Re: [AFMUG] OOBE mikrotik

2018-02-01 Thread Mathew Howard 
As long as you can show into something on site, it will do the job... well,
it would for me, anyway.

On Feb 1, 2018 1:17 AM, "TJ Trout"  wrote:

> they do but it's not direct TCP like I would like (aka dedicated static)
> but neat none the less, they have a very cheap monthly rate but they per MB
> rate is very high compared to twilio and others
>
> On Wed, Jan 31, 2018 at 7:51 PM, Mathew Howard 
> wrote:
>
>> But if Hologram has a way to access the device like Lewis says, there's
>> no reason to maintain a persistent VPN connection.
>>
>> On Jan 31, 2018 8:45 PM, "Eric Kuhnke"  wrote:
>>
>> Slightly more expensive, but t-mobile has plans that are $20-25/mo and
>> "unlimited" rate limited 128kbps x 128 kbps after that. For a critical site
>> $20/mo can be worth it.
>>
>> $2/mo is not a realistic figure if you're maintaining a persistent VPN
>> connection, the $ per MB rate for those sort of plans is actually worse.
>> Just the periodic handshakes and keepalives will eat through 20-25MB in a
>> month.
>>
>>
>>
>>
>>
>> On Wed, Jan 31, 2018 at 6:19 PM, Sean Heskett  wrote:
>>
>>> Interesting...I didn’t know there were plans for $2/mo.  That definitely
>>> makes it worthwhile to have a backdoor LTE connection to towers.
>>>
>>> I’ll have to check into that
>>>
>>> On Wed, Jan 31, 2018 at 1:30 PM TJ Trout  wrote:
>>>
 Never, but it's not a bad idea to have out of band management? I can
 get the LTE service for $2 a month + data used (ssh data = zero)

 TJ
 On Wed, Jan 31, 2018 at 12:09 PM, Sean Heskett  wrote:

> Um how often are you loosing contact with your sites to necessitate
> this LTE backdoor?
>
> Seems like a lot of overkill to make routing changes???
>
> Am I missing something?
>
> -sean
>
>
>
> On Wed, Jan 31, 2018 at 11:48 AM TJ Trout  wrote:
>
 Does anyone want to trade a PPTP connection (prefer you are multihomed)
>> for the purpose of getting through LTE NAT? AKA I assign you a PPTP 
>> account
>> with a static IPV4 and you do the same, so that if either of our networks
>> go down we can use the others to tunnel back thru LTE to preform OOBM
>> functions? We can shape @ 1mbps?
>>
>> This is a simple was around paying high fees for a static IP from the
>> wireless carriers that even offer it...
>>
>> I don't really want to subscribe to some russian vpn service if I
>> don't have to, or pay some cloud based OOBM company which will both cost
>> way big$$$
>>
>> TJ
>>
>> On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett 
>> wrote:
>>
>>> You can use PPTP through NAT on LTE.  You can assign a static
>>> private IP to both ends of that tunnel.
>>> If PPTP won't pass something you need, you can run an EoIP tunnel
>>> using the PPTP IP's as the endpoints of the EoIP tunnel.  You end up 
>>> with a
>>> tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can 
>>> pass
>>> 1500 bytes within the EoIP tunnel and it'll just be fragmented.
>>>
>>>
>>> -- Original Message --
>>> From: "TJ Trout" 
>>> To: af@afmug.com
>>> Sent: 1/31/2018 12:51:40 PM
>>> Subject: [AFMUG] OOBE mikrotik
>>>
>>> I was wanting to add out of band management via LTE to some of our
>>> core routers, but I think most/all cellular networks are NAT now so you
>>> cannot access your LTE devices inbound unless you have it tunnel out to 
>>> a
>>> public ip over VPN somewhere right?
>>>
>>> How is everyone handling OOBE?
>>>
>>> I'm half tempted to do it via VHF low throughput radios!
>>>
>>> TJ
>>>
>>>
>>
>>
>>
>

Re: [AFMUG] OOBE mikrotik

2018-02-01 Thread Cameron Crum 
What if you set the OVPN to only come up if the primary interface fails?
Then you won't have all the handshakes eating through your data.



On Thu, Feb 1, 2018 at 7:53 AM, Lewis Bergman 
wrote:

> It won't fit every situation but if you only need occasional access and
> can work within the framework there isn't a less expensive way to do it. We
> use it in a few different scenarios and have a few more planned. We have a
> demo setup of VoIP phones we use one on, It gets used a few times a month
> and works great. I am working on a few monitoring ideas that are going to
> use it.
>
> On Thu, Feb 1, 2018 at 6:45 AM Mike Hammett  wrote:
>
>> IPv6?
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>> 
>>
>>
>> 
>> --
>> *From: *"TJ Trout" 
>> *To: *af@afmug.com
>> *Sent: *Wednesday, January 31, 2018 11:51:40 AM
>>
>> *Subject: *[AFMUG] OOBE mikrotik
>>
>> I was wanting to add out of band management via LTE to some of our core
>> routers, but I think most/all cellular networks are NAT now so you cannot
>> access your LTE devices inbound unless you have it tunnel out to a public
>> ip over VPN somewhere right?
>>
>> How is everyone handling OOBE?
>>
>> I'm half tempted to do it via VHF low throughput radios!
>>
>> TJ
>>
>

Re: [AFMUG] OOBE mikrotik

2018-02-01 Thread Lewis Bergman 
It won't fit every situation but if you only need occasional access and can
work within the framework there isn't a less expensive way to do it. We use
it in a few different scenarios and have a few more planned. We have a demo
setup of VoIP phones we use one on, It gets used a few times a month and
works great. I am working on a few monitoring ideas that are going to use
it.

