Hi there Now that we have a lot of money in the pocket may we consider installing a VPN server at UCSD to allow user connecting AMPRNET with VPN in addition to the IPIP tunnel ?
I myself will be more then happy to move our networks from IPIP connectivity to VPN (or any other more sophisticated technology) .
Thanks Forward Ronen - 4Z4ZQ
There's no need to locate a VPN server at UCSD.
I would hazard a guess that more than half the people who applied for a directly-routed (BGP-advertised) subnet have promised to provide VPN services to their fellow hams.
If even one-tenth of them actually get that working, you'd have more than a dozen VPN servers to chose from, located all around the world, and you could pick one or more based on a number of factors, network latency and available bandwidth being two criteria I would think are most important. - Brian
On Mon, Jul 22, 2019 at 06:48:25AM +0000, R P via 44Net wrote:
Hi there Now that we have a lot of money in the pocket may we consider installing a VPN server at UCSD to allow user connecting AMPRNET with VPN in addition to the IPIP tunnel ?
I myself will be more then happy to move our networks from IPIP connectivity to VPN (or any other more sophisticated technology) .
Thanks Forward Ronen - 4Z4ZQ
Maybe we should coordinate a list of hams that provide VPN / tunnels from their BGP setup to fellow hams including a location, etc.
For example, I am able and willing to provide such service, however there hasn’t been any place I can really publish that information.
There can be tens or hundreds of others, and we may never know..
Antonis
On 22 Jul 2019, at 09:59, Brian Kantor via 44Net 44net@mailman.ampr.org wrote:
There's no need to locate a VPN server at UCSD.
I would hazard a guess that more than half the people who applied for a directly-routed (BGP-advertised) subnet have promised to provide VPN services to their fellow hams.
If even one-tenth of them actually get that working, you'd have more than a dozen VPN servers to chose from, located all around the world, and you could pick one or more based on a number of factors, network latency and available bandwidth being two criteria I would think are most important.
- Brian
On Mon, Jul 22, 2019 at 06:48:25AM +0000, R P via 44Net wrote:
Hi there Now that we have a lot of money in the pocket may we consider installing a VPN server at UCSD to allow user connecting AMPRNET with VPN in addition to the IPIP tunnel ?
I myself will be more then happy to move our networks from IPIP connectivity to VPN (or any other more sophisticated technology) .
Thanks Forward Ronen - 4Z4ZQ
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
There is the Services page on the wiki, which already lists a VPN provider. http://wiki.ampr.org/wiki/Services
That might do as a start.
- Brian
On Mon, Jul 22, 2019 at 10:14:54AM +0300, Antonios Chariton wrote:
Maybe we should coordinate a list of hams that provide VPN / tunnels from their BGP setup to fellow hams including a location, etc.
For example, I am able and willing to provide such service, however there hasn’t been any place I can really publish that information.
There can be tens or hundreds of others, and we may never know..
Antonis
How do i manage to get my allocated addresses from someone else VPN ? what about transferring a whole network block via a VPN server ? specially to a home which uses a dynamic IP ?
i dont know how it can be done outside of the main 44 Net router that currently route my allocation space and do IPIP to me ...
has anyone have solution for what i want to do ?
Regards Ronen - 4Z4ZQ
________________________________ From: 44Net 44net-bounces+ronenp=hotmail.com@mailman.ampr.org on behalf of Brian Kantor via 44Net 44net@mailman.ampr.org Sent: Monday, July 22, 2019 12:29 AM To: Antonios Chariton Cc: Brian Kantor; AMPRNet working group Subject: Re: [44net] Adding VPN server at UCSD ?
There is the Services page on the wiki, which already lists a VPN provider. http://wiki.ampr.org/wiki/Services
That might do as a start.
- Brian
On Mon, Jul 22, 2019 at 10:14:54AM +0300, Antonios Chariton wrote:
Maybe we should coordinate a list of hams that provide VPN / tunnels from their BGP setup to fellow hams including a location, etc.
For example, I am able and willing to provide such service, however there hasn’t been any place I can really publish that information.
There can be tens or hundreds of others, and we may never know..
Antonis
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
What I would do is the following:
Ask the IP space owner (person allocated to) to send an e-mail to Brian, requesting the block to be advertised over BGP (needs to be /24+, or collection of networks /24+) and Cc me in this e-mail. I reply with the ASN, route objects that need to be created, etc. Brian hopefully approves the request.
Afterwards, I advertise the /24 via BGP to the Internet.
Then, I arrange with the IP space owner how the space will be router to them. I can support OpenVPN, PPTP, L2TP, GRE, IPSec, etc.
