decide to replace systemd or make drastic changes. Package names will stay the same, config locations also stay the same. At least for OpenVPN, Bind/PowerDNS, Bird/Quagga, .. (unless you compile everything from source, but even then you can include the path to where it should store its config files)
73
Ruben ON3RVH
-
eric.fort.listmail@fortconsulting.org -
K7VE - John -
Rob PE1CHL -
Ron Economos -
Ruben ON3RVH