Topics

IRLP VPN Service Announcement


k9dc
 

I am pleased to announce a brand new and FREE VPN service for IRLP nodes in North America (Canada, USA and Mexico).

The new IRLP VPN service will provide a unique public IP address to your node if you cannot otherwise obtain one. Typically this would be necessary if you are (or want to) run more than one IRLP node behind a single IP address from your ISP. Or you have no control over a network based firewall as is typical with cellular connections.

If your node is already set up with a dedicated IP address with or without port forwarding, you do not need this service. It will not make your node work better. In fact IRLP VPN will likely result in a significant reduction in the bandwidth available to your node, because of the extra path the VPN takes across the internet. But it should provide enough bandwidth for your node to work, if your underlying connection is adequate.

Most commercial VPN products, (Nord, PIA, ExpressVPN etc) offer to hide you from the Internet by obfuscating your traffic and claiming your activities are untraceable. IRLP VPN does exactly the opposite. It actually brings the public Internet to your otherwise hidden computer by providing a publicly routable IP address directly to your IRLP node, and registering it in global DNS. So pretty obviously, you would not want to use IRLP VPN if you are trying to hide.

We have the ability to monitor the traffic on each tunnel. We are interested in helping you get your IRLP node on the network. We are not interested in carrying your general Internet activity. If we detect unusual traffic patterns, we may ask you about it. Please be kind.

To use IRLP VPN on your node, you must be running Debian and have OpenVPN installed. If you do not have OpenVPN installed, become root on your node and run the following commands.

apt-get update
apt-get install openvpn

We have tested IRLP VPN on Debian 6 and 7 and it works fine. But you may have difficulty installing OpenVPN on those older releases because they have been mothballed (archived) and are no longer supported.

Now that you have OpenVPN installed, you will need to request a client configuration file from us. The client configuration is obtained by sending an email request to installs@ irlp.net. Include the node number(s) for which you are requesting VPN client files. We will only honor requests from the registered node owner. So please make sure your email address is accurate in the status page database. See http://irlp.net/owners/dbupdates.html. A human is involved in creating the client configuration files, so an instant response is not guaranteed.

The file we send to you will be in the form of stnXXXX.conf, where XXXX is your node number. Log in to your node as (or become) root, then cd /etc/openvpn/. Remove any existing client files (if this a new OpenVPN installaton, there won't be any). Place your new stnXXXX.conf in the /etc/openvpn/ directory on your node and reboot. Log in again. Run the command ‘/sbin/ifconfig’. You should see a new interface named tun0, with an IP address on it beginning with 44. To verify it is working, run the command ‘telnet irlp.net 10000’ You should see the same IP displayed. Congratulations! You are ready to make calls.

Please do not attempt to use the configuration file on more than one node. The VPN server gets confused with multiple sessions using the same configuration file. If you need another for a different node, just ask us for one. The price is the same, no charge.

If you want to use this file on a NanoNode (from Micro-node International), it should work (we've tested it on a few). But you will have to rename the file to "client.conf" and install it through the NanoNode web interface. See the NanoNode documentation.

Support: We'll do our best. But this service is not guaranteed to work or be useful for anything. But we do think it will help many people most of the time. Because of the way we configured the tunnels, we think it may actually be more reliable for IRLP nodes than commercial offerings costing as much as $100/year. But you are responsible for your own Internet connection.

--
Dave K9DC, IRLP Installation Team


Ted VE3TRQ
 

This is very kind and generous of the IRLP group, to support the IRLP community in this way. Many of us run EchoIRLP on our nodes, and this presents a slightly different load and traffic pattern.

What is your position on running EchoLink through this VPN?

Thanks again,
Ted VE3TRQ 
IRLP nodes 2403, 2404


k9dc
 

EchoIRLP on your node will work fine over IRLP VPN.

-k9dc

On Aug 27, 2019, at 07:36, Ted VE3TRQ <ve3trq@...> wrote:

This is very kind and generous of the IRLP group, to support the IRLP community in this way. Many of us run EchoIRLP on our nodes, and this presents a slightly different load and traffic pattern.

What is your position on running EchoLink through this VPN?

