17 May
2021
17 May
'21
4:06 a.m.
a few weeks ago somone linked to a really good youtube video on setting
up a vm as a bgp router with bird and open vpn.
now I cant find the post, the video or the link. could someone please
repost this or at least send me the link. I want to get 44.18.28/22
routed as I have a network which it was ontained for now needing built.
bgp is working TO my vm at vultr but I need to get the vpn side working
out to the sites.
Eric
af6ep
17 May
17 May
7:07 a.m.
This one?
https://www.youtube.com/watch?v=OxsmGaFZ2MM
Ron W6RZ
On 5/16/21 8:06 PM, Af6ep via 44Net wrote:
a few weeks ago somone linked to a really good youtube
video on
setting up a vm as a bgp router with bird and open vpn.
now I cant find the post, the video or the link. could someone please
repost this or at least send me the link. I want to get 44.18.28/22
routed as I have a network which it was ontained for now needing
built. bgp is working TO my vm at vultr but I need to get the vpn
side working out to the sites.
Eric
af6ep
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
10:53 p.m.
Perfect, thanks!......
Actually it's this one I was looking for:
https://youtu.be/OxsmGaFZ2MM?t=1500
but only because I've now adjusted the start time to cut out / skip over
the issue of WHAT 44NET is, and WHY you may want to do this so as to get
direct to the lesson on actually doing. I'm doing this on Vultr and
debian so it will be a bit different...... but not by much..... It is my
hope that when I'm done I'll have a debian image one can simply ask for,
use cookbook directions to modify the appropriate files, and be quickly
up and running. I'll also include directions to build the most current
image starting with a bare bones install of debian current or testing.
(my version of building the image should go something like bring up the
debian vps, apt-get update; apt-get upgrade; apt-get install bird2
bird2-doc openvpn bind9 bind9-doc ufw resolvconf dnsutils....... that
way this one vps can act to route the one or more bgp subnets to their
subsubnet locations via vpn and act as a stealth primary forward and
reverse nameserver for the ip space it handles.) Mail, net-news, and
https et al can have their own servers wherever on your network.
Eric
AF6EP
On 2021-05-16 23:07, Ron Economos via 44Net wrote:
This one?
https://www.youtube.com/watch?v=OxsmGaFZ2MM
Ron W6RZ
On 5/16/21 8:06 PM, Af6ep via 44Net wrote:
a few weeks ago somone linked to a really good
youtube video on
setting up a vm as a bgp router with bird and open vpn.
now I cant find the post, the video or the link. could someone please
repost this or at least send me the link. I want to get 44.18.28/22
routed as I have a network which it was ontained for now needing
built. bgp is working TO my vm at vultr but I need to get the vpn
side working out to the sites.
Eric
af6ep
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net 
18 May
18 May
12:49 a.m.
Glad my talk will be helpful. A lot of people use VULTR, so you should be
successful.
On Mon, May 17, 2021 at 2:55 PM Af6ep via 44Net <44net(a)mailman.ampr.org>
wrote:
Perfect, thanks!......
Actually it's this one I was looking for:
https://youtu.be/OxsmGaFZ2MM?t=1500
but only because I've now adjusted the start time to cut out / skip over
the issue of WHAT 44NET is, and WHY you may want to do this so as to get
direct to the lesson on actually doing. I'm doing this on Vultr and
debian so it will be a bit different...... but not by much..... It is my
hope that when I'm done I'll have a debian image one can simply ask for,
use cookbook directions to modify the appropriate files, and be quickly
up and running. I'll also include directions to build the most current
image starting with a bare bones install of debian current or testing.
(my version of building the image should go something like bring up the
debian vps, apt-get update; apt-get upgrade; apt-get install bird2
bird2-doc openvpn bind9 bind9-doc ufw resolvconf dnsutils....... that
way this one vps can act to route the one or more bgp subnets to their
subsubnet locations via vpn and act as a stealth primary forward and
reverse nameserver for the ip space it handles.) Mail, net-news, and
https et al can have their own servers wherever on your network.
Eric
AF6EP
On 2021-05-16 23:07, Ron Economos via 44Net wrote:
> This one?
>
> https://www.youtube.com/watch?v=OxsmGaFZ2MM
>
> Ron W6RZ
>
> On 5/16/21 8:06 PM, Af6ep via 44Net wrote:
>
>> a few weeks ago somone linked to a really good youtube video on
>> setting up a vm as a bgp router with bird and open vpn.
