There is the Services page on the wiki, which already lists a VPN provider. <http://wiki.ampr.org/wiki/Services> That might do as a start. - Brian On Mon, Jul 22, 2019 at 10:14:54AM +0300, Antonios Chariton wrote:

What I would do is the following: Ask the IP space owner (person allocated to) to send an e-mail to Brian, requesting the block to be advertised over BGP (needs to be /24+, or collection of networks /24+) and Cc me in this e-mail. I reply with the ASN, route objects that need to be created, etc. Brian hopefully approves the request. Afterwards, I advertise the /24 via BGP to the Internet. Then, I arrange with the IP space owner how the space will be router to them. I can support OpenVPN, PPTP, L2TP, GRE, IPSec, etc. We setup the tunnel (by any means, it does not matter), and then I add a static route for the /24 to the other ham’s router. If they want to speak BGP, it is supported. However, I am only sending a default route, not the full table of course. If they do not speak BGP, they just add a default route to myself. I am not adding any ACLs or firewalls to the traffic, it is being passed unfiltered.

Gents, If we’re going to go with the shared VPN model, which is something I also do like, then we should do this properly, because personal non-transferable connections set-up per BGP announced router simply will be another historical mess. Professional VPN solutions provide an application for the computer or the mobile phone where an exit through Net44 can be selected from a list of VPN endpoints. You can choose one exist node on-the-go to get a connection established from a pool. Then you disconnect and resources are freed. Easy. We should do something like that in order to take the most from the BGP announces we currently have. Technologically speaking, we have all the necessary in server side (I know for sure I’m not the only one that it’s sharing full server configurations from GitHub), we lack the VPN application in client side. But this can be easily worked out in a reasonable amount of time. My 2 cent. Best regards, Vy73 de EA1HET, Jonathan 0x539C9FAF Sent from my tablet/mobile. Please, excuse my brevity and the presence of typos.

Hi My proposal to put the VPN server in specially UCSD was because this is the main router on our 44 NET it probably know (and get) all the 44 Network (beside the BGP announced gateways ) and therefore if someone connect there it probably have its network so i thought technically it is very simple solution to accomplish of course that other solutions are acceptable keep in mind to make the solution as simple and strait forward in the users side that users with minimal knowledge will have to deal with complicated installations compilations setups etc As for latency i mind less i have a DMR system on my Network and it work for two years with the latency of the signal travel to UCSD and back without any noticeable problems Regards Ronen - 4Z4ZQ ________________________________ From: 44Net &lt;44net-bounces+ronenp=hotmail.com(a)mailman.ampr.org&gt; on behalf of Jim MacKenzie via 44Net &lt;44net(a)mailman.ampr.org&gt; Sent: Monday, July 22, 2019 10:39 AM To: 'AMPRNet working group' &lt;44net(a)mailman.ampr.org&gt; Cc: Jim MacKenzie &lt;jim(a)photojim.ca&gt; Subject: Re: [44net] Adding VPN server at UCSD ? -----Original Message----- From: 44Net [mailto:44net-bounces+jim=photojim.ca@mailman.ampr.org] On Behalf Of R P via 44Net Sent: Monday, July 22, 2019 2:00 AM To: AMPRNet working group &lt;44net(a)mailman.ampr.org&gt; Cc: R P &lt;ronenp(a)hotmail.com&gt; Subject: Re: [44net] Adding VPN server at UCSD ? How do i manage to get my allocated addresses from someone else VPN ? what about transferring a whole network block via a VPN server ? specially to a home which uses a dynamic IP ? === This can all be done, but it takes some technical knowledge about networking. I was given an allocation - I arranged BGP delegation and I have my VPS's provider (Loosefoot Computing) advertise the allocation. I set up an OpenVPN connection between my router (really a Linux computer) and my VPS. I use source-based routing to route a portion of my subnet to my router at home, then assign some of those addresses manually to hosts at home that have ham radio-related traffic. (My router gets one too, in addition to its other addresses.) A standard consumer router would probably have trouble doing this, although some might be able. It is probably possible to have a small Linux computer do the AMPRnet subnet's routing separately, but I'd have to give some thought to this configuration. At home, you wouldn't need a static IP at all - a dynamic one would do. One end needs a static IP address, and that's my VPS. My VPS is actually located in Denver, CO, US, but the latency here to VE5-land is pretty low. My subnet is specifically intended for VE5s/VA5s, but depending on our rules for allocations, I may be able to delegate small allocations (/28 typically, i.e. 16 IP addresses of which 14 are usable) to hams in other areas who have low latency to Denver. (I might need another delegation if this isn't allowed.) Currently I have a /23 which gives me 32 /28s to delegate, and 2 of those are in use. (I can delegate smaller subnets, too, if fewer addresses would be fine for you.) Super busy the next few weeks, so even if anyone is interested, it won't be a tomorrow thing. But the possibility is here. 73 Jim VE5EV _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net