No it is not possible with my ISP. To run any local services is a violation of the ToS agreement. The ports and services they close they will not open. I've tried. They also incorporate a watchdog on all sockets that destroys them after so many minutes of "birth". This kills client services such as VPN, SSH, etc. Web services often aren't affected since most web elements are downloaded within 300 seconds +/-.
I would go away. How do you get IPIP working over that? Probably not working correctly either.
IMHO the dependency is a moot issue. If I used your VPN I'd be dependent on you... but you're suggesting that you can still reach me if my ISP's edge router dies and this is not true. Also if I were on your VPN, I would have to travel all the way to the netherlands and back half way across the US to reach say Indiana. So very inefficient.
I don't suggest that you would use only our VPN server, you could connect it in addition to some other to have additional redundancy and maybe a more efficient path to western europe.
You (or ARDC, using their money) should eastablish one or more VPN servers on the eastcoast and/or Canada, then you connect there and those servers connect back to UCSD or maybe even advertise some of the locally assigned subnets on internet BGP.
Then it will improve your connectivity to internet, and connectivity to other AMPRnet systems is the same or similar.
Furthermore, you can buy a 4G router and use that as a backup for when your ISP link or -router dies, and you can switchover all your routing to that path automatically within seconds. Even when its address is dynamic and probably even when they have such idiotic policies as your ISP appears to have (because the VPN will just re-establish when it fails).
Rob
Rob;
On Mon, 2019-07-22 at 14:58 +0200, Rob Janssen via 44Net wrote:
I would go away. How do you get IPIP working over that? Probably not working correctly either.
- it's my only option - I have to put the CPE in bridge mode and use a 3rd party router - IPv6 is not handed out while their CPE is in bridge mode. - ipip works perfectly fine, try reaching me on it.
I don't suggest that you would use only our VPN server, you could connect it in addition to some other to have additional redundancy and maybe a more efficient path to western europe.
Why would I want or need to go across the Atlantic when it's not necessary since IPIP is working fine for me. Also if I want to go to WB2ONA in Nj it's point to point for me using the IPIP mesh. I don't have to hit UCSD or the overhead/additional point of failure of a VPN hub. As I said before, if it's not broke don't fix it seems to no longer apply... and again what may work for one may not work for another. I don't know why this is so very difficult to comprehend.
You (or ARDC, using their money) should eastablish one or more VPN servers on the eastcoast and/or Canada, then you connect there and those servers connect back to UCSD or maybe even advertise some of the locally assigned subnets on internet BGP.
I don't see where this would be a reasonable allocation of funds by ARDC. If there were some new form of technology involved perhaps but in this case it's still old methods using old tools with a lot of fingertip spews based on personal greeds and desires without documentation to back it up. VPN is not new, BPG is not new, IPIP is not new, IPv4 is not new. If ARDC were to allocate funding I would rather see it go into research of new techologies. We as hams are not leaders anymore, we're lemmings.
Then it will improve your connectivity to internet, and connectivity to other AMPRnet systems is the same or similar.
How will that improve my connectivity to the internet? I can and do get around blocks by my ISP just fine - once I know what they are and I take full advantage of the 200Mbs link I have for a residential circuit.
Furthermore, you can buy a 4G router and use that as a backup for when your ISP link or -router dies, and you can switchover all your routing to that path automatically within seconds. Even when its address is dynamic and probably even when they have such idiotic policies as your ISP appears to have (because the VPN will just re-establish when it fails).
Why are you stuck on "my way or the highway" here? The ISP practices of my ISP is becoming common fold for ISPs in the USA. It's been tested in the northeast and is slowly getting deployed by major ISPs south and westward. Europe has a lot more liberal practices on the internet than we do. I'm quite familiar with the fact that VPN will re-establish itself when presented with another path/connection. Infact I actually have a VPN router with 4G built in. It's a backup for my client's credit card processor circuit. Unfortunately it's not mine to use for personal usage.
I could get another circuit with 4G backup and shell out almost $2,000/yr additional as a business circuit but why? For people on this list to try and tell me what to do with my circuit that I spend my money on? I think not thank you. That's when a ham community turns into a ham dictatorship.
-
Brian -
Rob Janssen