On Thu, Feb 1, 2018 at 6:45 AM Mike Hammett  wrote:

> IPv6?
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"TJ Trout" 
> *To: *af@afmug.com
> *Sent: *Wednesday, January 31, 2018 11:51:40 AM
>
> *Subject: *[AFMUG] OOBE mikrotik
>
> I was wanting to add out of band management via LTE to some of our core
> routers, but I think most/all cellular networks are NAT now so you cannot
> access your LTE devices inbound unless you have it tunnel out to a public
> ip over VPN somewhere right?
>
> How is everyone handling OOBE?
>
> I'm half tempted to do it via VHF low throughput radios!
>
> TJ
>

Re: [AFMUG] OOBE mikrotik

2018-02-01 Thread Mike Hammett 
IPv6? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "TJ Trout"  
To: af@afmug.com 
Sent: Wednesday, January 31, 2018 11:51:40 AM 
Subject: [AFMUG] OOBE mikrotik 


I was wanting to add out of band management via LTE to some of our core 
routers, but I think most/all cellular networks are NAT now so you cannot 
access your LTE devices inbound unless you have it tunnel out to a public ip 
over VPN somewhere right? 


How is everyone handling OOBE? 


I'm half tempted to do it via VHF low throughput radios! 


TJ

Re: [AFMUG] OOBE mikrotik

2018-01-31 Thread TJ Trout 
they do but it's not direct TCP like I would like (aka dedicated static)
but neat none the less, they have a very cheap monthly rate but they per MB
rate is very high compared to twilio and others

On Wed, Jan 31, 2018 at 7:51 PM, Mathew Howard  wrote:

> But if Hologram has a way to access the device like Lewis says, there's no
> reason to maintain a persistent VPN connection.
>
> On Jan 31, 2018 8:45 PM, "Eric Kuhnke"  wrote:
>
> Slightly more expensive, but t-mobile has plans that are $20-25/mo and
> "unlimited" rate limited 128kbps x 128 kbps after that. For a critical site
> $20/mo can be worth it.
>
> $2/mo is not a realistic figure if you're maintaining a persistent VPN
> connection, the $ per MB rate for those sort of plans is actually worse.
> Just the periodic handshakes and keepalives will eat through 20-25MB in a
> month.
>
>
>
>
>
> On Wed, Jan 31, 2018 at 6:19 PM, Sean Heskett  wrote:
>
>> Interesting...I didn’t know there were plans for $2/mo.  That definitely
>> makes it worthwhile to have a backdoor LTE connection to towers.
>>
>> I’ll have to check into that
>>
>> On Wed, Jan 31, 2018 at 1:30 PM TJ Trout  wrote:
>>
>>> Never, but it's not a bad idea to have out of band management? I can get
>>> the LTE service for $2 a month + data used (ssh data = zero)
>>>
>>> TJ
>>> On Wed, Jan 31, 2018 at 12:09 PM, Sean Heskett  wrote:
>>>
 Um how often are you loosing contact with your sites to necessitate
 this LTE backdoor?

 Seems like a lot of overkill to make routing changes???

 Am I missing something?

 -sean



 On Wed, Jan 31, 2018 at 11:48 AM TJ Trout  wrote:

>>> Does anyone want to trade a PPTP connection (prefer you are multihomed)
> for the purpose of getting through LTE NAT? AKA I assign you a PPTP 
> account
> with a static IPV4 and you do the same, so that if either of our networks
> go down we can use the others to tunnel back thru LTE to preform OOBM
> functions? We can shape @ 1mbps?
>
> This is a simple was around paying high fees for a static IP from the
> wireless carriers that even offer it...
>
> I don't really want to subscribe to some russian vpn service if I
> don't have to, or pay some cloud based OOBM company which will both cost
> way big$$$
>
> TJ
>
> On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett 
> wrote:
>
>> You can use PPTP through NAT on LTE.  You can assign a static private
>> IP to both ends of that tunnel.
>> If PPTP won't pass something you need, you can run an EoIP tunnel
>> using the PPTP IP's as the endpoints of the EoIP tunnel.  You end up 
>> with a
>> tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can 
>> pass
>> 1500 bytes within the EoIP tunnel and it'll just be fragmented.
>>
>>
>> -- Original Message --
>> From: "TJ Trout" 
>> To: af@afmug.com
>> Sent: 1/31/2018 12:51:40 PM
>> Subject: [AFMUG] OOBE mikrotik
>>
>> I was wanting to add out of band management via LTE to some of our
>> core routers, but I think most/all cellular networks are NAT now so you
>> cannot access your LTE devices inbound unless you have it tunnel out to a
>> public ip over VPN somewhere right?
>>
>> How is everyone handling OOBE?
>>
>> I'm half tempted to do it via VHF low throughput radios!
>>
>> TJ
>>
>>
>
>
>

Re: [AFMUG] OOBE mikrotik

2018-01-31 Thread Mathew Howard 
But if Hologram has a way to access the device like Lewis says, there's no
reason to maintain a persistent VPN connection.

