On 2/11/22 06:49, David Andrzejewski wrote:
I don't know how people around here feel about Mikrotik, but they have included
Wireguard support in their latest operating system.
I know some Tik heads here that are happy about this.
I am running ROS 7.1.2 on my home router, but I don't use i
On Thu, Feb 10, 2022 at 8:51 PM David Andrzejewski
wrote:
>
> I don't know how people around here feel about Mikrotik, but they have
> included Wireguard support in their latest operating system.
They've also included fq_codel and sch_cake:
https://forum.mikrotik.com/viewtopic.php?t=179307
For
I don't know how people around here feel about Mikrotik, but they have included
Wireguard support in their latest operating system.
dave
-Original Message-
From: NANOG On Behalf Of
William Herrin
Sent: Thursday, February 10, 2022 13:56
Cc: nanog@nanog.org
Subject: Re: VPN recommendatio
On Thu, 10 Feb 2022 10:55:40 -0800, William Herrin said:
> My understanding is that Wireguard is software available for general
> purpose operating systems. I specifically need a set of hardware
> network appliances.
Take a general purpose OS, strip down the userspace a bit,
stick the whole thin
On 2/10/22 20:02, William Herrin wrote:
Hi folks,
Do you have any recommendations for VPN appliances? Specifically: I
need to build a site to site VPNs at speeds between 100mpbs and 1 gbit
where all but one of the sites are behind an IPv4 NAT gateway with
dynamic public IP addresses.
No
Howdy,
I just want to say thank you to everyone who responded. It was very
helpful and I now have a bunch of leads to chase. I'll let you know
what I end up doing. Given the lead times on some of the equipment it
may be a while...
Warm regards,
Bill Herrin
On Thu, Feb 10, 2022 at 10:02 AM Willi
I work in a large oil company and we have S2S VPNs every where. Any modern
Cisco or Juniper router will meet your requirements. An off the shelf security
appliance will do the job to i.e ASA, Palo Alto, Fortinet or Juniper. Meraki is
great if you want to manage from the cloud or vpn as a service
There are plenty of places with crappy dsl left in the US, 7mbit
down/1mbit up being fairly common in many small towns.
In my view, however, focusing on dragging fiber to farmland is kind of
silly and better wireless tech (WISP) to be preferred,
and in both the wireless and dsl cases, a real sourc
tailscale is 3-clause BSD.
there is a reverse engineered version of the rendezvous protocol also.
On Thu, Feb 10, 2022 at 3:41 PM John Gilmore wrote:
>
> Mike Lyon wrote:
> > How about running ZeroTier on those Linux boxes and call it a day?
> > https://www.zerotier.com/
>
> ZeroTier is not a
Mike Lyon wrote:
> How about running ZeroTier on those Linux boxes and call it a day?
> https://www.zerotier.com/
ZeroTier is not a free-as-in-freedom project. Running it in Linux boxes
or network appliances to provide a VPN to paying customers may be
prohibited (at least for some customers, and
I think my experience is unique, but wanted to put it out there anyway. I’ve
actually had quite a few problems with Meraki equipment during the one instance
I worked with them. After a few hours to days, the switches would stop
functioning. You could still access them through the webgui and issu
Meraki may be considered expensive, requires perpetual license to operate
and is difficult to get currently (very long lead times) but is
dead.stupid.simple to install and maintain. I have yet to find a business
or home network that it does not work on out of the box, but if you find
one it would
We use SonicWall TZ series for just this purpose. The IPSec VPN endpoints can
be behind NAT, and we just use DYNDNS to map whatever is current to a FQDN.
Each side thus has the public IP of the other side and can connect as long as
you pass through GRE.
-mel via cell
On Feb 10, 2022, at 1:05 P
Matt Harris|Infrastructure Lead
816-256-5446|Direct
Looking for help?
Helpdesk|Email Support
We build customized end-to-end technology solutions powered by NetFire Cloud.
On Thu, Feb 10, 2022 at 12:03 PM William Herrin wrote:
> Hi folks,
>
> Do you have any recommendations for VPN appliances? Sp
I have a home in rural Washington state, and my access was definetly
substandard. I had to bond together multiple internet services to have a
somewhat modern internet experience. I now have a Starlink's service, which has
given me more robust speeds. That said, their service still has a ways to
>There are plenty of urban and suburban areas in America that are far worse
off from a broadband perspective than “rural America”.
Can you provide examples?
