====== IP and Packet Radio ====== It has been possible for a long time to run IP over packet radio. There are some limitations: * At anything but high speeds (e.g. 4800bps and up), modern TCP/IP implementations perform poorly since the higher layers in modern operating systems have now typically been tuned for high bandwidth, low latency, low loss network devices. This results in a poor user experience. * In many countries, including the UK, encryption is not permitted on the amateur service, so no SSH (unless running with null ciphers), no HTTPS, and so on * This is likely to work spectacularly badly where there isn't a solid underlying AX.25 link. Tune the link for zero retries first, before moving up the stack to IP. But it does fundamentally work, and might have niche applications, and it's also a bit of fun to be had. There are at least two different ways to do IP over packet radio: - Linux kernel AX.25 support + ''kissattach'' - ''tncattach'' and I've written them up briefly below. If you know of other ways, please feel free to extend this page. ===== Methods ===== ==== Linux kernel AX.25 support + kissattach ==== Note that over time, this has become a bit broken, but the good news is there are recent fixes still making their way into distributed Linux kernels. That said, on a modern Debian-ish Linux: sudo apt install ax25-tools Define ''/etc/ax25/axports'' like so: # /etc/ax25/axports # # The format of this file is: # # name callsign speed paclen window description # myport M0LTE-1 57600 255 7 NinoTNC In that second column, set a unique callsign-ssid at each end, e.g. M0LTE-1 and M0LTE-2. 57600 is the correct serial port baud rate for the NinoTNC, adjust as required. (Any KISS modem can be used.) Then, on each system: sudo kissattach /dev/ttyACM0 myport 10.0.0.1 Specify a unique IP in the same subnet at each end, e.g. 10.0.0.1 and 10.0.0.2. You can use private (RFC1918) addresses, or any others you have allocated, eg from 44net. Note that if you already have a 44net IP address on an interface (for example a Wireguard tunnel), you will need to follow a slightly different method to configure the IP and subnet on ax0 (swapping the IP and subnet for your own): sudo kissattach /dev/ttyACM0 myport sudo ip addr add 44.10.0.1/28 dev ax0 ''/dev/ttyACM0'' is the device path for a single NinoTNC, adjust as required. After that, the interface ''ax0'' should exist: tf@testnode1:~ $ ifconfig ax0 ax0: flags=67 mtu 255 inet 10.0.0.1 netmask 255.0.0.0 broadcast 10.255.255.255 ax25 M0LTE-1 txqueuelen 10 (AMPR AX.25) RX packets 102 bytes 10782 (10.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 153 bytes 30136 (29.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 and you should be able to ping down the tunnel: tf@testnode1:~ $ ping 10.0.0.2 PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=345 ms 64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=344 ms 64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=342 ms 64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=349 ms 64 bytes from 10.0.0.2: icmp_seq=5 ttl=64 time=347 ms ^C --- 10.0.0.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 342.304/345.252/348.568/2.272 ms and, for example, serve up web pages: tf@testnode2:~ $ sudo apt install nginx -y tf@testnode1:~ $ curl http://10.0.0.2 Welcome to nginx!

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

There is more to the Linux implementation than this, for example setting port parameters to tune the link with [[https://manpages.debian.org/testing/ax25-tools/kissparms.8.en.html|kissparms]], setting this up as a systemd unit to start at boot, and so on. Optionally, turn off multicast: sudo ip link set ax0 multicast off It may be worth denying dhcpcd access to ax0: # Add the following statement somewhere at the beginning # of /etc/dhcpcd.conf to prevent dhcpcd from changing MTU denyinterfaces ax0 To bring down the interface: sudo pkill kissattach ==== tncattach ==== A program exists which is independent from the Linux kernel AX.25 support / ''kissattach'', called ''tncattach''. ''tncattach'' is available from https://github.com/markqvist/tncattach Once compiled, this is a one-liner at each end to set up: sudo tncattach -i 10.0.0.1/24 -m 500 -n -s M0LTE-1 -t 600 -v /dev/ttyACM0 57600 and sudo tncattach -i 10.0.0.2/24 -m 500 -n -s M0LTE-2 -t 600 -v /dev/ttyACM0 57600 This will set up a ''tnc0'' network interface. To compile ''tncattach'', on a Debian-ish OS, follow the steps in the [[https://github.com/markqvist/tncattach/blob/master/README.md|README]], reproduced here for convenience: sudo apt install build-essential git clone https://github.com/markqvist/tncattach.git cd tncattach make sudo make install There's some really useful information in the [[https://github.com/markqvist/tncattach/blob/master/README.md|README]] around setting up point to point links, blocking IPv6, setting MTU, station ID and so on. Optionally, turn off multicast: sudo ip link set tnc0 multicast off It may be worth denying dhcpcd access to tnc0: # Add the following statement somewhere at the beginning # of /etc/dhcpcd.conf to prevent dhcpcd from changing MTU