28 Jul
2014
28 Jul
'14
3:10 p.m.
44net-request(a)hamradio.ucsd.edu wrote:
Subject:
Re: [44net] VPN or Gatwaying without control of NAT router WAS: 44Net Digest, Vol 3,
Issue 118
From:
Eric Fort <eric.fort(a)gmail.com>
Date:
07/28/2014 06:16 AM
To:
AMPRNet working group <44net(a)hamradio.ucsd.edu>
thanks geoff. I did login and look it up, then sent it on. looks
like this subnet will finally be coming online..... even if packets
need to route via romania on their way here! those in the us, really
ought pitch in and find some isp willing to bgp announce for us in
exchange for a moderate fee for hosting a vpn concentrator for the
announced subnets. with the low expected traffic usage it "shouldn't"
be that costly to do. anyone know a friendly us based isp?
Please note that there is no relation whatsoever between announcing via BGP and
offering an OpenVPN or other VPN access instead of IPIP tunnels.
Those are two completely ortogonal subjects. It is possible to setup an OpenVPN
or other VPN access on a gateway that is connected to others via IPIP tunnels, that
is what I have now. And it is possible to have a BGP announced gateway that does
not offer OpenVPN. And it is possible to combine the two.
You can setup an OpenVPN access system that operates as a normal IPIP gateway
on any of the low-cost virtual servers that you can get everywhere today. No need
for ISP cooperation or BGP routing. Just get a Linux virtual server, install a couple
of packages, configure them, and there you go.
Rob
28 Jul
28 Jul
4:06 p.m.
New subject: 44Net Digest, Vol 3, Issue 119
On Mon, Jul 28, 2014 at 12:10 PM, Rob Janssen <pe1chl(a)amsat.org> wrote:
(Please trim inclusions from previous messages)
__________
Please note that there is no relation whatsoever
between announcing via BGP
and
offering an OpenVPN or other VPN access instead of IPIP tunnels.
Those are two completely ortogonal subjects. It is possible to setup an
OpenVPN
or other VPN access on a gateway that is connected to others via IPIP
tunnels, that
is what I have now. And it is possible to have a BGP announced gateway
that does
not offer OpenVPN. And it is possible to combine the two.
I do realize this. but ideally in the interest of reducing latency
and complexity while moving to something widely understood, used and
supported we would dump the tunnel mesh all together and move away
from our dependance upon sdsu. I'm not looking to restart the
arguments about amprnet being connected to and reachable from the
greater internet but if we are not going to br reachable from and able
to connect to the bigger internet then why are we not using 10.0.0.0/8
instead. yes, these are somewhat seperate issues, but I see it as
ideal to have those sites acting as vpn concentrating hubs for the
network to be bgp announcing their subnets. it releases the load off
everyone else and I feel it would be a positive direction to head
towards.
You can setup an OpenVPN access system that operates
as a normal IPIP
gateway
on any of the low-cost virtual servers that you can get everywhere today.
No need
for ISP cooperation or BGP routing. Just get a Linux virtual server,
install a couple
of packages, configure them, and there you go.
yes, but doing this combined with the mesh is suboptimal. ideally,
someone would offer a vps to act as the vpn server and announce the
subnets being served over bgp. I'll probably get a vps running one of
these days, though at present funds are so tight as to not allow for
it.
Eric
AF6EP
> Rob
>
3873
days inactive
3873
days old
1 comments
2 participants
participants (2)
-
Eric Fort -
Rob Janssen