Hi there We consider to advertise part of our Country AMPRNET IP Network allocation via BGP to a small DataCenter We want from there to allow users to have a gateways that will have IPIP tunnel to it. By that we will decrease the latency of the IPIP tunnel that goes to UCSD and back and also hopefully get a much bigger bandwidth (from the data center and not from the UCSD limitations) What Do we need to have in the Data Center in order to Support it ? Is there any expert here that may direct the Software person (if it is a software solution) in our team ? to do it ? any info would be appreciated Regards Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSitehttp://www.ronen.org/ About me . Some of my projects . My Family . My Friends . The Quiz , what is the following Picture ? What I have to say about the Year 2000 bug . Few words in memory of King Hussein (JY1) www.ronen.org
A server (probably a VPS running Linux) equipped with OpenVPN software can do what you want. A commercial router like a Mikrotik can do this too.
Each user 'gateway' would be a VPN client. Either a small home router with VPN capability or perhaps a Raspberry PI could be used at the client end.
Note that as it will be exposed to the open Internet and will become a target for hackers, you will have to install and configure various security measures, keep it up to date, and monitor it closely. - Brian
On Thu, Feb 21, 2019 at 02:55:12PM +0000, R P via 44Net wrote:
Hi there We consider to advertise part of our Country AMPRNET IP Network allocation via BGP to a small DataCenter We want from there to allow users to have a gateways that will have IPIP tunnel to it. By that we will decrease the latency of the IPIP tunnel that goes to UCSD and back and also hopefully get a much bigger bandwidth (from the data center and not from the UCSD limitations) What Do we need to have in the Data Center in order to Support it ? Is there any expert here that may direct the Software person (if it is a software solution) in our team ? to do it ? any info would be appreciated Regards Ronen - 4Z4ZQ
Thank U Brian What system in the data center will deal the problem of the end users gateways that uses Dynamic IP that do IPIP to it ? (like UCSD deal with it today )and spread the updated routing tables ?
Part of the users probably use VPN and with that the IP address change is not a problem but part of them also will use IPIP ...
________________________________ From: Brian Kantor Brian@bkantor.net Sent: Thursday, February 21, 2019 7:15 AM To: AMPRNet working group Cc: R P Subject: Re: [44net] How to allow central gateway to support small gateways that use dynamic IP ?
A server (probably a VPS running Linux) equipped with OpenVPN software can do what you want. A commercial router like a Mikrotik can do this too.
Each user 'gateway' would be a VPN client. Either a small home router with VPN capability or perhaps a Raspberry PI could be used at the client end.
Note that as it will be exposed to the open Internet and will become a target for hackers, you will have to install and configure various security measures, keep it up to date, and monitor it closely. - Brian
On Thu, Feb 21, 2019 at 02:55:12PM +0000, R P via 44Net wrote:
Hi there We consider to advertise part of our Country AMPRNET IP Network allocation via BGP to a small DataCenter We want from there to allow users to have a gateways that will have IPIP tunnel to it. By that we will decrease the latency of the IPIP tunnel that goes to UCSD and back and also hopefully get a much bigger bandwidth (from the data center and not from the UCSD limitations) What Do we need to have in the Data Center in order to Support it ? Is there any expert here that may direct the Software person (if it is a software solution) in our team ? to do it ? any info would be appreciated Regards Ronen - 4Z4ZQ
I would not use IPIP in this configuration, let OpenVPN handle it.
See https://youtu.be/OxsmGaFZ2MM
The small gateway/client can have a dynamically or static IP subnet assigned by OpenVPN upon connection.
On Thu, Feb 21, 2019, 07:28 R P via 44Net 44net@mailman.ampr.org wrote:
Thank U Brian What system in the data center will deal the problem of the end users gateways that uses Dynamic IP that do IPIP to it ? (like UCSD deal with it today )and spread the updated routing tables ?
Part of the users probably use VPN and with that the IP address change is not a problem but part of them also will use IPIP ...
