[HamWAN PSDR] Newbie

John D. Hays john at hays.org
Tue Mar 16 11:22:06 PDT 2021 

The HamWAN client is a MikroTik device which has a robust IP tables
implementation which could be used for filtering.

On Tue, Mar 16, 2021 at 10:22 AM Aaron Taggert <aaron.taggert at gmail.com>
wrote:

> I do not know what router you have but you could install squid (on the
> router or on a raspberry pi) on the ham wan connection and 'splice' the TLS
> Cipher to NULL: https://wiki.squid-cache.org/Features/SslPeekAndSplice
>
> Also from HamWan.org:
>
> https://hamwan.org/Administrative/Internet%20and%20Part%2097.html
>
>
> https://hamwan.org/Standards/Network%20Engineering/Authentication/SSL%20without%20Encryption.html
>
> https://hamwan.org/Standards/Network%20Engineering/Authentication.html
>
> On Tue, Mar 16, 2021, 8:42 AM Steve - WA7PTM <psdr-list at aberle.net> wrote:
>
>> Thanks Aaron.  I fully understand what SSL/TLS is, but am trying to zero
>> in on how to avoid it on my HamWAN connection.  Unfortunately, the
>> sneaky protocol translations on the back end will only continue, and we
>> just need to be know which software to stop using when things are not
>> obvious on the front end.
>>
>> Steve
>>
>>
>> Aaron Taggert wrote on 3/16/21 8:26 AM:
>> > On the authentication/integrity side... FCC says no encryption so we can
>> > all hear what you're on about. Ham would not be much fun if all you
>> heard
>> > was encrypted pseudo noise. SSL/TLS authentication is a bit like me
>> sending
>> > you a list of 100 words and asking you to tell me word 45. Everything
>> is in
>> > the clear, but I can authenticate that whomever is at the other end at
>> > least has the right list. Another SSL/TLS feature is integrity, meaning
>> the
>> > whole message is received. They would be like saying I sent 3421
>> characters
>> > CW 786 of them were vowels. Again everybody can hear what we're saying
>> but
>> > it would be difficult to impersonate the sender (or receiver) or change
>> the
>> > message.
>> >
>> > On Tue, Mar 16, 2021, 6:32 AM Steve - WA7PTM <psdr-list at aberle.net>
>> wrote:
>> >
>> >> If we separate Winlink (the system) from Winlink Express (the client
>> >> program), is a SSL connection also the case with the other six clients
>> >> listed on the https://winlink.org/ClientSoftware page when used in
>> >> telnet mode?
>> >>
>> >> Steve
>> >>
>> >>
>> >> Scott Currie wrote on 3/15/21 10:06 PM:
>> >>> Yeah, I discussed this with the WDT, and the issue with using HamWAN
>> or
>> >>> ARDEN. I had asked if we could force a non-SSL connection to the CMS.
>> >> They
>> >>> have been under pressure from AWS to switch to all SSL connections, so
>> >> they
>> >>> had to make the change. They did commit to leaving the client or
>> gateway
>> >>> connection to RMS Relay as non-SSL, so that is why we have suggested
>> >> having
>> >>> a regional instance of RMS Relay on HamWAN that the RMS Gateways and
>> >>> clients could point to. Backend of the RMS Relay would then connect to
>> >> the
>> >>> CMS over SSL on a hardened Internet connection (like at a county EOC
>> or
>> >> the
>> >>> State EOC), or even HF forwarding if the Internet is down.
>> >>>
>> >>> -Scott
>> >>>
>> >>> On Mon, Mar 15, 2021 at 9:41 PM Stephen Kangas <stephen at kangas.com>
>> >> wrote:
>> >>>
>> >>>> Scott, thanks for that update, interesting.  “Telnet” is a misnomer
>> in
>> >>>> this WinLink instance, as that port 22 protocol is historically and
>> >>>> normally unencrypted, and widely understood in the industry as such
>> >>>> (whereas SSH is encrypted).   It looks like the email client is
>> >> connecting
>> >>>> locally to an RMS Relay in that mode, which then connects to the CMS
>> on
>> >> the
>> >>>> internet.
>> >>>>
>> >>>>
>> >>>>
>> >>>> --Stephen W9SK
>> >>>>
>> >>>>
>> >>>>
>> >>>> *From:* PSDR <psdr-bounces at hamwan.org> *On Behalf Of *Scott Currie
>> >>>> *Sent:* Monday, March 15, 2021 5:56 PM
>> >>>> *To:* Puget Sound Data Ring <psdr at hamwan.org>
>> >>>> *Subject:* Re: [HamWAN PSDR] Newbie
>> >>>>
>> >>>>
>> >>>>
>> >>>> This is not entirely true. Winlink does use TLS/SSL connections for