Thanks again,
Ted VE3TRQ
IRLP nodes 2403, 2404


Rick May
 

The IRLP VPN works fine. I have it set up my 7972 node. 

73' Rick KC0HH
Lamar, Colorado


On Tuesday, August 27, 2019, 05:58:41 AM MDT, k9dc <Dave@...> wrote:



EchoIRLP on your node will work fine over IRLP VPN.

-k9dc


> On Aug 27, 2019, at 07:36, Ted VE3TRQ <ve3trq@...> wrote:
>
> This is very kind and generous of the IRLP group, to support the IRLP community in this way. Many of us run EchoIRLP on our nodes, and this presents a slightly different load and traffic pattern.
>
> What is your position on running EchoLink through this VPN?
>
> Thanks again,
> Ted VE3TRQ
> IRLP nodes 2403, 2404






Peter VK3PYE
 

On Tue, Aug 27, 2019 at 03:27 AM, k9dc wrote:
a brand new and FREE VPN service for IRLP nodes in North America
Will this service be made available outside of NA anytime soon? 

Peter, VK3PYE, Node # 6574


k9dc
 

Unfortunately, I would have to say probably not. At least not by IRLP.net. We do have an existing IRLP server in Singapore. But no IP address block to allocate to it. Right now the VPN service is based in Chicago. The 15,000+ KM path x2, would kill it I am afraid.

--
Dave K9DC, IRLP Installation Team

On Aug 28, 2019, at 22:03, Peter VK3PYE <pete_jbk@...> wrote:

On Tue, Aug 27, 2019 at 03:27 AM, k9dc wrote:
a brand new and FREE VPN service for IRLP nodes in North America
Will this service be made available outside of NA anytime soon?

Peter, VK3PYE, Node # 6574


 

On 29/08/19 12:03, Peter VK3PYE wrote:
On Tue, Aug 27, 2019 at 03:27 AM, k9dc wrote:
a brand new and FREE VPN service for IRLP nodes in North America
Will this service be made available outside of NA anytime soon?

We Aussies have the option of using APANA.  All up costs are currently $40/annum, which includes APANA membership (mandatory for network access) and membership of the South Australian region (which you need to join for VPN access).  APANA also use OpenVPN.  I can't guarantee bandwidth, but policy wise, it is a good match for IRLP, because APANA, like ham radio, prohibits commercial use.  I think one other node joined a couple of years back.

I use APANA for BBSs (yes they still exist!) and other hobbyist uses.  I haven't tried IRLP on the VPN, as I am able to port forward my main Internet connection.

Their website is at apana.org.au .

To get any better, we'd have to setup our own VPN server in Oz.  We would need some IP space (44net routed by BGP would be good) and somewhere to host the service.
-- 
73 de Tony VK3JED/VK3IRL
http://vkradio.com


Peter VK3PYE
 

Thank you Dave K9DC & Tony VK3JED, for the feedback. --Peter VK3PYE


n7bfs
 

Although I don't need VPN services at the moment for my node, thanks for the generous offer :^)

Doug
N7BFS


Klaus Rung
 

Does anyone have a method of installing openvpn on a "Debian GNU/Linux 7 (wheezy)" where the apt-get will not work any longer?

thanks
klaus
ve3kr node 2490

On Saturday, August 31, 2019, 10:47:09 p.m. EDT, n7bfs <doug.n7bfs@...> wrote:


Although I don't need VPN services at the moment for my node, thanks for the generous offer :^)

Doug
N7BFS


John Lorenc
 

Hi Klaus

 

I believe you should be able to edit your /etc/apt/sources.list file to include pointing to deprecated items. I recently did this for Ubuntu 15.1.

 

cat sources.list

deb http://old-releases.ubuntu.com/ubuntu wily main restricted universe

deb http://old-releases.ubuntu.com/ubuntu wily-updates main restricted universe

deb http://old-releases.ubuntu.com/ubuntu wily-security main restricted universe multiverse

deb http://archive.canonical.com/ubuntu wily partner

 

In theory you ought to be able to do it with Debian. Suggest Google searching to find out how.

 

Good luck.

