sudo apt install ax25-tools
Define ''/etc/ax25/axports'' like so:
# /etc/ax25/axports
#
# The format of this file is:
#
# name callsign speed paclen window description
#
myport M0LTE-1 57600 255 7 NinoTNC
In that second column, set a unique callsign-ssid at each end, e.g. M0LTE-1 and M0LTE-2. 57600 is the correct serial port baud rate for the NinoTNC, adjust as required. (Any KISS modem can be used.)
Then, on each system:
sudo kissattach /dev/ttyACM0 myport 10.0.0.1
Specify a unique IP in the same subnet at each end, e.g. 10.0.0.1 and 10.0.0.2. You can use private (RFC1918) addresses, or any others you have allocated, eg from 44net.
Note that if you already have a 44net IP address on an interface (for example a Wireguard tunnel), you will need to follow a slightly different method to configure the IP and subnet on ax0 (swapping the IP and subnet for your own):
sudo kissattach /dev/ttyACM0 myport
sudo ip addr add 44.10.0.1/28 dev ax0
''/dev/ttyACM0'' is the device path for a single NinoTNC, adjust as required.
After that, the interface ''ax0'' should exist:
tf@testnode1:~ $ ifconfig ax0
ax0: flags=67 mtu 255
inet 10.0.0.1 netmask 255.0.0.0 broadcast 10.255.255.255
ax25 M0LTE-1 txqueuelen 10 (AMPR AX.25)
RX packets 102 bytes 10782 (10.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 153 bytes 30136 (29.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
and you should be able to ping down the tunnel:
tf@testnode1:~ $ ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=345 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=344 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=342 ms
64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=349 ms
64 bytes from 10.0.0.2: icmp_seq=5 ttl=64 time=347 ms
^C
--- 10.0.0.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 342.304/345.252/348.568/2.272 ms
and, for example, serve up web pages:
tf@testnode2:~ $ sudo apt install nginx -y
tf@testnode1:~ $ curl http://10.0.0.2
Welcome to nginx!
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
There is more to the Linux implementation than this, for example setting port parameters to tune the link with [[https://manpages.debian.org/testing/ax25-tools/kissparms.8.en.html|kissparms]], setting this up as a systemd unit to start at boot, and so on.
Optionally, turn off multicast:
sudo ip link set ax0 multicast off
It may be worth denying dhcpcd access to ax0:
# Add the following statement somewhere at the beginning
# of /etc/dhcpcd.conf to prevent dhcpcd from changing MTU
denyinterfaces ax0
To bring down the interface:
sudo pkill kissattach
==== tncattach ====
A program exists which is independent from the Linux kernel AX.25 support / ''kissattach'', called ''tncattach''.
''tncattach'' is available from https://github.com/markqvist/tncattach
Once compiled, this is a one-liner at each end to set up:
sudo tncattach -i 10.0.0.1/24 -m 500 -n -s M0LTE-1 -t 600 -v /dev/ttyACM0 57600
and
sudo tncattach -i 10.0.0.2/24 -m 500 -n -s M0LTE-2 -t 600 -v /dev/ttyACM0 57600
This will set up a ''tnc0'' network interface.
To compile ''tncattach'', on a Debian-ish OS, follow the steps in the [[https://github.com/markqvist/tncattach/blob/master/README.md|README]], reproduced here for convenience:
sudo apt install build-essential
git clone https://github.com/markqvist/tncattach.git
cd tncattach
make
sudo make install
There's some really useful information in the [[https://github.com/markqvist/tncattach/blob/master/README.md|README]] around setting up point to point links, blocking IPv6, setting MTU, station ID and so on.
Optionally, turn off multicast:
sudo ip link set tnc0 multicast off
It may be worth denying dhcpcd access to tnc0:
# Add the following statement somewhere at the beginning
# of /etc/dhcpcd.conf to prevent dhcpcd from changing MTU
denyinterfaces tnc0
Note that as far as I'm aware, this does NOT interoperate with stations running IP over the Linux kernel AX.25 stack.
