Set up an AMPR Net Gateway

Introduction

The AMPRNet or 44.0.0.0/8 network is a global Internet-routed network reserved for use by Amateur Radio. The URL names are suffixed with .ampr.org and are resolvable by almost any properly configured DNS name server you wish to use. There's also some exclusively for use on the AMPRNet if you know where they are.

While some softwares available for Internet routing uses public network IPs and dynamic hostname resolvers such as ddns.org or no-ip.org, there is NO security on these networks. You are at the mercy of your ISP and any port filtering they may impose. By using the AMPRNet, you can bypass the blocks your consumer-grade ISP places on you and create a whole learning experence for yourself - such as network security, web server configurations, mail server management, and more.

What's the secret?

The AMPRNet uses a special protocol not a port, so there are no ports to forward in your router! AMPRNet uses IP protocol number 4, in simple terms IPEncapsulation. This is a means of tunneling IP packets through an existing IP path. to bypass the filters and blocks on consumer ISP circuits.

If your OS is incapable of running protocol 4, you will not get connectivity. This includes all Microsoft products. This is because Microsoft improperly mislabeled protocol 4 as IP Version 4.
See http://support.microsoft.com/kb/949848 for more details.

Setting up an AMPRNet account.

With your Browser, go to the AMPRNet Portal http://portal.ampr.org and open an account by registering.

Log on, go to Home > Networks and follow the instructions to request a block of addresses. Typically a small subnet of 6 or 14 usable IPs is all you need. A /29 subnet is 6 addresses and a /28 subnet is 14 addresses.

You will receive your address allocation by email.

Don't forget to fill in the bottom part of that form.

Setting up a Router.

I suggest using an older computer which runs the Linux OS. You can configure your AMPRNet Gateway and link your Microsoft machine, smartphone, etc to it.

The Raspberry Pi is an excellent choice for a router. It is a small $35 unit with a 100BaseT Ethernet connection and at least 2 USB interfaces, one Port may be used for a Wifi dongle. You can plug your Pi into your Main Router and use wifi out... or vice-versa.

If you link your RPi as a Client you can use an external router as a Bridge to supply Ethernet and/or Wifi to Hosts you wish to put on the AMPRNet. You can get as creative as you want configuring a DHCP server, turn Linux/Pi into a full access point Wifi router, etc.

Installing the RIP device.

The RIPv2 device is used to automatically import AMPRNet routing into your system so you'll have point-to-point tunnelling with others on 44-net. I like to use ampr-ripd by Marius YO2LOJ and have a copy of it on : my ftp server

Compile and install ampr-ripd in the /usr/local/sbin/ directory.

Setting the address of your Router.

Assign a Static IP address to your AMPRNet Router's Host and set the AMPR Net Router in DMZ of your Commercial Router.
This is a 192.168.x.x address, some may use 10-net space. Either address scheme will work depending on your brand of consumer router. Which is sometimes referred to as CPE equipment.

Configure the Router.

Copy and paste the script (below) and edit in the information on the 4 lines to include your addresses.

AMPRIP='x.x.x.x'	# Your Gateway address ex: 44.1.2.3
IPMASK='x.x.x.x'	# Your Netmask ex: 255.255.255.248
COMMIP='x.x.x.x'	# Your Router's Ip address ex: 24.35.13.28
NOSIP is only needed if you have installed one of the xNOS programs - such as JNOS, maintained by Maiko VE4KLM. However with a Linux based OS, xNOS is no longer needed for packet services.
NOSIP='x.x.x.x'		# Next: 44.1.2.4

Place the "dotun" script in /usr/local/bin/ and flag it executable.
chmod +x /usr/local/bin/dotun

To Initialize your AMPRNet router: enter the command /usr/local/bin/dotun start

Use the command /usr/local/bin/dotun stop to shutdown the AMPRNet router.

Comments are included in the script so you can follow step by step what the script is doing. If you have questions, please join the 44-net list and someone will be happy to assist you.

To have true global internet routing on the AMPRNet submit DNS entries for your gateway to your coordinator.

# --- dotun ---
## Installation:
## name this file: /usr/local/bin/dotun
## chmod +x !$
## ln -s /etc/init.d/dotun
## yum install/apt-get install chkconfig
## chkconfig dotun 2345
## service dotun restart

#! /bin/bash

# Start ipip amprnet networking daemons.
# Script written and modified by Brian Rogers N1URO
# Date of last modification: 1/21/2015
### BEGIN INIT INFO
# Provides:          dotun
# Required-Start:    $syslog
# Required-Stop:     $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Starts and stops ipencapsulation
# Description:       Starts and stops ipencapsulation for  ham services
### END INIT INFO

# Author: Brian Rogers 
#

AMPRIP='x.x.x.x' # ampr IP of this specific machine.
IPMASK='x.x.x.x' # netmask of your amprnet block.
COMMIP='x.x.x.x' # the IP of your router/modem.
NOSIP='x.x.x.x'  # if you run xNOS, what's it's ip?

test -f /usr/local/sbin/ampr-ripd ||
  echo "You need ampr-ripd. You may find it at:"
  echo "ftp://n1uro.ampr.org/pub/hamradio/packet"
  exit 0;

case "$1" in
  start)
        # Load your ipencap module in the kernel:
        modprobe ipip

        # Allow ip forwarding from amprnet to your ethernet interface
        echo "1" > /proc/sys/net/ipv4/ip_forward

        # load RIPv2 routing using the ampr-ripd daemon
        /usr/local/sbin/ampr-ripd -t 1 -a $COMMIP -p  -i tunl0 -v -s -r

        # Configure your ipencap tunnel interface - required for the amprnet
        ifconfig tunl0 $AMPRIP netmask $IPMASK up

        # Allow traceroutes to work on the amprnet:
        ip tunnel change tunl0 mode ipip ttl 64 pmtudisc

        # If you run xNOS, configure a tun/tap interface:
#       ifconfig tun0 $AMPRIP pointopoint $NOSIP up

        # configure your rointing accordingly:
        # Note, if this node is behind an existing gw on your
        # lan, change the "via" ip below in the default line to
        # the lan IP of your gateway... and add a route in table 1
        # on your gateway to this node.
#       ip route add $NOSIP dev tun0 onlink table 1 src $AMPRIP
        ip route add default via 169.228.34.84 dev tunl0  src $AMPRIP onlink table 1

        # configure policy routing so that frames from/to your 44-net IP
        # know how to route accordingly:
        ip rule add from 44/8 pref 1 table 1
        ip rule add to 44/8 pref 1 table 1

        # script is done, exit as a clean flush.
        echo -n "Amprnet routing complete. "
        _sleep 1
        echo "Script by N1URO."
        exit 0
        ;;

  stop)
        # Unload what we loaded above:
        ip rule del to 44/8 pref 1 table 1
        ip rule del from 44/8 pref 1 table 1
        ifconfig tunl0 down
        ifconfig tun0 down
        killall -TERM ampr-ripd
        modprobe -r ipip
        echo "Amprnet routing disabled."
        exit 0
        ;;

  restart)
        echo "Restarting/resetting amprnet routing..."
        dotun stop
        sleep 3
        dotun start
        exit 0
        ;;
  *)
        echo "Usage: dotun {start|stop|restart}"
        exit 0
        ;;

esac
exit 0
--- EOF ---
Documentation rewrite by Charley K4GBB. Revised by N1URO.