 

John va3wm

 

From: IRLP@irlp.groups.io [mailto:IRLP@irlp.groups.io] On Behalf Of Klaus Rung via Groups.Io
Sent: Sunday, September 01, 2019 11:34 AM
To: IRLP@irlp.groups.io
Subject: Re: [IRLP] IRLP VPN Service Announcement

 

Does anyone have a method of installing openvpn on a "Debian GNU/Linux 7 (wheezy)" where the apt-get will not work any longer?

 

thanks

klaus

ve3kr node 2490

 

On Saturday, August 31, 2019, 10:47:09 p.m. EDT, n7bfs <doug.n7bfs@...> wrote:

 

 

Although I don't need VPN services at the moment for my node, thanks for the generous offer :^)

Doug
N7BFS


Rick NK7I
 

I'd suspect that apt-get still works but has no updates for you anymore (reaching end of life for support).

If you want to update to Debian 10 (Buster) you can use the beta install disk Dave has provided.  It plays beautifully here.

Because my node is used for other tasks (web page server and more), this is how I upgraded it (remotely too, via SSH) without wiping the drive:

Backup the current IRLP node:
# backup_for_reinstall   [save that result on another drive]

Update the current OS:
# apt-get update
# apt-get upgrade
# apt-get dist-upgrade

Edit /etc/apt/sources.list:

FROM STRETCH (in my case):
deb http://httpredir.debian.org/debian stretch main
deb http://httpredir.debian.org/debian stretch-updates main
deb http://security.debian.org stretch/updates main

TO BUSTER:
deb http://httpredir.debian.org/debian buster main
deb http://httpredir.debian.org/debian buster-updates main
deb http://security.debian.org buster/updates main

Then:

# apt-get upgrade
# apt-get dist-upgrade
# reboot

It took some time (slow internet here), no errors noted and the original conf files kept as is when asked.

Now, edit 'environment' to UNcomment both USE_APLAY and USE_AOSS, restart IRLP.  This change will allow the audio to work normally.

This has the advantage that whatever 'extra' software you're running is also updated/upgraded at the same time.  
If you use sendmail (the node sends me daily status reports), you may have to make some tweaks to get it running again (I needed to make and install a new security cert).

GL es 73,
Rick NHC
7962
On 9/1/2019 9:29 AM, John Lorenc wrote:

Hi Klaus

 

I believe you should be able to edit your /etc/apt/sources.list file to include pointing to deprecated items. I recently did this for Ubuntu 15.1.

 

cat sources.list

deb http://old-releases.ubuntu.com/ubuntu wily main restricted universe

deb http://old-releases.ubuntu.com/ubuntu wily-updates main restricted universe

deb http://old-releases.ubuntu.com/ubuntu wily-security main restricted universe multiverse

deb http://archive.canonical.com/ubuntu wily partner

 

In theory you ought to be able to do it with Debian. Suggest Google searching to find out how.

 

Good luck.

 

John va3wm

 

From: IRLP@irlp.groups.io [mailto:IRLP@irlp.groups.io] On Behalf Of Klaus Rung via Groups.Io
Sent: Sunday, September 01, 2019 11:34 AM
To: IRLP@irlp.groups.io
Subject: Re: [IRLP] IRLP VPN Service Announcement

 

Does anyone have a method of installing openvpn on a "Debian GNU/Linux 7 (wheezy)" where the apt-get will not work any longer?

 

thanks

klaus

ve3kr node 2490

 

On Saturday, August 31, 2019, 10:47:09 p.m. EDT, n7bfs <doug.n7bfs@...> wrote:

 

 

Although I don't need VPN services at the moment for my node, thanks for the generous offer :^)

Doug
N7BFS


Klaus Rung
 

Ok, thanks will give that a try.

On Sunday, September 1, 2019, 12:29:11 p.m. EDT, John Lorenc <va3xjl@...> wrote:


Hi Klaus

 

I believe you should be able to edit your /etc/apt/sources.list file to include pointing to deprecated items. I recently did this for Ubuntu 15.1.

 

cat sources.list

deb http://old-releases.ubuntu.com/ubuntu wily main restricted universe

deb http://old-releases.ubuntu.com/ubuntu wily-updates main restricted universe

deb http://old-releases.ubuntu.com/ubuntu wily-security main restricted universe multiverse

deb http://archive.canonical.com/ubuntu wily partner

 

In theory you ought to be able to do it with Debian. Suggest Google searching to find out how.

