https://wiki.ampr.org/w/api.php?action=feedcontributions&user=G1fef&feedformat=atom44Net Wiki - User contributions [en]2024-03-29T12:36:34ZUser contributionsMediaWiki 1.41.0https://wiki.ampr.org/w/index.php?title=FAQ&diff=1073FAQ2024-03-25T07:56:14Z<p>G1fef: </p>
<hr />
<div>'''Frequently Asked Questions'''<br />
<br />
'''What is AMPRNet?'''<br />
<br />
AMPRNet stands for AMateur Packet Radio NETwork. It is a collection of amateur radio-oriented computers, connected together via a variety of technologies, including radio, Internet, and ethernet. However, all of these computers have an IP address that begins with 44 (that is, IP addresses of the form 44.0.0.0/9 or 44.128.0.0/10). For this reason, AMPRnet can also be referred to as 44Net. <br />
<br />
Some further details can be found at https://en.wikipedia.org/wiki/AMPRNet and https://wiki.ampr.org/wiki/Main_Page<br />
<br />
'''What is AMPRNet for?'''<br />
<br />
The purpose of AMPRNet is to permit experimentation by amateurs in digital networking and to provide computer services to other amateurs using AMPRNet.<br />
<br />
'''What does it cost to use AMPRNet?'''<br />
<br />
There is no cost for using any AMPRNet facilities, however, there may be costs associated with Internet access to reach AMPRNet and/or amateur radio equipment costs.<br />
<br />
'''How do I connect to AMPRNet?'''<br />
<br />
There are four main methods people use:<br />
<br />
* VPN<br />
* BGP routing (See Also [[Announcing your allocation directly]])<br />
* Direct radio links.<br />
* IP Tunneling<br />
<br />
Note: Functionally, a VPN and a tunnel do much the same thing, except a VPN is designed for privacy (i.e. strong authentication and encryption), whilst IP tunnelling in the AMPRNet context is actually an all-to-all interconnected mesh of tunnels and is not encrypted (as often the data is transferred over radio).<br />
<br />
'''What is IP Tunneling?'''<br />
<br />
The information that traverses the Internet does so as "packets" of data, traveling over a variety of routes, between a source and a destination. Each packet contains a header, which tells all the devices along the route information such as the source and destination, plus the payload, which is the data to actually be transferred. Clearly, there must be a path all the way from the sources to the destination, and back. <br />
AMPRNet consists of small, non-connected groups of computers, that would otherwise not be able to connect to one another. However, since internet devices along the route really don't care about the contents of the payload section, you can put a completely new packet into that section, including an entirely different header, and its own payload section. That second header has source and destination addresses completely different from the first header - all that is required is that the first destination recognizes the encapsulated packet, de-encapsulates it, and forwards it to the second header destination. Return traffic follows a corresponding process. In that way, 44-net hosts can communicate with other 44-net hosts, by means of encapsulating their data packets in packets to non-44net hosts. This is called tunneling (or encapsulating). A later section in this FAQ discusses installing a tunnel. <br />
Tunneling is probably the most commonly used method of accessing AMPRNet.<br />
<br />
'''How does AMPR over IP tunnel actually work?'''<br />
<br />
AMPR nodes are actually not connected via a single tunnel but via a large mesh network of tunnels. Suppose user1 has public IP address 198.51.100.1 and user2 has 203.0.113.1. These two can normally communicate over the internet. However, if both users have a 44net IP address, user1 can encapsulate the 44 packet into an outer packet and send it to 203.0.113.1. Similarly, user2 can encapsulate the IP packet with the 44net addresses and send it to 198.51.100.1. In Linux (and most other systems), this is accomplished using a single ipip device and adding a route using the "nexthop" statement. When a packet is pushed into the ipip device, the outer IP header is added and sent to the router in the nexthop statement. A list of all AMPR users is required and this can be either accomplished by downloading a simple textfile and adding the routes manually or by using RIP44, as discussed in the FAQ section below.<br />
<br />
<br />
'''What is a VPN?'''<br />
<br />
VPN stands for Virtual Private Network. It is a facility that enables a computer to act (using the Internet) as though is physically connected to another computer network. There are many different ways to set up a VPN, so this is beyond the scope of this FAQ. However, it always involves configuring software and accounts on a computer, to connect to the VPN server. Some amateurs who have connections to AMPRNet have set up VPN servers so that other amateurs can achieve a "virtual" connection to AMPRNet. The technical details, account details, and IP address details must be obtained from the operator of that VPN. One such VPN is listed at https://wiki.ampr.org/wiki/AMPRNet_VPN.<br />
<br />
<br />
'''What is BGP Routing?'''<br />
<br />
The Internet has millions of different computers connected to it, each having an address. Devices called routers deliver traffic between computers and can send "advertisements" to other routers to tell those other routers about the locations of some of those addresses. The protocol used is called BGP, Border Gateway Protocol. If you are fortunate enough to have a computer that can send BGP advertisements, then you can advertise that your computer is part of the AMPRNet address range, and hence receive AMPRNet traffic.<br />
<br />
Unfortunately, most companies and most commercial ISPs will not permit their users to originate BGP advertisements (especially for address ranges that are not in their usual address range), so BGP is not a viable means to connect to AMPRNet for most people. There are Virtual Private Server (VPS) Providers (or Cloud Providers) who will announce your AMPRNet allocation without the need for your own Autonomous System (AS) number. [[Routing your allocation via BGP]] has a list of VPS/Cloud Providers.<br />
<br />
Installing BGP is beyond the scope of this FAQ. Note however that you must have written permission from the administrator of the ARDC 44 address space, before you BGP advertise any part of that space.<br />
<br />
'''What about radio links?'''<br />
<br />
In many places, groups of amateurs have established networks of radio links, and often have used one of the preceding approaches so that those radio networks connect to and become part of AMPRNet. You would need to contact those groups regarding frequencies, modes, and address allocations.<br />
<br />
'''Do I need to consider security?'''<br />
<br />
Yes! Any computer connected to the Internet must be configured and maintained in a secure fashion, and this includes any computer connected to AMPRNet (regardless of the connection technique). Repeat - you MUST secure your computer! This includes using firewalls, keeping software up to date, using strong passwords, etc etc. In some cases, encryption may also be used.<br />
<br />
How to maintain security is beyond the scope of this FAQ. Searching for "How to secure my computer" will return many, many hits though!<br />
<br />
'''How do I get an address allocation?'''<br />
<br />
If you connect to an existing VPN or existing radio network, it is likely that the operators of those facilities will already have address ranges established and will allocate your address(es). If you wish to establish a new tunnel or BGP-based link, then the process is handled by a semi-automated process on our portal. The steps are:<br />
1. Register using your callsign on the portal https://portal.ampr.org<br />
2. Log in and navigate to the Networks page.<br />
3. Click on your country. A list of regions/subnets may appear; if so, click on the appropriate one.<br />
4. Click on the subnet and you'll be presented with a simple form to complete.<br />
5. If you are requesting a single address for a host, leave the netmask as /32;<br />
6. if you are requesting a block/subnet, select the appropriate netwidth. E.g. for a 256 host subnet, select /24.<br />
7. Put a short message explaining your request in the Message area of the form. Be sure to indicate<br />
if you are planning to directly route a subnet as these require special handling<br />
8. Click Send. Your request will be forwarded to the coordinator for your region/subnet. You'll<br />
receive a confirming email. The coordinator may contact you for further details if required.<br />
<br />
'''Can I have a domain name entry for my AMPRNet host?'''<br />
<br />
Yes. Currently, domain name requests are handled by the area coordinators - contact details are on the portal. Note: the old email robot facility no longer functions.<br />
<br />
'''What about IPv6?'''<br />
<br />
There is no IPv6 equivalent of AMPRNet at present.<br />
<br />
'''How do I configure a Tunnel?'''<br />
<br />
The technique varies according to the Operating System you use. However, all involve the creation of a new "pseudo" interface - unlike your normal ethernet network connection, this one doesn't actually exist on the back panel of your computer. However, it exists as far as the Operating System is concerned. A normal ethernet device accepts a data packet (consisting of a header and payload, as previously discussed) and sends it out the ethernet cable (often via a modem, to the Internet). A "pseudo" interface however accepts a data packet, encapsulates it in the data portion of a new packet, adds a new and different header, and passes all that to the ethernet device, which then processes this new data packet as normal, sending it to a recipient who will de-encapsulate it. Reception of tunneled traffic is the reverse process. <br />
<br />
<br />
Consequently, two requirements apply:<br />
<br />
a) The computer must have full connectivity to the non-44 hosts that will send or receive the tunneled packets containing 44-net traffic. You cannot route ALL traffic to the pseudo interface!<br />
<br />
b) The pseudo driver must have a mechanism to tell it which non-44 net hosts can handle particular subsets of 44-net traffic - very few can handle the entire 44-net range! It should be noted that the information changes quite frequently, as tunnel hosts come and go, so must be updated as described below.<br />
<br />
https://wiki.ampr.org/wiki/Main_Page has links to several different ways of configuring tunnels.<br />
<br />
'''How do I obtain and maintain a list of tunnel hosts?'''<br />
<br />
There are three main mechanisms:<br />
<br />
a) log on to the portal (as described above) and navigate to the "Gateways/List" section that permits downloading of the "encap" file. Download that file, and use a script on the computer to turn it into commands that update the configuration of the tunnel device.<br />
<br />
b) receive the encap file by mail, and use a script to process it. You can register for this email on the portal "Gateways/Options" page.<br />
<br />
c) Receive and process "broadcasts" of configuration data that are available. This information is broadcast to all gateways listed on the portal. There is a software package called "ampr-ripd" that enables this process<br />
<br />
'''Can I just route all 44net traffic via a single tunnel?'''<br />
<br />
No. The main AMPRNet gateway does not provide this functionality - you must have a tunnel to each system you wish to contact.<br />
<br />
<br />
'''What is the AmprGW?'''<br />
<br />
The AmprGW is a server run by ARDC at UCSD as part of a long-running Internet research project. It has a number of functions:<br />
<br />
a) It provides a selective gateway between non-AMPRNet internet devices and the IPIP (mesh) AMPRNet. For this traffic, it filters at the per-host(/32) level. Each host which is to receive traffic from the Internet into AMPRNet must individually be listed in the permissions file, which is built from the AMPR.ORG DNS 'A' records. If there is no DNS A record for a tunneled amprnet destination host, the traffic is not forwarded in either direction. Therefore, if you want hosts on your subnet to be able to communicate with the Internet, you will need to have your local coordinator add them to the AMPR.ORG DNS for you.<br />
<br />
b) It forwards traffic between Internet hosts (including those AMPRNet that are directly connected to the Internet [BGP-routed]) and IPIP tunneled AMPRNet hosts. Some "validity" filtering is applied during this process - traffic that is invalid or misconfigured will be dropped. Note: AmprGW does NOT forward between different IPIP tunneled AMPRNet hosts. That is why you cannot have just a single IPIP tunnel for all of AMPRNet. Thus the tunneled AMPRNet as a whole forms a fully-connected mesh, not a 'star' configuration.<br />
<br />
c) AmprGW originates RIP44 broadcasts containing routing information about gateways and the AMPRNet subnets they service. The RIP44 transmissions are sent as IPIP encapsulated UDP packets for port 520 from 169.228.34.84 and sent individually to the commercial (external) address of every gateway. The packets have an inner source address of 44.0.0.1 and an inner destination of 224.0.0.9, the RIP multicast address. They are IPIP encapsulated packets, so without de-encapsulating them, the RIP is not visible to conventional routing software. Specialized software such as 'ampr-ripd' may be employed to make use of the RIP44 broadcasts, to set up AMPRNet routes.<br />
<br />
<br />
'''Can BGP, VPN, and IP tunnel hosts inter-communicate?'''<br />
<br />
Yes. The AMPRNet gateway has been configured to support this functionality.<br />
<br />
'''Can I put my tunnel on my home LAN and use NAT?'''<br />
<br />
Yes. However, in general, a home modem using NAT won't be able to correctly process inbound tunneled 44-net traffic and forward it to the correct host - the "port forward" facility in most NAT devices relies on a port number, but there are no port numbers for a tunnel packet! However, most modems have a "DMZ" facility, whereby all unrecognized traffic (and this includes tunneled traffic) can be forwarded to one particular host on the LAN. That host can then be configured to recognize and correctly process tunneled data. However - security alert! - it will also be exposed to all sorts of other, unwanted traffic as well! See the Security section above.<br />
<br />
'''Can I use an AMPRNet VPN on my home LAN?'''<br />
<br />
Generally, yes. Most home modem/routers have good support for VPN usage, although you mustn't use it for general internet access as it is for amateur radio use only!<br />
<br />
'''How can I get help with AMPRNet issues?'''<br />
<br />
Many amateurs are willing to assist other hams. You can find some of them on the groups.io 44Net group here https://ardc.groups.io/g/44net<br />
<br />
'''What about 44.128.0.0/16?'''<br />
<br />
Subnet 44.128.0.0/16 is currently reserved for testing. No operational subnets are planned for this address space. Older documentation incorrectly referred to this block of addresses as "private", that is, unrouted like the 192.168.0.0/16 RFC1918 subnet. This is incorrect; the 44.128.0.0/16 subnet can be routed, but do not use it except for brief test purposes.<br />
<br />
'''Credits'''<br />
<br />
This FAQ was originally commenced by Steve VK5ASF, using material from earlier FAQs, from various contributors to the 44net mailing list, and from Brian Kantor.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=FAQ&diff=1072FAQ2024-03-25T07:55:37Z<p>G1fef: </p>
<hr />
<div>'''Frequently Asked Questions'''<br />
<br />
'''What is AMPRNet?'''<br />
<br />
AMPRNet stands for AMateur Packet Radio NETwork. It is a collection of amateur radio-oriented computers, connected together via a variety of technologies, including radio, Internet, and ethernet. However, all of these computers have an IP address that begins with 44 (that is, IP addresses of the form 44.0.0.0/9 or 44.128.0.0/10). For this reason, AMPRnet can also be referred to as 44Net. <br />
<br />
Some further details can be found at https://en.wikipedia.org/wiki/AMPRNet and https://wiki.ampr.org/wiki/Main_Page<br />
<br />
'''What is AMPRNet for?'''<br />
<br />
The purpose of AMPRNet is to permit experimentation by amateurs in digital networking and to provide computer services to other amateurs using AMPRNet.<br />
<br />
'''What does it cost to use AMPRNet?'''<br />
<br />
There is no cost for using any AMPRNet facilities, however, there may be costs associated with Internet access to reach AMPRNet and/or amateur radio equipment costs.<br />
<br />
'''How do I connect to AMPRNet?'''<br />
<br />
There are four main methods people use:<br />
<br />
* VPN<br />
* BGP routing (See Also [[Announcing your allocation directly]])<br />
* Direct radio links.<br />
* IP Tunneling<br />
<br />
Note: Functionally, a VPN and a tunnel do much the same thing, except a VPN is designed for privacy (i.e. strong authentication and encryption), whilst IP tunnelling in the AMPRNet context is actually an all-to-all interconnected mesh of tunnels and is not encrypted (as often the data is transferred over radio).<br />
<br />
'''What is IP Tunneling?'''<br />
<br />
The information that traverses the Internet does so as "packets" of data, traveling over a variety of routes, between a source and a destination. Each packet contains a header, which tells all the devices along the route information such as the source and destination, plus the payload, which is the data to actually be transferred. Clearly, there must be a path all the way from the sources to the destination, and back. <br />
AMPRNet consists of small, non-connected groups of computers, that would otherwise not be able to connect to one another. However, since internet devices along the route really don't care about the contents of the payload section, you can put a completely new packet into that section, including an entirely different header, and its own payload section. That second header has source and destination addresses completely different from the first header - all that is required is that the first destination recognizes the encapsulated packet, de-encapsulates it, and forwards it to the second header destination. Return traffic follows a corresponding process. In that way, 44-net hosts can communicate with other 44-net hosts, by means of encapsulating their data packets in packets to non-44net hosts. This is called tunneling (or encapsulating). A later section in this FAQ discusses installing a tunnel. <br />
Tunneling is probably the most commonly used method of accessing AMPRNet.<br />
<br />
'''How does AMPR over IP tunnel actually work?'''<br />
<br />
AMPR nodes are actually not connected via a single tunnel but via a large mesh network of tunnels. Suppose user1 has public IP address 198.51.100.1 and user2 has 203.0.113.1. These two can normally communicate over the internet. However, if both users have a 44net IP address, user1 can encapsulate the 44 packet into an outer packet and send it to 203.0.113.1. Similarly, user2 can encapsulate the IP packet with the 44net addresses and send it to 198.51.100.1. In Linux (and most other systems), this is accomplished using a single ipip device and adding a route using the "nexthop" statement. When a packet is pushed into the ipip device, the outer IP header is added and sent to the router in the nexthop statement. A list of all AMPR users is required and this can be either accomplished by downloading a simple textfile and adding the routes manually or by using RIP44, as discussed in the FAQ section below.<br />
<br />
<br />
'''What is a VPN?'''<br />
<br />
VPN stands for Virtual Private Network. It is a facility that enables a computer to act (using the Internet) as though is physically connected to another computer network. There are many different ways to set up a VPN, so this is beyond the scope of this FAQ. However, it always involves configuring software and accounts on a computer, to connect to the VPN server. Some amateurs who have connections to AMPRNet have set up VPN servers so that other amateurs can achieve a "virtual" connection to AMPRNet. The technical details, account details, and IP address details must be obtained from the operator of that VPN. One such VPN is listed at https://wiki.ampr.org/wiki/AMPRNet_VPN.<br />
<br />
<br />
'''What is BGP Routing?'''<br />
<br />
The Internet has millions of different computers connected to it, each having an address. Devices called routers deliver traffic between computers and can send "advertisements" to other routers to tell those other routers about the locations of some of those addresses. The protocol used is called BGP, Border Gateway Protocol. If you are fortunate enough to have a computer that can send BGP advertisements, then you can advertise that your computer is part of the AMPRNet address range, and hence receive AMPRNet traffic.<br />
<br />
Unfortunately, most companies and most commercial ISPs will not permit their users to originate BGP advertisements (especially for address ranges that are not in their usual address range), so BGP is not a viable means to connect to AMPRNet for most people. There are Virtual Private Server (VPS) Providers (or Cloud Providers) who will announce your AMPRNet allocation without the need for your own Autonomous System (AS) number. [[Routing your allocation via BGP]] has a list of VPS/Cloud Providers.<br />
<br />
Installing BGP is beyond the scope of this FAQ. Note however that you must have written permission from the administrator of the ARDC 44 address space, before you BGP advertise any part of that space.<br />
<br />
'''What about radio links?'''<br />
<br />
In many places, groups of amateurs have established networks of radio links, and often have used one of the preceding approaches so that those radio networks connect to and become part of AMPRNet. You would need to contact those groups regarding frequencies, modes, and address allocations.<br />
<br />
'''Do I need to consider security?'''<br />
<br />