===== Link testing =====
This will give the link a reasonable workout:
tf@testnode1:~ $ sudo apt install fping -y
tf@testnode1:~ $ fping 10.0.0.2 -M -b 200 -s -o -l -Q 10
[12:38:16]
10.0.0.2 : xmt/rcv/%loss = 10/10/0%, outage(ms) = 0, min/avg/max = 584/642/896
[12:38:26]
10.0.0.2 : xmt/rcv/%loss = 10/10/0%, outage(ms) = 0, min/avg/max = 612/614/619
[12:38:36]
10.0.0.2 : xmt/rcv/%loss = 10/10/0%, outage(ms) = 0, min/avg/max = 614/614/615
^C10.0.0.2 : xmt/rcv/%loss = 35/35/0%, outage(ms) = 0, min/avg/max = 584/622/896
1 targets
1 alive
0 unreachable
0 unknown addresses
0 timeouts (waiting for response)
36 ICMP Echos sent
35 ICMP Echo Replies received
0 other ICMP received
584 ms (min round trip time)
622 ms (avg round trip time)
896 ms (max round trip time)
35.000 sec (elapsed real time)
===== Acknowledgements =====
Some content
* https://github.com/markqvist/tncattach/blob/master/README.md
* https://blog.benjojo.co.uk/post/AX25-over-wifi-with-ESP8266
====== Linux IP routing/gateway over packet ======
Building on the above, it is also possible to route Internet traffic between two Linux packet nodes. The UK licence allows this because information sent across the packet network is deemed to originate with the licence holder, not with the original author/writer. Therefore, when doing this, make sure that the material you are transmitting is appropriate - the buck stops with you. Also remember the regulations concerning encryption (not allowed under the UK licence).
===== On the Remote Server =====
This how-to presupposes you are able to SSH into the remote node. This node will serve as the gateway for routing Internet traffic over packet.
While there may well be other ways, this is the script that Michael GM5AUG uses to switch the MB7NKL packet node between regular packet work, and start the server up for IP traffic (with thanks to Martin M0NXP for his assistance in getting this running):
You will need to modify the parts shown in *asterisks*
#!/bin/bash
sudo python3 /home/gm5aug/2221aTool/2221aTool.py set-gpio 0011 #sets NinoTNC to 9k6 mode - this requires at least v41 of the NinoTNC firmware, and the 2221aTool software mentioned elsewhere on the Wiki
sudo systemctl stop linbpq #stops LinBPQ BBS software, freeing up the TNC
sudo kissattach */dev/tnc-4m* *myport* #attaches NinoTNC to kernel as network interface - change this to your NinoTNC's port, and to the name you configured in axports above.
sudo ip addr add *44.131.7.2/28* dev ax0 #assigns it an IP address. Change the IP address to match your needs - as above this can be a 44net IP, or a local 10.xxx IP
sudo sysctl -w net.ipv4.ip_forward=1 #allows kernel IP forwarding
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #modifies ax0 traffic to assign it the eth0 IP address
sudo ufw default allow routed #allows packet forwarding in the firewall - this how-to presupposes the use of ufw, although I understand it works with iptables as well
sudo service ufw restart #restarts the firewall
ip a #shows network config - failsafe check
===== On the Local Client =====
Having configured the remote server, we now move to the local client, which in this case is running the GB7AUG packet node. Michael has a Wireguard tunnel in use which he has to turn off to make this work, but for simplicity this command is not included below. Again you will need to modify this to suit your own needs, changing the parts enclosed in *asterisks*.
#!/bin/bash
sudo python3 /home/gm5aug/2221aTool/2221aTool.py --serial 0004805989 set-gpio 0011 #sets NinoTNC to 9k6 mode - again, requires the 2221aTool software
sudo systemctl stop linbpq # stops LinBPQ BBS software, freeing up the TNC
sudo kissattach */dev/tnc-2m* *fastIP* #attaches NinoTNC to kernel as network interface. Change the port and axport name.
sudo ip addr add *44.131.7.1/28* dev ax0 #assigns it an IP address. Change this for your choice of IP, making sure it is in the same subnet as the IP at the remote site.
sudo ip route del 0.0.0.0/0 via 192.168.1.254 #deletes the route for traffic over the LAN
sudo ip route add 0.0.0.0/0 via *44.131.7.2* src *44.131.7.1* metric 50 #adds the route for traffic over packet. Change the first IP address to the IP of your remote server, and the second IP address to the one you have configured for the local client.
sudo resolvconf -d NetworkManager #removes default LAN DNS nameserver. May or may not be needed.
sudo resolvconf -a ax0 < ./.nameserver #sets DNS lookup address. This file is shown below.
ip a #shows network config - failsafe check
The .nameserver file mentioned above contains the following:
search home
nameserver 8.8.8.8
Feeding this in to resolvconf will set 8.8.8.8 as your DNS server, allowing you to resolve IP addresses.
Following these steps **should** get you to a position where you can not only PING the two devices (as above) but also navigate (slowly!) to other websites, or ping other servers across the WWW. Again please be sure to abide by your licence when doing this.
Happy experimenting!