[App_rpt-users] Building a "network"
N1XBM at amsat.org
Thu Jul 14 21:32:39 EDT 2016
Yes thank you. This was enough to get me started on where tk start looking.
Allstar Node # 27086, 41540, 41812, 42086, 42658, 42657
On Jul 8, 2016 5:00 PM, "Stephen - K1LNX" <k1lnx at k1lnx.net> wrote:
> Hi Robert,
> We run a small statewide DMR (MOTOTRBO) network and use OpenVPN on
> Ubiquiti Edgerouter Lite's at all of our repeater sites, and peer them all
> back to a Ubiquiti Edgerouter Pro, it works like a champ. We allocated a
> /24 to each site in the 172.18.x.x range and kept the IP scheme consistent
> for each piece of gear. We don't allow access to anything outside of our
> VPN, everything is funneled in and out on our core router. Most of our
> sites are on LTE connections so this was the best option we could find.
> Ideally, if you have a site with a static IP and fiber, you could locate
> your core router there, and have that be the OpenVPN "server" with the rest
> being "clients". If you setup a certificate based VPN, you can issue certs
> for each site and when config'd properly it will connect to the server with
> no port forwarding needed, just outbound internet access on UDP 1194 by
> default. We chose the Ubiquiti gear to make it simple to deploy, but you
> could easily do it with a standard linux install as well.
> Hope that helps or at least gives you some ideas :)
> On Fri, Jul 8, 2016 at 3:08 PM, Robert Newberry <N1XBM at amsat.org> wrote:
>> I have a network here in Maine with a half dozen repeaters with a mix of
>> analog and digital repeaters. I mostly hang a router at the site, set the
>> port forwards and I'm off an running.
>> Since I plan on expanding my network if it would make more sense to use
>> VPN routers and put all of my equipment/sites on the same subnet. Although
>> I don't know all of the ins and outs of this. Such as one site in
>> particular I was given my own static IP on a fiber connection and I
>> supplied a router. Other sites I am plugged into the same router as other
>> equipment that does not belong to me.
>> Security is something I need to get better at such using things like
>> fail2ban which I haven't sat down to figured out yet. I've even wondered if
>> anyone would be willing to do a "talk" on this.
>> I would be interested in other people's opinions.
>> Apparare Scientor
>> Paratus Communicare
>> Allstar Node # 27086, 41540, 41812, 42086, 42658, 42657
>> App_rpt-users mailing list
>> App_rpt-users at ohnosec.org
>> To unsubscribe from this list please visit
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
>> down to the bottom of the page. Enter your email address and press the
>> "Unsubscribe or edit options button"
>> You do not need a password to unsubscribe, you can do it via email
>> confirmation. If you have trouble unsubscribing, please send a message to
>> the list detailing the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the App_rpt-users