Yes! Any computer connected to the Internet must be configured and maintained in a secure fashion, and this includes any computer connected to AMPRNet (regardless of the connection technique). Repeat - you MUST secure your computer! This includes using firewalls, keeping software up to date, using strong passwords, etc etc. In some cases, encryption may also be used.<br />
<br />
How to maintain security is beyond the scope of this FAQ. Searching for "How to secure my computer" will return many, many hits though!<br />
<br />
'''How do I get an address allocation?'''<br />
<br />
If you connect to an existing VPN or existing radio network, it is likely that the operators of those facilities will already have address ranges established and will allocate your address(es). If you wish to establish a new tunnel or BGP-based link, then the process is handled by a semi-automated process on our portal. The steps are:<br />
1. Register using your callsign on the portal https://portal.ampr.org<br />
2. Log in and navigate to the Networks page.<br />
3. Click on your country. A list of regions/subnets may appear; if so, click on the appropriate one.<br />
4. Click on the subnet and you'll be presented with a simple form to complete.<br />
5. If you are requesting a single address for a host, leave the netmask as /32;<br />
6. if you are requesting a block/subnet, select the appropriate netwidth. E.g. for a 256 host subnet, select /24.<br />
7. Put a short message explaining your request in the Message area of the form. Be sure to indicate<br />
if you are planning to directly route a subnet as these require special handling<br />
8. Click Send. Your request will be forwarded to the coordinator for your region/subnet. You'll<br />
receive a confirming email. The coordinator may contact you for further details if required.<br />
<br />
'''Can I have a domain name entry for my AMPRNet host?'''<br />
<br />
Yes. Currently, domain name requests are handled by the area coordinators - contact details are on the portal. Note: the old email robot facility no longer functions.<br />
<br />
'''What about IPv6?'''<br />
<br />
There is no IPv6 equivalent of AMPRNet at present.<br />
<br />
'''How do I configure a Tunnel?'''<br />
<br />
The technique varies according to the Operating System you use. However, all involve the creation of a new "pseudo" interface - unlike your normal ethernet network connection, this one doesn't actually exist on the back panel of your computer. However, it exists as far as the Operating System is concerned. A normal ethernet device accepts a data packet (consisting of a header and payload, as previously discussed) and sends it out the ethernet cable (often via a modem, to the Internet). A "pseudo" interface however accepts a data packet, encapsulates it in the data portion of a new packet, adds a new and different header, and passes all that to the ethernet device, which then processes this new data packet as normal, sending it to a recipient who will de-encapsulate it. Reception of tunneled traffic is the reverse process. <br />
<br />
<br />
Consequently, two requirements apply:<br />
<br />
a) The computer must have full connectivity to the non-44 hosts that will send or receive the tunneled packets containing 44-net traffic. You cannot route ALL traffic to the pseudo interface!<br />
<br />
b) The pseudo driver must have a mechanism to tell it which non-44 net hosts can handle particular subsets of 44-net traffic - very few can handle the entire 44-net range! It should be noted that the information changes quite frequently, as tunnel hosts come and go, so must be updated as described below.<br />
<br />
https://wiki.ampr.org/wiki/Main_Page has links to several different ways of configuring tunnels.<br />
<br />
'''How do I obtain and maintain a list of tunnel hosts?'''<br />
<br />
There are three main mechanisms:<br />
<br />
a) log on to the portal (as described above) and navigate to the "Gateways/List" section that permits downloading of the "encap" file. Download that file, and use a script on the computer to turn it into commands that update the configuration of the tunnel device.<br />
<br />
b) receive the encap file by mail, and use a script to process it. You can register for this email on the portal "Gateways/Options" page.<br />
<br />
c) Receive and process "broadcasts" of configuration data that are available. This information is broadcast to all gateways listed on the portal. There is a software package called "ampr-ripd" that enables this process<br />
<br />
'''Can I just route all 44net traffic via a single tunnel?'''<br />
<br />
No. The main AMPRNet gateway does not provide this functionality - you must have a tunnel to each system you wish to contact.<br />
<br />
<br />
'''What is the AmprGW?'''<br />
<br />
The AmprGW is a server run by ARDC at UCSD as part of a long-running Internet research project. It has a number of functions:<br />
<br />
a) It provides a selective gateway between non-AMPRNet internet devices and the IPIP (mesh) AMPRNet. For this traffic, it filters at the per-host(/32) level. Each host which is to receive traffic from the Internet into AMPRNet must individually be listed in the permissions file, which is built from the AMPR.ORG DNS 'A' records. If there is no DNS A record for a tunneled amprnet destination host, the traffic is not forwarded in either direction. Therefore, if you want hosts on your subnet to be able to communicate with the Internet, you will need to have your local coordinator add them to the AMPR.ORG DNS for you.<br />
<br />
b) It forwards traffic between Internet hosts (including those AMPRNet that are directly connected to the Internet [BGP-routed]) and IPIP tunneled AMPRNet hosts. Some "validity" filtering is applied during this process - traffic that is invalid or misconfigured will be dropped. Note: AmprGW does NOT forward between different IPIP tunneled AMPRNet hosts. That is why you cannot have just a single IPIP tunnel for all of AMPRNet. Thus the tunneled AMPRNet as a whole forms a fully-connected mesh, not a 'star' configuration.<br />
<br />
c) AmprGW originates RIP44 broadcasts containing routing information about gateways and the AMPRNet subnets they service. The RIP44 transmissions are sent as IPIP encapsulated UDP packets for port 520 from 169.228.34.84 and sent individually to the commercial (external) address of every gateway. The packets have an inner source address of 44.0.0.1 and an inner destination of 224.0.0.9, the RIP multicast address. They are IPIP encapsulated packets, so without de-encapsulating them, the RIP is not visible to conventional routing software. Specialized software such as 'ampr-ripd' may be employed to make use of the RIP44 broadcasts, to set up AMPRNet routes.<br />
<br />
<br />
'''Can BGP, VPN, and IP tunnel hosts inter-communicate?'''<br />
<br />
Yes. The AMPRNet gateway has been configured to support this functionality.<br />
<br />
'''Can I put my tunnel on my home LAN and use NAT?'''<br />
<br />
Yes. However, in general, a home modem using NAT won't be able to correctly process inbound tunneled 44-net traffic and forward it to the correct host - the "port forward" facility in most NAT devices relies on a port number, but there are no port numbers for a tunnel packet! However, most modems have a "DMZ" facility, whereby all unrecognized traffic (and this includes tunneled traffic) can be forwarded to one particular host on the LAN. That host can then be configured to recognize and correctly process tunneled data. However - security alert! - it will also be exposed to all sorts of other, unwanted traffic as well! See the Security section above.<br />
<br />
'''Can I use an AMPRNet VPN on my home LAN?'''<br />
<br />
Generally, yes. Most home modem/routers have good support for VPN usage, although you mustn't use it for general internet access as it is for amateur radio use only!<br />
<br />
'''How can I get help with AMPRNet issues?'''<br />
<br />
Many amateurs are willing to assist other hams. You can find them on the groups.io 44Net group here https://ardc.groups.io/g/44net<br />
<br />
'''What about 44.128.0.0/16?'''<br />
<br />
Subnet 44.128.0.0/16 is currently reserved for testing. No operational subnets are planned for this address space. Older documentation incorrectly referred to this block of addresses as "private", that is, unrouted like the 192.168.0.0/16 RFC1918 subnet. This is incorrect; the 44.128.0.0/16 subnet can be routed, but do not use it except for brief test purposes.<br />
<br />
'''Credits'''<br />
<br />
This FAQ was originally commenced by Steve VK5ASF, using material from earlier FAQs, from various contributors to the 44net mailing list, and from Brian Kantor.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=FAQ&diff=1071FAQ2024-03-25T07:54:47Z<p>G1fef: </p>
<hr />
<div>'''Frequently Asked Questions'''<br />
<br />
'''What is AMPRNet?'''<br />
<br />
AMPRNet stands for AMateur Packet Radio NETwork. It is a collection of amateur radio-oriented computers, connected together via a variety of technologies, including radio, Internet, and ethernet. However, all of these computers have an IP address that begins with 44 (that is, IP addresses of the form 44.0.0.0/9 or 44.128.0.0/10). For this reason, AMPRnet can also be referred to as 44Net. <br />
<br />
Some further details can be found at https://en.wikipedia.org/wiki/AMPRNet and https://wiki.ampr.org/wiki/Main_Page<br />
<br />
'''What is AMPRNet for?'''<br />
<br />
The purpose of AMPRNet is to permit experimentation by amateurs in digital networking and to provide computer services to other amateurs using AMPRNet.<br />
<br />
'''What does it cost to use AMPRNet?'''<br />
<br />
There is no cost for using any AMPRNet facilities, however, there may be costs associated with Internet access to reach AMPRNet and/or amateur radio equipment costs.<br />
<br />
'''How do I connect to AMPRNet?'''<br />
<br />
There are four main methods people use:<br />
<br />
* VPN<br />
* BGP routing (See Also [[Announcing your allocation directly]])<br />
* Direct radio links.<br />
* IP Tunneling<br />
<br />
Note: Functionally, a VPN and a tunnel do much the same thing, except a VPN is designed for privacy (i.e. strong authentication and encryption), whilst IP tunnelling in the AMPRNet context is actually an all-to-all interconnected mesh of tunnels and is not encrypted (as often the data is transferred over radio).<br />
<br />
'''What is IP Tunneling?'''<br />
<br />
The information that traverses the Internet does so as "packets" of data, traveling over a variety of routes, between a source and a destination. Each packet contains a header, which tells all the devices along the route information such as the source and destination, plus the payload, which is the data to actually be transferred. Clearly, there must be a path all the way from the sources to the destination, and back. <br />
AMPRNet consists of small, non-connected groups of computers, that would otherwise not be able to connect to one another. However, since internet devices along the route really don't care about the contents of the payload section, you can put a completely new packet into that section, including an entirely different header, and its own payload section. That second header has source and destination addresses completely different from the first header - all that is required is that the first destination recognizes the encapsulated packet, de-encapsulates it, and forwards it to the second header destination. Return traffic follows a corresponding process. In that way, 44-net hosts can communicate with other 44-net hosts, by means of encapsulating their data packets in packets to non-44net hosts. This is called tunneling (or encapsulating). A later section in this FAQ discusses installing a tunnel. <br />
Tunneling is probably the most commonly used method of accessing AMPRNet.<br />
<br />
'''How does AMPR over IP tunnel actually work?'''<br />
<br />
AMPR nodes are actually not connected via a single tunnel but via a large mesh network of tunnels. Suppose user1 has public IP address 198.51.100.1 and user2 has 203.0.113.1. These two can normally communicate over the internet. However, if both users have a 44net IP address, user1 can encapsulate the 44 packet into an outer packet and send it to 203.0.113.1. Similarly, user2 can encapsulate the IP packet with the 44net addresses and send it to 198.51.100.1. In Linux (and most other systems), this is accomplished using a single ipip device and adding a route using the "nexthop" statement. When a packet is pushed into the ipip device, the outer IP header is added and sent to the router in the nexthop statement. A list of all AMPR users is required and this can be either accomplished by downloading a simple textfile and adding the routes manually or by using RIP44, as discussed in the FAQ section below.<br />
<br />
<br />
'''What is a VPN?'''<br />
<br />
VPN stands for Virtual Private Network. It is a facility that enables a computer to act (using the Internet) as though is physically connected to another computer network. There are many different ways to set up a VPN, so this is beyond the scope of this FAQ. However, it always involves configuring software and accounts on a computer, to connect to the VPN server. Some amateurs who have connections to AMPRNet have set up VPN servers so that other amateurs can achieve a "virtual" connection to AMPRNet. The technical details, account details, and IP address details must be obtained from the operator of that VPN. One such VPN is listed at http://wiki.ampr.org/wiki/AMPRNet_VPN.<br />
<br />
<br />
'''What is BGP Routing?'''<br />
<br />
The Internet has millions of different computers connected to it, each having an address. Devices called routers deliver traffic between computers and can send "advertisements" to other routers to tell those other routers about the locations of some of those addresses. The protocol used is called BGP, Border Gateway Protocol. If you are fortunate enough to have a computer that can send BGP advertisements, then you can advertise that your computer is part of the AMPRNet address range, and hence receive AMPRNet traffic.<br />
<br />
Unfortunately, most companies and most commercial ISPs will not permit their users to originate BGP advertisements (especially for address ranges that are not in their usual address range), so BGP is not a viable means to connect to AMPRNet for most people. There are Virtual Private Server (VPS) Providers (or Cloud Providers) who will announce your AMPRNet allocation without the need for your own Autonomous System (AS) number. [[Routing your allocation via BGP]] has a list of VPS/Cloud Providers.<br />
<br />
Installing BGP is beyond the scope of this FAQ. Note however that you must have written permission from the administrator of the ARDC 44 address space, before you BGP advertise any part of that space.<br />
<br />
'''What about radio links?'''<br />
<br />
In many places, groups of amateurs have established networks of radio links, and often have used one of the preceding approaches so that those radio networks connect to and become part of AMPRNet. You would need to contact those groups regarding frequencies, modes, and address allocations.<br />
<br />
'''Do I need to consider security?'''<br />
<br />
Yes! Any computer connected to the Internet must be configured and maintained in a secure fashion, and this includes any computer connected to AMPRNet (regardless of the connection technique). Repeat - you MUST secure your computer! This includes using firewalls, keeping software up to date, using strong passwords, etc etc. In some cases, encryption may also be used.<br />
<br />
How to maintain security is beyond the scope of this FAQ. Searching for "How to secure my computer" will return many, many hits though!<br />
<br />
'''How do I get an address allocation?'''<br />
<br />
If you connect to an existing VPN or existing radio network, it is likely that the operators of those facilities will already have address ranges established and will allocate your address(es). If you wish to establish a new tunnel or BGP-based link, then the process is handled by a semi-automated process on our portal. The steps are:<br />
1. Register using your callsign on the portal https://portal.ampr.org<br />
2. Log in and navigate to the Networks page.<br />
3. Click on your country. A list of regions/subnets may appear; if so, click on the appropriate one.<br />
4. Click on the subnet and you'll be presented with a simple form to complete.<br />
5. If you are requesting a single address for a host, leave the netmask as /32;<br />
6. if you are requesting a block/subnet, select the appropriate netwidth. E.g. for a 256 host subnet, select /24.<br />
7. Put a short message explaining your request in the Message area of the form. Be sure to indicate<br />
if you are planning to directly route a subnet as these require special handling<br />
8. Click Send. Your request will be forwarded to the coordinator for your region/subnet. You'll<br />
receive a confirming email. The coordinator may contact you for further details if required.<br />
<br />
'''Can I have a domain name entry for my AMPRNet host?'''<br />
<br />
Yes. Currently, domain name requests are handled by the area coordinators - contact details are on the portal. Note: the old email robot facility no longer functions.<br />
<br />
'''What about IPv6?'''<br />
<br />
There is no IPv6 equivalent of AMPRNet at present.<br />
<br />
'''How do I configure a Tunnel?'''<br />
<br />
The technique varies according to the Operating System you use. However, all involve the creation of a new "pseudo" interface - unlike your normal ethernet network connection, this one doesn't actually exist on the back panel of your computer. However, it exists as far as the Operating System is concerned. A normal ethernet device accepts a data packet (consisting of a header and payload, as previously discussed) and sends it out the ethernet cable (often via a modem, to the Internet). A "pseudo" interface however accepts a data packet, encapsulates it in the data portion of a new packet, adds a new and different header, and passes all that to the ethernet device, which then processes this new data packet as normal, sending it to a recipient who will de-encapsulate it. Reception of tunneled traffic is the reverse process. <br />
<br />
<br />
Consequently, two requirements apply:<br />
<br />
a) The computer must have full connectivity to the non-44 hosts that will send or receive the tunneled packets containing 44-net traffic. You cannot route ALL traffic to the pseudo interface!<br />
<br />
b) The pseudo driver must have a mechanism to tell it which non-44 net hosts can handle particular subsets of 44-net traffic - very few can handle the entire 44-net range! It should be noted that the information changes quite frequently, as tunnel hosts come and go, so must be updated as described below.<br />
<br />
http://wiki.ampr.org/wiki/Main_Page has links to several different ways of configuring tunnels.<br />
<br />
'''How do I obtain and maintain a list of tunnel hosts?'''<br />
<br />
There are three main mechanisms:<br />
<br />
a) log on to the portal (as described above) and navigate to the "Gateways/List" section that permits downloading of the "encap" file. Download that file, and use a script on the computer to turn it into commands that update the configuration of the tunnel device.<br />
<br />
b) receive the encap file by mail, and use a script to process it. You can register for this email on the portal "Gateways/Options" page.<br />
<br />
c) Receive and process "broadcasts" of configuration data that are available. This information is broadcast to all gateways listed on the portal. There is a software package called "ampr-ripd" that enables this process<br />
<br />
'''Can I just route all 44net traffic via a single tunnel?'''<br />
<br />
No. The main AMPRNet gateway does not provide this functionality - you must have a tunnel to each system you wish to contact.<br />
<br />
<br />
'''What is the AmprGW?'''<br />
<br />
The AmprGW is a server run by ARDC at UCSD as part of a long-running Internet research project. It has a number of functions:<br />
<br />
a) It provides a selective gateway between non-AMPRNet internet devices and the IPIP (mesh) AMPRNet. For this traffic, it filters at the per-host(/32) level. Each host which is to receive traffic from the Internet into AMPRNet must individually be listed in the permissions file, which is built from the AMPR.ORG DNS 'A' records. If there is no DNS A record for a tunneled amprnet destination host, the traffic is not forwarded in either direction. Therefore, if you want hosts on your subnet to be able to communicate with the Internet, you will need to have your local coordinator add them to the AMPR.ORG DNS for you.<br />
<br />
b) It forwards traffic between Internet hosts (including those AMPRNet that are directly connected to the Internet [BGP-routed]) and IPIP tunneled AMPRNet hosts. Some "validity" filtering is applied during this process - traffic that is invalid or misconfigured will be dropped. Note: AmprGW does NOT forward between different IPIP tunneled AMPRNet hosts. That is why you cannot have just a single IPIP tunnel for all of AMPRNet. Thus the tunneled AMPRNet as a whole forms a fully-connected mesh, not a 'star' configuration.<br />
<br />
c) AmprGW originates RIP44 broadcasts containing routing information about gateways and the AMPRNet subnets they service. The RIP44 transmissions are sent as IPIP encapsulated UDP packets for port 520 from 169.228.34.84 and sent individually to the commercial (external) address of every gateway. The packets have an inner source address of 44.0.0.1 and an inner destination of 224.0.0.9, the RIP multicast address. They are IPIP encapsulated packets, so without de-encapsulating them, the RIP is not visible to conventional routing software. Specialized software such as 'ampr-ripd' may be employed to make use of the RIP44 broadcasts, to set up AMPRNet routes.<br />
<br />
<br />
'''Can BGP, VPN, and IP tunnel hosts inter-communicate?'''<br />
