I have a group of hosts that at present must sit behind a home router with a dynamic public IP which I have not access to the settings of that acts as a nat firewall. how can I get these boxen joined to amprnet where they can be accessed by amprnet and the internet at large? vpn anyone?
Thanks,
Eric
You can use Openvpn with your machine as the server and them as client.
Bob VE3TOK
On 14-07-25 09:32 PM, Eric Fort wrote:
(Please trim inclusions from previous messages) _______________________________________________ I have a group of hosts that at present must sit behind a home router with a dynamic public IP which I have not access to the settings of that acts as a nat firewall. how can I get these boxen joined to amprnet where they can be accessed by amprnet and the internet at large? vpn anyone?
Thanks,
Eric
On Fri, Jul 25, 2014 at 8:18 PM, Boudewijn (Bob) Tenty bobtenty@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ You can use Openvpn with your machine as the server and them as client.
openvpn? to where? is this new? has the tunnel mesh of olde gone or something? how do they get to my machine as it's behind a nat firewall with an ever changing public ip? I want the machine behind the nat firewall and always changing ip to acquire a static net44 address and be reachable by accessing foo.af6ep.ampr.org. now how to do that, preferably within my allocated /24.
Eric AF6EP
Eric
Bob VE3TOK
On 14-07-25 09:32 PM, Eric Fort wrote:
(Please trim inclusions from previous messages) _______________________________________________
I have a group of hosts that at present must sit behind a home router with a dynamic public IP which I have not access to the settings of that acts as a nat firewall. how can I get these boxen joined to amprnet where they can be accessed by amprnet and the internet at large? vpn anyone?
Thanks,
Eric
Eric,
Actually you can use any stateful VPN tunnel: OpenVPN, PPtP, L2TP, SSTP etc. OpenVPN is kind of complicated to set up (certifcates and other details).
The idea is to initiate the connection from the dynamic IP to a static IP, and reconnect on IP change from the new dynamc IP.
I personally favor PPtP or L2TP (optional with MPPE encryption), since this protocol is supported by almost any OS (Windows, Mac, Linux) and is light on the processor.
So, what you need is to set up a VPN server (e.g. pptpd) on a machine which has a static (or even dynamic) IP, which has a working IPIP setup. The ampr tunnel endpoint for the subnet in question has to registered to be the same as that of the VPN server (since the acces will be via that server).
From the VPN server, the ip frames for that subnet will be routed via your
VPN tunnel to reach the machines on that subnet. You have to treat the VPN link as a direct virtual network connection connection.
73, Marius, YO2LOJ
ok it seems everyone is missing the point of the question here. see my threaded comments below:
On Sat, Jul 26, 2014 at 3:41 AM, Marius Petrescu marius@yo2loj.ro wrote:
(Please trim inclusions from previous messages) _______________________________________________ Eric,
Actually you can use any stateful VPN tunnel: OpenVPN, PPtP, L2TP, SSTP etc. OpenVPN is kind of complicated to set up (certifcates and other details).
The idea is to initiate the connection from the dynamic IP to a static IP, and reconnect on IP change from the new dynamc IP.
I personally favor PPtP or L2TP (optional with MPPE encryption), since this protocol is supported by almost any OS (Windows, Mac, Linux) and is light on the processor.
yes I get that the tunnel type is mostly irrelevant and I'm pretty agnostic as to it's type as hey I could tunnel over dns, http, or even icmp if I had to. The question is tunnel to where? If I had a box somewhere with a static endpoint / static ip address a big part of this question would not be being asked and yes, I'd use it as a vpn server - problem solved. at present, I do not have that luxury.
is there no possible way to connect hosts to amprnet that are behind a nat firewall router that has a dynamic public ip without the use of a (my own) vpn server with a static ip placed elsewhere?
Eric
On Sat, Jul 26, 2014 at 09:42:18AM -0700, Eric Fort wrote:
is there no possible way to connect hosts to amprnet that are behind a nat firewall router that has a dynamic public ip without the use of a (my own) vpn server with a static ip placed elsewhere?
If you subscribe to a service such as 'dyndns' that allows you to register a hostname that tracks your changing IP address, you can then register that hostname as the endpoint of the AMPRNet tunnel instead of a fixed IP address. That way when your IP address changes, the hostname will be updated to point to the new IP address, and the gateway address will be updated to that new IP address in the AMPRNet routing table. This is how some folks are getting a static AMPRNet address even though they are behind a changing commercial IP address. - Brian
On Sat, Jul 26, 2014 at 10:04 AM, Brian Kantor Brian@ucsd.edu wrote:
(Please trim inclusions from previous messages) _______________________________________________ On Sat, Jul 26, 2014 at 09:42:18AM -0700, Eric Fort wrote:
is there no possible way to connect hosts to amprnet that are behind a nat firewall router that has a dynamic public ip without the use of a (my own) vpn server with a static ip placed elsewhere?
If you subscribe to a service such as 'dyndns' that allows you to register a hostname that tracks your changing IP address, you can then register that hostname as the endpoint of the AMPRNet tunnel instead of a fixed IP address. That way when your IP address changes, the hostname will be updated to point to the new IP address, and the gateway address will be updated to that new IP address in the AMPRNet routing table. This is how some folks are getting a static AMPRNet address even though they are behind a changing commercial IP address. - Brian _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
ok, so the router is findable via dynamic dns hostname. how does one get packets across that residential gateway (i.e. home router) to the hosts inside without reconfiguring the home router / residential gateway?