On Thu, Feb 10, 2022 at 3:51 PM Owen DeLong via NANOG
wrote:
>
>
> > On Jun 2, 2021, at 02:10 , Mark Tinka wrote:
> >
> >
> >
> > On 6/2/
> On Jun 2, 2021, at 02:10 , Mark Tinka wrote:
>
>
>
> On 6/2/21 11:04, Owen DeLong wrote:
>
>> I disagree… If it could be forced into a standardized format using a
>> standardized approach to data acquisition and reliable comparable results
>> across providers, it could be a very useful
- On Feb 10, 2022, at 10:17 AM, nanog nanog@nanog.org wrote:
Hi,
> Meraki MX series?
I read on some mailing list that Meraki likes to ping 8.8.8.8 every
second... :)
Thanks,
Sabri
>
> (your license runs out, the box is a paper-weight)
Should be a hard no for anyone purchasing network equipment anyways, but
people have reasons I guess.
On Thu, Feb 10, 2022 at 1:19 PM Shawn L via NANOG wrote:
> Meraki MX series?
>
>
>
> I don't like the way they do their licensing (your l
On Thu, 10 Feb 2022 10:55:40 -0800, William Herrin wrote:
> My understanding is that Wireguard is software available for general
> purpose operating systems. I specifically need a set of hardware
> network appliances.
MikroTik (hardware) RouterOS (software) version 7 has WireGuard:
https://help.m
On 2022-02-10 11:42, John Todd wrote:
"The Prudent Mariner never relies solely on any single aid to
navigation"
It's best to ping multiple targets, and take action only if all targets
do not return replies.
For route tracking a la $VENDOR_C's IP SLA, if possible, we'll ping
next-hop IP, on
I don't know of a specific document speaking to this, but this doc i
think describes it right.
https://securitynetworkinglinux.wordpress.com/2019/04/19/how-create-a-site-to-site-ipsec-vpn-from-an-opnsense-to-a-fortigate-behind-a-nat-router/
in section 2.3 is where you change My Identifer to be
I’ll second PFsense, done quite a bit of this in hub and spoke topologies,
spokes being behind NAT (permitted the upstream fw allows udp 500,4500), on a
dynamic. The hub or hubs are ideally on a static. Set the hub site up as
responder only, the remotes initiate the tunnel. Peers are validated
On Thu, Feb 10, 2022 at 10:55 AM William Herrin wrote:
> My understanding is that Wireguard is software available for general
> purpose operating systems. I specifically need a set of hardware
> network appliances. I don't overly care which protocol they're running
> as long as an initiator stuck
On Thu, Feb 10, 2022 at 10:04 AM David Guo wrote:
> You may try WireGuard and use ddns
Hi David,
My understanding is that Wireguard is software available for general
purpose operating systems. I specifically need a set of hardware
network appliances. I don't overly care which protocol they're ru
On Thu, Feb 10, 2022 at 10:47 AM Juri Grabowski wrote:
> Or buy official supported hardware from https://shop.opnsense.com/
Howdy,
Opnsense looks like it might work. I dug through some of the
documentation but didn't find something entirely on point for my use
case. Are you aware of any document
On Thu, Feb 10, 2022 at 10:18 AM Shawn L wrote:
> Meraki MX series? Dynamic IPs and NATs don't really cause them a problem.
> Some CGNats do (AT&T I'm looking at you).
Thanks Shawn,
The documentation I found at
https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings
sugg
On Thu, Feb 10, 2022 at 10:06 AM Guillaume Tournat wrote:
> Fortinet firewalls (FortiGate) are a great deal
Thanks Guillaume,
I found this
https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPsec-VPN-between-static-and-dynamic-IP-FQDN/ta-p/191815
but it suggests that the dynamic IP forti
I think it would be fair to say that ICMP echo to easy-to-remember
internet resources is tolerated, but not encouraged, and is probably not
a good idea unless one knows and very well understands the implications
of failure (or success!) modes that don’t match the conditions that
are expected.
Hello NANOG,
My name is Joy Larkin and I'm actually a long-time years-long lurker on
the NANOG list (I have v odd hobbies) and I am also ZeroTier's Head of
Marketing. I know I'm not supposed to be too promotional on here, but
I'd love to see some of you pick up ZT.
Our founder, Adam Ierymenk
If you want something gui driven I’d do something like Meraki…you can do
the same with just regular old Cisco routers using DMVPN as well. It’s a
pretty common use case and well established.