<br />
Yes. The AMPRNet gateway has been configured to support this functionality.<br />
<br />
'''Can I put my tunnel on my home LAN and use NAT?'''<br />
<br />
Yes. However, in general, a home modem using NAT won't be able to correctly process inbound tunneled 44-net traffic and forward it to the correct host - the "port forward" facility in most NAT devices relies on a port number, but there are no port numbers for a tunnel packet! However, most modems have a "DMZ" facility, whereby all unrecognized traffic (and this includes tunneled traffic) can be forwarded to one particular host on the LAN. That host can then be configured to recognize and correctly process tunneled data. However - security alert! - it will also be exposed to all sorts of other, unwanted traffic as well! See the Security section above.<br />
<br />
'''Can I use an AMPRNet VPN on my home LAN?'''<br />
<br />
Generally, yes. Most home modem/routers have good support for VPN usage, although you mustn't use it for general internet access as it is for amateur radio use only!<br />
<br />
'''How can I get help with AMPRNet issues?'''<br />
<br />
Many amateurs are willing to assist other hams. You can find them on the groups.io 44Net group here https://ardc.groups.io/g/44net<br />
<br />
'''What about 44.128.0.0/16?'''<br />
<br />
Subnet 44.128.0.0/16 is currently reserved for testing. No operational subnets are planned for this address space. Older documentation incorrectly referred to this block of addresses as "private", that is, unrouted like the 192.168.0.0/16 RFC1918 subnet. This is incorrect; the 44.128.0.0/16 subnet can be routed, but do not use it except for brief test purposes.<br />
<br />
'''Credits'''<br />
<br />
This FAQ was originally commenced by Steve VK5ASF, using material from earlier FAQs, from various contributors to the 44net mailing list, and from Brian Kantor.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=FAQ&diff=1070FAQ2024-03-25T07:54:29Z<p>G1fef: </p>
<hr />
<div>'''Frequently Asked Questions'''<br />
<br />
'''What is AMPRNet?'''<br />
<br />
AMPRNet stands for AMateur Packet Radio NETwork. It is a collection of amateur radio-oriented computers, connected together via a variety of technologies, including radio, Internet, and ethernet. However, all of these computers have an IP address that begins with 44 (that is, IP addresses of the form 44.0.0.0/9 or 44.128.0.0/10). For this reason, AMPRnet can also be referred to as 44Net. <br />
<br />
Some further details can be found at https://en.wikipedia.org/wiki/AMPRNet and https://wiki.ampr.org/Main_Page<br />
<br />
'''What is AMPRNet for?'''<br />
<br />
The purpose of AMPRNet is to permit experimentation by amateurs in digital networking and to provide computer services to other amateurs using AMPRNet.<br />
<br />
'''What does it cost to use AMPRNet?'''<br />
<br />
There is no cost for using any AMPRNet facilities, however, there may be costs associated with Internet access to reach AMPRNet and/or amateur radio equipment costs.<br />
<br />
'''How do I connect to AMPRNet?'''<br />
<br />
There are four main methods people use:<br />
<br />
* VPN<br />
* BGP routing (See Also [[Announcing your allocation directly]])<br />
* Direct radio links.<br />
* IP Tunneling<br />
<br />
Note: Functionally, a VPN and a tunnel do much the same thing, except a VPN is designed for privacy (i.e. strong authentication and encryption), whilst IP tunnelling in the AMPRNet context is actually an all-to-all interconnected mesh of tunnels and is not encrypted (as often the data is transferred over radio).<br />
<br />
'''What is IP Tunneling?'''<br />
<br />
The information that traverses the Internet does so as "packets" of data, traveling over a variety of routes, between a source and a destination. Each packet contains a header, which tells all the devices along the route information such as the source and destination, plus the payload, which is the data to actually be transferred. Clearly, there must be a path all the way from the sources to the destination, and back. <br />
AMPRNet consists of small, non-connected groups of computers, that would otherwise not be able to connect to one another. However, since internet devices along the route really don't care about the contents of the payload section, you can put a completely new packet into that section, including an entirely different header, and its own payload section. That second header has source and destination addresses completely different from the first header - all that is required is that the first destination recognizes the encapsulated packet, de-encapsulates it, and forwards it to the second header destination. Return traffic follows a corresponding process. In that way, 44-net hosts can communicate with other 44-net hosts, by means of encapsulating their data packets in packets to non-44net hosts. This is called tunneling (or encapsulating). A later section in this FAQ discusses installing a tunnel. <br />
Tunneling is probably the most commonly used method of accessing AMPRNet.<br />
<br />
'''How does AMPR over IP tunnel actually work?'''<br />
<br />
AMPR nodes are actually not connected via a single tunnel but via a large mesh network of tunnels. Suppose user1 has public IP address 198.51.100.1 and user2 has 203.0.113.1. These two can normally communicate over the internet. However, if both users have a 44net IP address, user1 can encapsulate the 44 packet into an outer packet and send it to 203.0.113.1. Similarly, user2 can encapsulate the IP packet with the 44net addresses and send it to 198.51.100.1. In Linux (and most other systems), this is accomplished using a single ipip device and adding a route using the "nexthop" statement. When a packet is pushed into the ipip device, the outer IP header is added and sent to the router in the nexthop statement. A list of all AMPR users is required and this can be either accomplished by downloading a simple textfile and adding the routes manually or by using RIP44, as discussed in the FAQ section below.<br />
<br />
<br />
'''What is a VPN?'''<br />
<br />
VPN stands for Virtual Private Network. It is a facility that enables a computer to act (using the Internet) as though is physically connected to another computer network. There are many different ways to set up a VPN, so this is beyond the scope of this FAQ. However, it always involves configuring software and accounts on a computer, to connect to the VPN server. Some amateurs who have connections to AMPRNet have set up VPN servers so that other amateurs can achieve a "virtual" connection to AMPRNet. The technical details, account details, and IP address details must be obtained from the operator of that VPN. One such VPN is listed at http://wiki.ampr.org/wiki/AMPRNet_VPN.<br />
<br />
<br />
'''What is BGP Routing?'''<br />
<br />
The Internet has millions of different computers connected to it, each having an address. Devices called routers deliver traffic between computers and can send "advertisements" to other routers to tell those other routers about the locations of some of those addresses. The protocol used is called BGP, Border Gateway Protocol. If you are fortunate enough to have a computer that can send BGP advertisements, then you can advertise that your computer is part of the AMPRNet address range, and hence receive AMPRNet traffic.<br />
<br />
Unfortunately, most companies and most commercial ISPs will not permit their users to originate BGP advertisements (especially for address ranges that are not in their usual address range), so BGP is not a viable means to connect to AMPRNet for most people. There are Virtual Private Server (VPS) Providers (or Cloud Providers) who will announce your AMPRNet allocation without the need for your own Autonomous System (AS) number. [[Routing your allocation via BGP]] has a list of VPS/Cloud Providers.<br />
<br />
Installing BGP is beyond the scope of this FAQ. Note however that you must have written permission from the administrator of the ARDC 44 address space, before you BGP advertise any part of that space.<br />
<br />
'''What about radio links?'''<br />
<br />
In many places, groups of amateurs have established networks of radio links, and often have used one of the preceding approaches so that those radio networks connect to and become part of AMPRNet. You would need to contact those groups regarding frequencies, modes, and address allocations.<br />
<br />
'''Do I need to consider security?'''<br />
<br />
Yes! Any computer connected to the Internet must be configured and maintained in a secure fashion, and this includes any computer connected to AMPRNet (regardless of the connection technique). Repeat - you MUST secure your computer! This includes using firewalls, keeping software up to date, using strong passwords, etc etc. In some cases, encryption may also be used.<br />
<br />
How to maintain security is beyond the scope of this FAQ. Searching for "How to secure my computer" will return many, many hits though!<br />
<br />
'''How do I get an address allocation?'''<br />
<br />
If you connect to an existing VPN or existing radio network, it is likely that the operators of those facilities will already have address ranges established and will allocate your address(es). If you wish to establish a new tunnel or BGP-based link, then the process is handled by a semi-automated process on our portal. The steps are:<br />
1. Register using your callsign on the portal https://portal.ampr.org<br />
2. Log in and navigate to the Networks page.<br />
3. Click on your country. A list of regions/subnets may appear; if so, click on the appropriate one.<br />
4. Click on the subnet and you'll be presented with a simple form to complete.<br />
5. If you are requesting a single address for a host, leave the netmask as /32;<br />
6. if you are requesting a block/subnet, select the appropriate netwidth. E.g. for a 256 host subnet, select /24.<br />
7. Put a short message explaining your request in the Message area of the form. Be sure to indicate<br />
if you are planning to directly route a subnet as these require special handling<br />
8. Click Send. Your request will be forwarded to the coordinator for your region/subnet. You'll<br />
receive a confirming email. The coordinator may contact you for further details if required.<br />
<br />
'''Can I have a domain name entry for my AMPRNet host?'''<br />
<br />
Yes. Currently, domain name requests are handled by the area coordinators - contact details are on the portal. Note: the old email robot facility no longer functions.<br />
<br />
'''What about IPv6?'''<br />
<br />
There is no IPv6 equivalent of AMPRNet at present.<br />
<br />
'''How do I configure a Tunnel?'''<br />
<br />
The technique varies according to the Operating System you use. However, all involve the creation of a new "pseudo" interface - unlike your normal ethernet network connection, this one doesn't actually exist on the back panel of your computer. However, it exists as far as the Operating System is concerned. A normal ethernet device accepts a data packet (consisting of a header and payload, as previously discussed) and sends it out the ethernet cable (often via a modem, to the Internet). A "pseudo" interface however accepts a data packet, encapsulates it in the data portion of a new packet, adds a new and different header, and passes all that to the ethernet device, which then processes this new data packet as normal, sending it to a recipient who will de-encapsulate it. Reception of tunneled traffic is the reverse process. <br />
<br />
<br />
Consequently, two requirements apply:<br />
<br />
a) The computer must have full connectivity to the non-44 hosts that will send or receive the tunneled packets containing 44-net traffic. You cannot route ALL traffic to the pseudo interface!<br />
<br />
b) The pseudo driver must have a mechanism to tell it which non-44 net hosts can handle particular subsets of 44-net traffic - very few can handle the entire 44-net range! It should be noted that the information changes quite frequently, as tunnel hosts come and go, so must be updated as described below.<br />
<br />
http://wiki.ampr.org/wiki/Main_Page has links to several different ways of configuring tunnels.<br />
<br />
'''How do I obtain and maintain a list of tunnel hosts?'''<br />
<br />
There are three main mechanisms:<br />
<br />
a) log on to the portal (as described above) and navigate to the "Gateways/List" section that permits downloading of the "encap" file. Download that file, and use a script on the computer to turn it into commands that update the configuration of the tunnel device.<br />
<br />
b) receive the encap file by mail, and use a script to process it. You can register for this email on the portal "Gateways/Options" page.<br />
<br />
c) Receive and process "broadcasts" of configuration data that are available. This information is broadcast to all gateways listed on the portal. There is a software package called "ampr-ripd" that enables this process<br />
<br />
'''Can I just route all 44net traffic via a single tunnel?'''<br />
<br />
No. The main AMPRNet gateway does not provide this functionality - you must have a tunnel to each system you wish to contact.<br />
<br />
<br />
'''What is the AmprGW?'''<br />
<br />
The AmprGW is a server run by ARDC at UCSD as part of a long-running Internet research project. It has a number of functions:<br />
<br />
a) It provides a selective gateway between non-AMPRNet internet devices and the IPIP (mesh) AMPRNet. For this traffic, it filters at the per-host(/32) level. Each host which is to receive traffic from the Internet into AMPRNet must individually be listed in the permissions file, which is built from the AMPR.ORG DNS 'A' records. If there is no DNS A record for a tunneled amprnet destination host, the traffic is not forwarded in either direction. Therefore, if you want hosts on your subnet to be able to communicate with the Internet, you will need to have your local coordinator add them to the AMPR.ORG DNS for you.<br />
<br />
b) It forwards traffic between Internet hosts (including those AMPRNet that are directly connected to the Internet [BGP-routed]) and IPIP tunneled AMPRNet hosts. Some "validity" filtering is applied during this process - traffic that is invalid or misconfigured will be dropped. Note: AmprGW does NOT forward between different IPIP tunneled AMPRNet hosts. That is why you cannot have just a single IPIP tunnel for all of AMPRNet. Thus the tunneled AMPRNet as a whole forms a fully-connected mesh, not a 'star' configuration.<br />
<br />
c) AmprGW originates RIP44 broadcasts containing routing information about gateways and the AMPRNet subnets they service. The RIP44 transmissions are sent as IPIP encapsulated UDP packets for port 520 from 169.228.34.84 and sent individually to the commercial (external) address of every gateway. The packets have an inner source address of 44.0.0.1 and an inner destination of 224.0.0.9, the RIP multicast address. They are IPIP encapsulated packets, so without de-encapsulating them, the RIP is not visible to conventional routing software. Specialized software such as 'ampr-ripd' may be employed to make use of the RIP44 broadcasts, to set up AMPRNet routes.<br />
<br />
<br />
'''Can BGP, VPN, and IP tunnel hosts inter-communicate?'''<br />
<br />
Yes. The AMPRNet gateway has been configured to support this functionality.<br />
<br />
'''Can I put my tunnel on my home LAN and use NAT?'''<br />
<br />
Yes. However, in general, a home modem using NAT won't be able to correctly process inbound tunneled 44-net traffic and forward it to the correct host - the "port forward" facility in most NAT devices relies on a port number, but there are no port numbers for a tunnel packet! However, most modems have a "DMZ" facility, whereby all unrecognized traffic (and this includes tunneled traffic) can be forwarded to one particular host on the LAN. That host can then be configured to recognize and correctly process tunneled data. However - security alert! - it will also be exposed to all sorts of other, unwanted traffic as well! See the Security section above.<br />
<br />
'''Can I use an AMPRNet VPN on my home LAN?'''<br />
<br />
Generally, yes. Most home modem/routers have good support for VPN usage, although you mustn't use it for general internet access as it is for amateur radio use only!<br />
<br />
'''How can I get help with AMPRNet issues?'''<br />
<br />
Many amateurs are willing to assist other hams. You can find them on the groups.io 44Net group here https://ardc.groups.io/g/44net<br />
<br />
'''What about 44.128.0.0/16?'''<br />
<br />
Subnet 44.128.0.0/16 is currently reserved for testing. No operational subnets are planned for this address space. Older documentation incorrectly referred to this block of addresses as "private", that is, unrouted like the 192.168.0.0/16 RFC1918 subnet. This is incorrect; the 44.128.0.0/16 subnet can be routed, but do not use it except for brief test purposes.<br />
<br />
'''Credits'''<br />
<br />
This FAQ was originally commenced by Steve VK5ASF, using material from earlier FAQs, from various contributors to the 44net mailing list, and from Brian Kantor.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=FAQ&diff=1069FAQ2024-03-25T07:54:03Z<p>G1fef: </p>
<hr />
<div>'''Frequently Asked Questions'''<br />
<br />
'''What is AMPRNet?'''<br />
<br />
AMPRNet stands for AMateur Packet Radio NETwork. It is a collection of amateur radio-oriented computers, connected together via a variety of technologies, including radio, Internet, and ethernet. However, all of these computers have an IP address that begins with 44 (that is, IP addresses of the form 44.0.0.0/9 or 44.128.0.0/10). For this reason, AMPRnet can also be referred to as 44Net. <br />
<br />
Some further details can be found at https://en.wikipedia.org/wiki/AMPRNet and https://wiki.ampr.org/w/Main_Page<br />
<br />
'''What is AMPRNet for?'''<br />
<br />
The purpose of AMPRNet is to permit experimentation by amateurs in digital networking and to provide computer services to other amateurs using AMPRNet.<br />
<br />
'''What does it cost to use AMPRNet?'''<br />
<br />
There is no cost for using any AMPRNet facilities, however, there may be costs associated with Internet access to reach AMPRNet and/or amateur radio equipment costs.<br />
<br />
'''How do I connect to AMPRNet?'''<br />
<br />
There are four main methods people use:<br />
<br />
* VPN<br />
* BGP routing (See Also [[Announcing your allocation directly]])<br />
* Direct radio links.<br />
* IP Tunneling<br />
<br />
Note: Functionally, a VPN and a tunnel do much the same thing, except a VPN is designed for privacy (i.e. strong authentication and encryption), whilst IP tunnelling in the AMPRNet context is actually an all-to-all interconnected mesh of tunnels and is not encrypted (as often the data is transferred over radio).<br />
<br />
'''What is IP Tunneling?'''<br />
<br />
The information that traverses the Internet does so as "packets" of data, traveling over a variety of routes, between a source and a destination. Each packet contains a header, which tells all the devices along the route information such as the source and destination, plus the payload, which is the data to actually be transferred. Clearly, there must be a path all the way from the sources to the destination, and back. <br />
AMPRNet consists of small, non-connected groups of computers, that would otherwise not be able to connect to one another. However, since internet devices along the route really don't care about the contents of the payload section, you can put a completely new packet into that section, including an entirely different header, and its own payload section. That second header has source and destination addresses completely different from the first header - all that is required is that the first destination recognizes the encapsulated packet, de-encapsulates it, and forwards it to the second header destination. Return traffic follows a corresponding process. In that way, 44-net hosts can communicate with other 44-net hosts, by means of encapsulating their data packets in packets to non-44net hosts. This is called tunneling (or encapsulating). A later section in this FAQ discusses installing a tunnel. <br />
Tunneling is probably the most commonly used method of accessing AMPRNet.<br />
<br />
'''How does AMPR over IP tunnel actually work?'''<br />
<br />
AMPR nodes are actually not connected via a single tunnel but via a large mesh network of tunnels. Suppose user1 has public IP address 198.51.100.1 and user2 has 203.0.113.1. These two can normally communicate over the internet. However, if both users have a 44net IP address, user1 can encapsulate the 44 packet into an outer packet and send it to 203.0.113.1. Similarly, user2 can encapsulate the IP packet with the 44net addresses and send it to 198.51.100.1. In Linux (and most other systems), this is accomplished using a single ipip device and adding a route using the "nexthop" statement. When a packet is pushed into the ipip device, the outer IP header is added and sent to the router in the nexthop statement. A list of all AMPR users is required and this can be either accomplished by downloading a simple textfile and adding the routes manually or by using RIP44, as discussed in the FAQ section below.<br />
<br />
<br />
'''What is a VPN?'''<br />
<br />
VPN stands for Virtual Private Network. It is a facility that enables a computer to act (using the Internet) as though is physically connected to another computer network. There are many different ways to set up a VPN, so this is beyond the scope of this FAQ. However, it always involves configuring software and accounts on a computer, to connect to the VPN server. Some amateurs who have connections to AMPRNet have set up VPN servers so that other amateurs can achieve a "virtual" connection to AMPRNet. The technical details, account details, and IP address details must be obtained from the operator of that VPN. One such VPN is listed at http://wiki.ampr.org/wiki/AMPRNet_VPN.<br />
<br />
<br />
