[App_rpt-users] Some questions regarding Apt-RPT and AllStarLink

Stephen - K1LNX k1lnx at k1lnx.net
Mon Nov 21 13:31:17 UTC 2016 

Hi Jeremy,
     OpenVPN works great for this type of application, I just did this for
several repeaters in my area myself. I did it a little bit differently
however, all the nodes (5 total) all connect back to a hub and router
co-lo'd in the same datacenter. My approach was to build a "private"
network between my router and the hub node VPS, and then used OpenVPN
between the router and the nodes, I pushed out the route for the hub node
in the OpenVPN config. We don't have anyone connecting to these nodes
individually from the outside, so port forwarding was not needed in our
application, only on the hub node.

Barring that, your approach may be a little more difficult, as the nodes
will register using whatever external IP your provider has provided to you,
so I think your best bet here would be to send all the traffic down the VPN
instead, i.e. make it your default route.

I'm sure there may be other ways, so I'll let others chime in with ideas,
but these are my experiences. OpenVPN comes in QUITE handy for scenarios
like this, we also run a fairly large DMR network and use OpenVPN
exclusively to remedy some the issues we had with NAT'ing and such.

73
Stephen
K1LNX


On Sun, Nov 20, 2016 at 12:49 PM, Jeremy Utley <jerutley at gmail.com> wrote:

> Hello all!
>
>
>
> Relatively new to Apt_rpt and AllStar, so forgive me if this is a rehash
> of something that’s already been done.  I’ve recently been put in charge of
> maintenance of our local 2m repeater for our club.  I’m new to running
> repeaters, so I wanted to really learn by doing, and am planning to do this
> by rebuilding old, currently defunct 440 machine that’s been off the air
> for a year now.  I’ve already been in touch with the local freq
> coordinator, and ensured we are still coordinated on our old frequency, and
> we’re currently in the hardware acquisition phase.  I’m planning to use
> AllStar DIAL on an RPI-3 as the controller for the new repeater, and if all
> goes well, I’ll eventually replace the current NHRC-3 controller on the
> 2-meter side with another Pi-3 running Dial, and set up a permanent link
> between the 2m and 440 machines.
>
>
>
> Question 1 is related to the underlying networking.  Our repeater site is
> a tower for a rural wireless ISP, so it already has internet connectivity
> there.  The problem is, the guy running the ISP has some “odd” opinions on
> how to run things, and is stubborn enough to not listen to reason as to why
> what he’s doing is a bad idea – the end result being the systems will be
> behind a Double-NAT, with what amounts to no possibility to do proper
> port-forwarding to AllStar.  Leaving this tower site is pretty impatctical
> (the guy running the site is also a ham, and actually lets us use the site
> for free), so I’ve been trying to come up with a way to get around this
> port-forwarding issue.  As an IT guy by trade myself, I do have access to a
> co-located server with multiple IPv4 IP’s allocated to it.  So my thinking
> is, at the repeater site, I’ll set up a Microtik router, that establishes
> an OpenVPN connection to my colo server.  Each of the RPi’s will be
> tunneled via the OpenVPN connection to the colo server, and use it’s own
> dedicated IP address from there.  In theory, this would remove the
> double-NAT, effectively replacing it with a single NAT layer that I control
> totally.  I don’t see any real reason this could not work from a network
> standpoint (I’ve done similar things at work in the past using VPN
> tunnels), but maybe there’s something specific to the AllStarLink software
> that precludes this from working.  The more I think about it, I could
> potentially even use an Ethernet bridge at the machine in the colo and
> simply provide public IP’s across the VPN tunnel, effectively eliminating
> NAT altogether.
>
>
>
> Question 2 is more of a policy question – I’ve registered my personal
> callsign with AllStar, and gotten a node number for a simplex link that’s
> going to be my first node on the network (to learn a little more before I
> actually start to build the new repeater).  Should I also register our club
> callsign and set up the repeater nodes under that (I am the trustee for the
> club call), or make additional nodes under my personal call for those?
>
>
>
> Thanks for your time in reading thru this, and for the help!
>
>
>
> Jeremy Utley, NQ0M
>
> Iola, KS
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/
> mailman/listinfo/app_rpt-users and scroll down to the bottom of the page.
> Enter your email address and press the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email
> confirmation. If you have trouble unsubscribing, please send a message to
> the list detailing the problem.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20161121/c2157a7a/attachment.html>

More information about the App_rpt-users mailing list