On Jan 31, 2018 8:45 PM, "Eric Kuhnke"  wrote:

Slightly more expensive, but t-mobile has plans that are $20-25/mo and
"unlimited" rate limited 128kbps x 128 kbps after that. For a critical site
$20/mo can be worth it.

$2/mo is not a realistic figure if you're maintaining a persistent VPN
connection, the $ per MB rate for those sort of plans is actually worse.
Just the periodic handshakes and keepalives will eat through 20-25MB in a
month.





On Wed, Jan 31, 2018 at 6:19 PM, Sean Heskett  wrote:

> Interesting...I didn’t know there were plans for $2/mo.  That definitely
> makes it worthwhile to have a backdoor LTE connection to towers.
>
> I’ll have to check into that
>
> On Wed, Jan 31, 2018 at 1:30 PM TJ Trout  wrote:
>
>> Never, but it's not a bad idea to have out of band management? I can get
>> the LTE service for $2 a month + data used (ssh data = zero)
>>
>> TJ
>> On Wed, Jan 31, 2018 at 12:09 PM, Sean Heskett  wrote:
>>
>>> Um how often are you loosing contact with your sites to necessitate this
>>> LTE backdoor?
>>>
>>> Seems like a lot of overkill to make routing changes???
>>>
>>> Am I missing something?
>>>
>>> -sean
>>>
>>>
>>>
>>> On Wed, Jan 31, 2018 at 11:48 AM TJ Trout  wrote:
>>>
>> Does anyone want to trade a PPTP connection (prefer you are multihomed)
 for the purpose of getting through LTE NAT? AKA I assign you a PPTP account
 with a static IPV4 and you do the same, so that if either of our networks
 go down we can use the others to tunnel back thru LTE to preform OOBM
 functions? We can shape @ 1mbps?

 This is a simple was around paying high fees for a static IP from the
 wireless carriers that even offer it...

 I don't really want to subscribe to some russian vpn service if I don't
 have to, or pay some cloud based OOBM company which will both cost way
 big$$$

 TJ

 On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett 
 wrote:

> You can use PPTP through NAT on LTE.  You can assign a static private
> IP to both ends of that tunnel.
> If PPTP won't pass something you need, you can run an EoIP tunnel
> using the PPTP IP's as the endpoints of the EoIP tunnel.  You end up with 
> a
> tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can pass
> 1500 bytes within the EoIP tunnel and it'll just be fragmented.
>
>
> -- Original Message --
> From: "TJ Trout" 
> To: af@afmug.com
> Sent: 1/31/2018 12:51:40 PM
> Subject: [AFMUG] OOBE mikrotik
>
> I was wanting to add out of band management via LTE to some of our
> core routers, but I think most/all cellular networks are NAT now so you
> cannot access your LTE devices inbound unless you have it tunnel out to a
> public ip over VPN somewhere right?
>
> How is everyone handling OOBE?
>
> I'm half tempted to do it via VHF low throughput radios!
>
> TJ
>
>

Re: [AFMUG] OOBE mikrotik

2018-01-31 Thread Eric Kuhnke 
Slightly more expensive, but t-mobile has plans that are $20-25/mo and
"unlimited" rate limited 128kbps x 128 kbps after that. For a critical site
$20/mo can be worth it.

$2/mo is not a realistic figure if you're maintaining a persistent VPN
connection, the $ per MB rate for those sort of plans is actually worse.
Just the periodic handshakes and keepalives will eat through 20-25MB in a
month.





On Wed, Jan 31, 2018 at 6:19 PM, Sean Heskett  wrote:

> Interesting...I didn’t know there were plans for $2/mo.  That definitely
> makes it worthwhile to have a backdoor LTE connection to towers.
>
> I’ll have to check into that
>
> On Wed, Jan 31, 2018 at 1:30 PM TJ Trout  wrote:
>
>> Never, but it's not a bad idea to have out of band management? I can get
>> the LTE service for $2 a month + data used (ssh data = zero)
>>
>> TJ
>> On Wed, Jan 31, 2018 at 12:09 PM, Sean Heskett  wrote:
>>
>>> Um how often are you loosing contact with your sites to necessitate this
>>> LTE backdoor?
>>>
>>> Seems like a lot of overkill to make routing changes???
>>>
>>> Am I missing something?
>>>
>>> -sean
>>>
>>>
>>>
>>> On Wed, Jan 31, 2018 at 11:48 AM TJ Trout  wrote:
>>>
>> Does anyone want to trade a PPTP connection (prefer you are multihomed)
 for the purpose of getting through LTE NAT? AKA I assign you a PPTP account
 with a static IPV4 and you do the same, so that if either of our networks
 go down we can use the others to tunnel back thru LTE to preform OOBM
 functions? We can shape @ 1mbps?