'''What is BGP Routing?'''<br />
<br />
The Internet has millions of different computers connected to it, each having an address. Devices called routers deliver traffic between computers and can send "advertisements" to other routers to tell those other routers about the locations of some of those addresses. The protocol used is called BGP, Border Gateway Protocol. If you are fortunate enough to have a computer that can send BGP advertisements, then you can advertise that your computer is part of the AMPRNet address range, and hence receive AMPRNet traffic.<br />
<br />
Unfortunately, most companies and most commercial ISPs will not permit their users to originate BGP advertisements (especially for address ranges that are not in their usual address range), so BGP is not a viable means to connect to AMPRNet for most people. There are Virtual Private Server (VPS) Providers (or Cloud Providers) who will announce your AMPRNet allocation without the need for your own Autonomous System (AS) number. [[Routing your allocation via BGP]] has a list of VPS/Cloud Providers.<br />
<br />
Installing BGP is beyond the scope of this FAQ. Note however that you must have written permission from the administrator of the ARDC 44 address space, before you BGP advertise any part of that space.<br />
<br />
'''What about radio links?'''<br />
<br />
In many places, groups of amateurs have established networks of radio links, and often have used one of the preceding approaches so that those radio networks connect to and become part of AMPRNet. You would need to contact those groups regarding frequencies, modes, and address allocations.<br />
<br />
'''Do I need to consider security?'''<br />
<br />
Yes! Any computer connected to the Internet must be configured and maintained in a secure fashion, and this includes any computer connected to AMPRNet (regardless of the connection technique). Repeat - you MUST secure your computer! This includes using firewalls, keeping software up to date, using strong passwords, etc etc. In some cases, encryption may also be used.<br />
<br />
How to maintain security is beyond the scope of this FAQ. Searching for "How to secure my computer" will return many, many hits though!<br />
<br />
'''How do I get an address allocation?'''<br />
<br />
If you connect to an existing VPN or existing radio network, it is likely that the operators of those facilities will already have address ranges established and will allocate your address(es). If you wish to establish a new tunnel or BGP-based link, then the process is handled by a semi-automated process on our portal. The steps are:<br />
1. Register using your callsign on the portal https://portal.ampr.org<br />
2. Log in and navigate to the Networks page.<br />
3. Click on your country. A list of regions/subnets may appear; if so, click on the appropriate one.<br />
4. Click on the subnet and you'll be presented with a simple form to complete.<br />
5. If you are requesting a single address for a host, leave the netmask as /32;<br />
6. if you are requesting a block/subnet, select the appropriate netwidth. E.g. for a 256 host subnet, select /24.<br />
7. Put a short message explaining your request in the Message area of the form. Be sure to indicate<br />
if you are planning to directly route a subnet as these require special handling<br />
8. Click Send. Your request will be forwarded to the coordinator for your region/subnet. You'll<br />
receive a confirming email. The coordinator may contact you for further details if required.<br />
<br />
'''Can I have a domain name entry for my AMPRNet host?'''<br />
<br />
Yes. Currently, domain name requests are handled by the area coordinators - contact details are on the portal. Note: the old email robot facility no longer functions.<br />
<br />
'''What about IPv6?'''<br />
<br />
There is no IPv6 equivalent of AMPRNet at present.<br />
<br />
'''How do I configure a Tunnel?'''<br />
<br />
The technique varies according to the Operating System you use. However, all involve the creation of a new "pseudo" interface - unlike your normal ethernet network connection, this one doesn't actually exist on the back panel of your computer. However, it exists as far as the Operating System is concerned. A normal ethernet device accepts a data packet (consisting of a header and payload, as previously discussed) and sends it out the ethernet cable (often via a modem, to the Internet). A "pseudo" interface however accepts a data packet, encapsulates it in the data portion of a new packet, adds a new and different header, and passes all that to the ethernet device, which then processes this new data packet as normal, sending it to a recipient who will de-encapsulate it. Reception of tunneled traffic is the reverse process. <br />
<br />
<br />
Consequently, two requirements apply:<br />
<br />
a) The computer must have full connectivity to the non-44 hosts that will send or receive the tunneled packets containing 44-net traffic. You cannot route ALL traffic to the pseudo interface!<br />
<br />
b) The pseudo driver must have a mechanism to tell it which non-44 net hosts can handle particular subsets of 44-net traffic - very few can handle the entire 44-net range! It should be noted that the information changes quite frequently, as tunnel hosts come and go, so must be updated as described below.<br />
<br />
http://wiki.ampr.org/wiki/Main_Page has links to several different ways of configuring tunnels.<br />
<br />
'''How do I obtain and maintain a list of tunnel hosts?'''<br />
<br />
There are three main mechanisms:<br />
<br />
a) log on to the portal (as described above) and navigate to the "Gateways/List" section that permits downloading of the "encap" file. Download that file, and use a script on the computer to turn it into commands that update the configuration of the tunnel device.<br />
<br />
b) receive the encap file by mail, and use a script to process it. You can register for this email on the portal "Gateways/Options" page.<br />
<br />
c) Receive and process "broadcasts" of configuration data that are available. This information is broadcast to all gateways listed on the portal. There is a software package called "ampr-ripd" that enables this process<br />
<br />
'''Can I just route all 44net traffic via a single tunnel?'''<br />
<br />
No. The main AMPRNet gateway does not provide this functionality - you must have a tunnel to each system you wish to contact.<br />
<br />
<br />
'''What is the AmprGW?'''<br />
<br />
The AmprGW is a server run by ARDC at UCSD as part of a long-running Internet research project. It has a number of functions:<br />
<br />
a) It provides a selective gateway between non-AMPRNet internet devices and the IPIP (mesh) AMPRNet. For this traffic, it filters at the per-host(/32) level. Each host which is to receive traffic from the Internet into AMPRNet must individually be listed in the permissions file, which is built from the AMPR.ORG DNS 'A' records. If there is no DNS A record for a tunneled amprnet destination host, the traffic is not forwarded in either direction. Therefore, if you want hosts on your subnet to be able to communicate with the Internet, you will need to have your local coordinator add them to the AMPR.ORG DNS for you.<br />
<br />
b) It forwards traffic between Internet hosts (including those AMPRNet that are directly connected to the Internet [BGP-routed]) and IPIP tunneled AMPRNet hosts. Some "validity" filtering is applied during this process - traffic that is invalid or misconfigured will be dropped. Note: AmprGW does NOT forward between different IPIP tunneled AMPRNet hosts. That is why you cannot have just a single IPIP tunnel for all of AMPRNet. Thus the tunneled AMPRNet as a whole forms a fully-connected mesh, not a 'star' configuration.<br />
<br />
c) AmprGW originates RIP44 broadcasts containing routing information about gateways and the AMPRNet subnets they service. The RIP44 transmissions are sent as IPIP encapsulated UDP packets for port 520 from 169.228.34.84 and sent individually to the commercial (external) address of every gateway. The packets have an inner source address of 44.0.0.1 and an inner destination of 224.0.0.9, the RIP multicast address. They are IPIP encapsulated packets, so without de-encapsulating them, the RIP is not visible to conventional routing software. Specialized software such as 'ampr-ripd' may be employed to make use of the RIP44 broadcasts, to set up AMPRNet routes.<br />
<br />
<br />
'''Can BGP, VPN, and IP tunnel hosts inter-communicate?'''<br />
<br />
Yes. The AMPRNet gateway has been configured to support this functionality.<br />
<br />
'''Can I put my tunnel on my home LAN and use NAT?'''<br />
<br />
Yes. However, in general, a home modem using NAT won't be able to correctly process inbound tunneled 44-net traffic and forward it to the correct host - the "port forward" facility in most NAT devices relies on a port number, but there are no port numbers for a tunnel packet! However, most modems have a "DMZ" facility, whereby all unrecognized traffic (and this includes tunneled traffic) can be forwarded to one particular host on the LAN. That host can then be configured to recognize and correctly process tunneled data. However - security alert! - it will also be exposed to all sorts of other, unwanted traffic as well! See the Security section above.<br />
<br />
'''Can I use an AMPRNet VPN on my home LAN?'''<br />
<br />
Generally, yes. Most home modem/routers have good support for VPN usage, although you mustn't use it for general internet access as it is for amateur radio use only!<br />
<br />
'''How can I get help with AMPRNet issues?'''<br />
<br />
Many amateurs are willing to assist other hams. You can find them on the groups.io 44Net group here https://ardc.groups.io/g/44net<br />
<br />
'''What about 44.128.0.0/16?'''<br />
<br />
Subnet 44.128.0.0/16 is currently reserved for testing. No operational subnets are planned for this address space. Older documentation incorrectly referred to this block of addresses as "private", that is, unrouted like the 192.168.0.0/16 RFC1918 subnet. This is incorrect; the 44.128.0.0/16 subnet can be routed, but do not use it except for brief test purposes.<br />
<br />
'''Credits'''<br />
<br />
This FAQ was originally commenced by Steve VK5ASF, using material from earlier FAQs, from various contributors to the 44net mailing list, and from Brian Kantor.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=44Net_mailing_list&diff=106844Net mailing list2024-03-16T18:10:50Z<p>G1fef: </p>
<hr />
<div>ARDC now has several groups.io channels you can subscribe to, including one specifically for AMPRNet [https://ardc.groups.io/g/44net https://ardc.groups.io/g/44net] which is replacing the old style mailing list below.<br />
<br />
<br />
The [https://mailman.ampr.org/mailman/listinfo/44net discussion list] is a mailing list where amprnet users and gateway operators discuss all things [[AMPRNet]]. Subscribe and browse the archives to learn more!<br />
<br />
* [https://mailman.ardc.net/mailman3/postorius/lists/44net.mailman.ampr.org/ https://mailman.ardc.net/mailman3/postorius/lists/44net.mailman.ampr.org/]</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Services&diff=1067Services2024-03-16T18:06:30Z<p>G1fef: </p>
<hr />
<div>{| class="wikitable sortable"<br />
|-<br />
! Maintainer !! Service Name!! URL/IP !! Service Type !! Description !! Other Information<br />
|-<br />
| AMPR ||[[Portal]] || https://portal.ampr.org || HTTPS || manage [[Gateway]], [[Encap.txt]] preferences and ampr.org domain entries (domain entry functionality still under development)|| NONE<br />
|-<br />
| AMPR ||Website || https://www.ampr.org || HTTPS || AMPRNet Main Page|| NONE<br />
|-<br />
| AMPR ||Wiki || https://wiki.ampr.org || HTTPS || This Wiki|| NONE<br />
|-<br />
| AMPR ||44Net discussion group || https://ardc.groups.io/g/44net || HTTPS || AMPR discussion group|| NONE<br />
|-<br />
| AMPR ||ARDC announcements || https://ardc.groups.io/g/main || HTTPS || ARDC announcements|| NONE<br />
|-<br />
| AMPR ||AMPRNet [[Gateway]] (AMPRGW) || 169.228.34.84 || IP and IPENCAP [[Tunnel]]|| main AMPRNet Router|| Gateways use IP Protocol 4 (IPENCAP) to receive traffic via AMPRGW. Allocation must be registered in the [[Portal]] and gateways must run an AMPRNet routing protocol (i.e. [[RIP]]44 or [[munge script]]).<br />
|-<br />
| AMPR ||[[RIP]]44 || provided via [https://en.wikipedia.org/wiki/Broadcasting_%28networking%29 broadcast] from 44.0.0.1 to all [[gateway]]s registered in the [[portal]] || Routing Information (modified RIPv2 protocol) || distributed by main AMPRNet Router to multicast address 224.0.0.9|| 1.) an enabled IPENCAP tunnel, and 2.) [[ampr-ripd]] or [[rip44d]] must be running and properly configured on your registered gateway<br />
|-<br />
| AMPR ||[[Encap.txt]] || N/A || Routing Information (EMAIL/FTP/HTTP)|| routing information for download|| file must be must be parsed by a self-developed [[munge script]]<br />
|-<br />
| Various Operators||[[Ampr.org]] DNS and Reverse DNS (44.in-addr.arpa) ||<br />
(These hosts are authoritative for AMPR.ORG and the 44.IN-ADDR.ARPA DNS Zones:)<br />
<br /><br />
gw.ampr.org<br /><br />
ns.ampr.org<br /><br />
a.gw4.uk<br /><br />
ns2.us.ardc.net<br /><br />
ns1.de.ardc.net<br /><br />
(These hosts maintain a copy of AMPR.ORG and the 44.in-addr.arpa DNS Zones. 44/9 / 44.128/10 hosts may use as recursive/Client DNS servers:)<br /><br />
gw.ct.ampr.org (44.88.0.1)<br /><br />
dns-mdc.ampr.org (44.60.44.3)<br /><br />
n1uro.ampr.org (44.88.0.9)<br />
|| DNS || name resolution services|| zone files can be downloaded from ftp://gw.ampr.org/pub/<br />
|-<br />
| Various Operators||Network Tools||<br />
http://whatismyip.ampr.org<br /><br />
http://yo2tm.ampr.org/nettools.php<br /><br />
http://kb3vwg-010.ampr.org/tools<br /><br />
http://speedtest.ampr.org<br /><br />
http://n1uro.ampr.org/do.shtml<br /><br />
|| HTTP|| source IP checker, speed test, Ping, Traceroute, etc.|| NONE<br />
|-<br />
| Various Operators ||Network Time Protocol Server || gw.ampr.org (Stratum 1, US)<br />ntp.vk2hff.ampr.org (Stratum 1, AU)<br />ntp.g1fef.ampr.org (Stratum 1, UK)<br />kb3vwg-001.ampr.org (Stratum 2, US)<br />gw-44-137.pi9noz.ampr.org (Stratum 2)<br />server.yo2loj.ampr.org (Stratum 2)<br />f4gve.ampr.org (Stratum 3)<br />ntp1.on3rvh.ampr.org<br /> || NTP|| Stratum 2 Network Time Server - References US, Canadian and Mexican|| AMPRNet hosts have OPEN ACCESS to these time servers <br />
|-<br />
| OH7LZB ||[[AMPRNet_VPN]] || http://wiki.ampr.org/wiki/AMPRNet_VPN || VPN|| [http://en.wikipedia.org/wiki/OpenVPN OpenVPN]-based || You must have a X.509 certificate issued by [http://www.arrl.org/logbook-of-the-world ARRL Logbook of the World (LoTW)]. ARRL membership is not required.<br />
|-<br />
| N1URO ||AMPRNet/RF faxing || http://wiki.ampr.org/wiki/axMail-FAX || Facsimile || Online IP based Facsimile service. You have the ability to send emergency communications from packet via Fax. || [http://axmail.sourceforge.net axMail-FAX] Sofware is here.<br />
|-<br />
| [http://allstarlink.org AllStar Link] || AllStar || http://allstarlink.org || Linking of repeaters || AllStar Link core network services are provided via redundant datacenters using 44net IP space. || [https://wiki.allstarlink.org/wiki/Main_Page ASL wiki]<br />
|-<br />
| N2NOV and G1FEF || Hub_NA and Hub_EU for WWconvers Chat System || 44.68.41.2:3600<br />44.1.1.25:3600 || Telnet || Only connections from other 44Net addresses allowed using port 3600. Stations like JNOS with a built-in local chat server can link to it.<br /> Individuals without a local chat portal can use an IRC client to a public IP address that must be arranged with the owner. || None<br />
|-<br />
| N2NOV || AMPRNet NE US Regional Portal || http://n2nov.ampr.org/hamgate.html || HTTP || AMPRNet NE US Regional Portal || None<br />
|-<br />
| [https://flscg.org/ FSG]|| HamWAN Remote || https://flscg.org/2022/04/hamwan-remote/ || VPN/BGP || We provide a VPN based remote site connection to [https://flscg.org/hamwan/ HamWAN Tampa] and can announce your IP space. Performance of over 1gbit/s is possible and we provide an local connection point for amateurs in the South East || https://wiki.w9cr.net/index.php/HamWAN_Remote_Site <br />
|-<br />
| [https://hamwan.org HamWAN]||[https://hamwan.org/Labs/Open%20Peering%20Policy.html OPP Website]||Open Peering ||BGP feed||We provide IPsec VPN w/ BGP peering + Internet announcing.||<br />
|-}</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Services&diff=1066Services2024-03-16T18:05:04Z<p>G1fef: </p>
<hr />
<div>{| class="wikitable sortable"<br />
|-<br />
! Maintainer !! Service Name!! URL/IP !! Service Type !! Description !! Other Information<br />
|-<br />
| AMPR ||[[Portal]] || https://portal.ampr.org || HTTPS || manage [[Gateway]], [[Encap.txt]] preferences and ampr.org domain entries (domain entry functionality still under development)|| NONE<br />
|-<br />
| AMPR ||Website || https://www.ampr.org || HTTPS || AMPRNet Main Page|| NONE<br />
|-<br />
| AMPR ||Wiki || https://wiki.ampr.org || HTTPS || This Wiki|| NONE<br />
|-<br />
| AMPR ||44Net discussion group || https://ardc.groups.io/g/44net || HTTPS || AMPR discussion group|| NONE<br />
|-<br />
| AMPR ||ARDC announcements || https://ardc.groups.io/g/main || HTTPS || ARDC announcements|| NONE<br />
|-<br />
| AMPR ||AMPRNet [[Gateway]] (AMPRGW) || 169.228.34.84 || IP and IPENCAP [[Tunnel]]|| main AMPRNet Router|| Gateways use IP Protocol 4 (IPENCAP) to receive traffic via AMPRGW. Allocation must be registered in the [[Portal]] and gateways must run an AMPRNet routing protocol (i.e. [[RIP]]44 or [[munge script]]).<br />
|-<br />
| AMPR ||[[RIP]]44 || provided via [https://en.wikipedia.org/wiki/Broadcasting_%28networking%29 broadcast] from 44.0.0.1 to all [[gateway]]s registered in the [[portal]] || Routing Information (modified RIPv2 protocol) || distributed by main AMPRNet Router to multicast address 224.0.0.9|| 1.) an enabled IPENCAP tunnel, and 2.) [[ampr-ripd]] or [[rip44d]] must be running and properly configured on your registered gateway<br />
|-<br />
| AMPR ||[[Encap.txt]] || N/A || Routing Information (EMAIL/FTP/HTTP)|| routing information for download|| file must be must be parsed by a self-developed [[munge script]]<br />
|-<br />
| Various Operators||[[Ampr.org]] DNS and Reverse DNS (44.in-addr.arpa) ||<br />
(These hosts are authoritative for AMPR.ORG and the 44.IN-ADDR.ARPA DNS Zones:)<br />
<br /><br />
gw.ampr.org<br /><br />
ns.ampr.org<br /><br />
a.gw4.uk<br /><br />
ns2.us.ardc.net<br /><br />
ns1.de.ardc.net<br /><br />
(These hosts maintain a copy of AMPR.ORG and the 44.in-addr.arpa DNS Zones. 44/9 / 44.128/10 hosts may use as recursive/Client DNS servers:)<br /><br />
gw.ct.ampr.org (44.88.0.1)<br /><br />
dns-mdc.ampr.org (44.60.44.3)<br /><br />
n1uro.ampr.org (44.88.0.9)<br />
|| DNS || name resolution services|| zone files can be downloaded from ftp://gw.ampr.org/pub/<br />
|-<br />
| Various Operators||Network Tools||<br />
http://whatismyip.ampr.org<br /><br />
http://yo2tm.ampr.org/nettools.php<br /><br />
http://kb3vwg-010.ampr.org/tools<br /><br />
http://speedtest.ampr.org<br /><br />
http://n1uro.ampr.org/do.shtml<br /><br />
|| HTTP|| source IP checker, speed test, Ping, Traceroute, etc.|| NONE<br />
|-<br />
| Various Operators ||Network Time Protocol Server || gw.ampr.org (Stratum 1, US)<br />ntp.vk2hff.ampr.org (Stratum 1, AU)<br />ntp.g1fef.ampr.org (Stratum 1, UK)<br />kb3vwg-001.ampr.org (Stratum 2, US)<br />gw-44-137.pi9noz.ampr.org (Stratum 2)<br />server.yo2loj.ampr.org (Stratum 2)<br />f4gve.ampr.org (Stratum 3)<br />ntp1.on3rvh.ampr.org<br /> || NTP|| Stratum 2 Network Time Server - References US, Canadian and Mexican|| AMPRNet hosts have OPEN ACCESS to these time servers <br />
|-<br />
| OH7LZB ||[[AMPRNet_VPN]] || http://wiki.ampr.org/wiki/AMPRNet_VPN || VPN|| [http://en.wikipedia.org/wiki/OpenVPN OpenVPN]-based || You must have a X.509 certificate issued by [http://www.arrl.org/logbook-of-the-world ARRL Logbook of the World (LoTW)]. ARRL membership is not required.<br />
|-<br />
| N1URO ||AMPRNet/RF faxing || http://wiki.ampr.org/wiki/axMail-FAX || Facsimile || Online IP based Facsimile service. You have the ability to send emergency communications from packet via Fax. || [http://axmail.sourceforge.net axMail-FAX] Sofware is here.<br />
|-<br />
| [http://allstarlink.org AllStar Link] || AllStar || http://allstarlink.org || Linking of repeaters || AllStar Link core network services are provided via redundant datacenters using 44net IP space. || [https://wiki.allstarlink.org/wiki/Main_Page ASL wiki]<br />
|-<br />
| N2NOV and G1FEEF || Hub_NA and Hub_EU for WWconvers Chat System || 44.68.41.2:3600<br />44.1.1.25:3600 || Telnet || Only connections from other 44Net addresses allowed using port 3600. Stations like JNOS with a built-in local chat server can link to it.<br /> Individuals without a local chat portal can use an IRC client to a public IP address that must be arranged with the owner. || None<br />
|-<br />
| N2NOV || AMPRNet NE US Regional Portal || http://n2nov.ampr.org/hamgate.html || HTTP || AMPRNet NE US Regional Portal || None<br />
|-<br />
| [https://flscg.org/ FSG]|| HamWAN Remote || https://flscg.org/2022/04/hamwan-remote/ || VPN/BGP || We provide a VPN based remote site connection to [https://flscg.org/hamwan/ HamWAN Tampa] and can announce your IP space. Performance of over 1gbit/s is possible and we provide an local connection point for amateurs in the South East || https://wiki.w9cr.net/index.php/HamWAN_Remote_Site <br />
|-<br />
| [https://hamwan.org HamWAN]||[https://hamwan.org/Labs/Open%20Peering%20Policy.html OPP Website]||Open Peering ||BGP feed||We provide IPsec VPN w/ BGP peering + Internet announcing.||<br />
|-}</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Services&diff=1065Services2024-03-16T18:04:21Z<p>G1fef: </p>
<hr />
<div>{| class="wikitable sortable"<br />
|-<br />
! Maintainer !! Service Name!! URL/IP !! Service Type !! Description !! Other Information<br />
|-<br />