On Thu, Feb 10, 2022 at 1:03 PM William Herrin wrote:
> Hi folks,
>
> Do you have any recommendations fo
Wireguard is the way to go. No platform lock-in, encrypted, extremely
lightweight and an easy to configure kernel module. Only drawback being
that there’s no implemented mesh topology, but that doesn’t sound like a
requirement for your use case. We actively push 8Gbit through our WG
tunnels with no
>
> Seems way easier than literally everything else being proposed to me, am I
> missing something?
>
I guess it depends on what the actual problem trying to be solved is.
If I understand it correctly, the OG issue was someone (who was not Google)
building some monitoring around the assumption of
tailscale
On Thu, Feb 10, 2022 at 10:24 AM Mark Wiater wrote:
>
> pfsense and opnsense both do fine with natted ipsec in the environmnets i've
> tested.
>
> Isn't there an openvpn appliance too?
>
> On 2/10/2022 1:17 PM, Shawn L via NANOG wrote:
>
> Meraki MX series?
>
>
>
> I don't like the way
pfsense and opnsense both do fine with natted ipsec in the environmnets
i've tested.
Isn't there an openvpn appliance too?
On 2/10/2022 1:17 PM, Shawn L via NANOG wrote:
Meraki MX series?
I don't like the way they do their licensing (your license runs out,
the box is a paper-weight) but the
Meraki MX series?
I don't like the way they do their licensing (your license runs out, the box is
a paper-weight) but they do really well at establishing site-to-site VPNs in
some pretty challenging scenarios. Dynamic IPs and NATs don't really cause
them a problem. Some CGNats do (AT&T I'm
How about running ZeroTier on those Linux boxes and call it a day?
https://www.zerotier.com/
-Mike
> On Feb 10, 2022, at 10:07, David Guo via NANOG wrote:
>
>
> You may try WireGuard and use ddns
>
> From: NANOG On Behalf Of William
> Herrin
> Sent: Friday, February 11, 2022 2:02 AM
> T
Pfsense on Netgate appliances?
I’ve used several of them, while not for this exact purpose they have done the
roles but maybe not the amount of VPN traffic.
--
Keith Stokes
SalonBiz, Inc
On Feb 10, 2022, at 12:02 PM, William Herrin
mailto:b...@herrin.us>> wrote:
Hi folks,
Do you have any
You may try WireGuard and use ddns
From: NANOG On Behalf Of William Herrin
Sent: Friday, February 11, 2022 2:02 AM
To: nanog@nanog.org
Subject: VPN recommendations?
Hi folks,
Do you have any recommendations for VPN appliances? Specifically: I need to
build a site to site VPNs at speeds between
Hi folks,
Do you have any recommendations for VPN appliances? Specifically: I need to
build a site to site VPNs at speeds between 100mpbs and 1 gbit where all
but one of the sites are behind an IPv4 NAT gateway with dynamic public IP
addresses.
Normally I'd throw OpenVPN on a couple of Linux boxe
Seems way easier than literally everything else being proposed to me, am I
missing something?
-LB
Ms. Lady Benjamin PD Cannon of Glencoe, ASCE
6x7 Networks & 6x7 Telecom, LLC
CEO
b...@6by7.net
"The only fully end-to-end encrypted global telecommunications company in the
world.”
ANNOUNCING: 6x7
>
> I'm not going to opinion on the quantity of benefits, but this thought
> could lend a razor from Occam.
>
I always enjoy a good shave from ol' Occam,no worries.
On Thu, Feb 10, 2022 at 2:54 AM Saku Ytti wrote:
> On Wed, 9 Feb 2022 at 22:19, Tom Beecher wrote:
>
> >> Side note, am I missing
Hi all.
Grateful if anyone from Lumen with some clue can reach out.
They appear to be dropping traffic to our name servers
(ns3.seacomnet.com + ns4.seacomnet.com) at our interconnect transit edge
with them in MRS. Naturally, this is causing whoever is on their network
to fail DNS queries to z
No doubt there would be a very long tail, but...
1) Create alternative.
2) Get Google, Cloudflare, PCH, etc. to say that per whatever new standard,
this is the new way to do this, leave my stuff alone.
3) Lots of peer pressure.
4) ???
5) Profit
-
Mike Hammett
Intelligent Computing Solution
Except that the very reason This Thread started was because 8. 8. 8. 8 was not
responding to pings and cause issues with many facturar hard-coded destinations.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message
I think that this message hasn't been shared here.
Regards
as
-- Forwarded message -
From: Israel Rosas
Date: Mon, 7 Feb 2022 at 16:12
Subject: [lacnog] 2022 MANRS Ambassadors
To: LACNOG
Dear all,
Happy Monday! I’m reaching out to you to announce that today we are opening
th
46 matches
Mail list logo