 This is a simple was around paying high fees for a static IP from the
 wireless carriers that even offer it...

 I don't really want to subscribe to some russian vpn service if I don't
 have to, or pay some cloud based OOBM company which will both cost way
 big$$$

 TJ

 On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett 
 wrote:

> You can use PPTP through NAT on LTE.  You can assign a static private
> IP to both ends of that tunnel.
> If PPTP won't pass something you need, you can run an EoIP tunnel
> using the PPTP IP's as the endpoints of the EoIP tunnel.  You end up with 
> a
> tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can pass
> 1500 bytes within the EoIP tunnel and it'll just be fragmented.
>
>
> -- Original Message --
> From: "TJ Trout" 
> To: af@afmug.com
> Sent: 1/31/2018 12:51:40 PM
> Subject: [AFMUG] OOBE mikrotik
>
> I was wanting to add out of band management via LTE to some of our
> core routers, but I think most/all cellular networks are NAT now so you
> cannot access your LTE devices inbound unless you have it tunnel out to a
> public ip over VPN somewhere right?
>
> How is everyone handling OOBE?
>
> I'm half tempted to do it via VHF low throughput radios!
>
> TJ
>
>

Re: [AFMUG] OOBE mikrotik

2018-01-31 Thread Lewis Bergman 
Hologram is 40 cents.

On Wed, Jan 31, 2018, 8:19 PM Sean Heskett  wrote:

> Interesting...I didn’t know there were plans for $2/mo.  That definitely
> makes it worthwhile to have a backdoor LTE connection to towers.
>
> I’ll have to check into that
>
> On Wed, Jan 31, 2018 at 1:30 PM TJ Trout  wrote:
>
>> Never, but it's not a bad idea to have out of band management? I can get
>> the LTE service for $2 a month + data used (ssh data = zero)
>>
>> TJ
>> On Wed, Jan 31, 2018 at 12:09 PM, Sean Heskett  wrote:
>>
>>> Um how often are you loosing contact with your sites to necessitate this
>>> LTE backdoor?
>>>
>>> Seems like a lot of overkill to make routing changes???
>>>
>>> Am I missing something?
>>>
>>> -sean
>>>
>>>
>>>
>>> On Wed, Jan 31, 2018 at 11:48 AM TJ Trout  wrote:
>>>
>> Does anyone want to trade a PPTP connection (prefer you are multihomed)
 for the purpose of getting through LTE NAT? AKA I assign you a PPTP account
 with a static IPV4 and you do the same, so that if either of our networks
 go down we can use the others to tunnel back thru LTE to preform OOBM
 functions? We can shape @ 1mbps?

 This is a simple was around paying high fees for a static IP from the
 wireless carriers that even offer it...

 I don't really want to subscribe to some russian vpn service if I don't
 have to, or pay some cloud based OOBM company which will both cost way
 big$$$

 TJ

 On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett 
 wrote:

> You can use PPTP through NAT on LTE.  You can assign a static private
> IP to both ends of that tunnel.
> If PPTP won't pass something you need, you can run an EoIP tunnel
> using the PPTP IP's as the endpoints of the EoIP tunnel.  You end up with 
> a
> tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can pass
> 1500 bytes within the EoIP tunnel and it'll just be fragmented.
>
>
> -- Original Message --
> From: "TJ Trout" 
> To: af@afmug.com
> Sent: 1/31/2018 12:51:40 PM
> Subject: [AFMUG] OOBE mikrotik
>
> I was wanting to add out of band management via LTE to some of our
> core routers, but I think most/all cellular networks are NAT now so you
> cannot access your LTE devices inbound unless you have it tunnel out to a
> public ip over VPN somewhere right?
>
> How is everyone handling OOBE?
>
> I'm half tempted to do it via VHF low throughput radios!
>
> TJ
>
>

Re: [AFMUG] OOBE mikrotik

2018-01-31 Thread Sean Heskett 
Interesting...I didn’t know there were plans for $2/mo.  That definitely
makes it worthwhile to have a backdoor LTE connection to towers.

I’ll have to check into that

On Wed, Jan 31, 2018 at 1:30 PM TJ Trout  wrote:

> Never, but it's not a bad idea to have out of band management? I can get
> the LTE service for $2 a month + data used (ssh data = zero)
>
> TJ
> On Wed, Jan 31, 2018 at 12:09 PM, Sean Heskett  wrote:
>
>> Um how often are you loosing contact with your sites to necessitate this
>> LTE backdoor?
>>
>> Seems like a lot of overkill to make routing changes???
>>
>> Am I missing something?
>>
>> -sean
>>
>>
>>
>> On Wed, Jan 31, 2018 at 11:48 AM TJ Trout  wrote:
>>
> Does anyone want to trade a PPTP connection (prefer you are multihomed)
>>> for the purpose of getting through LTE NAT? AKA I assign you a PPTP account
>>> with a static IPV4 and you do the same, so that if either of our networks
>>> go down we can use the others to tunnel back thru LTE to preform OOBM
>>> functions? We can shape @ 1mbps?
>>>
>>> This is a simple was around paying high fees for a static IP from the
>>> wireless carriers that even offer it...
>>>
>>> I don't really want to subscribe to some russian vpn service if I don't
>>> have to, or pay some cloud based OOBM company which will both cost way
>>> big$$$
>>>
>>> TJ
>>>
>>> On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett 
>>> wrote:
>>>
 You can use PPTP through NAT on LTE.  You can assign a static private
 IP to both ends of that tunnel.
 If PPTP won't pass something you need, you can run an EoIP tunnel using
 the PPTP IP's as the endpoints of the EoIP tunnel.  You end up with a
 tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can pass
 1500 bytes within the EoIP tunnel and it'll just be fragmented.