| AMPR ||[[Portal]] || https://portal.ampr.org || HTTPS || manage [[Gateway]], [[Encap.txt]] preferences and ampr.org domain entries (domain entry functionality still under development)|| NONE<br />
|-<br />
| AMPR ||Website || https://www.ampr.org || HTTPS || AMPRNet Main Page|| NONE<br />
|-<br />
| AMPR ||Wiki || https://wiki.ampr.org || HTTPS || This Wiki|| NONE<br />
|-<br />
| AMPR ||44Net discussion group || https://ardc.groups.io/g/44net || HTTPS || AMPR discussion group|| NONE<br />
|-<br />
| AMPR ||ARDC announcements || https://ardc.groups.io/g/main || HTTPS || ARDC announcements|| NONE<br />
|-<br />
| AMPR ||AMPRNet [[Gateway]] (AMPRGW) || 169.228.34.84 || IP and IPENCAP [[Tunnel]]|| main AMPRNet Router|| Gateways use IP Protocol 4 (IPENCAP) to receive traffic via AMPRGW. Allocation must be registered in the [[Portal]] and gateways must run an AMPRNet routing protocol (i.e. [[RIP]]44 or [[munge script]]).<br />
|-<br />
| AMPR ||[[RIP]]44 || provided via [https://en.wikipedia.org/wiki/Broadcasting_%28networking%29 broadcast] from 44.0.0.1 to all [[gateway]]s registered in the [[portal]] || Routing Information (modified RIPv2 protocol) || distributed by main AMPRNet Router to multicast address 224.0.0.9|| 1.) an enabled IPENCAP tunnel, and 2.) [[ampr-ripd]] or [[rip44d]] must be running and properly configured on your registered gateway<br />
|-<br />
| AMPR ||[[Encap.txt]] || N/A || Routing Information (EMAIL/FTP/HTTP)|| routing information for download|| file must be must be parsed by a self-developed [[munge script]]<br />
|-<br />
| Various Operators||[[Ampr.org]] DNS and Reverse DNS (44.in-addr.arpa) ||<br />
(These hosts maintain a copy of AMPR.ORG and the 44.IN-ADDR.ARPA DNS Zones:)<br />
<br /><br />
gw.ampr.org<br /><br />
ns.ampr.org<br /><br />
a.gw4.uk<br /><br />
ns2.us.ardc.net<br /><br />
ns1.de.ardc.net<br /><br />
(These hosts maintain a copy of AMPR.ORG and the 44.in-addr.arpa DNS Zones. 44/9 / 44.128/10 hosts may use as recursive/Client DNS servers:)<br /><br />
gw.ct.ampr.org (44.88.0.1)<br /><br />
dns-mdc.ampr.org (44.60.44.3)<br /><br />
n1uro.ampr.org (44.88.0.9)<br />
|| DNS || name resolution services|| zone files can be downloaded from ftp://gw.ampr.org/pub/<br />
|-<br />
| Various Operators||Network Tools||<br />
http://whatismyip.ampr.org<br /><br />
http://yo2tm.ampr.org/nettools.php<br /><br />
http://kb3vwg-010.ampr.org/tools<br /><br />
http://speedtest.ampr.org<br /><br />
http://n1uro.ampr.org/do.shtml<br /><br />
|| HTTP|| source IP checker, speed test, Ping, Traceroute, etc.|| NONE<br />
|-<br />
| Various Operators ||Network Time Protocol Server || gw.ampr.org (Stratum 1, US)<br />ntp.vk2hff.ampr.org (Stratum 1, AU)<br />ntp.g1fef.ampr.org (Stratum 1, UK)<br />kb3vwg-001.ampr.org (Stratum 2, US)<br />gw-44-137.pi9noz.ampr.org (Stratum 2)<br />server.yo2loj.ampr.org (Stratum 2)<br />f4gve.ampr.org (Stratum 3)<br />ntp1.on3rvh.ampr.org<br /> || NTP|| Stratum 2 Network Time Server - References US, Canadian and Mexican|| AMPRNet hosts have OPEN ACCESS to these time servers <br />
|-<br />
| OH7LZB ||[[AMPRNet_VPN]] || http://wiki.ampr.org/wiki/AMPRNet_VPN || VPN|| [http://en.wikipedia.org/wiki/OpenVPN OpenVPN]-based || You must have a X.509 certificate issued by [http://www.arrl.org/logbook-of-the-world ARRL Logbook of the World (LoTW)]. ARRL membership is not required.<br />
|-<br />
| N1URO ||AMPRNet/RF faxing || http://wiki.ampr.org/wiki/axMail-FAX || Facsimile || Online IP based Facsimile service. You have the ability to send emergency communications from packet via Fax. || [http://axmail.sourceforge.net axMail-FAX] Sofware is here.<br />
|-<br />
| [http://allstarlink.org AllStar Link] || AllStar || http://allstarlink.org || Linking of repeaters || AllStar Link core network services are provided via redundant datacenters using 44net IP space. || [https://wiki.allstarlink.org/wiki/Main_Page ASL wiki]<br />
|-<br />
| N2NOV and G1FEEF || Hub_NA and Hub_EU for WWconvers Chat System || 44.68.41.2:3600<br />44.1.1.25:3600 || Telnet || Only connections from other 44Net addresses allowed using port 3600. Stations like JNOS with a built-in local chat server can link to it.<br /> Individuals without a local chat portal can use an IRC client to a public IP address that must be arranged with the owner. || None<br />
|-<br />
| N2NOV || AMPRNet NE US Regional Portal || http://n2nov.ampr.org/hamgate.html || HTTP || AMPRNet NE US Regional Portal || None<br />
|-<br />
| [https://flscg.org/ FSG]|| HamWAN Remote || https://flscg.org/2022/04/hamwan-remote/ || VPN/BGP || We provide a VPN based remote site connection to [https://flscg.org/hamwan/ HamWAN Tampa] and can announce your IP space. Performance of over 1gbit/s is possible and we provide an local connection point for amateurs in the South East || https://wiki.w9cr.net/index.php/HamWAN_Remote_Site <br />
|-<br />
| [https://hamwan.org HamWAN]||[https://hamwan.org/Labs/Open%20Peering%20Policy.html OPP Website]||Open Peering ||BGP feed||We provide IPsec VPN w/ BGP peering + Internet announcing.||<br />
|-}</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Services&diff=1064Services2024-03-16T18:00:48Z<p>G1fef: </p>
<hr />
<div>{| class="wikitable sortable"<br />
|-<br />
! Maintainer !! Service Name!! URL/IP !! Service Type !! Description !! Other Information<br />
|-<br />
| AMPR ||[[Portal]] || https://portal.ampr.org || HTTPS || manage [[Gateway]], [[Encap.txt]] preferences and ampr.org domain entries (domain entry functionality still under development)|| NONE<br />
|-<br />
| AMPR ||Website || https://www.ampr.org || HTTPS || AMPRNet Main Page|| NONE<br />
|-<br />
| AMPR ||Wiki || https://wiki.ampr.org || HTTPS || This Wiki|| NONE<br />
|-<br />
| AMPR ||44Net discussion group || https://ardc.groups.io/g/44net || HTTPS || AMPR discussion group|| NONE<br />
|-<br />
| AMPR ||ARDC announcements || https://ardc.groups.io/g/main || HTTPS || ARDC announcements|| NONE<br />
|-<br />
| AMPR ||AMPRNet [[Gateway]] (AMPRGW) || 169.228.34.84 || IP and IPENCAP [[Tunnel]]|| main AMPRNet Router|| Gateways use IP Protocol 4 (IPENCAP) to receive traffic via AMPRGW. Allocation must be registered in the [[Portal]] and gateways must run an AMPRNet routing protocol (i.e. [[RIP]]44 or [[munge script]]).<br />
|-<br />
| AMPR ||[[RIP]]44 || provided via [https://en.wikipedia.org/wiki/Broadcasting_%28networking%29 broadcast] from 44.0.0.1 to all [[gateway]]s registered in the [[portal]] || Routing Information (modified RIPv2 protocol) || distributed by main AMPRNet Router to multicast address 224.0.0.9|| 1.) an enabled IPENCAP tunnel, and 2.) [[ampr-ripd]] or [[rip44d]] must be running and properly configured on your registered gateway<br />
|-<br />
| AMPR ||[[Encap.txt]] || N/A || Routing Information (EMAIL/FTP/HTTP)|| routing information for download|| file must be must be parsed by a self-developed [[munge script]]<br />
|-<br />
| Various Operators||[[Ampr.org]] DNS and Reverse DNS (44.in-addr.arpa) ||<br />
(These hosts maintain a copy of AMPR.ORG and the 44.IN-ADDR.ARPA DNS Zones:)<br />
<br />ampr.org<br /><br />
ns2.threshinc.com<br /><br />
munnari.OZ.AU<br /><br />
a.coreservers.uk<br /><br />
ampr-dns.in-berlin.de<br /><br />
(These hosts maintain a copy of AMPR.ORG and the 44.in-addr.arpa DNS Zones. 44/8 hosts may use as recursive/Client DNS servers:)<br /><br />
gw.ct.ampr.org (44.88.0.1)<br /><br />
dns-mdc.ampr.org (44.60.44.3)<br /><br />
n1uro.ampr.org (44.88.0.9)<br />
|| DNS || name resolution services|| zone files can be downloaded from ftp://gw.ampr.org/pub/<br />
|-<br />
| Various Operators||Network Tools||<br />
http://whatismyip.ampr.org<br /><br />
http://yo2tm.ampr.org/nettools.php<br /><br />
http://kb3vwg-010.ampr.org/tools<br /><br />
http://speedtest.ampr.org<br /><br />
http://n1uro.ampr.org/do.shtml<br /><br />
|| HTTP|| source IP checker, speed test, Ping, Traceroute, etc.|| NONE<br />
|-<br />
| Various Operators ||Network Time Protocol Server || gw.ampr.org (Stratum 1, US)<br />ntp.vk2hff.ampr.org (Stratum 1, AU)<br />ntp.g1fef.ampr.org (Stratum 1, UK)<br />kb3vwg-001.ampr.org (Stratum 2, US)<br />gw-44-137.pi9noz.ampr.org (Stratum 2)<br />server.yo2loj.ampr.org (Stratum 2)<br />f4gve.ampr.org (Stratum 3)<br />ntp1.on3rvh.ampr.org<br /> || NTP|| Stratum 2 Network Time Server - References US, Canadian and Mexican|| AMPRNet hosts have OPEN ACCESS to these time servers <br />
|-<br />
| OH7LZB ||[[AMPRNet_VPN]] || http://wiki.ampr.org/wiki/AMPRNet_VPN || VPN|| [http://en.wikipedia.org/wiki/OpenVPN OpenVPN]-based || You must have a X.509 certificate issued by [http://www.arrl.org/logbook-of-the-world ARRL Logbook of the World (LoTW)]. ARRL membership is not required.<br />
|-<br />
| N1URO ||AMPRNet/RF faxing || http://wiki.ampr.org/wiki/axMail-FAX || Facsimile || Online IP based Facsimile service. You have the ability to send emergency communications from packet via Fax. || [http://axmail.sourceforge.net axMail-FAX] Sofware is here.<br />
|-<br />
| [http://allstarlink.org AllStar Link] || AllStar || http://allstarlink.org || Linking of repeaters || AllStar Link core network services are provided via redundant datacenters using 44net IP space. || [https://wiki.allstarlink.org/wiki/Main_Page ASL wiki]<br />
|-<br />
| N2NOV and G1FEEF || Hub_NA and Hub_EU for WWconvers Chat System || 44.68.41.2:3600<br />44.1.1.25:3600 || Telnet || Only connections from other 44Net addresses allowed using port 3600. Stations like JNOS with a built-in local chat server can link to it.<br /> Individuals without a local chat portal can use an IRC client to a public IP address that must be arranged with the owner. || None<br />
|-<br />
| N2NOV || AMPRNet NE US Regional Portal || http://n2nov.ampr.org/hamgate.html || HTTP || AMPRNet NE US Regional Portal || None<br />
|-<br />
| [https://flscg.org/ FSG]|| HamWAN Remote || https://flscg.org/2022/04/hamwan-remote/ || VPN/BGP || We provide a VPN based remote site connection to [https://flscg.org/hamwan/ HamWAN Tampa] and can announce your IP space. Performance of over 1gbit/s is possible and we provide an local connection point for amateurs in the South East || https://wiki.w9cr.net/index.php/HamWAN_Remote_Site <br />
|-<br />
| [https://hamwan.org HamWAN]||[https://hamwan.org/Labs/Open%20Peering%20Policy.html OPP Website]||Open Peering ||BGP feed||We provide IPsec VPN w/ BGP peering + Internet announcing.||<br />
|-}</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Services&diff=1063Services2024-03-16T18:00:31Z<p>G1fef: </p>
<hr />
<div>{| class="wikitable sortable"<br />
|-<br />
! Maintainer !! Service Name!! URL/IP !! Service Type !! Description !! Other Information<br />
|-<br />
| AMPR ||[[Portal]] || https://portal.ampr.org || HTTPS || manage [[Gateway]], [[Encap.txt]] preferences and ampr.org domain entries (domain entry functionality still under development)|| NONE<br />
|-<br />
| AMPR ||Website || https://www.ampr.org || HTTPS || AMPRNet Main Page|| NONE<br />
|-<br />
| AMPR ||Wiki || https://wiki.ampr.org || HTTPS || This Wiki|| NONE<br />
|-<br />
| AMPR ||[44Net discussion group] || https://ardc.groups.io/g/44net || HTTPS || AMPR discussion group|| NONE<br />
|-<br />
| AMPR ||[ARDC announcements] || https://ardc.groups.io/g/main || HTTPS || ARDC announcements|| NONE<br />
|-<br />
| AMPR ||AMPRNet [[Gateway]] (AMPRGW) || 169.228.34.84 || IP and IPENCAP [[Tunnel]]|| main AMPRNet Router|| Gateways use IP Protocol 4 (IPENCAP) to receive traffic via AMPRGW. Allocation must be registered in the [[Portal]] and gateways must run an AMPRNet routing protocol (i.e. [[RIP]]44 or [[munge script]]).<br />
|-<br />
| AMPR ||[[RIP]]44 || provided via [https://en.wikipedia.org/wiki/Broadcasting_%28networking%29 broadcast] from 44.0.0.1 to all [[gateway]]s registered in the [[portal]] || Routing Information (modified RIPv2 protocol) || distributed by main AMPRNet Router to multicast address 224.0.0.9|| 1.) an enabled IPENCAP tunnel, and 2.) [[ampr-ripd]] or [[rip44d]] must be running and properly configured on your registered gateway<br />
|-<br />
| AMPR ||[[Encap.txt]] || N/A || Routing Information (EMAIL/FTP/HTTP)|| routing information for download|| file must be must be parsed by a self-developed [[munge script]]<br />
|-<br />
| Various Operators||[[Ampr.org]] DNS and Reverse DNS (44.in-addr.arpa) ||<br />
(These hosts maintain a copy of AMPR.ORG and the 44.IN-ADDR.ARPA DNS Zones:)<br />
<br />ampr.org<br /><br />
ns2.threshinc.com<br /><br />
munnari.OZ.AU<br /><br />
a.coreservers.uk<br /><br />
ampr-dns.in-berlin.de<br /><br />
(These hosts maintain a copy of AMPR.ORG and the 44.in-addr.arpa DNS Zones. 44/8 hosts may use as recursive/Client DNS servers:)<br /><br />
gw.ct.ampr.org (44.88.0.1)<br /><br />
dns-mdc.ampr.org (44.60.44.3)<br /><br />
n1uro.ampr.org (44.88.0.9)<br />
|| DNS || name resolution services|| zone files can be downloaded from ftp://gw.ampr.org/pub/<br />
|-<br />
| Various Operators||Network Tools||<br />
http://whatismyip.ampr.org<br /><br />
http://yo2tm.ampr.org/nettools.php<br /><br />
http://kb3vwg-010.ampr.org/tools<br /><br />
http://speedtest.ampr.org<br /><br />
http://n1uro.ampr.org/do.shtml<br /><br />
|| HTTP|| source IP checker, speed test, Ping, Traceroute, etc.|| NONE<br />
|-<br />
| Various Operators ||Network Time Protocol Server || gw.ampr.org (Stratum 1, US)<br />ntp.vk2hff.ampr.org (Stratum 1, AU)<br />ntp.g1fef.ampr.org (Stratum 1, UK)<br />kb3vwg-001.ampr.org (Stratum 2, US)<br />gw-44-137.pi9noz.ampr.org (Stratum 2)<br />server.yo2loj.ampr.org (Stratum 2)<br />f4gve.ampr.org (Stratum 3)<br />ntp1.on3rvh.ampr.org<br /> || NTP|| Stratum 2 Network Time Server - References US, Canadian and Mexican|| AMPRNet hosts have OPEN ACCESS to these time servers <br />
|-<br />
| OH7LZB ||[[AMPRNet_VPN]] || http://wiki.ampr.org/wiki/AMPRNet_VPN || VPN|| [http://en.wikipedia.org/wiki/OpenVPN OpenVPN]-based || You must have a X.509 certificate issued by [http://www.arrl.org/logbook-of-the-world ARRL Logbook of the World (LoTW)]. ARRL membership is not required.<br />
|-<br />
| N1URO ||AMPRNet/RF faxing || http://wiki.ampr.org/wiki/axMail-FAX || Facsimile || Online IP based Facsimile service. You have the ability to send emergency communications from packet via Fax. || [http://axmail.sourceforge.net axMail-FAX] Sofware is here.<br />
|-<br />
| [http://allstarlink.org AllStar Link] || AllStar || http://allstarlink.org || Linking of repeaters || AllStar Link core network services are provided via redundant datacenters using 44net IP space. || [https://wiki.allstarlink.org/wiki/Main_Page ASL wiki]<br />
|-<br />
| N2NOV and G1FEEF || Hub_NA and Hub_EU for WWconvers Chat System || 44.68.41.2:3600<br />44.1.1.25:3600 || Telnet || Only connections from other 44Net addresses allowed using port 3600. Stations like JNOS with a built-in local chat server can link to it.<br /> Individuals without a local chat portal can use an IRC client to a public IP address that must be arranged with the owner. || None<br />
|-<br />
| N2NOV || AMPRNet NE US Regional Portal || http://n2nov.ampr.org/hamgate.html || HTTP || AMPRNet NE US Regional Portal || None<br />
|-<br />
| [https://flscg.org/ FSG]|| HamWAN Remote || https://flscg.org/2022/04/hamwan-remote/ || VPN/BGP || We provide a VPN based remote site connection to [https://flscg.org/hamwan/ HamWAN Tampa] and can announce your IP space. Performance of over 1gbit/s is possible and we provide an local connection point for amateurs in the South East || https://wiki.w9cr.net/index.php/HamWAN_Remote_Site <br />
|-<br />
| [https://hamwan.org HamWAN]||[https://hamwan.org/Labs/Open%20Peering%20Policy.html OPP Website]||Open Peering ||BGP feed||We provide IPsec VPN w/ BGP peering + Internet announcing.||<br />
|-}</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Services&diff=1062Services2024-03-16T17:59:47Z<p>G1fef: </p>
<hr />
<div>{| class="wikitable sortable"<br />
|-<br />
! Maintainer !! Service Name!! URL/IP !! Service Type !! Description !! Other Information<br />
|-<br />
| AMPR ||[[Portal]] || https://portal.ampr.org || HTTPS || manage [[Gateway]], [[Encap.txt]] preferences and ampr.org domain entries (domain entry functionality still under development)|| NONE<br />
|-<br />
| AMPR ||Website || https://www.ampr.org || HTTPS || AMPRNet Main Page|| NONE<br />
|-<br />
| AMPR ||Wiki || https://wiki.ampr.org || HTTPS || This Wiki|| NONE<br />
|-<br />
| AMPR ||[[44Net discussion group]] || https://ardc.groups.io/g/44net || HTTPS || AMPR discussion group|| NONE<br />
|-<br />
| AMPR ||[[ARDC announcements]] || https://ardc.groups.io/g/main || HTTPS || ARDC announcements|| NONE<br />
|-<br />
| AMPR ||AMPRNet [[Gateway]] (AMPRGW) || 169.228.34.84 || IP and IPENCAP [[Tunnel]]|| main AMPRNet Router|| Gateways use IP Protocol 4 (IPENCAP) to receive traffic via AMPRGW. Allocation must be registered in the [[Portal]] and gateways must run an AMPRNet routing protocol (i.e. [[RIP]]44 or [[munge script]]).<br />
|-<br />
| AMPR ||[[RIP]]44 || provided via [https://en.wikipedia.org/wiki/Broadcasting_%28networking%29 broadcast] from 44.0.0.1 to all [[gateway]]s registered in the [[portal]] || Routing Information (modified RIPv2 protocol) || distributed by main AMPRNet Router to multicast address 224.0.0.9|| 1.) an enabled IPENCAP tunnel, and 2.) [[ampr-ripd]] or [[rip44d]] must be running and properly configured on your registered gateway<br />
|-<br />
| AMPR ||[[Encap.txt]] || N/A || Routing Information (EMAIL/FTP/HTTP)|| routing information for download|| file must be must be parsed by a self-developed [[munge script]]<br />
|-<br />
| Various Operators||[[Ampr.org]] DNS and Reverse DNS (44.in-addr.arpa) ||<br />
(These hosts maintain a copy of AMPR.ORG and the 44.IN-ADDR.ARPA DNS Zones:)<br />
<br />ampr.org<br /><br />
ns2.threshinc.com<br /><br />
munnari.OZ.AU<br /><br />
a.coreservers.uk<br /><br />
ampr-dns.in-berlin.de<br /><br />
(These hosts maintain a copy of AMPR.ORG and the 44.in-addr.arpa DNS Zones. 44/8 hosts may use as recursive/Client DNS servers:)<br /><br />
gw.ct.ampr.org (44.88.0.1)<br /><br />
dns-mdc.ampr.org (44.60.44.3)<br /><br />
n1uro.ampr.org (44.88.0.9)<br />
|| DNS || name resolution services|| zone files can be downloaded from ftp://gw.ampr.org/pub/<br />
|-<br />
| Various Operators||Network Tools||<br />
http://whatismyip.ampr.org<br /><br />
http://yo2tm.ampr.org/nettools.php<br /><br />
http://kb3vwg-010.ampr.org/tools<br /><br />
http://speedtest.ampr.org<br /><br />
http://n1uro.ampr.org/do.shtml<br /><br />
|| HTTP|| source IP checker, speed test, Ping, Traceroute, etc.|| NONE<br />
|-<br />
| Various Operators ||Network Time Protocol Server || gw.ampr.org (Stratum 1, US)<br />ntp.vk2hff.ampr.org (Stratum 1, AU)<br />ntp.g1fef.ampr.org (Stratum 1, UK)<br />kb3vwg-001.ampr.org (Stratum 2, US)<br />gw-44-137.pi9noz.ampr.org (Stratum 2)<br />server.yo2loj.ampr.org (Stratum 2)<br />f4gve.ampr.org (Stratum 3)<br />ntp1.on3rvh.ampr.org<br /> || NTP|| Stratum 2 Network Time Server - References US, Canadian and Mexican|| AMPRNet hosts have OPEN ACCESS to these time servers <br />
|-<br />
| OH7LZB ||[[AMPRNet_VPN]] || http://wiki.ampr.org/wiki/AMPRNet_VPN || VPN|| [http://en.wikipedia.org/wiki/OpenVPN OpenVPN]-based || You must have a X.509 certificate issued by [http://www.arrl.org/logbook-of-the-world ARRL Logbook of the World (LoTW)]. ARRL membership is not required.<br />
|-<br />
| N1URO ||AMPRNet/RF faxing || http://wiki.ampr.org/wiki/axMail-FAX || Facsimile || Online IP based Facsimile service. You have the ability to send emergency communications from packet via Fax. || [http://axmail.sourceforge.net axMail-FAX] Sofware is here.<br />
|-<br />
| [http://allstarlink.org AllStar Link] || AllStar || http://allstarlink.org || Linking of repeaters || AllStar Link core network services are provided via redundant datacenters using 44net IP space. || [https://wiki.allstarlink.org/wiki/Main_Page ASL wiki]<br />
|-<br />
| N2NOV and G1FEEF || Hub_NA and Hub_EU for WWconvers Chat System || 44.68.41.2:3600<br />44.1.1.25:3600 || Telnet || Only connections from other 44Net addresses allowed using port 3600. Stations like JNOS with a built-in local chat server can link to it.<br /> Individuals without a local chat portal can use an IRC client to a public IP address that must be arranged with the owner. || None<br />
|-<br />
| N2NOV || AMPRNet NE US Regional Portal || http://n2nov.ampr.org/hamgate.html || HTTP || AMPRNet NE US Regional Portal || None<br />
|-<br />
| [https://flscg.org/ FSG]|| HamWAN Remote || https://flscg.org/2022/04/hamwan-remote/ || VPN/BGP || We provide a VPN based remote site connection to [https://flscg.org/hamwan/ HamWAN Tampa] and can announce your IP space. Performance of over 1gbit/s is possible and we provide an local connection point for amateurs in the South East || https://wiki.w9cr.net/index.php/HamWAN_Remote_Site <br />
|-<br />
| [https://hamwan.org HamWAN]||[https://hamwan.org/Labs/Open%20Peering%20Policy.html OPP Website]||Open Peering ||BGP feed||We provide IPsec VPN w/ BGP peering + Internet announcing.||<br />
|-}</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Ampr.org&diff=1061Ampr.org2024-02-02T10:08:51Z<p>G1fef: </p>
<hr />
<div>AMPR.ORG is the domain that is available for ham radio operators to register their AMPRNet network [https://en.wikipedia.org/wiki/Host_%28network%29 hosts], and for other ham radio related computer systems.<br />
<br />
Sub-domain names under AMPR.ORG are available to any licensed [https://en.wikipedia.org/wiki/Amateur_radio_operator amateur radio operator] who is interested in advancing the art of amateur radio digital communications. The first step in obtaining your own sub-domain under AMPR.ORG is to register on [https://portal.ampr.org the Portal]<br />
<br />
AMPR.ORG and AMPRNet is administered by Amateur Radio Digital Communications (ARDC) a not-for-profit organisation [https://www.ardc.net/about/who-we-are/ www.ardc.net/about/who-we-are]<br />
<br />
Note that an IP address ''must'' be associated with a domain name in AMPR.ORG in order for the main gateway at UCSD to pass packets to it.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Ampr.org&diff=1060Ampr.org2024-02-02T10:07:44Z<p>G1fef: </p>
