44net-request@hamradio.ucsd.edu wrote:
Subject: Re: [44net] VPN or Gatwaying without control of NAT router WAS: 44Net Digest, Vol 3, Issue 118 From: Eric Fort eric.fort@gmail.com Date: 07/28/2014 06:16 AM
To: AMPRNet working group 44net@hamradio.ucsd.edu
thanks geoff. I did login and look it up, then sent it on. looks like this subnet will finally be coming online..... even if packets need to route via romania on their way here! those in the us, really ought pitch in and find some isp willing to bgp announce for us in exchange for a moderate fee for hosting a vpn concentrator for the announced subnets. with the low expected traffic usage it "shouldn't" be that costly to do. anyone know a friendly us based isp?
Please note that there is no relation whatsoever between announcing via BGP and offering an OpenVPN or other VPN access instead of IPIP tunnels. Those are two completely ortogonal subjects. It is possible to setup an OpenVPN or other VPN access on a gateway that is connected to others via IPIP tunnels, that is what I have now. And it is possible to have a BGP announced gateway that does not offer OpenVPN. And it is possible to combine the two.
You can setup an OpenVPN access system that operates as a normal IPIP gateway on any of the low-cost virtual servers that you can get everywhere today. No need for ISP cooperation or BGP routing. Just get a Linux virtual server, install a couple of packages, configure them, and there you go.
Rob
On Mon, Jul 28, 2014 at 12:10 PM, Rob Janssen pe1chl@amsat.org wrote:
(Please trim inclusions from previous messages) __________
Please note that there is no relation whatsoever between announcing via BGP and offering an OpenVPN or other VPN access instead of IPIP tunnels. Those are two completely ortogonal subjects. It is possible to setup an OpenVPN or other VPN access on a gateway that is connected to others via IPIP tunnels, that is what I have now. And it is possible to have a BGP announced gateway that does not offer OpenVPN. And it is possible to combine the two.
I do realize this. but ideally in the interest of reducing latency and complexity while moving to something widely understood, used and supported we would dump the tunnel mesh all together and move away from our dependance upon sdsu. I'm not looking to restart the arguments about amprnet being connected to and reachable from the greater internet but if we are not going to br reachable from and able to connect to the bigger internet then why are we not using 10.0.0.0/8 instead. yes, these are somewhat seperate issues, but I see it as ideal to have those sites acting as vpn concentrating hubs for the network to be bgp announcing their subnets. it releases the load off everyone else and I feel it would be a positive direction to head towards.
You can setup an OpenVPN access system that operates as a normal IPIP gateway on any of the low-cost virtual servers that you can get everywhere today. No need for ISP cooperation or BGP routing. Just get a Linux virtual server, install a couple of packages, configure them, and there you go.
yes, but doing this combined with the mesh is suboptimal. ideally, someone would offer a vps to act as the vpn server and announce the subnets being served over bgp. I'll probably get a vps running one of these days, though at present funds are so tight as to not allow for it.
Eric AF6EP
Rob
-
Eric Fort -
Rob Janssen