 -- Original Message --
 From: "TJ Trout" 
 To: af@afmug.com
 Sent: 1/31/2018 12:51:40 PM
 Subject: [AFMUG] OOBE mikrotik

 I was wanting to add out of band management via LTE to some of our core
 routers, but I think most/all cellular networks are NAT now so you cannot
 access your LTE devices inbound unless you have it tunnel out to a public
 ip over VPN somewhere right?

 How is everyone handling OOBE?

 I'm half tempted to do it via VHF low throughput radios!

 TJ


>>>

Re: [AFMUG] OOBE mikrotik

2018-01-31 Thread Lewis Bergman 
Read up on hologram. They have a solution to reach any device on their
Network.

On Wed, Jan 31, 2018, 6:30 PM Eric Kuhnke  wrote:

> you don't, you set up a really small system at the site which can run
> openvpn. In Linux terminology it would have three interfaces, eth0 (private
> IP space hardwired to your serial console/core router/POP management
> equipment), the LTE network interface, and tun0.  Have it initiate, from
> inside the cellular carrier's NAT, an openvpn connection to a server you
> control on a static IP somewhere. tun0 would have a static IP in private IP
> range used by just the openvpn server and client. When you get to get into
> the OOB you SSH through your openvpn server to reach the client machine.
>
>
> On Wed, Jan 31, 2018 at 4:25 PM, TJ Trout  wrote:
>
>> same as twilio which we use, problem is all LTE is NAT, how do i login to
>> a device behind nat when I cannot force the carrier to give me a port
>> forward?
>>
> On Wed, Jan 31, 2018 at 4:16 PM, Lewis Bergman 
>> wrote:
>>
> Hologram network and set up their site to do it for you. Pretty slick. I
>>> also like that is really cheap if you don't use it. As a warning, don't let
>>> the MT put a default route in for it or you will pay huge if your primary
>>> goes down. Otherwise it is so close to free it is crazy.
>>>
>>> On Wed, Jan 31, 2018 at 2:30 PM TJ Trout  wrote:
>>>
>> Never, but it's not a bad idea to have out of band management? I can get
 the LTE service for $2 a month + data used (ssh data = zero)

 TJ

 On Wed, Jan 31, 2018 at 12:09 PM, Sean Heskett  wrote:

> Um how often are you loosing contact with your sites to necessitate
> this LTE backdoor?
>
> Seems like a lot of overkill to make routing changes???
>
> Am I missing something?
>
> -sean
>
>
>
> On Wed, Jan 31, 2018 at 11:48 AM TJ Trout  wrote:
>
>> Does anyone want to trade a PPTP connection (prefer you are
>> multihomed) for the purpose of getting through LTE NAT? AKA I assign you 
>> a
>> PPTP account with a static IPV4 and you do the same, so that if either of
>> our networks go down we can use the others to tunnel back thru LTE to
>> preform OOBM functions? We can shape @ 1mbps?
>>
>> This is a simple was around paying high fees for a static IP from the
>> wireless carriers that even offer it...
>>
>> I don't really want to subscribe to some russian vpn service if I
>> don't have to, or pay some cloud based OOBM company which will both cost
>> way big$$$
>>
>> TJ
>>
>> On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett 
>> wrote:
>>
>>> You can use PPTP through NAT on LTE.  You can assign a static
>>> private IP to both ends of that tunnel.
>>> If PPTP won't pass something you need, you can run an EoIP tunnel
>>> using the PPTP IP's as the endpoints of the EoIP tunnel.  You end up 
>>> with a
>>> tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can 
>>> pass
>>> 1500 bytes within the EoIP tunnel and it'll just be fragmented.
>>>
>>>
>>> -- Original Message --
>>> From: "TJ Trout" 
>>> To: af@afmug.com
>>> Sent: 1/31/2018 12:51:40 PM
>>> Subject: [AFMUG] OOBE mikrotik
>>>
>>> I was wanting to add out of band management via LTE to some of our
>>> core routers, but I think most/all cellular networks are NAT now so you
>>> cannot access your LTE devices inbound unless you have it tunnel out to 
>>> a
>>> public ip over VPN somewhere right?
>>>
>>> How is everyone handling OOBE?
>>>
>>> I'm half tempted to do it via VHF low throughput radios!
>>>
>>> TJ
>>>
>>>
>>

Re: [AFMUG] OOBE mikrotik

2018-01-31 Thread Eric Kuhnke 
you don't, you set up a really small system at the site which can run
openvpn. In Linux terminology it would have three interfaces, eth0 (private
IP space hardwired to your serial console/core router/POP management
equipment), the LTE network interface, and tun0.  Have it initiate, from
inside the cellular carrier's NAT, an openvpn connection to a server you
control on a static IP somewhere. tun0 would have a static IP in private IP
range used by just the openvpn server and client. When you get to get into
the OOB you SSH through your openvpn server to reach the client machine.


