11 May
2019
11 May
'19
3:50 a.m.
Correct. Your approach saves you a lot of work in
maintaining custom
configs. They are a lot of work, if you have a lot of users.
Indeed. We offer OpenVPN connectivity to our local hams (the Netherlands) using
certificates
created especially for that. The users get their fixed IP derived from the certificate
subject
name (looked up in DNS/hosts) so they also can run services under their own callsign.
There are 220 valid certificates at this time, and always about 20 systems connected plus
those
that connect when required.
Those that want to route subnets can get a GRE(6) or L2TP/IPsec tunnel and run BGP over
that.
There currently are 34 users of that service, 30 of them are connected.
This mode is also used to provide connectivity to regional clusters of systems that are
not yet
connected by radio all over our country.
It requires some one-time setup but at least there is no maintenance when users want to
announce
more subnets etc.
Of course more systems like this could be setup in other countries/regions to serve those
that
are on dynamic IP, are behind CGNAT, can only use IPv6, etc.
A "cloud" hosted Linux (virtual) machine with a fixed IP is all that you really
require, a
service from the ISP to BGP-announce a subnet and route that to you is a good addition.
Alternatively you could use something like a MikroTik, Edgerouter or Juniper instead of
the
Linux VM. A little less flexible in some areas but easier to setup and maintain.
Rob
11 May
11 May
4:58 a.m.
New subject: VPN Question
Hi Rob,
we have a very similar system here in Italy.
http://ampr-italy-gw.ampr.org
http://ampr-italy-gw.dyndns.org
There are several connections up & running for services with static IP
Addresses and some others for
individuals with dynamic IP addresses. The system is operative since
2012, however looking at the high number of access requests, in the end,
the actual number of OMs whom is using the system is very low.
Many of them looses interest or request the access just as a "nice to
have".
Regards,
Marco
iw2ohx
On 11/05/2019 10:50, Rob Janssen wrote:
Correct. Your
approach saves you a lot of work in maintaining custom
configs. They are a lot of work, if you have a lot of users.
Indeed. We offer OpenVPN connectivity to our local hams (the
Netherlands) using certificates
created especially for that. The users get their fixed IP derived
from the certificate subject
name (looked up in DNS/hosts) so they also can run services under
their own callsign.
There are 220 valid certificates at this time, and always about 20
systems connected plus those
that connect when required.
Those that want to route subnets can get a GRE(6) or L2TP/IPsec tunnel
and run BGP over that.
There currently are 34 users of that service, 30 of them are connected.
This mode is also used to provide connectivity to regional clusters of
systems that are not yet
connected by radio all over our country.
It requires some one-time setup but at least there is no maintenance
when users want to announce
more subnets etc.
Of course more systems like this could be setup in other
countries/regions to serve those that
are on dynamic IP, are behind CGNAT, can only use IPv6, etc.
A "cloud" hosted Linux (virtual) machine with a fixed IP is all that
you really require, a
service from the ISP to BGP-announce a subnet and route that to you is
a good addition.
Alternatively you could use something like a MikroTik, Edgerouter or
Juniper instead of the
Linux VM. A little less flexible in some areas but easier to setup
and maintain.
Rob
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
2023
days inactive
2023
days old
1 comments
2 participants
participants (2)
-
Marco Di Martino -
Rob Janssen