6 Apr
2016
6 Apr
'16
12:10 p.m.
Subject:
Re: [44net] How to config mikrotik router for IPIP (and more)
From:
Don Fanning <don(a)00100100.net>
Date:
04/05/2016 04:54 PM
To:
AMPRNet working group <44net(a)hamradio.ucsd.edu>
Maybe this is a good opportunity for someone to create a basic distribution
that gets AMPRnet working on a RPi. 8G SD cards are incredibly cheap and
ship well or someone can write the image directly on them. Maybe if it's
packaged, profits could be sent to Brian for gateway maintenance/growth.
I think it would be a good idea to create something like that.
I have done images for another special-purpose Pi application, however in this case it
probably needs a little more work to create a nice "setup" program that allows
the user
to enter the variable data and configures the Pi accordingly.
(after all, the instructions that are already on wiki.ampr.org apparently are not enough
to get people started, so providing an image and then tell them to edit config files and
scripts will probably fail the same way)
It is also clear that the default firewall should be OK, and users should be warned not
to
install things like open telnet servers on or behind the router.
Rob
6 Apr
6 Apr
9:06 p.m.
New subject: How to config mikrotik router for IPIP (and more)
Don et al;
On Wed, 2016-04-06 at 18:10 +0200, Rob Janssen wrote:
https://sourceforge.net/projects/uronode/files/2014-12-05-URONode-wheezy.tz…
Fill in the variables inside /usr/local/bin/ax25
and you're off and running. IPIP will be configure by default with
ampr-ripd as the daemon for capturing RipV2.
--
<rhetorical> Why is it linux users can install and operate *any* version of M$
Windoze but the same can't be said in reverse?</rhetorical>
73 de Brian - N1URO
email: (see above)
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
http://uronode.sourceforge.net
http://axmail.sourceforge.net
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
Maybe this is
a good opportunity for someone to create a basic distribution
that gets AMPRnet working on a RPi. 8G SD cards are incredibly cheap and
ship well or someone can write the image directly on them. Maybe if it's
packaged, profits could be sent to Brian for gateway maintenance/growth.
I think it would be a good idea to create something like that.
I have done images for another special-purpose Pi application, however in this case it
probably needs a little more work to create a nice "setup" program that allows
the user
to enter the variable data and configures the Pi accordingly.
9:26 p.m.
New subject: Openvpn security
Hi All,
After following the list and seeing all the problems with security would
someone like to give some reasonably detailed advice on what I should be
doing to keep myself and others secure.Also what should I check is
running from a security viewpoint
Please remember that I am not an expert in either Linux or networking. A
step by step how to would be really helpful both to me and presumably
the rest of the network.
My set up is simply a raspberry pi running openvpn set up as per the
wiki. It connects OK but the only security I am aware of at my end is
fail2ban running with very minimalist rules.
The Pi has two Ethernet ports eth0 and eth1 and a wireless access,
wlan1. The tunnel is tun0
What should I do to keep secure?
I would also like to comment that the suggestion on the list recently
about a basic raspberry pi SD card image for beginners like me, would
at least let us participate without compromising the security of the
whole network. I am sure it would also encourage greater participation
as a whole
Rgds Tony VK3API
9:39 p.m.
New subject: Openvpn security
Hello Tony,
Security on Linux is a very deep topic and you can find a LOT about it
by searching on things like:
"How to Harden Debian Linux"
The first hit is the "Securing Debian HOWTO" which is an excellent start:
https://www.debian.org/doc/manuals/securing-debian-howto/
Since you mentioned a Rpi, I've started a short document on both making
an Rpi more hardened but also more reliable too (minimize microSD card
writes, etc) too:
http://www.trinityos.com/HAM/CentosDigitalModes/RPi/rpi2-setup.txt
It's still very much a work in progress but might help you get started.
Feel free to ask me questions offline as I've been doing this for a
while with other documents like the IP Masquerade HOWTO, the TrinityOS
documentation set, etc.
--David
KI6ZHD
10:22 p.m.
New subject: Openvpn security
I should install the shorewall firewall. You can download that package
with apt-get or aptitude.
It is easy to configure and it saves you lot of work with setting up
your firewall instead of all those iptables rules if you
are not familiar with those.
You configure it by filling in text files.
It makes the iptables rules and runs them if you start it.
73,
Bob VE3TOK
On 16-04-06 09:26 PM, amprnet(a)wizards.sytes.net wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Hi All,
After following the list and seeing all the problems with security
would someone like to give some reasonably detailed advice on what I
should be doing to keep myself and others secure.Also what should I
check is running from a security viewpoint
Please remember that I am not an expert in either Linux or networking.
A step by step how to would be really helpful both to me and
presumably the rest of the network.
My set up is simply a raspberry pi running openvpn set up as per the
wiki. It connects OK but the only security I am aware of at my end is
fail2ban running with very minimalist rules.
The Pi has two Ethernet ports eth0 and eth1 and a wireless access,
wlan1. The tunnel is tun0
What should I do to keep secure?
I would also like to comment that the suggestion on the list recently
about a basic raspberry pi SD card image for beginners like me, would
at least let us participate without compromising the security of the
whole network. I am sure it would also encourage greater participation
as a whole
Rgds Tony VK3API
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
7 Apr
7 Apr
3:58 a.m.
New subject: Openvpn security
Hi,
Le 07/04/2016 04:22, Boudewijn (Bob) Tenty a écrit :
I should install the shorewall firewall. You can
download that package
with apt-get or aptitude.
It is easy to configure and it saves you lot of work with setting up
your firewall instead of all those iptables rules if you
are not familiar with those.
+1 for Shorewall firewall.
2964
days inactive
2965
days old
5 comments
6 participants
participants (6)
-
amprnet@wizards.sytes.net -
Boudewijn (Bob) Tenty -
Brian -
David Ranch -
Rob Janssen -
Toussaint OTTAVI