Differences

This shows you the differences between two versions of the page.

--- packet:ip [2024/08/24 11:12] – [IP and Packet Radio] m0lte
+++ packet:ip [2024/09/27 18:21] (current) – [Linux kernel AX.25 support + kissattach] gm5aug
@@ Line 7: / Line 7: @@
   * At anything but high speeds (e.g. 4800bps and up), modern TCP/IP implementations perform poorly since the higher layers in modern operating systems have now typically been tuned for high bandwidth, low latency, low loss network devices. This results in a poor user experience.
   * In many countries, including the UK, encryption is not permitted on the amateur service, so no SSH (unless running with null ciphers), no HTTPS, and so on
+  * This is likely to work spectacularly badly where there isn't a solid underlying AX.25 link. Tune the link for zero retries first, before moving up the stack to IP.
 But it does fundamentally work, and might have niche applications, and it's also a bit of fun to be had.
@@ Line 18: / Line 19: @@
 If you know of other ways, please feel free to extend this page.
-===== Linux kernel AX.25 support + kissattach =====
+===== Methods =====
+==== Linux kernel AX.25 support + kissattach ====
 Note that over time, this has become a bit broken, but the good news is there are recent fixes still making their way into distributed Linux kernels.
@@ Line 50: / Line 54: @@
 Specify a unique IP in the same subnet at each end, e.g. 10.0.0.1 and 10.0.0.2. You can use private (RFC1918) addresses, or any others you have allocated, eg from 44net.
+Note that if you already have a 44net IP address on an interface (for example a Wireguard tunnel), you will need to follow a slightly different method to configure the IP and subnet on ax0 (swapping the IP and subnet for your own):
+<code>
+sudo kissattach /dev/ttyACM0 myport
+sudo ip addr add 44.10.0.1/28 dev ax0
+</code>
 ''/dev/ttyACM0'' is the device path for a single NinoTNC, adjust as required.
@@ Line 115: / Line 127: @@
 </body>
 </html>
+</code>
+There is more to the Linux implementation than this, for example setting port parameters to tune the link with [[https://manpages.debian.org/testing/ax25-tools/kissparms.8.en.html|kissparms]], setting this up as a systemd unit to start at boot, and so on.
+Optionally, turn off multicast:
+<code>
+sudo ip link set ax0 multicast off
 </code>
@@ Line 126: / Line 146: @@
 </code>
-===== tncattach =====
+To bring down the interface:
+<code>
+sudo pkill kissattach
+</code>
+==== tncattach ====
 A program exists which is independent from the Linux kernel AX.25 support / ''kissattach'', called ''tncattach''.
@@ Line 157: / Line 183: @@
 There's some really useful information in the [[https://github.com/markqvist/tncattach/blob/master/README.md|README]] around setting up point to point links, blocking IPv6, setting MTU, station ID and so on.
+Optionally, turn off multicast:
+<code>
+sudo ip link set tnc0 multicast off
+</code>
 It may be worth denying dhcpcd access to tnc0:
@@ Line 166: / Line 198: @@
 denyinterfaces tnc0
 </code>
 Note that as far as I'm aware, this does NOT interoperate with stations running IP over the Linux kernel AX.25 stack.
+===== Link testing =====
+This will give the link a reasonable workout:
+<code>
+tf@testnode1:~ $ sudo apt install fping -y
+tf@testnode1:~ $ fping 10.0.0.2 -M -b 200 -s -o -l -Q 10
+[12:38:16]
+.0.0.2 : xmt/rcv/%loss = 10/10/0%, outage(ms) = 0, min/avg/max = 584/642/896
+[12:38:26]
+.0.0.2 : xmt/rcv/%loss = 10/10/0%, outage(ms) = 0, min/avg/max = 612/614/619
+[12:38:36]
+.0.0.2 : xmt/rcv/%loss = 10/10/0%, outage(ms) = 0, min/avg/max = 614/614/615
+^C10.0.0.2 : xmt/rcv/%loss = 35/35/0%, outage(ms) = 0, min/avg/max = 584/622/896
+targets
+alive
+unreachable
+unknown addresses
+timeouts (waiting for response)
+ICMP Echos sent
+ICMP Echo Replies received
+other ICMP received
+ms (min round trip time)
+ms (avg round trip time)
+ms (max round trip time)
+.000 sec (elapsed real time)
+</code>
+===== Acknowledgements =====
+Some content
+  * https://github.com/markqvist/tncattach/blob/master/README.md
+  * https://blog.benjojo.co.uk/post/AX25-over-wifi-with-ESP8266
+====== Linux IP routing/gateway over packet ======
+Building on the above, it is also possible to route Internet traffic between two Linux packet nodes. The UK licence allows this because information sent across the packet network is deemed to originate with the licence holder, not with the original author/writer. Therefore, when doing this, make sure that the material you are transmitting is appropriate - the buck stops with you. Also remember the regulations concerning encryption (not allowed under the UK licence).