We setup the tunnel (by any means, it does not matter), and then I add a static route for the /24 to the other ham’s router.
If they want to speak BGP, it is supported. However, I am only sending a default route, not the full table of course. If they do not speak BGP, they just add a default route to myself.
I am not adding any ACLs or firewalls to the traffic, it is being passed unfiltered.
On 22 Jul 2019, at 11:00, R P via 44Net 44net@mailman.ampr.org wrote:
How do i manage to get my allocated addresses from someone else VPN ? what about transferring a whole network block via a VPN server ? specially to a home which uses a dynamic IP ?
i dont know how it can be done outside of the main 44 Net router that currently route my allocation space and do IPIP to me ...
has anyone have solution for what i want to do ?
Regards Ronen - 4Z4ZQ
From: 44Net 44net-bounces+ronenp=hotmail.com@mailman.ampr.org on behalf of Brian Kantor via 44Net 44net@mailman.ampr.org Sent: Monday, July 22, 2019 12:29 AM To: Antonios Chariton Cc: Brian Kantor; AMPRNet working group Subject: Re: [44net] Adding VPN server at UCSD ?
There is the Services page on the wiki, which already lists a VPN provider. http://wiki.ampr.org/wiki/Services
That might do as a start.
- BrianOn Mon, Jul 22, 2019 at 10:14:54AM +0300, Antonios Chariton wrote:
Maybe we should coordinate a list of hams that provide VPN / tunnels from their BGP setup to fellow hams including a location, etc.
For example, I am able and willing to provide such service, however there hasn’t been any place I can really publish that information.
There can be tens or hundreds of others, and we may never know..
Antonis
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Of course, I forgot to mention, I am able to allocate a /56 of IPv6, or a /48, or any other size from the same tunnel to that person, as well.. Usually a /56, with 256 /64 subnets is enough. This includes reverse zone forwarding for PTR records, with DNSSEC.
On 22 Jul 2019, at 11:58, Antonios Chariton daknob.mac@gmail.com wrote:
What I would do is the following:
Ask the IP space owner (person allocated to) to send an e-mail to Brian, requesting the block to be advertised over BGP (needs to be /24+, or collection of networks /24+) and Cc me in this e-mail. I reply with the ASN, route objects that need to be created, etc. Brian hopefully approves the request.
Afterwards, I advertise the /24 via BGP to the Internet.
Then, I arrange with the IP space owner how the space will be router to them. I can support OpenVPN, PPTP, L2TP, GRE, IPSec, etc.
We setup the tunnel (by any means, it does not matter), and then I add a static route for the /24 to the other ham’s router.
If they want to speak BGP, it is supported. However, I am only sending a default route, not the full table of course. If they do not speak BGP, they just add a default route to myself.
I am not adding any ACLs or firewalls to the traffic, it is being passed unfiltered.
On 22 Jul 2019, at 11:00, R P via 44Net 44net@mailman.ampr.org wrote:
How do i manage to get my allocated addresses from someone else VPN ? what about transferring a whole network block via a VPN server ? specially to a home which uses a dynamic IP ?
i dont know how it can be done outside of the main 44 Net router that currently route my allocation space and do IPIP to me ...
has anyone have solution for what i want to do ?
Regards Ronen - 4Z4ZQ
From: 44Net 44net-bounces+ronenp=hotmail.com@mailman.ampr.org on behalf of Brian Kantor via 44Net 44net@mailman.ampr.org Sent: Monday, July 22, 2019 12:29 AM To: Antonios Chariton Cc: Brian Kantor; AMPRNet working group Subject: Re: [44net] Adding VPN server at UCSD ?
There is the Services page on the wiki, which already lists a VPN provider. http://wiki.ampr.org/wiki/Services
That might do as a start.
- BrianOn Mon, Jul 22, 2019 at 10:14:54AM +0300, Antonios Chariton wrote:
Maybe we should coordinate a list of hams that provide VPN / tunnels from their BGP setup to fellow hams including a location, etc.
For example, I am able and willing to provide such service, however there hasn’t been any place I can really publish that information.
There can be tens or hundreds of others, and we may never know..
Antonis
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Gents,
If we’re going to go with the shared VPN model, which is something I also do like, then we should do this properly, because personal non-transferable connections set-up per BGP announced router simply will be another historical mess.
Professional VPN solutions provide an application for the computer or the mobile phone where an exit through Net44 can be selected from a list of VPN endpoints. You can choose one exist node on-the-go to get a connection established from a pool. Then you disconnect and resources are freed. Easy. We should do something like that in order to take the most from the BGP announces we currently have.