>> some
>> >>>> things. The normal telnet connection is now SSL (will fallback to
>> >> non-SSL
>> >>>> if the connection fails). Also, RMS Gateway to the CMS is now SSL.
>> >> Telnet
>> >>>> P2P and telnet to RMS Relay is not SSL. I believe updates are also
>> SSL
>> >> now.
>> >>>>
>> >>>>
>> >>>>
>> >>>> Winlink Express Link Test:
>> >>>>
>> >>>> Test started 2021/03/16 00:52 UTC
>> >>>>
>> >>>> Testing CMS telnet connection to cms.winlink.org through port
>> 8772...
>> >>>>     Successfully connected to a CMS through port 8772 in 253
>> Milliseconds
>> >>>>
>> >>>> Testing CMS SSL telnet connection to cms.winlink.org through port
>> >> 8773...
>> >>>>     Successfully connected to a CMS through port 8773 in 311
>> Milliseconds
>> >>>>
>> >>>> Testing API service access through port 443 to api.winlink.org...
>> >>>>     Successfully performed API service to api.winlink.org through
>> port
>> >> 443
>> >>>> in 756 Milliseconds
>> >>>>
>> >>>> Testing Autoupdate server access through port 443 to
>> >>>> autoupdate2.winlink.org...
>> >>>>     Successfully checked autoupdate server through port 443 in 439
>> >>>> Milliseconds
>> >>>>
>> >>>> Testing connection to web site - www.winlink.org:443
>> >>>>     Successfully connected to www.winlink.org through port 443 in 47
>> >>>> Milliseconds
>> >>>>
>> >>>> Testing FTP connection to SFI site -
>> >>>> ftp://ftp.swpc.noaa.gov/pub/latest/SGAS.txt
>> >>>>     Successfully connected to
>> >> ftp://ftp.swpc.noaa.gov/pub/latest/SGAS.txt
>> >>>> through port 20/21 in 1522 Milliseconds
>> >>>>
>> >>>> Test completed successfully.
>> >>>>
>> >>>> -Scott, NS7C
>> >>>>
>> >>>>
>> >>>>
>> >>>> On Mon, Mar 15, 2021 at 5:45 PM Stephen Kangas <stephen at kangas.com>
>> >> wrote:
>> >>>>
>> >>>> Phil, an example of the ham band traffic that Kenny mentioned is not
>> >>>> permitted by the FCC is encrypted communications traffic…this means
>> the
>> >>>> majority of websites your visit today and many email hosters, since
>> >>>> websites commonly use TLS/SSL encryption (indicated by “https” in
>> front
>> >> of
>> >>>> the URL in your browser address bar) or encrypted settings in your
>> email
>> >>>> hoster & client.  Winlink does NOT use encryption, thus is legal,
>> and is
>> >>>> the primary application for my ARES team using HamWAN.  As Kenny
>> points
>> >>>> out, certain routers (not inexpensive home models) can be used to
>> split
>> >>>> that traffic appropriately, but it is not an easy setup unless you
>> have
>> >> a
>> >>>> background in data networks or cybersecurity…so it’s far easier to
>> >> either
>> >>>> use HamWAN just for your dedicated ARES laptop use or switch a cable
>> >> back
>> >>>> and forth using one pipe at a time.
>> >>>>
>> >>>>
>> >>>>
>> >>>> FWIW, Stephen W9SK
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> *From:* PSDR <psdr-bounces at hamwan.org> *On Behalf Of *Kenny Richards
>> >>>> *Sent:* Monday, March 15, 2021 12:49 PM
>> >>>> *To:* Puget Sound Data Ring <psdr at hamwan.org>
>> >>>> *Subject:* Re: [HamWAN PSDR] Newbie
>> >>>>
>> >>>>
>> >>>>
>> >>>> Just want to add two things to what Carl said already.
>> >>>>
>> >>>>
>> >>>>
>> >>>> 1) Line of sight means you can actually 'see' the HamWAN node, or at
>> >> least
>> >>>> you can with something like a pair of binoculars.
>> >>>>
>> >>>>
>> >>>>
>> >>>> 2) Remember that HamWAN is not meant to be a replacement for your
>> home
>> >>>> internet. Be very conscious of what traffic you are putting over
>> >> HamWAN. I
>> >>>> don't recommend connecting it to your home network unless you are
>> >> familiar
>> >>>> enough with routing rules to limit what traffic goes out the HamWAN
>> >> link.
>> >>>>
>> >>>>
>> >>>>
>> >>>> Good luck,
>> >>>>
>> >>>> Kenny, KU7M
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> On Mon, Mar 15, 2021 at 12:40 PM <carl at n7kuw.com> wrote:
>> >>>>
>> >>>> Hi Phil,
>> >>>>
>> >>>> You can do all of the configuration while on the ground, but
>> obviously
>> >> you
>> >>>> won’t have any signal. You don’t indicate what specific equipment you