<hr />
<div>AMPR.ORG is the domain that is available for ham radio operators to register their AMPRNet network [https://en.wikipedia.org/wiki/Host_%28network%29 hosts], and for other ham radio related computer systems.<br />
<br />
Sub-domain names under AMPR.ORG are available to any licensed [https://en.wikipedia.org/wiki/Amateur_radio_operator amateur radio operator] who is interested in advancing the art of amateur radio digital communications. The first step in obtaining your own sub-domain under AMPR.ORG is to register on [https://portal.ampr.org the Portal]<br />
<br />
AMPR.ORG and AMPRNet is administered by Amateur Radio Digital Communications (ARDC) a not-for-profit organisation [https://www.ardc.net/about/who-we-are/]<br />
<br />
Note that an IP address ''must'' be associated with a domain name in AMPR.ORG in order for the main gateway at UCSD to pass packets to it.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Ampr.org&diff=1059Ampr.org2024-02-02T10:06:49Z<p>G1fef: </p>
<hr />
<div>AMPR.ORG is the domain that is available for ham radio operators to register their AMPRNet network [https://en.wikipedia.org/wiki/Host_%28network%29 hosts], and for other ham radio related computer systems.<br />
<br />
Sub-domain names in AMPR.ORG are available to any licensed [https://en.wikipedia.org/wiki/Amateur_radio_operator amateur radio operator] who is interested in advancing the art of amateur radio digital communications. The first step in obtaining your own sub-domain under AMPR.ORG is to register on [https://portal.ampr.org the Portal]<br />
<br />
AMPR.ORG and AMPRNet is administered by Amateur Radio Digital Communications (ARDC) a not-for-profit organisation [https://www.ardc.net/about/who-we-are/]<br />
<br />
Note that an IP address ''must'' be associated with a domain name in AMPR.ORG in order for the main gateway at UCSD to pass packets to it.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Ampr.org&diff=1058Ampr.org2024-02-02T10:05:21Z<p>G1fef: Brought up to date by adding ARDC as looking after ampr.org</p>
<hr />
<div>AMPR.ORG is the domain that is available for ham radio operators to register their [[AMPRNet]] network [https://en.wikipedia.org/wiki/Host_%28network%29 hosts], and for other ham radio related computer systems.<br />
<br />
Sub-domain names in AMPR.ORG are available to any licensed [https://en.wikipedia.org/wiki/Amateur_radio_operator amateur radio operator] who is interested in advancing the art of amateur radio digital communications. The first step in obtaining your own sub-domain under AMPR.ORG is to register on [https://portal.ampr.org the Portal]<br />
<br />
AMPR.ORG and [[AMPRNet]] is administered by Amateur Radio Digital Communications (ARDC) a not-for-profit organisation [https://www.ardc.net/about/who-we-are/]<br />
<br />
Note that an IP address ''must'' be associated with a domain name in AMPR.ORG in order for the main gateway at UCSD to pass packets to it.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Quickstart&diff=1057Quickstart2024-01-20T16:20:49Z<p>G1fef: </p>
<hr />
<div>So you're a licensed amateur radio operator, you're interested in IP networking, and you want to combine the two. [[AMPRNet]] is for you. This Quickstart guide can help get you set up quickly.<br />
<br />
A system diagram showing 44Net is available <br />
<br />
To get online with [[AMPRNet]], you will probably want to start with a tunnel connection to the rest of the network. You will need the following:<br />
<br />
# A router. This can be a specialized routing device, or a general purpose computer. It probably won't need a lot of compute power, so you can recycle an old PC or something similar.<br />
# An Internet connection that gives you a stable IP address for the rest of the network to talk to you: [[AMPRNet]] tunnels pass AMPRNet data between parts of the AMPR network by encapsulating them in non-44net Internet traffic. Static IP addresses are best for this, but IP addresses dynamically assigned to you by your ISP may work if they change infrequently.<br />
<br />
Once you have a machine to act as a router and a suitable network connection, do the following:<br />
<br />
# [https://portal.ampr.org/register.php Register] on the [[portal]].<br />
Click on REGISTER and complete the requested information<br />
<br />
# Request a network allocation from your regional coordinator.<br />
## From the portal's [https://portal.ampr.org/networks.php networks] page, navigate to your country and region's network subpage.<br />
## From the regional network page, request an allocation. Note, select only ONE of the connection options (Radio, Tunnel, or Direct). To start, you probably want to select 'Tunnel'. For more information on requesting an allocation, see the wiki page on [[Requesting a block]].<br />
# Once your allocation has been granted, [https://portal.ampr.org/gateways_manage.php register your gateway through the portal].<br />
# Once your gateway has been registered, email your local coordinator and ask them to register DNS mappings for the hosts on your network. If you are unable to email your local coordinator, or they do not have access to the DNS update system, then please email hostmaster@ardc.net and someone will get back to you and assist you. Note that the main tunnel router at UCSD will NOT pass traffic to an IP address unless that address is associated with a hostname in the [[Ampr.org|ampr.org]] DNS domain.<br />
# Configure your router to act as a [[Gateway]] to the rest of the network.<br />
<br />
That's it! You now have a tunnel to the rest of the network. From here, you can connect devices via RF links, subnet your network if you like, and start exploring TCP/IP over amateur radio.<br />
<br />
== Next Steps ==<br />
<br />
Once you are connected, you should subscribe to the [[44Net mailing list]].</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Contribute&diff=1053Contribute2023-12-01T16:43:34Z<p>G1fef: </p>
<hr />
<div>== Contribute to this Wiki (please!) ==<br />
<br />
To stop this Wiki getting completely filled up with spam we unfortunately have to password protect edit access.<br />
<br />
However, access is open to anyone wishing to make a useful contribution. All you need to do is drop a short email to wiki [at] ampr.org and ask for access. Please specify your full name and, if you are a licensed radio amateur please include your callsign.<br />
<br />
Someone will action your request and you will receive an email with your login details in due course. Please bear in mind that we are all volunteers, so if you don't get an instant response that's why. Someone will get back to you!<br />
<br />
Thank you in advance for your contributions!</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Requesting_a_block&diff=1052Requesting a block2023-12-01T16:35:35Z<p>G1fef: </p>
<hr />
<div>'''ARDC/44net'''<br />
<br />
You '''must''' request an assignment direct from the Portal.<br />
First you must create your account at the [https://portal.ampr.org/ Portal].<br />
Once you do, you must login. <br><br />
<br />
* '''You also must login every 3-6 months even if it's just to check in to keep your assignment active, you have been warned!'''<br />
<br />
Once logged in, from the '''top''' home tab, you next select the [https://portal.ampr.org/networks.php Networks]tab on the<br />
row below. You will see a listing of subnets.<br />
<br />
In most cases you should then click on the 44.0.0.0/9 NO COUNTRY option (second from the top)<br />
<br />
Next you need to select the subnet most appropriate to your use case:<br />
<br />
* If you want to join the IPIP Tunnel Mesh, AKA AMPRNet, then select 44.63.0.0/16<br />
* For standalone use / anything else, please select 44.61.0.0/16<br />
* If you want a BGP announced assignment then please select 44.31.0.0/16<br />
<br />
After you have clicked on the network of choice, scroll to the bottom of the subsequent page where you will see the message:<br />
<br />
'''"If the address range you want is not within any of the subnets above, or the region you are located in is not listed above, you may request an allocation from the parent network by clicking here:"'''<br />
<br />
Go ahead and click on the link to the right of this message, this will display a request form for you to complete:<br />
<br />
* Choose the size of subnet you would like to request from the dropdown "Netmask requested". Don't be '''greedy''' please only request what you will realistically use within 6 to 12 months (you can always request a larger assignment if your project takes off and you find you need more IPs later on).<br />
<br />
* In the "Description" field enter a short description of the network if it is assigned - generally your callsign is a good choice here, remember it will be public.<br />
<br />
* Leave the "Type" field set to "User" unless you have been instructed to do otherwise.<br />
<br />
* In the "Connection Details" section tick the appropriate option(s) for your request. Most folk can ignore the third option "Direct (BGP)" unless you understand what this represents (announcing the subnet direct on the internet).<br />
<br />
* In the "Notes" field you an enter any information you feel is relevant to your request, any information you feel would make the coordinators job easier when evaluating your request.<br />
<br />
Finally click the "Send" button and wait !<br />
<br />
Please bear in mind that the people who process these requests are volunteers and as such your request may not get looked at immediately, please be patient. If you haven't had an initial contact within 3 or 4 weeks then feel free to email postmaster [at] ardc.net explaining the issue (or use the contact-us form on the portal).<br />
<br />
If you are planning on connecting to the IPIP TunnelMesh, AKA AMPRNet, your next step is [https://wiki.ampr.org/wiki/Registering_Your_Gateway Here] to register your Gateway.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Requesting_a_block&diff=1051Requesting a block2023-12-01T16:35:16Z<p>G1fef: </p>
<hr />
<div>'''ARDC/44net'''<br />
<br />
You '''must''' request an assignment direct from the Portal.<br />
First you must create your account at the [https://portal.ampr.org/ Portal].<br />
Once you do, you must login. <br><br />
<br />
* '''You also must login every 3-6 months even if it's just to check in to keep your assignment active, you have been warned!'''<br />
<br />
Once logged in, from the '''top''' home tab, you next select the [https://portal.ampr.org/networks.php Networks]tab on the<br />
row below. You will see a listing of subnets.<br />
<br />
In most cases you should then click on the 44.0.0.0/9 NO COUNTRY option (second from the top)<br />
<br />
Next you need to select the subnet most appropriate to your use case:<br />
<br />
* If you want to join the IPIP Tunnel Mesh, AKA AMPRNet, then select 44.63.0.0/16<br />
* For standalone use / anything else, please select 44.61.0.0/16<br />
* If you want a BGP announced assignment then please select 44.31.0.0/16<br />
<br />
After you have clicked on the network of choice, scroll to the bottom of the subsequent page where you will see the message:<br />
<br />
'''"If the address range you want is not within any of the subnets above, or the region you are located in is not listed above, you may request an allocation from the parent network by clicking here:"'''<br />
<br />
Go ahead and click on the link to the right of this message, this will display a request form for you to complete:<br />
<br />
* Choose the size of subnet you would like to request from the dropdown "Netmask requested". Don't be '''greedy''' please only request what you will realistically use within 6 to 12 months (you can always request a larger assignment if your project takes off and you find you need more IPs later on).<br />
<br />
* In the "Description" field enter a short description of the network if it is assigned - generally your callsign is a good choice here, remember it will be public.<br />
<br />
* Leave the "Type" field set to "User" unless you have been instructed to do otherwise.<br />
<br />
* In the "Connection Details" section tick the appropriate option(s) for your request. Most folk can ignore the third option "Direct (BGP)" unless you understand what this represents (announcing the subnet direct on the internet).<br />
<br />
* In the "Notes" field you an enter any information you feel is relevant to your request, any information you feel would make the coordinators job easier when evaluating your request.<br />
<br />
Finally click the "Send" button and wait !<br />
<br />
Please bear in mind that the people who process these requests are volunteers and as such your request may not get looked at for a while, please be patient. If you haven't had an initial contact within 3 or 4 weeks then feel free to email postmaster [at] ardc.net explaining the issue (or use the contact-us form on the portal).<br />
<br />
If you are planning on connecting to the IPIP TunnelMesh, AKA AMPRNet, your next step is [https://wiki.ampr.org/wiki/Registering_Your_Gateway Here] to register your Gateway.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Requesting_a_block&diff=1050Requesting a block2023-12-01T16:34:29Z<p>G1fef: </p>
<hr />
<div>'''ARDC/44net'''<br />
<br />
You '''must''' request an assignment direct from the Portal.<br />
First you must create your account at the [https://portal.ampr.org/ Portal].<br />
Once you do, you must login. <br><br />
<br />
* '''You also must login every 3-6 months even if it's just to check in to keep your assignment active, you have been warned!'''<br />
<br />
Once logged in, from the '''top''' home tab, you next select the [https://portal.ampr.org/networks.php Networks]tab on the<br />
row below. You will see a listing of subnets.<br />
<br />
In most cases you should then click on the 44.0.0.0/9 NO COUNTRY option (second from the top)<br />
<br />
Next you need to select the subnet most appropriate to your use case:<br />
<br />
* If you want to join the IPIP Tunnel Mesh, AKA AMPRNet, then select 44.63.0.0/16<br />
* For standalone use / anything else, please select 44.61.0.0/16<br />
* If you want a BGP announced assignment then please select 44.31.0.0/16<br />
<br />
After you have clicked on the network of choice, scroll to the bottom of the subsequent page where you will see the message:<br />
<br />
'''"If the address range you want is not within any of the subnets above, or the region you are located in is not listed above, you may request an allocation from the parent network by clicking here:"'''<br />
<br />
Go ahead and click on the link to the right of this message, this will display a request form for you to complete:<br />
<br />
* Choose the size of subnet you would like to request from the dropdown "Netmask requested". Don't be '''greedy''' please only request what you will realistically use within 6 to 12 months (you can always request a larger assignment if your project takes off and you find you need more IPs later on).<br />
<br />
* In the "Description" field enter a short description of the network if it is assigned - generally your callsign is a good choice here, remember it will be public.<br />
<br />
* Leave the "Type" field set to "User" unless you have been instructed to do otherwise.<br />
<br />
* In the "Connection Details" section tick the appropriate option(s) for your request. Most folk can ignore the third option "Direct (BGP)" unless you understand what this represents (announcing the subnet direct on the internet).<br />
<br />
* In the "Notes" field you an enter any information you feel is relevant to your request, any information you feel would make the coordinators job easier when evaluating your request.<br />
<br />
Finally click the "Send" button and wait !<br />
<br />
Please bear in mind that the people who proess these requests are volunteers and as such your request may not get looked at for a while, please be patient. If you haven't had an initial contact within 3 or 4 weeks then feel free to email postmaster [at] ardc.net explaining the issue (or use the contact-us form on the portal).<br />
<br />
If you are planning on connecting to the IPIP TunnelMesh, AKA AMPRNet, your next step is [https://wiki.ampr.org/wiki/Registering_Your_Gateway Here] to register your Gateway.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Requesting_a_block&diff=1049Requesting a block2023-12-01T16:34:11Z<p>G1fef: </p>
<hr />
<div>'''ARDC/44net'''<br />
<br />
You '''must''' request an assignment direct from the Portal.<br />
First you must create your account at the [https://portal.ampr.org/ Portal].<br />
Once you do, you must login. <br><br />
<br />
* '''You also must login every 3-6 months even if it's just to check in to keep your assignment active, you have been warned!'''<br />
<br />
Once logged in, from the '''top''' home tab, you next select the [https://portal.ampr.org/networks.php Networks]tab on the<br />
row below. You will see a listing of subnets.<br />
<br />
In most cases you should then click on the 44.0.0.0/9 NO COUNTRY option (second from the top)<br />
<br />
Next you need to select the subnet most appropriate to your use case:<br />
<br />
* If you want to join the IPIP Tunnel Mesh, AKA AMPRNet, then select 44.63.0.0/16<br />
* For standalone use / anything else, please select 44.61.0.0/16<br />
* If you want a BGP announced assignment then please select 44.31.0.0/16<br />
<br />
After you have clicked on the network of choice, scroll to the bottom of the subsequent page where you will see the message:<br />
<br />
'''"If the address range you want is not within any of the subnets above, or the region you are located in is not listed above, you may request an allocation from the parent network by clicking here:"'''<br />
<br />
Go ahead and click on the link to the right of this message, this will display a request form for you to complete:<br />
<br />
* Choose the size of subnet you would like to request from the dropdown "Netmask requested". Don't be '''greedy''' please only request what you will ralistically use within 6 to 12 months (you can always request a larger assignment if your project takes off and you find you need more IPs later on).<br />
<br />
* In the "Description" field enter a short description of the network if it is assigned - generally your callsign is a good choice here, remember it will be public.<br />
<br />
* Leave the "Type" field set to "User" unless you have been instructed to do otherwise.<br />
<br />
* In the "Connection Details" section tick the appropriate option(s) for your request. Most folk can ignore the third option "Direct (BGP)" unless you understand what this represents (announcing the subnet direct on the internet).<br />
<br />
* In the "Notes" field you an enter any information you feel is relevant to your request, any information you feel would make the coordinators job easier when evaluating your request.<br />
<br />
Finally click the "Send" button and wait !<br />
<br />
Please bear in mind that the people who proess these requests are volunteers and as such your request may not get looked at for a while, please be patient. If you haven't had an initial contact within 3 or 4 weeks then feel free to email postmaster [at] ardc.net explaining the issue (or use the contact-us form on the portal).<br />
<br />
If you are planning on connecting to the IPIP TunnelMesh, AKA AMPRNet, your next step is [https://wiki.ampr.org/wiki/Registering_Your_Gateway Here] to register your Gateway.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Requesting_a_block&diff=1048Requesting a block2023-12-01T16:33:38Z<p>G1fef: </p>
<hr />
<div>'''ARDC/44net'''<br />
<br />
You '''must''' request an assignment direct from the Portal.<br />
First you must create your account at the [https://portal.ampr.org/ Portal].<br />
Once you do, you must login. <br><br />
<br />
* '''You also must login every 3-6 months even if it's just to check in to keep your assignment active, you have been warned!'''<br />
<br />
Once logged in, from the '''top''' home tab, you next select the [https://portal.ampr.org/networks.php Networks]tab on the<br />
row below. You will see a listing of subnets.<br />
<br />
In most cases you should then click on the 44.0.0.0/9 NO COUNTRY option (second from the top)<br />
<br />
Next you need to select the subnet most appropriate to your use case:<br />
<br />
* If you want to join the IPIP Tunnel Mesh, AKA AMPRNet, then select 44.63.0.0/16<br />
* For standalone use / anything else, please select 44.61.0.0/16<br />
* If you want a BGP announced assignment then please select 44.31.0.0/16<br />
<br />
After you have clicked on the network of choice, scroll to the bottom of the subsequent page where you will see the message:<br />
<br />
'''"If the address range you want is not within any of the subnets above, or the region you are located in is not listed above, you may request an allocation from the parent network by clicking here:"'''<br />
<br />
Go ahead and click on the link to the right of this message, this will display a request form for you to complete.<br />
<br />
Choose the size of subnet you would like to request from the dropdown "Netmask requested". Don't be '''greedy''' please only request what you will ralistically use within 6 to 12 months (you can always request a larger assignment if your project takes off and you find you need more IPs later on).<br />
<br />
In the "Description" field enter a short description of the network if it is assigned - generally your callsign is a good choice here, remember it will be public.<br />
<br />
Leave the "Type" field set to "User" unless you have been instructed to do otherwise.<br />
<br />
In the "Connection Details" section tick the appropriate option(s) for your request. Most folk can ignore the third option "Direct (BGP)" unless you understand what this represents (announcing the subnet direct on the internet).<br />
<br />
In the "Notes" field you an enter any information you feel is relevant to your request, any information you feel would make the coordinators job easier when evaluating your request.<br />
