[App_rpt-users] Building a "network"
Stephen - K1LNX
k1lnx at k1lnx.net
Fri Jul 8 20:59:58 UTC 2016
Hi Robert,
We run a small statewide DMR (MOTOTRBO) network and use OpenVPN on
Ubiquiti Edgerouter Lite's at all of our repeater sites, and peer them all
back to a Ubiquiti Edgerouter Pro, it works like a champ. We allocated a
/24 to each site in the 172.18.x.x range and kept the IP scheme consistent
for each piece of gear. We don't allow access to anything outside of our
VPN, everything is funneled in and out on our core router. Most of our
sites are on LTE connections so this was the best option we could find.
Ideally, if you have a site with a static IP and fiber, you could locate
your core router there, and have that be the OpenVPN "server" with the rest
being "clients". If you setup a certificate based VPN, you can issue certs
for each site and when config'd properly it will connect to the server with
no port forwarding needed, just outbound internet access on UDP 1194 by
default. We chose the Ubiquiti gear to make it simple to deploy, but you
could easily do it with a standard linux install as well.
Hope that helps or at least gives you some ideas :)
73
Stephen
K1LNX
On Fri, Jul 8, 2016 at 3:08 PM, Robert Newberry <N1XBM at amsat.org> wrote:
> I have a network here in Maine with a half dozen repeaters with a mix of
> analog and digital repeaters. I mostly hang a router at the site, set the
> port forwards and I'm off an running.
>
> Since I plan on expanding my network if it would make more sense to use
> VPN routers and put all of my equipment/sites on the same subnet. Although
> I don't know all of the ins and outs of this. Such as one site in
> particular I was given my own static IP on a fiber connection and I
> supplied a router. Other sites I am plugged into the same router as other
> equipment that does not belong to me.
>
> Security is something I need to get better at such using things like
> fail2ban which I haven't sat down to figured out yet. I've even wondered if
> anyone would be willing to do a "talk" on this.
>
> I would be interested in other people's opinions.
>
> N1XBM
> Apparare Scientor
> Paratus Communicare
> Allstar Node # 27086, 41540, 41812, 42086, 42658, 42657
> www.radioguysrepeaternetwork.com
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down
> to the bottom of the page. Enter your email address and press the
> "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email
> confirmation. If you have trouble unsubscribing, please send a message to
> the list detailing the problem.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20160708/5330f8b1/attachment.html>
More information about the App_rpt-users
mailing list