+===== On the Remote Server =====
+This how-to presupposes you are able to SSH into the remote node. This node will serve as the gateway for routing Internet traffic over packet.
+While there may well be other ways, this is the script that Michael GM5AUG uses to switch the MB7NKL packet node between regular packet work, and start the server up for IP traffic (with thanks to Martin M0NXP for his assistance in getting this running):
+You will need to modify the parts shown in *asterisks*
+<code>
+#!/bin/bash
+sudo python3 /home/gm5aug/2221aTool/2221aTool.py set-gpio 0011 #sets NinoTNC to 9k6 mode - this requires at least v41 of the NinoTNC firmware, and the 2221aTool software mentioned elsewhere on the Wiki
+sudo systemctl stop linbpq #stops LinBPQ BBS software, freeing up the TNC
+sudo kissattach */dev/tnc-4m* *myport* #attaches NinoTNC to kernel as network interface - change this to your NinoTNC's port, and to the name you configured in axports above.
+sudo ip addr add *44.131.7.2/28* dev ax0 #assigns it an IP address. Change the IP address to match your needs - as above this can be a 44net IP, or a local 10.xxx IP
+sudo sysctl -w net.ipv4.ip_forward=1 #allows kernel IP forwarding
+sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #modifies ax0 traffic to assign it the eth0 IP address
+sudo ufw default allow routed #allows packet forwarding in the firewall - this how-to presupposes the use of ufw, although I understand it works with iptables as well
+sudo service ufw restart #restarts the firewall
+ip a #shows network config - failsafe check
+</code>
+===== On the Local Client =====
+Having configured the remote server, we now move to the local client, which in this case is running the GB7AUG packet node. Michael has a Wireguard tunnel in use which he has to turn off to make this work, but for simplicity this command is not included below. Again you will need to modify this to suit your own needs, changing the parts enclosed in *asterisks*.
+<code>
+#!/bin/bash
+sudo python3 /home/gm5aug/2221aTool/2221aTool.py --serial 0004805989 set-gpio 0011 #sets NinoTNC to 9k6 mode - again, requires the 2221aTool software
+sudo systemctl stop linbpq # stops LinBPQ BBS software, freeing up the TNC
+sudo kissattach */dev/tnc-2m* *fastIP* #attaches NinoTNC to kernel as network interface. Change the port and axport name.
+sudo ip addr add *44.131.7.1/28* dev ax0 #assigns it an IP address. Change this for your choice of IP, making sure it is in the same subnet as the IP at the remote site.
+sudo ip route del 0.0.0.0/0 via 192.168.1.254 #deletes the route for traffic over the LAN
+sudo ip route add 0.0.0.0/0 via *44.131.7.2* src *44.131.7.1* metric 50 #adds the route for traffic over packet. Change the first IP address to the IP of your remote server, and the second IP address to the one you have configured for the local client.
+sudo resolvconf -d NetworkManager #removes default LAN DNS nameserver. May or may not be needed.
+sudo resolvconf -a ax0 < ./.nameserver #sets DNS lookup address. This file is shown below.
+ip a #shows network config - failsafe check
+</code>
+The .nameserver file mentioned above contains the following:
+<code>
+search home
+nameserver 8.8.8.8
+</code>
+Feeding this in to resolvconf will set 8.8.8.8 as your DNS server, allowing you to resolve IP addresses.
+Following these steps **should** get you to a position where you can not only PING the two devices (as above) but also navigate (slowly!) to other websites, or ping other servers across the WWW. Again please be sure to abide by your licence when doing this.
+Happy experimenting!