<br />
Finally click the "Send" button and wait !<br />
Please bear in mind that the people who proess these requests are volunteers and as such your request may not get looked at for a while, please be patient. If you haven't had an initial contact within 3 or 4 weeks then feel free to email postmaster [at] ardc.net explaining the issue (or use the contact-us form on the portal).<br />
<br />
If you are planning on connecting to the IPIP TunnelMesh, AKA AMPRNet, your next step is [https://wiki.ampr.org/wiki/Registering_Your_Gateway Here] to register your Gateway.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Requesting_a_block&diff=1047Requesting a block2023-12-01T16:33:15Z<p>G1fef: </p>
<hr />
<div>'''ARDC/44net'''<br />
<br />
You '''must''' request an assignment direct from the Portal.<br />
First you must create your account at the [https://portal.ampr.org/ Portal].<br />
Once you do, you must login. <br><br />
<br />
* '''You also must login every 3-6 months even if it's just to check in to keep your assignment active, you have been warned!'''<br />
<br />
Once logged in, from the '''top''' home tab, you next select the [https://portal.ampr.org/networks.php Networks]tab on the<br />
row below. You will see a listing of subnets.<br />
<br />
In most cases you should then click on the 44.0.0.0/9 NO COUNTRY option (second from the top)<br />
<br />
Next you need to select the subnet most appropriate to your use case:<br />
<br />
* If you want to join the IPIP Tunnel Mesh, AKA AMPRNet, then select 44.63.0.0/16<br />
* For standalone use / anything else, please select 44.61.0.0/16<br />
* If you want a BGP announced assignment then please select 44.31.0.0/16<br />
<br />
After you have clicked on the network of choice, scroll to the bottom of the subsequent page where you will see the message:<br />
<br />
"If the address range you want is not within any of the subnets above, or the region you are located in is not listed above, you may request an allocation from the parent network by clicking here:"<br />
<br />
Go ahead and click on the link to the right of this message, this will display a request form for you to complete.<br />
<br />
Choose the size of subnet you would like to request from the dropdown "Netmask requested". Don't be '''greedy''' please only request what you will ralistically use within 6 to 12 months (you can always request a larger assignment if your project takes off and you find you need more IPs later on).<br />
<br />
In the "Description" field enter a short description of the network if it is assigned - generally your callsign is a good choice here, remember it will be public.<br />
<br />
Leave the "Type" field set to "User" unless you have been instructed to do otherwise.<br />
<br />
In the "Connection Details" section tick the appropriate option(s) for your request. Most folk can ignore the third option "Direct (BGP)" unless you understand what this represents (announcing the subnet direct on the internet).<br />
<br />
In the "Notes" field you an enter any information you feel is relevant to your request, any information you feel would make the coordinators job easier when evaluating your request.<br />
<br />
Finally click the "Send" button and wait !<br />
Please bear in mind that the people who proess these requests are volunteers and as such your request may not get looked at for a while, please be patient. If you haven't had an initial contact within 3 or 4 weeks then feel free to email postmaster [at] ardc.net explaining the issue (or use the contact-us form on the portal).<br />
<br />
If you are planning on connecting to the IPIP TunnelMesh, AKA AMPRNet, your next step is [https://wiki.ampr.org/wiki/Registering_Your_Gateway Here] to register your Gateway.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Requesting_a_block&diff=1046Requesting a block2023-12-01T16:32:58Z<p>G1fef: </p>
<hr />
<div>'''ARDC/44net'''<br />
<br />
You '''must''' request an assignment direct from the Portal.<br />
First you must create your account at the [https://portal.ampr.org/ Portal].<br />
Once you do, you must login. <br><br />
<br />
* '''You also must login every 3-6 months even if it's just to check in to keep your assignment active, you have been warned!'''<br />
<br />
Once logged in, from the '''top''' home tab, you next select the [https://portal.ampr.org/networks.php Networks]tab on the<br />
row below. You will see a listing of subnets.<br />
<br />
In most cases you should then click on the 44.0.0.0/9 NO COUNTRY option (second from the top)<br />
<br />
Next you need to select the subnet most appropriate to your use case:<br />
<br />
* If you want a BGP announced assignment then please select 44.31.0.0/16<br />
* If you want to join the IPIP Tunnel Mesh, AKA AMPRNet, then select 44.63.0.0/16<br />
* For standalone use / anything else, please select 44.61.0.0/16<br />
<br />
After you have clicked on the network of choice, scroll to the bottom of the subsequent page where you will see the message:<br />
<br />
"If the address range you want is not within any of the subnets above, or the region you are located in is not listed above, you may request an allocation from the parent network by clicking here:"<br />
<br />
Go ahead and click on the link to the right of this message, this will display a request form for you to complete.<br />
<br />
Choose the size of subnet you would like to request from the dropdown "Netmask requested". Don't be '''greedy''' please only request what you will ralistically use within 6 to 12 months (you can always request a larger assignment if your project takes off and you find you need more IPs later on).<br />
<br />
In the "Description" field enter a short description of the network if it is assigned - generally your callsign is a good choice here, remember it will be public.<br />
<br />
Leave the "Type" field set to "User" unless you have been instructed to do otherwise.<br />
<br />
In the "Connection Details" section tick the appropriate option(s) for your request. Most folk can ignore the third option "Direct (BGP)" unless you understand what this represents (announcing the subnet direct on the internet).<br />
<br />
In the "Notes" field you an enter any information you feel is relevant to your request, any information you feel would make the coordinators job easier when evaluating your request.<br />
<br />
Finally click the "Send" button and wait !<br />
Please bear in mind that the people who proess these requests are volunteers and as such your request may not get looked at for a while, please be patient. If you haven't had an initial contact within 3 or 4 weeks then feel free to email postmaster [at] ardc.net explaining the issue (or use the contact-us form on the portal).<br />
<br />
If you are planning on connecting to the IPIP TunnelMesh, AKA AMPRNet, your next step is [https://wiki.ampr.org/wiki/Registering_Your_Gateway Here] to register your Gateway.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Requesting_a_block&diff=1045Requesting a block2023-12-01T16:32:35Z<p>G1fef: </p>
<hr />
<div>'''ARDC/44net'''<br />
<br />
You '''must''' request an assignment direct from the Portal.<br />
First you must create your account at the [https://portal.ampr.org/ Portal].<br />
Once you do, you must login. <br><br />
<br />
* '''You also must login every 3-6 months even if it's just to check in to keep your assignment active, you have been warned!'''<br />
<br />
Once logged in, from the '''top''' home tab, you next select the [https://portal.ampr.org/networks.php Networks]tab on the<br />
row below. You will see a listing of subnets.<br />
<br />
In most cases you should then click on the 44.0.0.0/9 NO COUNTRY option (second from the top)<br />
<br />
Next you need to select the subnet most appropriate to your use case:<br />
<br />
If you want a BGP announced assignment then please select 44.31.0.0/16<br />
<br />
If you want to join the IPIP Tunnel Mesh, AKA AMPRNet, then select 44.63.0.0/16<br />
<br />
For standalone use / anything else, please select 44.61.0.0/16<br />
<br />
After you have clicked on the network of choice, scroll to the bottom of the subsequent page where you will see the message:<br />
<br />
"If the address range you want is not within any of the subnets above, or the region you are located in is not listed above, you may request an allocation from the parent network by clicking here:"<br />
<br />
Go ahead and click on the link to the right of this message, this will display a request form for you to complete.<br />
<br />
Choose the size of subnet you would like to request from the dropdown "Netmask requested". Don't be '''greedy''' please only request what you will ralistically use within 6 to 12 months (you can always request a larger assignment if your project takes off and you find you need more IPs later on).<br />
<br />
In the "Description" field enter a short description of the network if it is assigned - generally your callsign is a good choice here, remember it will be public.<br />
<br />
Leave the "Type" field set to "User" unless you have been instructed to do otherwise.<br />
<br />
In the "Connection Details" section tick the appropriate option(s) for your request. Most folk can ignore the third option "Direct (BGP)" unless you understand what this represents (announcing the subnet direct on the internet).<br />
<br />
In the "Notes" field you an enter any information you feel is relevant to your request, any information you feel would make the coordinators job easier when evaluating your request.<br />
<br />
Finally click the "Send" button and wait !<br />
Please bear in mind that the people who proess these requests are volunteers and as such your request may not get looked at for a while, please be patient. If you haven't had an initial contact within 3 or 4 weeks then feel free to email postmaster [at] ardc.net explaining the issue (or use the contact-us form on the portal).<br />
<br />
If you are planning on connecting to the IPIP TunnelMesh, AKA AMPRNet, your next step is [https://wiki.ampr.org/wiki/Registering_Your_Gateway Here] to register your Gateway.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Requesting_a_block&diff=1044Requesting a block2023-12-01T16:31:49Z<p>G1fef: </p>
<hr />
<div>'''ARDC/44net'''<br />
<br />
You '''must''' request an assignment direct from the Portal.<br />
First you must create your account at the [https://portal.ampr.org/ Portal].<br />
Once you do, you must login. <br><br />
<br />
* '''You also must login every 3-6 months even if it's just to check in to keep your assignment active, you have been warned!'''<br />
<br />
Once logged in, from the '''top''' home tab, you next select the [https://portal.ampr.org/networks.php Networks]tab on the<br />
row below. You will see a listing of subnets.<br />
<br />
In most cases you should then click on the 44.0.0.0/9 NO COUNTRY option (second from the top)<br />
<br />
Next you need to select the subnet most appropriate to your use case:<br />
<br />
If you want a BGP announced assignment then please select 44.31.0.0/16<br />
If you want to join the IPIP Tunnel Mesh, AKA AMPRNet, then select 44.63.0.0/16<br />
For standalone use / anything else, please select 44.61.0.0/16<br />
<br />
After you have clicked on the network of choice, scroll to the bottom of the subsequent page where you will see the message:<br />
<br />
"If the address range you want is not within any of the subnets above, or the region you are located in is not listed above, you may request an allocation from the parent network by clicking here:"<br />
<br />
Go ahead and click on the link to the right of this message, this will display a request form for you to complete.<br />
<br />
Choose the size of subnet you would like to request from the dropdown "Netmask requested". Don't be '''greedy''' please only request what you will ralistically use within 6 to 12 months (you can always request a larger assignment if your project takes off and you find you need more IPs later on).<br />
<br />
In the "Description" field enter a short description of the network if it is assigned - generally your callsign is a good choice here, remember it will be public.<br />
<br />
Leave the "Type" field set to "User" unless you have been instructed to do otherwise.<br />
<br />
In the "Connection Details" section tick the appropriate option(s) for your request. Most folk can ignore the third option "Direct (BGP)" unless you understand what this represents (announcing the subnet direct on the internet).<br />
<br />
In the "Notes" field you an enter any information you feel is relevant to your request, any information you feel would make the coordinators job easier when evaluating your request.<br />
<br />
Finally click the "Send" button and wait !<br />
Please bear in mind that the people who proess these requests are volunteers and as such your request may not get looked at for a while, please be patient. If you haven't had an initial contact within 3 or 4 weeks then feel free to email postmaster [at] ardc.net explaining the issue (or use the contact-us form on the portal).<br />
<br />
If you are planning on connecting to the IPIP TunnelMesh, AKA AMPRNet, your next step is [https://wiki.ampr.org/wiki/Registering_Your_Gateway Here] to register your Gateway.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Main_Page&diff=1043Main Page2023-12-01T16:10:22Z<p>G1fef: </p>
<hr />
<div>Welcome to the AMPRNet Wiki.<br />
<br />
44Net is shorthand for Internet network 44 (44.0.0.0/9 & 44.128.0.0/10), also known as AMPRNet. Since its allocation to amateur radio in the mid-1980s, the network has been used by amateur radio operators to conduct scientific research and to experiment with digital communications over radio. The goals are to of advance the state of the art of Amateur Radio networking, and to educate amateur radio operators in these techniques.<br />
<br />
To request an assignment of IPv4 addresses see below.<br />
<br />
__NOTOC__<br />
== Starting points ==<br />
* [[Quickstart]] guide for getting onto the 44Net<br />
* Basic information about 44Net and the [[ampr.org]] domain<br />
* [[Services]] available on 44Net<br />
* If you are looking to get an IP assignment from ARDC please read the [[Portal]] page.<br />
* Frequently Asked Questions (FAQ) [[FAQ]]<br />
* [[Getting started with Linux and packet radio]]<br />
* [[Networks that use 44Net]]<br />
<br />
== How to connect to the 44Net ==<br />
<br />
* Instructions for [[Setting up a gateway on Linux|setting up a Linux gateway]]<br />
* Instructions for [[setting up a gateway on MikroTik Routers|setting up a gateway on MikroTik Routers]].<br />
* Instructions for [[Setting up a gateway on OpenBSD|setting up an OpenBSD gateway]]<br />
* Instructions for [[setting up a gateway on Cisco Routers|setting up a gateway on Cisco Routers]].<br />
* Instructions for [[setting up a gateway on OpenWRT|setting up a gateway on OpenWRT]].<br />
* Instructions for [[setting up a gateway on Ubiquiti EdgeRouter|setting up a gateway on Ubiquiti EdgeRouter]].<br />
* Instructions for [[setting up a gateway on a VyOS instance|setting up a gateway on a VyOS instance]].<br />
* Instructions for [[Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X|Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X]].<br />
* Instructions for [[Announcing_your_allocation_directly|directly announcing your assignment via your Internet Service Provider (ISP)]].<br />
* Instructions for [[OH7LZB_VPN|Accessing 44Net via VPN]] (experimental).<br />
* <b>[[Why can't I just route my AMPRNet allocation directly myself ?]]</b><br />
* If you already operate a [[gateway]] please ensure you have registered on the [[portal]] and "claimed" your [[gateway]].<br />
* After your gateway is operational, consider '''[[Firewalls]]''' and other best practices<br />
<br />
== Groups.io ==<br />
We are now on Groups.io Please consider joining https://ardc.groups.io/g/44net<br />
<br />
== Mailing List ==<br />
To keep up-to-date on AMPRNet information please consider joining the [[44Net mailing list]].<br />
<br />
== Contribute! ==<br />
If you wish to contribute to the wiki, please send an email to <tt>wiki (at) ampr.org</tt> introducing yourself. Please specify your full name and your amateur radio callsign. A login will then be created for you.<br />
<br />
== Terms of Service ==<br />
Use of AMPRNet address space is governed by these [https://www.ampr.org/terms-of-service/ Terms of Service]<br />
<br />
== Other useful features ==<br />
* Instruction on using the [[ampr-map]] position reporting<br />
<br />
== All Pages ==<br />
[https://wiki.ampr.org/wiki/Special:AllPages Here's a list of all pages currently on the 44Net Wiki]</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Main_Page&diff=1028Main Page2023-09-17T17:49:28Z<p>G1fef: </p>
<hr />
<div>Welcome to the AMPRNet Wiki.<br />
<br />
44Net is shorthand for Internet network 44 (44.0.0.0/9 & 44.128.0.0/10), also known as AMPRNet. Since its allocation to amateur radio in the mid-1980s, the network has been used by amateur radio operators to conduct scientific research and to experiment with digital communications over radio. The goals are to of advance the state of the art of Amateur Radio networking, and to educate amateur radio operators in these techniques.<br />
<br />
To request an assignment of IPv4 addresses see below.<br />
<br />
__NOTOC__<br />
== Starting points ==<br />
* [[Quickstart]] guide for getting onto the 44Net<br />
* Basic information about 44Net and the [[ampr.org]] domain<br />
* [[Services]] available on 44Net<br />
* If you are looking to get an IP assignment from ARDC please read the [[Portal]] page.<br />
* Frequently Asked Questions (FAQ) [[FAQ]]<br />
* [[Getting started with Linux and packet radio]]<br />
* [[Networks that use 44Net]]<br />
<br />
== How to connect to the 44Net ==<br />
<br />
* Instructions for [[Setting up a gateway on Linux|setting up a Linux gateway]]<br />
* Instructions for [[Setting up a gateway on OpenBSD|setting up an OpenBSD gateway]]<br />
* Instructions for [[setting up a gateway on Cisco Routers|setting up a gateway on Cisco Routers]].<br />
* Instructions for [[setting up a gateway on MikroTik Routers|setting up a gateway on MikroTik Routers]].<br />
* Instructions for [[setting up a gateway on OpenWRT|setting up a gateway on OpenWRT]].<br />
* Instructions for [[setting up a gateway on Ubiquiti EdgeRouter|setting up a gateway on Ubiquiti EdgeRouter]].<br />
* Instructions for [[setting up a gateway on a VyOS instance|setting up a gateway on a VyOS instance]].<br />
* Instructions for [[Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X|Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X]].<br />
* Instructions for [[Announcing_your_allocation_directly|directly announcing your assignment via your Internet Service Provider (ISP)]].<br />
* Instructions for [[OH7LZB_VPN|Accessing 44Net via VPN]] (experimental).<br />
* <b>[[Why can't I just route my AMPRNet allocation directly myself ?]]</b><br />
* If you already operate a [[gateway]] please ensure you have registered on the [[portal]] and "claimed" your [[gateway]].<br />
* After your gateway is operational, consider '''[[Firewalls]]''' and other best practices<br />
<br />
== Mailing List ==<br />
To keep up-to-date on AMPRNet information please consider joining the [[44Net mailing list]].<br />
<br />
== Contribute! ==<br />
If you wish to contribute to the wiki, please send an email to <tt>wiki (at) ampr.org</tt> introducing yourself. Please specify your full name, amateur radio callsign and your preferred username. A login will then be created for you.<br />
<br />
== Terms of Service ==<br />
Use of AMPRNet address space is governed by these [https://www.ampr.org/terms-of-service/ Terms of Service]<br />
<br />
== Other useful features ==<br />
* Instruction on using the [[ampr-map]] position reporting<br />
<br />
== All Pages ==<br />
[https://wiki.ampr.org/wiki/Special:AllPages Here's a list of all pages currently on the 44Net Wiki]</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Talk:AMPRNet_VPN&diff=1027Talk:AMPRNet VPN2023-09-17T17:48:35Z<p>G1fef: G1fef moved page Talk:AMPRNet VPN to Talk:OH7LZB VPN</p>
<hr />
<div>#REDIRECT [[Talk:OH7LZB VPN]]</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Talk:OH7LZB_VPN&diff=1026Talk:OH7LZB VPN2023-09-17T17:48:35Z<p>G1fef: G1fef moved page Talk:AMPRNet VPN to Talk:OH7LZB VPN</p>
<hr />
<div>Hi,<br />
LOTW private key certificate is a PKCS12 format (p12 file)<br />
To use it with AMPR VPN, you need to first convert it using openssl.<br />
<br />
Example:<br />
openssl pkcs12 -in <callsign>.p12 -out <callsign>.cer<br />
<br />
from this text file, copy the private key section</div>G1fefhttps://wiki.ampr.org/w/index.php?title=AMPRNet_VPN&diff=1025AMPRNet VPN2023-09-17T17:48:35Z<p>G1fef: G1fef moved page AMPRNet VPN to OH7LZB VPN</p>
<hr />
<div>#REDIRECT [[OH7LZB VPN]]</div>G1fefhttps://wiki.ampr.org/w/index.php?title=OH7LZB_VPN&diff=1024OH7LZB VPN2023-09-17T17:48:35Z<p>G1fef: G1fef moved page AMPRNet VPN to OH7LZB VPN</p>
<hr />
<div>The OH7LZB VPN is an experimental method to access the IPIP Mesh using a VPN from anywhere on the Internet. The VPN is openly available to any amateur radio operators who have successfully applied for an X.509 certificate from one of the following Certificate Authorities:<br />
<br />
* [http://www.arrl.org/logbook-of-the-world ARRL Logbook of the World (LoTW)]<br />
<br />
The Certificate Authority (CA) validates using a relatively strong method that the operator is actually licensed, and gives the operator a cryptographic certificate to prove that. Other services, such as this VPN can then check that the operator possesses a valid amateur radio operator certificate (and the accompanying private key), without any manual work being performed by the operators of those services. The operator can use his private key to sign LoTW log files, or any other information he wishes to communicate, and other parties trusting the CA can use the certificate to check that they have been transmitted by someone who has a private key and a certificate for a callsign from the CA.<br />