On Wed, Jan 31, 2018 at 4:25 PM, TJ Trout  wrote:

> same as twilio which we use, problem is all LTE is NAT, how do i login to
> a device behind nat when I cannot force the carrier to give me a port
> forward?
>
> On Wed, Jan 31, 2018 at 4:16 PM, Lewis Bergman 
> wrote:
>
>> Hologram network and set up their site to do it for you. Pretty slick. I
>> also like that is really cheap if you don't use it. As a warning, don't let
>> the MT put a default route in for it or you will pay huge if your primary
>> goes down. Otherwise it is so close to free it is crazy.
>>
>> On Wed, Jan 31, 2018 at 2:30 PM TJ Trout  wrote:
>>
>>> Never, but it's not a bad idea to have out of band management? I can get
>>> the LTE service for $2 a month + data used (ssh data = zero)
>>>
>>> TJ
>>>
>>> On Wed, Jan 31, 2018 at 12:09 PM, Sean Heskett  wrote:
>>>
 Um how often are you loosing contact with your sites to necessitate
 this LTE backdoor?

 Seems like a lot of overkill to make routing changes???

 Am I missing something?

 -sean



 On Wed, Jan 31, 2018 at 11:48 AM TJ Trout  wrote:

> Does anyone want to trade a PPTP connection (prefer you are
> multihomed) for the purpose of getting through LTE NAT? AKA I assign you a
> PPTP account with a static IPV4 and you do the same, so that if either of
> our networks go down we can use the others to tunnel back thru LTE to
> preform OOBM functions? We can shape @ 1mbps?
>
> This is a simple was around paying high fees for a static IP from the
> wireless carriers that even offer it...
>
> I don't really want to subscribe to some russian vpn service if I
> don't have to, or pay some cloud based OOBM company which will both cost
> way big$$$
>
> TJ
>
> On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett 
> wrote:
>
>> You can use PPTP through NAT on LTE.  You can assign a static private
>> IP to both ends of that tunnel.
>> If PPTP won't pass something you need, you can run an EoIP tunnel
>> using the PPTP IP's as the endpoints of the EoIP tunnel.  You end up 
>> with a
>> tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can 
>> pass
>> 1500 bytes within the EoIP tunnel and it'll just be fragmented.
>>
>>
>> -- Original Message --
>> From: "TJ Trout" 
>> To: af@afmug.com
>> Sent: 1/31/2018 12:51:40 PM
>> Subject: [AFMUG] OOBE mikrotik
>>
>> I was wanting to add out of band management via LTE to some of our
>> core routers, but I think most/all cellular networks are NAT now so you
>> cannot access your LTE devices inbound unless you have it tunnel out to a
>> public ip over VPN somewhere right?
>>
>> How is everyone handling OOBE?
>>
>> I'm half tempted to do it via VHF low throughput radios!
>>
>> TJ
>>
>>
>
>>>
>

Re: [AFMUG] OOBE mikrotik

2018-01-31 Thread TJ Trout 
same as twilio which we use, problem is all LTE is NAT, how do i login to a
device behind nat when I cannot force the carrier to give me a port forward?

On Wed, Jan 31, 2018 at 4:16 PM, Lewis Bergman 
wrote:

> Hologram network and set up their site to do it for you. Pretty slick. I
> also like that is really cheap if you don't use it. As a warning, don't let
> the MT put a default route in for it or you will pay huge if your primary
> goes down. Otherwise it is so close to free it is crazy.
>
> On Wed, Jan 31, 2018 at 2:30 PM TJ Trout  wrote:
>
>> Never, but it's not a bad idea to have out of band management? I can get
>> the LTE service for $2 a month + data used (ssh data = zero)
>>
>> TJ
>>
>> On Wed, Jan 31, 2018 at 12:09 PM, Sean Heskett  wrote:
>>
>>> Um how often are you loosing contact with your sites to necessitate this
>>> LTE backdoor?
>>>
>>> Seems like a lot of overkill to make routing changes???
>>>
>>> Am I missing something?
>>>
>>> -sean
>>>
>>>
>>>
>>> On Wed, Jan 31, 2018 at 11:48 AM TJ Trout  wrote:
>>>
 Does anyone want to trade a PPTP connection (prefer you are multihomed)
 for the purpose of getting through LTE NAT? AKA I assign you a PPTP account
 with a static IPV4 and you do the same, so that if either of our networks
 go down we can use the others to tunnel back thru LTE to preform OOBM
 functions? We can shape @ 1mbps?

 This is a simple was around paying high fees for a static IP from the
 wireless carriers that even offer it...