From: Brian Kantor Brian@bkantor.net Sent: Thursday, February 21, 2019 7:15 AM To: AMPRNet working group Cc: R P Subject: Re: [44net] How to allow central gateway to support small gateways that use dynamic IP ?
A server (probably a VPS running Linux) equipped with OpenVPN software can do what you want. A commercial router like a Mikrotik can do this too.
Each user 'gateway' would be a VPN client. Either a small home router with VPN capability or perhaps a Raspberry PI could be used at the client end.
Note that as it will be exposed to the open Internet and will become a target for hackers, you will have to install and configure various security measures, keep it up to date, and monitor it closely. - Brian
On Thu, Feb 21, 2019 at 02:55:12PM +0000, R P via 44Net wrote:
Hi there We consider to advertise part of our Country AMPRNET IP Network
allocation via BGP to a small DataCenter
We want from there to allow users to have a gateways that will have
IPIP tunnel to it.
By that we will decrease the latency of the IPIP tunnel that goes to
UCSD and back and also hopefully get a much bigger bandwidth (from the data center and not from the UCSD limitations)
What Do we need to have in the Data Center in order to Support it ? Is there any expert here that may direct the Software person (if it is a
software solution) in our team ? to do it ?
any info would be appreciated Regards Ronen - 4Z4ZQ
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
It will be more difficult and painful to support both IPIP and OpenVPN.
Since this is a new installation, requiring the users to use OpenVPN or equivalent software is probably a better idea. IPIP is a legacy protocol, not secure, and not easy to administrate. You should not use it if you don't absolutely have to.
If you *do* have to use IPIP, you should talk to someone who is already doing this. I think PE1CHL Rob may be able to offer advice, if he has time. I suspect you will have to build your own tools to manage the IPIP configuration at the server.
OpenVPN will deal with dynamic client addresses.
Since each home gateway will get a small piece of the subnet, routing is automatic and handled by the OpenVPN server.
There is other VPN server software than OpenVPN. Perhaps you would prefer one of them. - Brian
On Thu, Feb 21, 2019 at 03:27:21PM +0000, R P via 44Net wrote:
Thank U Brian What system in the data center will deal the problem of the end users gateways that uses Dynamic IP that do IPIP to it ? (like UCSD deal with it today )and spread the updated routing tables ?
Part of the users probably use VPN and with that the IP address change is not a problem but part of them also will use IPIP ...
While I’m a fan of the raspberry pi I’d recommend offloading log-writes and other dusk intensive processes to an external system or disk or maybe creating a RAM disk. I didn’t account for this and suffered a micro-SD failure taking my gateway down.
I’m currently exploring the Edgerouter (with Marius) as a gateway, and also looking at RAM disk logging on the raspberry pi.
— tom Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
On Feb 21, 2019, at 9:15 AM, Brian Kantor Brian@bkantor.net wrote:
A server (probably a VPS running Linux) equipped with OpenVPN software can do what you want. A commercial router like a Mikrotik can do this too.
Each user 'gateway' would be a VPN client. Either a small home router with VPN capability or perhaps a Raspberry PI could be used at the client end.
Note that as it will be exposed to the open Internet and will become a target for hackers, you will have to install and configure various security measures, keep it up to date, and monitor it closely.
- Brian
On Thu, Feb 21, 2019 at 02:55:12PM +0000, R P via 44Net wrote: Hi there We consider to advertise part of our Country AMPRNET IP Network allocation via BGP to a small DataCenter We want from there to allow users to have a gateways that will have IPIP tunnel to it. By that we will decrease the latency of the IPIP tunnel that goes to UCSD and back and also hopefully get a much bigger bandwidth (from the data center and not from the UCSD limitations) What Do we need to have in the Data Center in order to Support it ? Is there any expert here that may direct the Software person (if it is a software solution) in our team ? to do it ? any info would be appreciated Regards Ronen - 4Z4ZQ
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
-
Brian Kantor -
John D. Hays -
R P -
Tom Cardinal