 

Good luck.

 

John va3wm

 

From: IRLP@irlp.groups.io [mailto:IRLP@irlp.groups.io] On Behalf Of Klaus Rung via Groups.Io
Sent: Sunday, September 01, 2019 11:34 AM
To: IRLP@irlp.groups.io
Subject: Re: [IRLP] IRLP VPN Service Announcement

 

Does anyone have a method of installing openvpn on a "Debian GNU/Linux 7 (wheezy)" where the apt-get will not work any longer?

 

thanks

klaus

ve3kr node 2490

 

On Saturday, August 31, 2019, 10:47:09 p.m. EDT, n7bfs <doug.n7bfs@...> wrote:

 

 

Although I don't need VPN services at the moment for my node, thanks for the generous offer :^)

Doug
N7BFS


Klaus Rung
 

Thanks for these suggestions.

On Sunday, September 1, 2019, 12:47:39 p.m. EDT, Rick WA6NHC <wa6nhc@...> wrote:


I'd suspect that apt-get still works but has no updates for you anymore (reaching end of life for support).

If you want to update to Debian 10 (Buster) you can use the beta install disk Dave has provided.  It plays beautifully here.

Because my node is used for other tasks (web page server and more), this is how I upgraded it (remotely too, via SSH) without wiping the drive:

Backup the current IRLP node:
# backup_for_reinstall   [save that result on another drive]

 Update the current OS:
# apt-get update
# apt-get upgrade
# apt-get dist-upgrade

Edit /etc/apt/sources.list:

FROM STRETCH (in my case):
deb http://httpredir.debian.org/debian stretch main
deb http://httpredir.debian.org/debian stretch-updates main
deb http://security.debian.org stretch/updates main

TO BUSTER:
deb http://httpredir.debian.org/debian buster main
deb http://httpredir.debian.org/debian buster-updates main
deb http://security.debian.org buster/updates main

Then:

# apt-get upgrade
# apt-get dist-upgrade
# reboot

It took some time (slow internet here), no errors noted and the original conf files kept as is when asked.

Now, edit 'environment' to UNcomment both USE_APLAY and USE_AOSS, restart IRLP.  This change will allow the audio to work normally.

This has the advantage that whatever 'extra' software you're running is also updated/upgraded at the same time.  
If you use sendmail (the node sends me daily status reports), you may have to make some tweaks to get it running again (I needed to make and install a new security cert).

GL es 73,
Rick NHC
7962 
On 9/1/2019 9:29 AM, John Lorenc wrote:

Hi Klaus

 

I believe you should be able to edit your /etc/apt/sources.list file to include pointing to deprecated items. I recently did this for Ubuntu 15.1.

 

cat sources.list

deb http://old-releases.ubuntu.com/ubuntu wily main restricted universe

deb http://old-releases.ubuntu.com/ubuntu wily-updates main restricted universe

deb http://old-releases.ubuntu.com/ubuntu wily-security main restricted universe multiverse

deb http://archive.canonical.com/ubuntu wily partner

 

In theory you ought to be able to do it with Debian. Suggest Google searching to find out how.

 

Good luck.

 

John va3wm

 

From: IRLP@irlp.groups.io [mailto:IRLP@irlp.groups.io] On Behalf Of Klaus Rung via Groups.Io
Sent: Sunday, September 01, 2019 11:34 AM
To: IRLP@irlp.groups.io
Subject: Re: [IRLP] IRLP VPN Service Announcement

 

Does anyone have a method of installing openvpn on a "Debian GNU/Linux 7 (wheezy)" where the apt-get will not work any longer?

 

thanks

klaus

ve3kr node 2490

 

On Saturday, August 31, 2019, 10:47:09 p.m. EDT, n7bfs <doug.n7bfs@...> wrote:

 

 

Although I don't need VPN services at the moment for my node, thanks for the generous offer :^)

Doug
N7BFS


David Cameron - IRLP
 

You need to step into the distributions one at a time - You can't go from 7 to 10. You need to go from 7 to 8, 8 to 9, 9 to 10.