denyinterfaces tnc0 Note that as far as I'm aware, this does NOT interoperate with stations running IP over the Linux kernel AX.25 stack. ===== Link testing ===== This will give the link a reasonable workout: tf@testnode1:~ $ sudo apt install fping -y tf@testnode1:~ $ fping 10.0.0.2 -M -b 200 -s -o -l -Q 10 [12:38:16] 10.0.0.2 : xmt/rcv/%loss = 10/10/0%, outage(ms) = 0, min/avg/max = 584/642/896 [12:38:26] 10.0.0.2 : xmt/rcv/%loss = 10/10/0%, outage(ms) = 0, min/avg/max = 612/614/619 [12:38:36] 10.0.0.2 : xmt/rcv/%loss = 10/10/0%, outage(ms) = 0, min/avg/max = 614/614/615 ^C10.0.0.2 : xmt/rcv/%loss = 35/35/0%, outage(ms) = 0, min/avg/max = 584/622/896 1 targets 1 alive 0 unreachable 0 unknown addresses 0 timeouts (waiting for response) 36 ICMP Echos sent 35 ICMP Echo Replies received 0 other ICMP received 584 ms (min round trip time) 622 ms (avg round trip time) 896 ms (max round trip time) 35.000 sec (elapsed real time) ===== Acknowledgements ===== Some content * https://github.com/markqvist/tncattach/blob/master/README.md * https://blog.benjojo.co.uk/post/AX25-over-wifi-with-ESP8266 ====== Linux IP routing/gateway over packet ====== Building on the above, it is also possible to route Internet traffic between two Linux packet nodes. The UK licence allows this because information sent across the packet network is deemed to originate with the licence holder, not with the original author/writer. Therefore, when doing this, make sure that the material you are transmitting is appropriate - the buck stops with you. Also remember the regulations concerning encryption (not allowed under the UK licence). ===== On the Remote Server ===== This how-to presupposes you are able to SSH into the remote node. This node will serve as the gateway for routing Internet traffic over packet. While there may well be other ways, this is the script that Michael GM5AUG uses to switch the MB7NKL packet node between regular packet work, and start the server up for IP traffic (with thanks to Martin M0NXP for his assistance in getting this running): You will need to modify the parts shown in *asterisks* #!/bin/bash sudo python3 /home/gm5aug/2221aTool/2221aTool.py set-gpio 0011 #sets NinoTNC to 9k6 mode - this requires at least v41 of the NinoTNC firmware, and the 2221aTool software mentioned elsewhere on the Wiki sudo systemctl stop linbpq #stops LinBPQ BBS software, freeing up the TNC sudo kissattach */dev/tnc-4m* *myport* #attaches NinoTNC to kernel as network interface - change this to your NinoTNC's port, and to the name you configured in axports above. sudo ip addr add *44.131.7.2/28* dev ax0 #assigns it an IP address. Change the IP address to match your needs - as above this can be a 44net IP, or a local 10.xxx IP sudo sysctl -w net.ipv4.ip_forward=1 #allows kernel IP forwarding sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #modifies ax0 traffic to assign it the eth0 IP address sudo ufw default allow routed #allows packet forwarding in the firewall - this how-to presupposes the use of ufw, although I understand it works with iptables as well sudo service ufw restart #restarts the firewall ip a #shows network config - failsafe check ===== On the Local Client ===== Having configured the remote server, we now move to the local client, which in this case is running the GB7AUG packet node. Michael has a Wireguard tunnel in use which he has to turn off to make this work, but for simplicity this command is not included below. Again you will need to modify this to suit your own needs, changing the parts enclosed in *asterisks*. #!/bin/bash sudo python3 /home/gm5aug/2221aTool/2221aTool.py --serial 0004805989 set-gpio 0011 #sets NinoTNC to 9k6 mode - again, requires the 2221aTool software sudo systemctl stop linbpq # stops LinBPQ BBS software, freeing up the TNC sudo kissattach */dev/tnc-2m* *fastIP* #attaches NinoTNC to kernel as network interface. Change the port and axport name. sudo ip addr add *44.131.7.1/28* dev ax0 #assigns it an IP address. Change this for your choice of IP, making sure it is in the same subnet as the IP at the remote site. sudo ip route del 0.0.0.0/0 via 192.168.1.254 #deletes the route for traffic over the LAN sudo ip route add 0.0.0.0/0 via *44.131.7.2* src *44.131.7.1* metric 50 #adds the route for traffic over packet. Change the first IP address to the IP of your remote server, and the second IP address to the one you have configured for the local client. sudo resolvconf -d NetworkManager #removes default LAN DNS nameserver. May or may not be needed. sudo resolvconf -a ax0 < ./.nameserver #sets DNS lookup address. This file is shown below. ip a #shows network config - failsafe check The .nameserver file mentioned above contains the following: search home nameserver 8.8.8.8 Feeding this in to resolvconf will set 8.8.8.8 as your DNS server, allowing you to resolve IP addresses. Following these steps **should** get you to a position where you can not only PING the two devices (as above) but also navigate (slowly!) to other websites, or ping other servers across the WWW. Again please be sure to abide by your licence when doing this. Happy experimenting!