20 Oct
2014
20 Oct
'14
6:36 a.m.
Hi All,
After a long wait I finally have my 44 address space and my security
certificate.
Following the steps on the wiki I have set up the raspberry pi as a vpn
client and during boot I see the VPN client start.
However just a couple of questions.
Do I need to open and redirect a port on my router pointing to the
raspberry pi running the vpn and if so which port?
Once I have done that, what is the recommended method (software) that
should be installed to protect the network both to and from me?
Before I add any other software is there a way to test the functionality
of what I have done so far? at the moment all it appears to be doing is
sitting there and blinking the wireless access LED
Equipment is a raspberry B+ running off a UPS with wireless access to my
network.
Thanks in anticipation,
Regards Tony VK3API
20 Oct
20 Oct
8:44 a.m.
Tony;
On Mon, 2014-10-20 at 21:36 +1100, amprnet(a)wizards.sytes.net wrote:
After a long wait I finally have my 44 address space
and my security
certificate.
Congrats.
Following the steps on the wiki I have set up the
raspberry pi as a vpn
client and during boot I see the VPN client start.
If you mean vpn client I suppose you're referring to the likes of
OpenVPN or similar?
Do I need to open and redirect a port on my router
pointing to the
raspberry pi running the vpn and if so which port?
If you're using a true VPN client, you shouldn't have to do a thing.
The client should keep the required port open for you to push your
sourced 44-net routing through to your host. If you're "vpn" is ipencap,
you'll need to set your Pi as the DMZ on your router, and hope that your
make doesn't filter ipencap. While there are some that do, I don't have
a list.
Once I have done that, what is the recommended method
(software) that
should be installed to protect the network both to and from me?
You may try fail2ban, or any of the other agents for linux, however note
that they all basically use iptables. If you're good enough with
iptables you can write your own.
Before I add any other software is there a way to test
the functionality
of what I have done so far? at the moment all it appears to be doing is
sitting there and blinking the wireless access LED
Telnet to any JNOS or URONode, and then do a user listing
([M]ailbox-users for JNOS and [U]sers on URONode) to see what your
source address is. If you see yourself sourced as a 44-net IP, your
good.
Equipment is a raspberry B+ running off a UPS with
wireless access to my
network.
You can also turn it into a repeater if you wanted to with another
dongle and something such as hostapd. Your Pi's secondary wifi would
then become native 44-net to your secondary wifi and any windows client
on it would not need ipencap as it's method in, the Pi would handle it
for you. Just insure you have solid policy routing engaged.
--
If Microsoft intended Windows to be for ham usage,
they would have incorporated our protocols into their kernel.
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
3686
days inactive
3686
days old
1 comments
2 participants
participants (2)
-
amprnet@wizards.sytes.net -
Brian