[HamWAN PSDR] Newbie

John D. Hays john at hays.org
Tue Mar 16 09:09:30 PDT 2021 

Put a firewall filter for in for ports and protocols using encryption.

On Tue, Mar 16, 2021, 08:42 Steve - WA7PTM <psdr-list at aberle.net> wrote:

> Thanks Aaron.  I fully understand what SSL/TLS is, but am trying to zero
> in on how to avoid it on my HamWAN connection.  Unfortunately, the
> sneaky protocol translations on the back end will only continue, and we
> just need to be know which software to stop using when things are not
> obvious on the front end.
>
> Steve
>
>
> Aaron Taggert wrote on 3/16/21 8:26 AM:
> > On the authentication/integrity side... FCC says no encryption so we can
> > all hear what you're on about. Ham would not be much fun if all you heard
> > was encrypted pseudo noise. SSL/TLS authentication is a bit like me
> sending
> > you a list of 100 words and asking you to tell me word 45. Everything is
> in
> > the clear, but I can authenticate that whomever is at the other end at
> > least has the right list. Another SSL/TLS feature is integrity, meaning
> the
> > whole message is received. They would be like saying I sent 3421
> characters
> > CW 786 of them were vowels. Again everybody can hear what we're saying
> but
> > it would be difficult to impersonate the sender (or receiver) or change
> the
> > message.
> >
> > On Tue, Mar 16, 2021, 6:32 AM Steve - WA7PTM <psdr-list at aberle.net>
> wrote:
> >
> >> If we separate Winlink (the system) from Winlink Express (the client
> >> program), is a SSL connection also the case with the other six clients
> >> listed on the https://winlink.org/ClientSoftware page when used in
> >> telnet mode?
> >>
> >> Steve
> >>
> >>
> >> Scott Currie wrote on 3/15/21 10:06 PM:
> >>> Yeah, I discussed this with the WDT, and the issue with using HamWAN or
> >>> ARDEN. I had asked if we could force a non-SSL connection to the CMS.
> >> They
> >>> have been under pressure from AWS to switch to all SSL connections, so
> >> they
> >>> had to make the change. They did commit to leaving the client or
> gateway
> >>> connection to RMS Relay as non-SSL, so that is why we have suggested
> >> having
> >>> a regional instance of RMS Relay on HamWAN that the RMS Gateways and
> >>> clients could point to. Backend of the RMS Relay would then connect to
> >> the
> >>> CMS over SSL on a hardened Internet connection (like at a county EOC or
> >> the
> >>> State EOC), or even HF forwarding if the Internet is down.
> >>>
> >>> -Scott
> >>>
> >>> On Mon, Mar 15, 2021 at 9:41 PM Stephen Kangas <stephen at kangas.com>
> >> wrote:
> >>>
> >>>> Scott, thanks for that update, interesting.  “Telnet” is a misnomer in
> >>>> this WinLink instance, as that port 22 protocol is historically and
> >>>> normally unencrypted, and widely understood in the industry as such
> >>>> (whereas SSH is encrypted).   It looks like the email client is
> >> connecting
> >>>> locally to an RMS Relay in that mode, which then connects to the CMS
> on
> >> the
> >>>> internet.
> >>>>
> >>>>
> >>>>
> >>>> --Stephen W9SK
> >>>>
> >>>>
> >>>>
> >>>> *From:* PSDR <psdr-bounces at hamwan.org> *On Behalf Of *Scott Currie
> >>>> *Sent:* Monday, March 15, 2021 5:56 PM
> >>>> *To:* Puget Sound Data Ring <psdr at hamwan.org>
> >>>> *Subject:* Re: [HamWAN PSDR] Newbie
> >>>>
> >>>>
> >>>>
> >>>> This is not entirely true. Winlink does use TLS/SSL connections for
> some
> >>>> things. The normal telnet connection is now SSL (will fallback to
> >> non-SSL
> >>>> if the connection fails). Also, RMS Gateway to the CMS is now SSL.
> >> Telnet
> >>>> P2P and telnet to RMS Relay is not SSL. I believe updates are also SSL
> >> now.
> >>>>
> >>>>
> >>>>