If you are on 6, I think you may be out of luck.

You would be better off running the backup_for_reinstall script, and then performing a CLEAN install on Debian Buster.

Today I plan to move the Debian 10 ISO from beta to the main mirrors, and move all Debian 7 and 8 ISOs into the archive.

Dave Cameron

On 2019-09-01 9:54 a.m., Klaus Rung via Groups.Io wrote:
Thanks for these suggestions.
On Sunday, September 1, 2019, 12:47:39 p.m. EDT, Rick WA6NHC <wa6nhc@...> wrote:
I'd suspect that apt-get still works but has no updates for you anymore (reaching end of life for support).
If you want to update to Debian 10 (Buster) you can use the beta install disk Dave has provided.  It plays beautifully here.
Because my node is used for other tasks (web page server and more), this is how I upgraded it (remotely too, via SSH) without wiping the drive:
Backup the current IRLP node:
# backup_for_reinstall   [save that result on another drive]
Update the current OS:
# apt-get update
# apt-get upgrade
# apt-get dist-upgrade
Edit /etc/apt/sources.list:
FROM STRETCH (in my case):
debhttp://httpredir.debian.org/debian _stretch_ main
debhttp://httpredir.debian.org/debian _stretch_-updates main
debhttp://security.debian.org _stretch_/updates main
TO BUSTER:
debhttp://httpredir.debian.org/debian _buster_ main
debhttp://httpredir.debian.org/debian _buster_-updates main
debhttp://security.debian.org _buster_/updates main
Then:
# apt-get upgrade
# apt-get dist-upgrade
# reboot
It took some time (slow internet here), no errors noted and the original conf files kept as is when asked.
Now, edit 'environment' to UNcomment both USE_APLAY and USE_AOSS, restart IRLP. This change will allow the audio to work normally.
This has the advantage that whatever 'extra' software you're running is also updated/upgraded at the same time.
If you use sendmail (the node sends me daily status reports), you may have to make some tweaks to get it running again (I needed to make and install a new security cert).
GL es 73,
Rick NHC
7962
On 9/1/2019 9:29 AM, John Lorenc wrote:
Hi Klaus
I believe you should be able to edit your /etc/apt/sources.list file to include pointing to deprecated items. I recently did this for Ubuntu 15.1.
cat sources.list
deb http://old-releases.ubuntu.com/ubuntu wily main restricted universe
deb http://old-releases.ubuntu.com/ubuntu wily-updates main restricted universe
deb http://old-releases.ubuntu.com/ubuntu wily-security main restricted universe multiverse
deb http://archive.canonical.com/ubuntu wily partner
In theory you ought to be able to do it with Debian. Suggest Google searching to find out how.
Good luck.
John va3wm
*From:*IRLP@irlp.groups.io <mailto:IRLP@irlp.groups.io> [mailto:IRLP@irlp.groups.io] *On Behalf Of *Klaus Rung via Groups.Io
*Sent:* Sunday, September 01, 2019 11:34 AM
*To:* IRLP@irlp.groups.io <mailto:IRLP@irlp.groups.io>
*Subject:* Re: [IRLP] IRLP VPN Service Announcement
Does anyone have a method of installing openvpn on a "Debian GNU/Linux 7 (wheezy)" where the apt-get will not work any longer?
thanks
klaus
ve3kr node 2490
On Saturday, August 31, 2019, 10:47:09 p.m. EDT, n7bfs <doug.n7bfs@...> <mailto:doug.n7bfs@...> wrote:
Although I don't need VPN services at the moment for my node, thanks for the generous offer :^)
Doug
N7BFS


Ted VE3TRQ
 

Received my openvpn configuration file the other day, added it to the openvpn config directory, changed my default to start on that server, and had immediate success in bringing up the new tunnel when I restarted openvpn. Took all of 30 seconds :-)

I had to do a few failed connection attempts for EchoLink before it worked (guess it needed to update to the new tunnel IP address). So, successfully switched from LiquidVPN (a good, if slightly expensive, service, by the way) to the one provided by the IRLP group. Since I bankroll our Club's VPN access, I'm grateful for this.