>>
>> now I cant find the post, the video or the link. could someone please
>> repost this or at least send me the link. I want to get 44.18.28/22
>> routed as I have a network which it was ontained for now needing
>> built. bgp is working TO my vm at vultr but I need to get the vpn
>> side working out to the sites.
>>
>> Eric
>>
>> af6ep
>> ___
--
------------------------------
John D. Hays - K7VE
Kingston, WA
<http://k7ve.org/blog> <http://twitter.com/#!/john_hays>
<http://www.facebook.com/john.d.hays>
6:38 a.m.
I would not build a Debian image. It will never be updated and will lead to security
issues.
A good walkthrough with all the commands and some scripts or demo config files is a far
better option and a good firewall setting walk-through is also a big plus.
There is a really good Vultr blog post on how to configure your VPS for BGP. The only
thing it has not is the VPN config.
Extra tip: ditch Bind, use PowerDNS. It is more secure and still very easy to configure.
73
Ruben ON3RVH
-----Original Message-----
From: 44Net <44net-bounces+on3rvh=on3rvh.be(a)mailman.ampr.org> On Behalf Of Af6ep via
44Net
Sent: Monday, May 17, 2021 23:53
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: eric.fort.listmail(a)fortconsulting.org
Subject: Re: [44net] bgp router setup
Perfect, thanks!......
Actually it's this one I was looking for:
https://youtu.be/OxsmGaFZ2MM?t=1500
but only because I've now adjusted the start time to cut out / skip over the issue of
WHAT 44NET is, and WHY you may want to do this so as to get direct to the lesson on
actually doing. I'm doing this on Vultr and debian so it will be a bit
different...... but not by much..... It is my hope that when I'm done I'll have a
debian image one can simply ask for, use cookbook directions to modify the appropriate
files, and be quickly up and running. I'll also include directions to build the most
current image starting with a bare bones install of debian current or testing.
(my version of building the image should go something like bring up the debian vps,
apt-get update; apt-get upgrade; apt-get install bird2 bird2-doc openvpn bind9 bind9-doc
ufw resolvconf dnsutils....... that way this one vps can act to route the one or more bgp
subnets to their subsubnet locations via vpn and act as a stealth primary forward and
reverse nameserver for the ip space it handles.) Mail, net-news, and https et al can have
their own servers wherever on your network.
Eric
AF6EP
On 2021-05-16 23:07, Ron Economos via 44Net wrote:
This one?
https://www.youtube.com/watch?v=OxsmGaFZ2MM
Ron W6RZ
On 5/16/21 8:06 PM, Af6ep via 44Net wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
a few weeks ago somone linked to a really good
youtube video on
setting up a vm as a bgp router with bird and open vpn.
now I cant find the post, the video or the link. could someone
please repost this or at least send me the link. I want to get
44.18.28/22 routed as I have a network which it was ontained for now
needing built. bgp is working TO my vm at vultr but I need to get
the vpn side working out to the sites.
Eric
af6ep
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
7:01 a.m.
On 2021-05-17 22:38, Ruben ON3RVH via 44Net wrote:
I would not build a Debian image. It will never be
updated and will
lead to security issues.
This just means that myself and the community will have to keep it
updated which I do not envision to be to difficult as all it is is a
specific selection of current debian packages preselected for the task
at hand. The beginning image should be able to auto generate for that
matter.
A good walkthrough with all the commands and some scripts or demo
config files is a far better option and a good firewall setting
walk-through is also a big plus.
the walkthrough will still be required. again all the image is is the
proper package files selected such that openvpn and bird are already
there and updatable from the standard repos. all the config files will
still require editing at least or until someone writes some fancy
scripts to compose all the config filesfrom user input.
There is a really good Vultr blog post on how to configure your VPS for
BGP. The only thing it has not is the VPN config.
yes, I have that part working.
Extra tip: ditch Bind, use PowerDNS. It is more secure and still very
easy to configure.
Thanks, Ill look at it. I do really like Bind though.
Eric,
AF6EP
73
Ruben ON3RVH
-----Original Message-----
From: 44Net <44net-bounces+on3rvh=on3rvh.be(a)mailman.ampr.org> On Behalf
Of Af6ep via 44Net
Sent: Monday, May 17, 2021 23:53
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: eric.fort.listmail(a)fortconsulting.org
Subject: Re: [44net] bgp router setup
Perfect, thanks!......