> >>>> Winlink Express Link Test:
> >>>>
> >>>> Test started 2021/03/16 00:52 UTC
> >>>>
> >>>> Testing CMS telnet connection to cms.winlink.org through port 8772...
> >>>>     Successfully connected to a CMS through port 8772 in 253
> Milliseconds
> >>>>
> >>>> Testing CMS SSL telnet connection to cms.winlink.org through port
> >> 8773...
> >>>>     Successfully connected to a CMS through port 8773 in 311
> Milliseconds
> >>>>
> >>>> Testing API service access through port 443 to api.winlink.org...
> >>>>     Successfully performed API service to api.winlink.org through
> port
> >> 443
> >>>> in 756 Milliseconds
> >>>>
> >>>> Testing Autoupdate server access through port 443 to
> >>>> autoupdate2.winlink.org...
> >>>>     Successfully checked autoupdate server through port 443 in 439
> >>>> Milliseconds
> >>>>
> >>>> Testing connection to web site - www.winlink.org:443
> >>>>     Successfully connected to www.winlink.org through port 443 in 47
> >>>> Milliseconds
> >>>>
> >>>> Testing FTP connection to SFI site -
> >>>> ftp://ftp.swpc.noaa.gov/pub/latest/SGAS.txt
> >>>>     Successfully connected to
> >> ftp://ftp.swpc.noaa.gov/pub/latest/SGAS.txt
> >>>> through port 20/21 in 1522 Milliseconds
> >>>>
> >>>> Test completed successfully.
> >>>>
> >>>> -Scott, NS7C
> >>>>
> >>>>
> >>>>
> >>>> On Mon, Mar 15, 2021 at 5:45 PM Stephen Kangas <stephen at kangas.com>
> >> wrote:
> >>>>
> >>>> Phil, an example of the ham band traffic that Kenny mentioned is not
> >>>> permitted by the FCC is encrypted communications traffic…this means
> the
> >>>> majority of websites your visit today and many email hosters, since
> >>>> websites commonly use TLS/SSL encryption (indicated by “https” in
> front
> >> of
> >>>> the URL in your browser address bar) or encrypted settings in your
> email
> >>>> hoster & client.  Winlink does NOT use encryption, thus is legal, and
> is
> >>>> the primary application for my ARES team using HamWAN.  As Kenny
> points
> >>>> out, certain routers (not inexpensive home models) can be used to
> split
> >>>> that traffic appropriately, but it is not an easy setup unless you
> have
> >> a
> >>>> background in data networks or cybersecurity…so it’s far easier to
> >> either
> >>>> use HamWAN just for your dedicated ARES laptop use or switch a cable
> >> back
> >>>> and forth using one pipe at a time.
> >>>>
> >>>>
> >>>>
> >>>> FWIW, Stephen W9SK
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> *From:* PSDR <psdr-bounces at hamwan.org> *On Behalf Of *Kenny Richards
> >>>> *Sent:* Monday, March 15, 2021 12:49 PM
> >>>> *To:* Puget Sound Data Ring <psdr at hamwan.org>
> >>>> *Subject:* Re: [HamWAN PSDR] Newbie
> >>>>
> >>>>
> >>>>
> >>>> Just want to add two things to what Carl said already.
> >>>>
> >>>>
> >>>>
> >>>> 1) Line of sight means you can actually 'see' the HamWAN node, or at
> >> least
> >>>> you can with something like a pair of binoculars.
> >>>>
> >>>>
> >>>>
> >>>> 2) Remember that HamWAN is not meant to be a replacement for your home
> >>>> internet. Be very conscious of what traffic you are putting over
> >> HamWAN. I
> >>>> don't recommend connecting it to your home network unless you are
> >> familiar
> >>>> enough with routing rules to limit what traffic goes out the HamWAN
> >> link.
> >>>>
> >>>>
> >>>>
> >>>> Good luck,
> >>>>
> >>>> Kenny, KU7M
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> On Mon, Mar 15, 2021 at 12:40 PM <carl at n7kuw.com> wrote:
> >>>>
> >>>> Hi Phil,
> >>>>
> >>>> You can do all of the configuration while on the ground, but obviously
> >> you
> >>>> won’t have any signal. You don’t indicate what specific equipment you
> >> have,