>> >> have,
>> >>>> but if you have the mAnt30 dish and separate router/modem, make sure
>> you
>> >>>> have the antenna connected before powering it up.
>> >>>>
>> >>>>
>> >>>>
>> >>>> As to trees, they are an absolute show stopper. You must have clear,
>> >>>> visual, line of sight to the HamWAN site you are shooting to.
>> Hopefully
>> >> you
>> >>>> will have that, or can achieve that, from where you plan to mount the
>> >>>> dish.  As to “just over them”, a microwave shot consists of the
>> direct,
>> >>>> pure line of sight, but also what is referred to as the Fresnel zone
>> – a
>> >>>> cigar shaped “balloon” around the pure line of sight.  Items in the
>> >> Fresnel
>> >>>> zone (including trees) can reduce the amount of signal you have, so
>> you
>> >> may
>> >>>> not get optimum performance, but some.
>> >>>>
>> >>>>
>> >>>>
>> >>>> In your initial post you commented about how to balance between your
>> >>>> regular internet and HamWAN for a Winlink node.  My suggestion would
>> be
>> >> to
>> >>>> just leave it on one (whichever one) as the norm, and only switch to
>> the
>> >>>> other if the one goes down.  You can also acquire routers that
>> include
>> >>>> failover capability to automatically make that switch.  You can go
>> more
>> >>>> advanced with load sharing and such between multiple connections, but
>> >> that
>> >>>> requires much better understanding of internet routing, and for a
>> >> winlink
>> >>>> node basic failover will serve your purpose.
>> >>>>
>> >>>>
>> >>>>
>> >>>> Good luck, let us know how things turn out.
>> >>>>
>> >>>> Carl, N7KUW
>> >>>>
>> >>>>
>> >>>>
>> >>>> *From:* PSDR <psdr-bounces at hamwan.org> *On Behalf Of *Phil Cornell
>> via
>> >>>> PSDR
>> >>>> *Sent:* Monday, March 15, 2021 12:11 PM
>> >>>> *To:* psdr at hamwan.org
>> >>>> *Subject:* [HamWAN PSDR] Newbie
>> >>>>
>> >>>>
>> >>>>
>> >>>> OK, I figured out my problem and I now have Winbox talking to the
>> radio
>> >>>> and reporting status.  I's not linking to anything since the antenna
>> is
>> >>>> still on the ground.  How much configuration can I do before mounting
>> >> it on
>> >>>> my roof.  The only question in my sight path may be some trees but I
>> >> think
>> >>>> I can aim just over them and get a signal.  My friend Bruce/WA7BAM
>> will
>> >> be
>> >>>> helping with the antenna installation on Wed afternoon.  Making
>> >> progress...
>> >>>>
>> >>>>
>> >>>>
>> >>>> *Phil Cornell  *
>> >>>>
>> >>>> *W7PLC *
>> >>>>
>> >>>> *SHARES NCS590*
>> >>>>
>> >>>> *Hybrid Gateway W7PLC*
>> >>>>
>> >>>> *TCARES  VP*
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> _______________________________________________
>> >>>> PSDR mailing list
>> >>>> PSDR at hamwan.org
>> >>>> http://mail.hamwan.net/mailman/listinfo/psdr
>> >>>>
>> >>>> _______________________________________________
>> >>>> PSDR mailing list
>> >>>> PSDR at hamwan.org
>> >>>> http://mail.hamwan.net/mailman/listinfo/psdr
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> --
>> >>>>
>> >>>> *-Scott*
>> >>>> _______________________________________________
>> >>>> PSDR mailing list
>> >>>> PSDR at hamwan.org
>> >>>> http://mail.hamwan.net/mailman/listinfo/psdr
>> >>>>
>> >>>
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> PSDR mailing list
>> >>> PSDR at hamwan.org
>> >>> http://mail.hamwan.net/mailman/listinfo/psdr
>> >>>
>> >> _______________________________________________
>> >> PSDR mailing list
>> >> PSDR at hamwan.org
>> >> http://mail.hamwan.net/mailman/listinfo/psdr
>> >>
>> >
>> >
>> > _______________________________________________
>> > PSDR mailing list
>> > PSDR at hamwan.org
>> > http://mail.hamwan.net/mailman/listinfo/psdr
>> >
>> _______________________________________________
>> PSDR mailing list
>> PSDR at hamwan.org
>> http://mail.hamwan.net/mailman/listinfo/psdr
>>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.net/mailman/listinfo/psdr
>


-- 
John D. Hays
Kingston, WA
K7VE / WRJT-215
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20210316/867351e2/attachment.html>

More information about the PSDR mailing list