Actually it's this one I was looking for:
https://youtu.be/OxsmGaFZ2MM?t=1500
but only because I've now adjusted the start time to cut out / skip
over the issue of WHAT 44NET is, and WHY you may want to do this so as
to get direct to the lesson on actually doing. I'm doing this on Vultr
and debian so it will be a bit different...... but not by much..... It
is my hope that when I'm done I'll have a debian image one can simply
ask for, use cookbook directions to modify the appropriate files, and
be quickly up and running. I'll also include directions to build the
most current image starting with a bare bones install of debian current
or testing.
(my version of building the image should go something like bring up the
debian vps, apt-get update; apt-get upgrade; apt-get install bird2
bird2-doc openvpn bind9 bind9-doc ufw resolvconf dnsutils....... that
way this one vps can act to route the one or more bgp subnets to their
subsubnet locations via vpn and act as a stealth primary forward and
reverse nameserver for the ip space it handles.) Mail, net-news, and
https et al can have their own servers wherever on your network.
Eric
AF6EP
On 2021-05-16 23:07, Ron Economos via 44Net wrote:
This one?
https://www.youtube.com/watch?v=OxsmGaFZ2MM
Ron W6RZ
On 5/16/21 8:06 PM, Af6ep via 44Net wrote:
a few weeks ago somone linked to a really good youtube video on
setting up a vm as a bgp router with bird and open vpn.
now I cant find the post, the video or the link. could someone
please repost this or at least send me the link. I want to get
44.18.28/22 routed as I have a network which it was ontained for now
needing built. bgp is working TO my vm at vultr but I need to get
the vpn side working out to the sites.
Eric
af6ep
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
7:15 a.m.
I have seen too much distro's or "base images" that have been abandoned
after a year or a few years because of losing interest, or just lack of time.
Therefore it would be better imho to just have people download the base Debian minimal
installer and go from there. You could also provide scripts for installing the base
packages like Bird, OpenVPN, basic firewall rules etc
Much like the KM4ACK rPi scripts/git repo.
73
Ruben ON3RVH
-----Original Message-----
From: 44Net <44net-bounces+on3rvh=on3rvh.be(a)mailman.ampr.org> On Behalf Of Af6ep via
44Net
Sent: Tuesday, May 18, 2021 08:02
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: eric.fort.listmail(a)fortconsulting.org
Subject: Re: [44net] bgp router setup
On 2021-05-17 22:38, Ruben ON3RVH via 44Net wrote:
I would not build a Debian image. It will never be
updated and will
lead to security issues.
This just means that myself and the community will have to keep it
updated which I do not envision to be to difficult as all it is is a
specific selection of current debian packages preselected for the task
at hand. The beginning image should be able to auto generate for that
matter.
A good walkthrough with all the commands and some scripts or demo
config files is a far better option and a good firewall setting
walk-through is also a big plus.
the walkthrough will still be required. again all the image is is the
proper package files selected such that openvpn and bird are already
there and updatable from the standard repos. all the config files
will still require editing at least or until someone writes some fancy
scripts to compose all the config filesfrom user input.
There is a really good Vultr blog post on how to configure your VPS
for BGP. The only thing it has not is the VPN config.
yes, I have that part working.
Extra tip: ditch Bind, use PowerDNS. It is more secure and still very
easy to configure.
Thanks, Ill look at it. I do really like Bind though.
Eric,
AF6EP
73
Ruben ON3RVH
-----Original Message-----
From: 44Net <44net-bounces+on3rvh=on3rvh.be(a)mailman.ampr.org> On
Behalf Of Af6ep via 44Net
Sent: Monday, May 17, 2021 23:53
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: eric.fort.listmail(a)fortconsulting.org
Subject: Re: [44net] bgp router setup
Perfect, thanks!......
Actually it's this one I was looking for:
https://youtu.be/OxsmGaFZ2MM?t=1500
but only because I've now adjusted the start time to cut out / skip
over the issue of WHAT 44NET is, and WHY you may want to do this so as
to get direct to the lesson on actually doing. I'm doing this on
Vultr and debian so it will be a bit different...... but not by
much..... It is my hope that when I'm done I'll have a debian image
one can simply ask for, use cookbook directions to modify the
appropriate files, and be quickly up and running. I'll also include
directions to build the most current image starting with a bare bones
install of debian current or testing.
(my version of building the image should go something like bring up
the debian vps, apt-get update; apt-get upgrade; apt-get install bird2
bird2-doc openvpn bind9 bind9-doc ufw resolvconf dnsutils....... that
way this one vps can act to route the one or more bgp subnets to their
subsubnet locations via vpn and act as a stealth primary forward and
reverse nameserver for the ip space it handles.) Mail, net-news, and
https et al can have their own servers wherever on your network.