 I don't really want to subscribe to some russian vpn service if I don't
 have to, or pay some cloud based OOBM company which will both cost way
 big$$$

 TJ

 On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett 
 wrote:

> You can use PPTP through NAT on LTE.  You can assign a static private
> IP to both ends of that tunnel.
> If PPTP won't pass something you need, you can run an EoIP tunnel
> using the PPTP IP's as the endpoints of the EoIP tunnel.  You end up with 
> a
> tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can pass
> 1500 bytes within the EoIP tunnel and it'll just be fragmented.
>
>
> -- Original Message --
> From: "TJ Trout" 
> To: af@afmug.com
> Sent: 1/31/2018 12:51:40 PM
> Subject: [AFMUG] OOBE mikrotik
>
> I was wanting to add out of band management via LTE to some of our
> core routers, but I think most/all cellular networks are NAT now so you
> cannot access your LTE devices inbound unless you have it tunnel out to a
> public ip over VPN somewhere right?
>
> How is everyone handling OOBE?
>
> I'm half tempted to do it via VHF low throughput radios!
>
> TJ
>
>

>>

Re: [AFMUG] OOBE mikrotik

2018-01-31 Thread Lewis Bergman 
Hologram network and set up their site to do it for you. Pretty slick. I
also like that is really cheap if you don't use it. As a warning, don't let
the MT put a default route in for it or you will pay huge if your primary
goes down. Otherwise it is so close to free it is crazy.

On Wed, Jan 31, 2018 at 2:30 PM TJ Trout  wrote:

> Never, but it's not a bad idea to have out of band management? I can get
> the LTE service for $2 a month + data used (ssh data = zero)
>
> TJ
>
> On Wed, Jan 31, 2018 at 12:09 PM, Sean Heskett  wrote:
>
>> Um how often are you loosing contact with your sites to necessitate this
>> LTE backdoor?
>>
>> Seems like a lot of overkill to make routing changes???
>>
>> Am I missing something?
>>
>> -sean
>>
>>
>>
>> On Wed, Jan 31, 2018 at 11:48 AM TJ Trout  wrote:
>>
>>> Does anyone want to trade a PPTP connection (prefer you are multihomed)
>>> for the purpose of getting through LTE NAT? AKA I assign you a PPTP account
>>> with a static IPV4 and you do the same, so that if either of our networks
>>> go down we can use the others to tunnel back thru LTE to preform OOBM
>>> functions? We can shape @ 1mbps?
>>>
>>> This is a simple was around paying high fees for a static IP from the
>>> wireless carriers that even offer it...
>>>
>>> I don't really want to subscribe to some russian vpn service if I don't
>>> have to, or pay some cloud based OOBM company which will both cost way
>>> big$$$
>>>
>>> TJ
>>>
>>> On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett 
>>> wrote:
>>>
 You can use PPTP through NAT on LTE.  You can assign a static private
 IP to both ends of that tunnel.
 If PPTP won't pass something you need, you can run an EoIP tunnel using
 the PPTP IP's as the endpoints of the EoIP tunnel.  You end up with a
 tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can pass
 1500 bytes within the EoIP tunnel and it'll just be fragmented.


 -- Original Message --
 From: "TJ Trout" 
 To: af@afmug.com
 Sent: 1/31/2018 12:51:40 PM
 Subject: [AFMUG] OOBE mikrotik

 I was wanting to add out of band management via LTE to some of our core
 routers, but I think most/all cellular networks are NAT now so you cannot
 access your LTE devices inbound unless you have it tunnel out to a public
 ip over VPN somewhere right?

 How is everyone handling OOBE?

 I'm half tempted to do it via VHF low throughput radios!

 TJ


>>>
>

Re: [AFMUG] OOBE mikrotik

2018-01-31 Thread TJ Trout 
Never, but it's not a bad idea to have out of band management? I can get
the LTE service for $2 a month + data used (ssh data = zero)

TJ

On Wed, Jan 31, 2018 at 12:09 PM, Sean Heskett  wrote:

> Um how often are you loosing contact with your sites to necessitate this
> LTE backdoor?
>
> Seems like a lot of overkill to make routing changes???
>
> Am I missing something?
>
> -sean
>
>
>
> On Wed, Jan 31, 2018 at 11:48 AM TJ Trout  wrote:
>
>> Does anyone want to trade a PPTP connection (prefer you are multihomed)
>> for the purpose of getting through LTE NAT? AKA I assign you a PPTP account
>> with a static IPV4 and you do the same, so that if either of our networks
>> go down we can use the others to tunnel back thru LTE to preform OOBM
>> functions? We can shape @ 1mbps?
>>
>> This is a simple was around paying high fees for a static IP from the
>> wireless carriers that even offer it...
>>
>> I don't really want to subscribe to some russian vpn service if I don't
>> have to, or pay some cloud based OOBM company which will both cost way
>> big$$$
>>
>> TJ
>>
>> On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett 
>> wrote:
>>
>>> You can use PPTP through NAT on LTE.  You can assign a static private IP
>>> to both ends of that tunnel.
>>> If PPTP won't pass something you need, you can run an EoIP tunnel using
>>> the PPTP IP's as the endpoints of the EoIP tunnel.  You end up with a
>>> tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can pass
>>> 1500 bytes within the EoIP tunnel and it'll just be fragmented.
>>>
>>>
>>> -- Original Message --
>>> From: "TJ Trout" 
>>> To: af@afmug.com
>>> Sent: 1/31/2018 12:51:40 PM
>>> Subject: [AFMUG] OOBE mikrotik
>>>
>>> I was wanting to add out of band management via LTE to some of our core
>>> routers, but I think most/all cellular networks are NAT now so you cannot
>>> access your LTE devices inbound unless you have it tunnel out to a public
>>> ip over VPN somewhere right?
>>>
>>> How is everyone handling OOBE?
>>>
>>> I'm half tempted to do it via VHF low throughput radios!
>>>
>>> TJ
>>>
>>>
>>

Re: [AFMUG] OOBE mikrotik

2018-01-31 Thread Sean Heskett 
Um how often are you loosing contact with your sites to necessitate this
LTE backdoor?