> >>>> but if you have the mAnt30 dish and separate router/modem, make sure
> you
> >>>> have the antenna connected before powering it up.
> >>>>
> >>>>
> >>>>
> >>>> As to trees, they are an absolute show stopper. You must have clear,
> >>>> visual, line of sight to the HamWAN site you are shooting to.
> Hopefully
> >> you
> >>>> will have that, or can achieve that, from where you plan to mount the
> >>>> dish.  As to “just over them”, a microwave shot consists of the
> direct,
> >>>> pure line of sight, but also what is referred to as the Fresnel zone
> – a
> >>>> cigar shaped “balloon” around the pure line of sight.  Items in the
> >> Fresnel
> >>>> zone (including trees) can reduce the amount of signal you have, so
> you
> >> may
> >>>> not get optimum performance, but some.
> >>>>
> >>>>
> >>>>
> >>>> In your initial post you commented about how to balance between your
> >>>> regular internet and HamWAN for a Winlink node.  My suggestion would
> be
> >> to
> >>>> just leave it on one (whichever one) as the norm, and only switch to
> the
> >>>> other if the one goes down.  You can also acquire routers that include
> >>>> failover capability to automatically make that switch.  You can go
> more
> >>>> advanced with load sharing and such between multiple connections, but
> >> that
> >>>> requires much better understanding of internet routing, and for a
> >> winlink
> >>>> node basic failover will serve your purpose.
> >>>>
> >>>>
> >>>>
> >>>> Good luck, let us know how things turn out.
> >>>>
> >>>> Carl, N7KUW
> >>>>
> >>>>
> >>>>
> >>>> *From:* PSDR <psdr-bounces at hamwan.org> *On Behalf Of *Phil Cornell
> via
> >>>> PSDR
> >>>> *Sent:* Monday, March 15, 2021 12:11 PM
> >>>> *To:* psdr at hamwan.org
> >>>> *Subject:* [HamWAN PSDR] Newbie
> >>>>
> >>>>
> >>>>
> >>>> OK, I figured out my problem and I now have Winbox talking to the
> radio
> >>>> and reporting status.  I's not linking to anything since the antenna
> is
> >>>> still on the ground.  How much configuration can I do before mounting
> >> it on
> >>>> my roof.  The only question in my sight path may be some trees but I
> >> think
> >>>> I can aim just over them and get a signal.  My friend Bruce/WA7BAM
> will
> >> be
> >>>> helping with the antenna installation on Wed afternoon.  Making
> >> progress...
> >>>>
> >>>>
> >>>>
> >>>> *Phil Cornell  *
> >>>>
> >>>> *W7PLC *
> >>>>
> >>>> *SHARES NCS590*
> >>>>
> >>>> *Hybrid Gateway W7PLC*
> >>>>
> >>>> *TCARES  VP*
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> PSDR mailing list
> >>>> PSDR at hamwan.org
> >>>> http://mail.hamwan.net/mailman/listinfo/psdr
> >>>>
> >>>> _______________________________________________
> >>>> PSDR mailing list
> >>>> PSDR at hamwan.org
> >>>> http://mail.hamwan.net/mailman/listinfo/psdr
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>>
> >>>> *-Scott*
> >>>> _______________________________________________
> >>>> PSDR mailing list
> >>>> PSDR at hamwan.org
> >>>> http://mail.hamwan.net/mailman/listinfo/psdr
> >>>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> PSDR mailing list
> >>> PSDR at hamwan.org
> >>> http://mail.hamwan.net/mailman/listinfo/psdr
> >>>
> >> _______________________________________________
> >> PSDR mailing list
> >> PSDR at hamwan.org
> >> http://mail.hamwan.net/mailman/listinfo/psdr
> >>
> >
> >
> > _______________________________________________
> > PSDR mailing list
> > PSDR at hamwan.org
> > http://mail.hamwan.net/mailman/listinfo/psdr
> >
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.net/mailman/listinfo/psdr
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20210316/1987f02b/attachment.html>

More information about the PSDR mailing list