Eric
AF6EP
On 2021-05-16 23:07, Ron Economos via 44Net wrote:
This one?
https://www.youtube.com/watch?v=OxsmGaFZ2MM
Ron W6RZ
On 5/16/21 8:06 PM, Af6ep via 44Net wrote:
a few weeks ago somone linked to a really good youtube video on
setting up a vm as a bgp router with bird and open vpn.
now I cant find the post, the video or the link. could someone please
repost this or at least send me the link. I want to get
44.18.28/22 routed as I have a network which it was ontained for now
needing built. bgp is working TO my vm at vultr but I need to get the
vpn side working out to the sites.
Eric
af6ep
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
10:54 a.m.
When you want to distribute a ready configured Debian image for those that cannot get
something configured by walking through an installation manual, at least make sure it has
the unattended-upgrades package installed AND CONFIGURED.
It requires a couple more steps after installation, see the Debian wiki.
With this, it will at least remain uptodate within the current Debian version. It
installes the security updates, will auto reboot when configured to do that, etc.
It will not upgrade to the next version, but an installation manual targeted to a specific
Debian install (and for a topic like this) will likely also fail in the next version so
has to be updated anyway.
Rob
On 5/18/21 7:38 AM, Ruben ON3RVH via 44Net wrote:
I would not build a Debian image. It will never be
updated and will lead to security issues.
A good walkthrough with all the commands and some scripts or demo config files is a far
better option and a good firewall setting walk-through is also a big plus.
11:04 a.m.
Agreed about unattended updates, they should be enabled, especially when the end user has
no linux clue, but beware of package updates which make some config settings obsolete and
will bail out if they find some old no longer used config statement
.
An installation manual describing how to install the packages and change configuration
files should not fail in future versions unless the distro maintainers suddenly decide to
replace systemd or make drastic changes.
Package names will stay the same, config locations also stay the same. At least for
OpenVPN, Bind/PowerDNS, Bird/Quagga, .. (unless you compile everything from source, but
even then you can include the path to where it should store its config files)
73
Ruben ON3RVH
-----Original Message-----
From: 44Net <44net-bounces+on3rvh=on3rvh.be(a)mailman.ampr.org> On Behalf Of Rob
PE1CHL via 44Net
Sent: Tuesday, May 18, 2021 11:54
To: 44net(a)mailman.ampr.org
Cc: Rob PE1CHL <44net(a)pe1chl.nl>
Subject: Re: [44net] bgp router setup
When you want to distribute a ready configured Debian image for those that cannot get
something configured by walking through an installation manual, at least make sure it has
the unattended-upgrades package installed AND CONFIGURED.
It requires a couple more steps after installation, see the Debian wiki.
With this, it will at least remain uptodate within the current Debian version. It
installes the security updates, will auto reboot when configured to do that, etc.
It will not upgrade to the next version, but an installation manual targeted to a specific
Debian install (and for a topic like this) will likely also fail in the next version so
has to be updated anyway.
Rob
On 5/18/21 7:38 AM, Ruben ON3RVH via 44Net wrote:
I would not build a Debian image. It will never be
updated and will lead to security issues.
A good walkthrough with all the commands and some scripts or demo config files is a far
better option and a good firewall setting walk-through is also a big plus.
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
4:41 p.m.
For those packages in particular it will not be so bad, but as soon as you start
describing how to setup low-level network configuration (IP addresses, additional tunnel
or dummy interfaces, etc) it is very dependent on version especially due to packages like
systemd and networkmanager, which like to "deprecate" all existing versatile and
wellknown mechanisms and replace them with their limited view of the world.
(usually limited to laptops connecting dynamically to networks)
I fully expect /etc/network/interfaces[.d] to be gone in the next Debian version, for
example.
Rob
On 5/18/21 12:04 PM, Ruben ON3RVH via 44Net wrote:
Agreed about unattended updates, they should be
enabled, especially when the end user has no linux clue, but beware of package updates
which make some config settings obsolete and will bail out if they find some old no longer
used config statement
.
An installation manual describing how to install the packages and change configuration
files should not fail in future versions unless the distro maintainers suddenly decide to
replace systemd or make drastic changes.
Package names will stay the same, config locations also stay the same. At least for
OpenVPN, Bind/PowerDNS, Bird/Quagga, .. (unless you compile everything from source, but
even then you can include the path to where it should store its config files)
73
Ruben ON3RVH
1080
days inactive
1081
days old
9 comments
5 participants
participants (5)
-
eric.fort.listmail@fortconsulting.org -
K7VE - John -
Rob PE1CHL -
Ron Economos -
Ruben ON3RVH