Technologically speaking, we have all the necessary in server side (I know for sure I’m not the only one that it’s sharing full server configurations from GitHub), we lack the VPN application in client side. But this can be easily worked out in a reasonable amount of time.
My 2 cent. Best regards,
Vy73 de EA1HET, Jonathan 0x539C9FAF
Sent from my tablet/mobile. Please, excuse my brevity and the presence of typos.
El 22 jul 2019, a las 11:02, Antonios Chariton via 44Net 44net@mailman.ampr.org escribió:
Of course, I forgot to mention, I am able to allocate a /56 of IPv6, or a /48, or any other size from the same tunnel to that person, as well.. Usually a /56, with 256 /64 subnets is enough. This includes reverse zone forwarding for PTR records, with DNSSEC.
On 22 Jul 2019, at 11:58, Antonios Chariton daknob.mac@gmail.com wrote:
What I would do is the following:
Ask the IP space owner (person allocated to) to send an e-mail to Brian, requesting the block to be advertised over BGP (needs to be /24+, or collection of networks /24+) and Cc me in this e-mail. I reply with the ASN, route objects that need to be created, etc. Brian hopefully approves the request.
Afterwards, I advertise the /24 via BGP to the Internet.
Then, I arrange with the IP space owner how the space will be router to them. I can support OpenVPN, PPTP, L2TP, GRE, IPSec, etc.
We setup the tunnel (by any means, it does not matter), and then I add a static route for the /24 to the other ham’s router.
If they want to speak BGP, it is supported. However, I am only sending a default route, not the full table of course. If they do not speak BGP, they just add a default route to myself.
I am not adding any ACLs or firewalls to the traffic, it is being passed unfiltered.
On 22 Jul 2019, at 11:00, R P via 44Net 44net@mailman.ampr.org wrote:
How do i manage to get my allocated addresses from someone else VPN ? what about transferring a whole network block via a VPN server ? specially to a home which uses a dynamic IP ?
i dont know how it can be done outside of the main 44 Net router that currently route my allocation space and do IPIP to me ...
has anyone have solution for what i want to do ?
Regards Ronen - 4Z4ZQ
From: 44Net 44net-bounces+ronenp=hotmail.com@mailman.ampr.org on behalf of Brian Kantor via 44Net 44net@mailman.ampr.org Sent: Monday, July 22, 2019 12:29 AM To: Antonios Chariton Cc: Brian Kantor; AMPRNet working group Subject: Re: [44net] Adding VPN server at UCSD ?
There is the Services page on the wiki, which already lists a VPN provider. http://wiki.ampr.org/wiki/Services
That might do as a start.
- BrianOn Mon, Jul 22, 2019 at 10:14:54AM +0300, Antonios Chariton wrote:
Maybe we should coordinate a list of hams that provide VPN / tunnels from their BGP setup to fellow hams including a location, etc.
For example, I am able and willing to provide such service, however there hasn’t been any place I can really publish that information.
There can be tens or hundreds of others, and we may never know..
Antonis
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
-----Original Message----- From: 44Net [mailto:44net-bounces+jim=photojim.ca@mailman.ampr.org] On Behalf Of R P via 44Net Sent: Monday, July 22, 2019 2:00 AM To: AMPRNet working group 44net@mailman.ampr.org Cc: R P ronenp@hotmail.com Subject: Re: [44net] Adding VPN server at UCSD ?
How do i manage to get my allocated addresses from someone else VPN ? what about transferring a whole network block via a VPN server ? specially to a home which uses a dynamic IP ? === This can all be done, but it takes some technical knowledge about networking.
I was given an allocation - I arranged BGP delegation and I have my VPS's provider (Loosefoot Computing) advertise the allocation.
I set up an OpenVPN connection between my router (really a Linux computer) and my VPS. I use source-based routing to route a portion of my subnet to my router at home, then assign some of those addresses manually to hosts at home that have ham radio-related traffic. (My router gets one too, in addition to its other addresses.)
A standard consumer router would probably have trouble doing this, although some might be able. It is probably possible to have a small Linux computer do the AMPRnet subnet's routing separately, but I'd have to give some thought to this configuration.
At home, you wouldn't need a static IP at all - a dynamic one would do. One end needs a static IP address, and that's my VPS.
My VPS is actually located in Denver, CO, US, but the latency here to VE5-land is pretty low.