Seems like a lot of overkill to make routing changes???

Am I missing something?

-sean



On Wed, Jan 31, 2018 at 11:48 AM TJ Trout  wrote:

> Does anyone want to trade a PPTP connection (prefer you are multihomed)
> for the purpose of getting through LTE NAT? AKA I assign you a PPTP account
> with a static IPV4 and you do the same, so that if either of our networks
> go down we can use the others to tunnel back thru LTE to preform OOBM
> functions? We can shape @ 1mbps?
>
> This is a simple was around paying high fees for a static IP from the
> wireless carriers that even offer it...
>
> I don't really want to subscribe to some russian vpn service if I don't
> have to, or pay some cloud based OOBM company which will both cost way
> big$$$
>
> TJ
>
> On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett 
> wrote:
>
>> You can use PPTP through NAT on LTE.  You can assign a static private IP
>> to both ends of that tunnel.
>> If PPTP won't pass something you need, you can run an EoIP tunnel using
>> the PPTP IP's as the endpoints of the EoIP tunnel.  You end up with a
>> tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can pass
>> 1500 bytes within the EoIP tunnel and it'll just be fragmented.
>>
>>
>> -- Original Message --
>> From: "TJ Trout" 
>> To: af@afmug.com
>> Sent: 1/31/2018 12:51:40 PM
>> Subject: [AFMUG] OOBE mikrotik
>>
>> I was wanting to add out of band management via LTE to some of our core
>> routers, but I think most/all cellular networks are NAT now so you cannot
>> access your LTE devices inbound unless you have it tunnel out to a public
>> ip over VPN somewhere right?
>>
>> How is everyone handling OOBE?
>>
>> I'm half tempted to do it via VHF low throughput radios!
>>
>> TJ
>>
>>
>

Re: [AFMUG] OOBE mikrotik

2018-01-31 Thread TJ Trout 
Does anyone want to trade a PPTP connection (prefer you are multihomed) for
the purpose of getting through LTE NAT? AKA I assign you a PPTP account
with a static IPV4 and you do the same, so that if either of our networks
go down we can use the others to tunnel back thru LTE to preform OOBM
functions? We can shape @ 1mbps?

This is a simple was around paying high fees for a static IP from the
wireless carriers that even offer it...

I don't really want to subscribe to some russian vpn service if I don't
have to, or pay some cloud based OOBM company which will both cost way
big$$$

TJ

On Wed, Jan 31, 2018 at 10:32 AM, Adam Moffett  wrote:

> You can use PPTP through NAT on LTE.  You can assign a static private IP
> to both ends of that tunnel.
> If PPTP won't pass something you need, you can run an EoIP tunnel using
> the PPTP IP's as the endpoints of the EoIP tunnel.  You end up with a
> tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can pass
> 1500 bytes within the EoIP tunnel and it'll just be fragmented.
>
>
> -- Original Message --
> From: "TJ Trout" 
> To: af@afmug.com
> Sent: 1/31/2018 12:51:40 PM
> Subject: [AFMUG] OOBE mikrotik
>
> I was wanting to add out of band management via LTE to some of our core
> routers, but I think most/all cellular networks are NAT now so you cannot
> access your LTE devices inbound unless you have it tunnel out to a public
> ip over VPN somewhere right?
>
> How is everyone handling OOBE?
>
> I'm half tempted to do it via VHF low throughput radios!
>
> TJ
>
>

Re: [AFMUG] OOBE mikrotik

2018-01-31 Thread Adam Moffett 
You can use PPTP through NAT on LTE.  You can assign a static private IP 
to both ends of that tunnel.
If PPTP won't pass something you need, you can run an EoIP tunnel using 
the PPTP IP's as the endpoints of the EoIP tunnel.  You end up with a 
tunnel inside of a tunnel.  It'll have a lowish real MTU, but you can 
pass 1500 bytes within the EoIP tunnel and it'll just be fragmented.



-- Original Message --
From: "TJ Trout" 
To: af@afmug.com
Sent: 1/31/2018 12:51:40 PM
Subject: [AFMUG] OOBE mikrotik

I was wanting to add out of band management via LTE to some of our core 
routers, but I think most/all cellular networks are NAT now so you 
cannot access your LTE devices inbound unless you have it tunnel out to 
a public ip over VPN somewhere right?


How is everyone handling OOBE?

I'm half tempted to do it via VHF low throughput radios!

TJ