Thanks so much, we'll let it go and see how it works out in comparison.

Ted VE3TRQ
EchoIRLP Nodes 2403 and 2405, Elmira Radio Club VE3ERC


k9dc
 

Thank you for the feedback. We’ve issued about 50 OpenVPN keys for IRLP VPN so far. I have to admit we have heard from almost no one with even a question, which I find amazing! I’ve been watching the traffic and CPU use on the hub server and have only seen a modest tick on the CPU.

--
Dave K9DC, IRLP Installation Team

On Sep 2, 2019, at 09:31, Ted VE3TRQ <ve3trq@...> wrote:

Received my openvpn configuration file the other day, added it to the openvpn config directory, changed my default to start on that server, and had immediate success in bringing up the new tunnel when I restarted openvpn. Took all of 30 seconds :-)

I had to do a few failed connection attempts for EchoLink before it worked (guess it needed to update to the new tunnel IP address). So, successfully switched from LiquidVPN (a good, if slightly expensive, service, by the way) to the one provided by the IRLP group. Since I bankroll our Club's VPN access, I'm grateful for this.

Thanks so much, we'll let it go and see how it works out in comparison.

Ted VE3TRQ
EchoIRLP Nodes 2403 and 2405, Elmira Radio Club VE3ERC


Jim MacKenzie
 

-----Original Message-----
From: IRLP@irlp.groups.io [mailto:IRLP@irlp.groups.io] On Behalf Of David Cameron - IRLP
Sent: Sunday, September 1, 2019 11:15 AM
To: IRLP@irlp.groups.io
Subject: Re: [IRLP] IRLP VPN Service Announcement

You need to step into the distributions one at a time - You can't go from 7 to 10. You need to go from 7 to 8, 8 to 9, 9 to 10.

If you are on 6, I think you may be out of luck.
===
You can upgrade from 6 to 7 via the archive repositories, but not through the regular ones. The regular ones only contain currently-supported versions.

73
Jim VE5EV


k9dc
 

Couple of other things to beware of, if you ever configured your network with wicd-curses, be sure you have complete descriptions in /etc/network/interfaces. I did not, and one of mine did not come back. Of course it was the least convenient one to work on, the TKR-850 repeater in my RV. The node computer is inside the repeater chassis, underneath the duplexer shelf. First pull the repeater out of the RV. Then nineteen screws later I finally have access to the computer so I can connect a local console and get my network back <sigh>.

You will also need to set suid root to the alsactl binary, so it can be used by user repeater. DO this AFTER the upgrade.

chmod 4755 /usr/sbin/alsactl

One thing I noticed (and the main reason I went to the trouble) is that Debian 9 (stretch) and newer, is much more aggressive at hanging on to the IRLP VPN connection when it drops (frequent occurrence with cellular WAN), than earlier versions.

-k9dc

On Sep 3, 2019, at 10:57, Jim MacKenzie <jim@...> wrote:



-----Original Message-----
From: IRLP@irlp.groups.io [mailto:IRLP@irlp.groups.io] On Behalf Of David Cameron - IRLP
Sent: Sunday, September 1, 2019 11:15 AM
To: IRLP@irlp.groups.io
Subject: Re: [IRLP] IRLP VPN Service Announcement

You need to step into the distributions one at a time - You can't go from 7 to 10. You need to go from 7 to 8, 8 to 9, 9 to 10.

If you are on 6, I think you may be out of luck.
===
You can upgrade from 6 to 7 via the archive repositories, but not through the regular ones. The regular ones only contain currently-supported versions.

73
Jim VE5EV


vk2gx@...
 

Hello Dave,
My local amateur radio club is currently has an EchoLink node connected to our local 2m FM repeater, in Sydney, Australia. We are in the process of relocating the repeater to a site which does not have a fixed internet connection, therefore we need to use a 4G cell internet connection, which does not have a public IP address. We are considering changing the existing EchoLink node (running Windows based EchoLink in sysop mode) to IRLP. Would the IRLP VPN service be available  for us to use in Australia? Also would like your advise what is the best way to move forward, as far as reliability and maintaining usability for our local EchoLink users? Any suggestions and advise would be gratefully received.
Regards,
Paul VK2GX