My subnet is specifically intended for VE5s/VA5s, but depending on our rules for allocations, I may be able to delegate small allocations (/28 typically, i.e. 16 IP addresses of which 14 are usable) to hams in other areas who have low latency to Denver. (I might need another delegation if this isn't allowed.) Currently I have a /23 which gives me 32 /28s to delegate, and 2 of those are in use. (I can delegate smaller subnets, too, if fewer addresses would be fine for you.)
Super busy the next few weeks, so even if anyone is interested, it won't be a tomorrow thing. But the possibility is here.
73 Jim VE5EV
Hi My proposal to put the VPN server in specially UCSD was because this is the main router on our 44 NET it probably know (and get) all the 44 Network (beside the BGP announced gateways ) and therefore if someone connect there it probably have its network so i thought technically it is very simple solution to accomplish of course that other solutions are acceptable keep in mind to make the solution as simple and strait forward in the users side that users with minimal knowledge will have to deal with complicated installations compilations setups etc
As for latency i mind less i have a DMR system on my Network and it work for two years with the latency of the signal travel to UCSD and back without any noticeable problems
Regards Ronen - 4Z4ZQ
________________________________ From: 44Net 44net-bounces+ronenp=hotmail.com@mailman.ampr.org on behalf of Jim MacKenzie via 44Net 44net@mailman.ampr.org Sent: Monday, July 22, 2019 10:39 AM To: 'AMPRNet working group' 44net@mailman.ampr.org Cc: Jim MacKenzie jim@photojim.ca Subject: Re: [44net] Adding VPN server at UCSD ?
-----Original Message----- From: 44Net [mailto:44net-bounces+jim=photojim.ca@mailman.ampr.org] On Behalf Of R P via 44Net Sent: Monday, July 22, 2019 2:00 AM To: AMPRNet working group 44net@mailman.ampr.org Cc: R P ronenp@hotmail.com Subject: Re: [44net] Adding VPN server at UCSD ?
How do i manage to get my allocated addresses from someone else VPN ? what about transferring a whole network block via a VPN server ? specially to a home which uses a dynamic IP ? === This can all be done, but it takes some technical knowledge about networking.
I was given an allocation - I arranged BGP delegation and I have my VPS's provider (Loosefoot Computing) advertise the allocation.
I set up an OpenVPN connection between my router (really a Linux computer) and my VPS. I use source-based routing to route a portion of my subnet to my router at home, then assign some of those addresses manually to hosts at home that have ham radio-related traffic. (My router gets one too, in addition to its other addresses.)
A standard consumer router would probably have trouble doing this, although some might be able. It is probably possible to have a small Linux computer do the AMPRnet subnet's routing separately, but I'd have to give some thought to this configuration.
At home, you wouldn't need a static IP at all - a dynamic one would do. One end needs a static IP address, and that's my VPS.
My VPS is actually located in Denver, CO, US, but the latency here to VE5-land is pretty low.
My subnet is specifically intended for VE5s/VA5s, but depending on our rules for allocations, I may be able to delegate small allocations (/28 typically, i.e. 16 IP addresses of which 14 are usable) to hams in other areas who have low latency to Denver. (I might need another delegation if this isn't allowed.) Currently I have a /23 which gives me 32 /28s to delegate, and 2 of those are in use. (I can delegate smaller subnets, too, if fewer addresses would be fine for you.)
Super busy the next few weeks, so even if anyone is interested, it won't be a tomorrow thing. But the possibility is here.
73 Jim VE5EV
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
No need to use UCSD. Cloud based server(s) work just fine. Places like AWS drip with bandwidth.
https://www.youtube.com/watch?v=OxsmGaFZ2MM (Someone more skilled with OpenVPN could improve this) Discussion, files, etc. at https://groups.io/g/net-44-vpn https://www.youtube.com/redirect?event=comments&stzid=UgxsSVy9PirsWSTgm714AaABAg&redir_token=mFVPv0vtg8_JAu6q70dLKyYPshd8MTU2Mzg5NjgxM0AxNTYzODEwNDEz&q=https%3A%2F%2Fgroups.io%2Fg%2Fnet-44-vpn
On Sun, Jul 21, 2019 at 11:51 PM R P via 44Net 44net@mailman.ampr.org wrote:
Hi there Now that we have a lot of money in the pocket may we consider installing a VPN server at UCSD to allow user connecting AMPRNET with VPN in addition to the IPIP tunnel ?
I myself will be more then happy to move our networks from IPIP connectivity to VPN (or any other more sophisticated technology) .
Thanks Forward Ronen - 4Z4ZQ
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
-
Antonios Chariton -
Brian Kantor -
EA1HET Jonathan Gonzalez -
Jim MacKenzie -
K7VE - John -
R P