Thanks,
Eric AF6EP
Eric;
You need (at the minimum) configure the residential router to set a DMZ
Sent with AquaMail for Android http://www.aqua-mail.com
On July 26, 2014 1:54:46 PM Eric Fort eric.fort@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ On Sat, Jul 26, 2014 at 10:04 AM, Brian Kantor Brian@ucsd.edu wrote:
(Please trim inclusions from previous messages) _______________________________________________ On Sat, Jul 26, 2014 at 09:42:18AM -0700, Eric Fort wrote:
is there no possible way to connect hosts to amprnet that are behind a nat firewall router that has a dynamic public ip without the use of a (my own) vpn server with a static ip placed elsewhere?
If you subscribe to a service such as 'dyndns' that allows you to register a hostname that tracks your changing IP address, you can then register that hostname as the endpoint of the AMPRNet tunnel instead of a fixed IP address. That way when your IP address changes, the hostname will be updated to point to the new IP address, and the gateway address will be updated to that new IP address in the AMPRNet routing table. This is how some folks are getting a static AMPRNet address even though they are behind a changing commercial IP address. - Brian _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
ok, so the router is findable via dynamic dns hostname. how does one get packets across that residential gateway (i.e. home router) to the hosts inside without reconfiguring the home router / residential gateway?
Thanks,
Eric AF6EP _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Thanks,
at present I am unable to access the home router to set up a dmz or make any other changes. might there be a way to specify a v6 address as an endpoint?
Eric
On Sat, Jul 26, 2014 at 12:35 PM, Brian n1uro@n1uro.ampr.org wrote:
(Please trim inclusions from previous messages) _______________________________________________ Eric;
You need (at the minimum) configure the residential router to set a DMZ
Sent with AquaMail for Android http://www.aqua-mail.com
On July 26, 2014 1:54:46 PM Eric Fort eric.fort@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ On Sat, Jul 26, 2014 at 10:04 AM, Brian Kantor Brian@ucsd.edu wrote:
(Please trim inclusions from previous messages) _______________________________________________ On Sat, Jul 26, 2014 at 09:42:18AM -0700, Eric Fort wrote:
is there no possible way to connect hosts to amprnet that are behind a nat firewall router that has a dynamic public ip without the use of a (my own) vpn server with a static ip placed elsewhere?
If you subscribe to a service such as 'dyndns' that allows you to register a hostname that tracks your changing IP address, you can then register that hostname as the endpoint of the AMPRNet tunnel instead of a fixed IP address. That way when your IP address changes, the hostname will be updated to point to the new IP address, and the gateway address will be updated to that new IP address in the AMPRNet routing table. This is how some folks are getting a static AMPRNet address even though they are behind a changing commercial IP address. - Brian _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
ok, so the router is findable via dynamic dns hostname. how does one get packets across that residential gateway (i.e. home router) to the hosts inside without reconfiguring the home router / residential gateway?
Thanks,
Eric AF6EP _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
No, unfortunately, the encapsulating router at UCSD only knows how to do IPv4 endpoints.
You may wish to contact Hessu about using his VPN to get connected. - Brian
On Sat, Jul 26, 2014 at 03:08:32PM -0700, Eric Fort wrote:
at present I am unable to access the home router to set up a dmz or make any other changes. might there be a way to specify a v6 address as an endpoint?
Eric
Eric;
On Fri, 2014-07-25 at 18:32 -0700, Eric Fort wrote:
I have a group of hosts that at present must sit behind a home router with a dynamic public IP which I have not access to the settings of that acts as a nat firewall. how can I get these boxen joined to amprnet where they can be accessed by amprnet and the internet at large? vpn anyone?
Amprnet connectivity for Wheezy is extremely simple. http://n1uro.ampr.org/linuxconf/dotun.sh is a script I wrote for ipencap connectivity to the amprnet. Put in the 4 variables then call it as dotun.sh on|off. Add internal 44-net routing accordingly.
In your router, place the box you designate as your main 44-net router as the DMZ in your router, and that box will become your main amprnet router. Add/delete iptables firewalling accordingly to your needs.
Eric.
Owing two machines running Debian Wheezy 7.5.0 (one of them is AMPRNet gateway, another one, just desktop PC connected bidirectionally to 44net world through the first one)... I wouldn't forget explicitly setting up MTU 1480 for tunl0 interface.
ifconfig tunl0 $AMPRIP netmask $IPMASK mtu 1480 up
Best regards. Tom - sp2lob
what router? the router here is an actiontec model provided by verizon that in no way provides the facility to do anything but provide nat firewall services to an inside lan of non-public ip address. I have no access to reconfigure this box. any of my hosts need to sit on the non-public lan side of this connection. I do not have a box with a public ip. how do I connect these hosts to amprnet?
Eric
On Sat, Jul 26, 2014 at 4:48 AM, Brian n1uro@n1uro.ampr.org wrote:
(Please trim inclusions from previous messages) _______________________________________________ Eric;
Amprnet connectivity for Wheezy is extremely simple. http://n1uro.ampr.org/linuxconf/dotun.sh is a script I wrote for ipencap connectivity to the amprnet. Put in the 4 variables then call it as dotun.sh on|off. Add internal 44-net routing accordingly.
In your router, place the box you designate as your main 44-net router as the DMZ in your router, and that box will become your main amprnet router. Add/delete iptables firewalling accordingly to your needs.
-- 73 de Brian Rogers - N1URO email: n1uro@n1uro.ampr.org Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
-
Boudewijn (Bob) Tenty -
Brian -
Brian Kantor -
Eric Fort -
Marius Petrescu -
sp2lob