<br />
If and when other organisations start to give out X.509 certificates, after sufficient amateur radio license validation, the VPN will be configured to accept those in addition to the LoTW. If you're not willing to obtain a LoTW certificate, please set up a CA for your local club or association, document the method of license validation you're using, and I'll be happy to trust your certificates.<br />
<br />
The VPN operator (Hessu, OH7LZB) does not have time to run a CA and validate licenses manually, so please don't ask for a certificate from anywhere else than the CAs listed above. Thanks!<br />
<br />
The VPN is only used to access the IPIP Mesh. While you're connected to the VPN, the VPN client will only transmit packets from you to the IPIP Mesh via the VPN. Packets from you to the rest of the Internet will not go via the VPN - they'll flow out from your local network connection as before. This is called a [http://en.wikipedia.org/wiki/Split_tunneling split tunnel VPN configuration].<br />
<br />
The setup is still a bit complicated - it can be made easier and more automatic with a little additional software in a later phase.<br />
<br />
The VPN is an experimental service. It might be shut down for technical or political reasons - we'll see if it's a feasible idea or not.<br />
<br />
= Getting a certificate from LoTW =<br />
<br />
Go through [https://lotw.arrl.org/lotw-help/getting-started/ these simple steps]. After step 4 you're ready to continue with the VPN.<br />
<br />
It's going to take some time to validate, and you'll have to do some manual work (especially if you're outside the USA), but that is intentional. It significantly reduces abuse of the system, and increases its security.<br />
<br />
= Extracting the certificate from LoTW =<br />
<br />
LoTW uses a custom file format (.TQ*) to exchange certificates, but after the LoTW certificate process is done and the TrustedQSL software has your certificates, they can be easily copied from TrustedQSL's directories. You'll need three files: your '''user certificate''', an '''intermediate certificate''' that was used to sign it, and your '''private key'''. The only secret piece of information is the private key - you should not reveal it to anyone at any point, as they could then use services on your behalf, using your callsign.<br />
<br />
== Windows ==<br />
<br />
* C:\Documents and Settings\your-username\Application Data\TrustedQSL contains two directories, '''certs''' and '''keys'''.<br />
* certs\user contains the '''user certificate'''<br />
* certs\authorities contains an '''intermediate certificate'''<br />
* keys\YOURCALL contains, within some XML, your '''private key'''<br />
<br />
Make copies of those files in another directory, and work on those copies in order to avoid breaking the originals.<br />
<br />
The user and intermediate certificates need to be concatenated to a single file named '''client.crt'''. The user certificate must be first, followed by the intermediate certificate. That can be done by an ascii editor such as Notepad (Wordpad or Word is likely to mess it up in a big way).<br />
<br />
The private key needs to be extracted from the YOURCALL file. The file is a regular ASCII text file, and contains a block which looks something like this (just longer):<br />
<br />
-----BEGIN RSA PRIVATE KEY-----<br />
Proc-Type: 4,ENCRYPTED<br />
DEK-Info: DES-EDE3-CBC,0C7B5495F6A91F31<br />
<br />
0xmWfliK/v9U88MFyYtUbteRoAkfVMK6BllcdID3pZzmdykHaPLZUjXOCUh3vFUX<br />
1bjnYwXpLX/CxgZ6NIxQIk7jMjL3iaP5SkWzCswqi9mCO+zHxuS6PWq7YwbWNFgo<br />
7smNcko1yTp7f/VbS4CZ5kgIF9kCgNaiqdxq+v0IcphQHRR4xjfLpBQ4ckYOi4nC<br />
jqFR1BitwBL4K2JeE9PGUkkUBwvU4oOi9PGChuoxMXs8PwKi/dZTmSWM7kOfMiBw<br />
-----END RSA PRIVATE KEY-----<br />
<br />
Copy-paste that block to a separate file named '''client.key'''.<br />
<br />
== Linux and Mac ==<br />
<br />
* ~/.tqsl/certs/user contains the '''user certificate'''<br />
* ~/.tqsl/certs/authorities contains an '''intermediate certificate'''<br />
* ~/.tqsl/keys/YOURCALL contains, within some XML, your '''private key'''<br />
<br />
The user and intermediate certificates need to be concatenated to a single file named '''client.crt'''. The user certificate must be first, followed by the intermediate certificate. That can be done by a single command:<br />
<br />
cat ~/.tqsl/certs/user ~/.tqsl/certs/authorities > client.crt<br />
<br />
The private key needs to be extracted from the YOURCALL file. The file is a regular ASCII text file, and contains a block which looks something like this (just longer):<br />
<br />
-----BEGIN RSA PRIVATE KEY-----<br />
Proc-Type: 4,ENCRYPTED<br />
DEK-Info: DES-EDE3-CBC,0C7B5495F6A91F31<br />
<br />
0xmWfliK/v9U88MFyYtUbteRoAkfVMK6BllcdID3pZzmdykHaPLZUjXOCUh3vFUX<br />
1bjnYwXpLX/CxgZ6NIxQIk7jMjL3iaP5SkWzCswqi9mCO+zHxuS6PWq7YwbWNFgo<br />
7smNcko1yTp7f/VbS4CZ5kgIF9kCgNaiqdxq+v0IcphQHRR4xjfLpBQ4ckYOi4nC<br />
jqFR1BitwBL4K2JeE9PGUkkUBwvU4oOi9PGChuoxMXs8PwKi/dZTmSWM7kOfMiBw<br />
-----END RSA PRIVATE KEY-----<br />
<br />
Copy-paste that block to a separate file named '''client.key'''. If you're going to open up the original private key file in a text editor, it's a good idea to make a backup copy of that file first in case of an accidental corruption of its contents.<br />
<br />
= Configuring the VPN =<br />
<br />
== Windows: OpenVPN ==<br />
<br />
# [http://openvpn.net/index.php/download/community-downloads.html Download the Windows Installer], it's free and open source.<br />
# Run the installer to install it.<br />
# [http://he.fi/amprnet-vpn/amprnet-vpn-win.zip Download the AMPRNet VPN configuration files for Windows]<br />
# Open up the zip file, it contains two files: amprnet-vpn.ovpn and amprnet-vpn-ca.crt.<br />
# In Start menu, under OpenVPN => Shortcuts you'll find an entry named '''OpenVPN configuration file directory'''. Open it, and move the two files from the zip to the configuration file directory. <br />
# Place client.crt and client.key, which were created previously, in the configuration file directory.<br />
# Run the '''OpenVPN GUI''' from the desktop icon or start menu. A new icon will appear in the lower right corner (two computers with red screens + a globe on the side).<br />
# Right-click the OpenVPN toolbar icon and select '''Connect'''.<br />
<br />
If you chose to encrypt your private key with a password (or passphrase) when initially applying for a LoTW certificate and generating the Certificate Request, OpenVPN will ask you for that password when connecting.<br />
<br />
To rephrase: When OpenVPN says "Enter Password", the password being asked is the one you picked when you first applied for a LoTW certificate. It's not something the VPN operator knows (or should know). It's not the one you got on a postcard. Only you have ever been aware of that password (hopefully).<br />
<br />
== Linux: OpenVPN ==<br />
<br />
=== Ubuntu 15.10 ===<br />
<br />
Here is steps to install the VPN to Ubuntu 15.10 destop. Install OpenVPN plugin to network manager.<br />
Open terminal and type<br />
<br />
sudo apt-get install network-manager-open vpn-gnome<br />
<br />
Then add VPN-connection information to NetworkManager<br />
<br />
# Click network manager icon on taskbar<br />
# Edit connections<br />
# Add<br />
# OpenVPN<br />
# Create<br />
#* Connection name: AMPRNet<br />
#* Gateway: amprnet-vpn1.aprs.fi<br />
#* Select proper files to User Certificate, CA certificate and Private key<br />
#* Optionally enter private key password if you are set one<br />
# Click Advanced<br />
#* [x] Use custom gateway port: 1773<br />
#* [x] Use LZO data compression<br />
# Click OK<br />
# Click Save<br />
# Click Close<br />
<br />
Now you can connect to VPN <br />
<br />
# Click network manager icon on taskbar<br />
# VPN connections -> AMPRNet<br />
# Connection should be established<br />
<br />
== Linux (Raspberry PI): OpenVPN ==<br />
<br />
Log in to Raspberry Pi console. Install openvpn software.<br />
<br />
sudo apt-get install openvpn<br />
<br />
Create openvpn client configuration file with your favourite editor to /etc/openvpn/client.conf<br />
<br />
<pre><br />
client<br />
dev tun<br />
proto udp<br />
remote amprnet-vpn1.aprs.fi 1773<br />
resolv-retry infinite<br />
persist-key<br />
persist-tun<br />
ca amprnet-vpn-ca.crt<br />
cert client.crt<br />
key client.key<br />
comp-lzo<br />
verb 3<br />
</pre><br />
<br />
Extract your client certificate and key as explained above section Extracting the certificate from LoTW. Copy your certificate files client.crt and client.key to /etc/openvpn/ . You also need amprnet-vpn-ca.crt which can be found inside this archive<br />
http://he.fi/amprnet-vpn/amprnet-vpn-win.zip . Extract it and copy to /etc/openvpn/<br />
<br />
Restart openvpn<br />
<br />
service openvpn restart<br />
<br />
All done.<br />
<br />
== Mac OS X: Tunnelblick ==<br />
<br />
# [https://tunnelblick.net/ Download Tunnelblick], it's free and open source, and works like a charm. It's based on OpenVPN.<br />
# [http://he.fi/amprnet-vpn/amprnet-vpn-tblk.zip Download the VPN configuration for Tunnelblick], it's a zip file containing a directory with a couple files<br />
# Double-click the downloaded zip file to extract it, you'll get a directory named '''amprnet-vpn.tblk'''<br />
# Move the '''private key''' (in a file which was named '''client.key''' in the previous step) to that directory<br />
# Move the certificates (in a file which was named '''client.crt''' in the previous step) to that directory<br />
# Double-click the '''amprnet-vpn.tblk''' directory - this will launch Tunnelblick and install the VPN configuration<br />
<br />
You should now see a "tunnel" icon in the top right corner of the screen. Click it to see a few menu items allowing you to connect and disconnect the VPN.<br />
<br />
If you chose to encrypt your private key with a password (or passphrase) when initially applying for a LoTW certificate and generating the Certificate Request, Tunnelblick will ask you for that passphrase when connecting.<br />
<br />
To rephrase: When Tunnelblick says "A passphrase is required to connect to amprnet-vpn", the passphrase being asked is the one you picked when you first applied for a LoTW certificate. It's not something the VPN operator knows (or should know). Only you have ever been aware of that passphrase (hopefully).</div>G1fefhttps://wiki.ampr.org/w/index.php?title=OH7LZB_VPN&diff=1023OH7LZB VPN2023-09-17T17:48:06Z<p>G1fef: </p>
<hr />
<div>The OH7LZB VPN is an experimental method to access the IPIP Mesh using a VPN from anywhere on the Internet. The VPN is openly available to any amateur radio operators who have successfully applied for an X.509 certificate from one of the following Certificate Authorities:<br />
<br />
* [http://www.arrl.org/logbook-of-the-world ARRL Logbook of the World (LoTW)]<br />
<br />
The Certificate Authority (CA) validates using a relatively strong method that the operator is actually licensed, and gives the operator a cryptographic certificate to prove that. Other services, such as this VPN can then check that the operator possesses a valid amateur radio operator certificate (and the accompanying private key), without any manual work being performed by the operators of those services. The operator can use his private key to sign LoTW log files, or any other information he wishes to communicate, and other parties trusting the CA can use the certificate to check that they have been transmitted by someone who has a private key and a certificate for a callsign from the CA.<br />
<br />
If and when other organisations start to give out X.509 certificates, after sufficient amateur radio license validation, the VPN will be configured to accept those in addition to the LoTW. If you're not willing to obtain a LoTW certificate, please set up a CA for your local club or association, document the method of license validation you're using, and I'll be happy to trust your certificates.<br />
<br />
The VPN operator (Hessu, OH7LZB) does not have time to run a CA and validate licenses manually, so please don't ask for a certificate from anywhere else than the CAs listed above. Thanks!<br />
<br />
The VPN is only used to access the IPIP Mesh. While you're connected to the VPN, the VPN client will only transmit packets from you to the IPIP Mesh via the VPN. Packets from you to the rest of the Internet will not go via the VPN - they'll flow out from your local network connection as before. This is called a [http://en.wikipedia.org/wiki/Split_tunneling split tunnel VPN configuration].<br />
<br />
The setup is still a bit complicated - it can be made easier and more automatic with a little additional software in a later phase.<br />
<br />
The VPN is an experimental service. It might be shut down for technical or political reasons - we'll see if it's a feasible idea or not.<br />
<br />
= Getting a certificate from LoTW =<br />
<br />
Go through [https://lotw.arrl.org/lotw-help/getting-started/ these simple steps]. After step 4 you're ready to continue with the VPN.<br />
<br />
It's going to take some time to validate, and you'll have to do some manual work (especially if you're outside the USA), but that is intentional. It significantly reduces abuse of the system, and increases its security.<br />
<br />
= Extracting the certificate from LoTW =<br />
<br />
LoTW uses a custom file format (.TQ*) to exchange certificates, but after the LoTW certificate process is done and the TrustedQSL software has your certificates, they can be easily copied from TrustedQSL's directories. You'll need three files: your '''user certificate''', an '''intermediate certificate''' that was used to sign it, and your '''private key'''. The only secret piece of information is the private key - you should not reveal it to anyone at any point, as they could then use services on your behalf, using your callsign.<br />
<br />
== Windows ==<br />
<br />
* C:\Documents and Settings\your-username\Application Data\TrustedQSL contains two directories, '''certs''' and '''keys'''.<br />
* certs\user contains the '''user certificate'''<br />
* certs\authorities contains an '''intermediate certificate'''<br />
* keys\YOURCALL contains, within some XML, your '''private key'''<br />
<br />
Make copies of those files in another directory, and work on those copies in order to avoid breaking the originals.<br />
<br />
The user and intermediate certificates need to be concatenated to a single file named '''client.crt'''. The user certificate must be first, followed by the intermediate certificate. That can be done by an ascii editor such as Notepad (Wordpad or Word is likely to mess it up in a big way).<br />
<br />
The private key needs to be extracted from the YOURCALL file. The file is a regular ASCII text file, and contains a block which looks something like this (just longer):<br />
<br />
-----BEGIN RSA PRIVATE KEY-----<br />
Proc-Type: 4,ENCRYPTED<br />
DEK-Info: DES-EDE3-CBC,0C7B5495F6A91F31<br />
<br />
0xmWfliK/v9U88MFyYtUbteRoAkfVMK6BllcdID3pZzmdykHaPLZUjXOCUh3vFUX<br />
1bjnYwXpLX/CxgZ6NIxQIk7jMjL3iaP5SkWzCswqi9mCO+zHxuS6PWq7YwbWNFgo<br />
7smNcko1yTp7f/VbS4CZ5kgIF9kCgNaiqdxq+v0IcphQHRR4xjfLpBQ4ckYOi4nC<br />
jqFR1BitwBL4K2JeE9PGUkkUBwvU4oOi9PGChuoxMXs8PwKi/dZTmSWM7kOfMiBw<br />
-----END RSA PRIVATE KEY-----<br />
<br />
Copy-paste that block to a separate file named '''client.key'''.<br />
<br />
== Linux and Mac ==<br />
<br />
* ~/.tqsl/certs/user contains the '''user certificate'''<br />
* ~/.tqsl/certs/authorities contains an '''intermediate certificate'''<br />
* ~/.tqsl/keys/YOURCALL contains, within some XML, your '''private key'''<br />
<br />
The user and intermediate certificates need to be concatenated to a single file named '''client.crt'''. The user certificate must be first, followed by the intermediate certificate. That can be done by a single command:<br />
<br />
cat ~/.tqsl/certs/user ~/.tqsl/certs/authorities > client.crt<br />
<br />
The private key needs to be extracted from the YOURCALL file. The file is a regular ASCII text file, and contains a block which looks something like this (just longer):<br />
<br />
-----BEGIN RSA PRIVATE KEY-----<br />
Proc-Type: 4,ENCRYPTED<br />
DEK-Info: DES-EDE3-CBC,0C7B5495F6A91F31<br />
<br />
0xmWfliK/v9U88MFyYtUbteRoAkfVMK6BllcdID3pZzmdykHaPLZUjXOCUh3vFUX<br />
1bjnYwXpLX/CxgZ6NIxQIk7jMjL3iaP5SkWzCswqi9mCO+zHxuS6PWq7YwbWNFgo<br />
7smNcko1yTp7f/VbS4CZ5kgIF9kCgNaiqdxq+v0IcphQHRR4xjfLpBQ4ckYOi4nC<br />
jqFR1BitwBL4K2JeE9PGUkkUBwvU4oOi9PGChuoxMXs8PwKi/dZTmSWM7kOfMiBw<br />
-----END RSA PRIVATE KEY-----<br />
<br />
Copy-paste that block to a separate file named '''client.key'''. If you're going to open up the original private key file in a text editor, it's a good idea to make a backup copy of that file first in case of an accidental corruption of its contents.<br />
<br />
= Configuring the VPN =<br />
<br />
== Windows: OpenVPN ==<br />
<br />
# [http://openvpn.net/index.php/download/community-downloads.html Download the Windows Installer], it's free and open source.<br />
# Run the installer to install it.<br />
# [http://he.fi/amprnet-vpn/amprnet-vpn-win.zip Download the AMPRNet VPN configuration files for Windows]<br />
# Open up the zip file, it contains two files: amprnet-vpn.ovpn and amprnet-vpn-ca.crt.<br />
# In Start menu, under OpenVPN => Shortcuts you'll find an entry named '''OpenVPN configuration file directory'''. Open it, and move the two files from the zip to the configuration file directory. <br />
# Place client.crt and client.key, which were created previously, in the configuration file directory.<br />
# Run the '''OpenVPN GUI''' from the desktop icon or start menu. A new icon will appear in the lower right corner (two computers with red screens + a globe on the side).<br />
# Right-click the OpenVPN toolbar icon and select '''Connect'''.<br />
<br />
If you chose to encrypt your private key with a password (or passphrase) when initially applying for a LoTW certificate and generating the Certificate Request, OpenVPN will ask you for that password when connecting.<br />
<br />
To rephrase: When OpenVPN says "Enter Password", the password being asked is the one you picked when you first applied for a LoTW certificate. It's not something the VPN operator knows (or should know). It's not the one you got on a postcard. Only you have ever been aware of that password (hopefully).<br />
<br />
== Linux: OpenVPN ==<br />
<br />
=== Ubuntu 15.10 ===<br />
<br />
Here is steps to install the VPN to Ubuntu 15.10 destop. Install OpenVPN plugin to network manager.<br />
Open terminal and type<br />
<br />
sudo apt-get install network-manager-open vpn-gnome<br />
<br />
Then add VPN-connection information to NetworkManager<br />
<br />
# Click network manager icon on taskbar<br />
# Edit connections<br />
# Add<br />
# OpenVPN<br />
# Create<br />
#* Connection name: AMPRNet<br />
#* Gateway: amprnet-vpn1.aprs.fi<br />
#* Select proper files to User Certificate, CA certificate and Private key<br />
#* Optionally enter private key password if you are set one<br />
# Click Advanced<br />
#* [x] Use custom gateway port: 1773<br />
#* [x] Use LZO data compression<br />
# Click OK<br />
# Click Save<br />
# Click Close<br />
<br />
Now you can connect to VPN <br />
<br />
# Click network manager icon on taskbar<br />
# VPN connections -> AMPRNet<br />
# Connection should be established<br />
<br />
== Linux (Raspberry PI): OpenVPN ==<br />
<br />
Log in to Raspberry Pi console. Install openvpn software.<br />
<br />
sudo apt-get install openvpn<br />
<br />
Create openvpn client configuration file with your favourite editor to /etc/openvpn/client.conf<br />
<br />
<pre><br />
client<br />
dev tun<br />
proto udp<br />
remote amprnet-vpn1.aprs.fi 1773<br />
resolv-retry infinite<br />
persist-key<br />
persist-tun<br />
ca amprnet-vpn-ca.crt<br />
cert client.crt<br />
key client.key<br />
comp-lzo<br />
verb 3<br />
</pre><br />
<br />
Extract your client certificate and key as explained above section Extracting the certificate from LoTW. Copy your certificate files client.crt and client.key to /etc/openvpn/ . You also need amprnet-vpn-ca.crt which can be found inside this archive<br />
http://he.fi/amprnet-vpn/amprnet-vpn-win.zip . Extract it and copy to /etc/openvpn/<br />
<br />
Restart openvpn<br />
<br />
service openvpn restart<br />
<br />
All done.<br />
<br />
== Mac OS X: Tunnelblick ==<br />
<br />
# [https://tunnelblick.net/ Download Tunnelblick], it's free and open source, and works like a charm. It's based on OpenVPN.<br />
# [http://he.fi/amprnet-vpn/amprnet-vpn-tblk.zip Download the VPN configuration for Tunnelblick], it's a zip file containing a directory with a couple files<br />
# Double-click the downloaded zip file to extract it, you'll get a directory named '''amprnet-vpn.tblk'''<br />
# Move the '''private key''' (in a file which was named '''client.key''' in the previous step) to that directory<br />
# Move the certificates (in a file which was named '''client.crt''' in the previous step) to that directory<br />
# Double-click the '''amprnet-vpn.tblk''' directory - this will launch Tunnelblick and install the VPN configuration<br />
<br />
You should now see a "tunnel" icon in the top right corner of the screen. Click it to see a few menu items allowing you to connect and disconnect the VPN.<br />
<br />
If you chose to encrypt your private key with a password (or passphrase) when initially applying for a LoTW certificate and generating the Certificate Request, Tunnelblick will ask you for that passphrase when connecting.<br />
<br />
To rephrase: When Tunnelblick says "A passphrase is required to connect to amprnet-vpn", the passphrase being asked is the one you picked when you first applied for a LoTW certificate. It's not something the VPN operator knows (or should know). Only you have ever been aware of that passphrase (hopefully).</div>G1fefhttps://wiki.ampr.org/w/index.php?title=OH7LZB_VPN&diff=1022OH7LZB VPN2023-09-17T17:47:52Z<p>G1fef: </p>
<hr />
<div>OH7LZB VPN is an experimental method to access the IPIP Mesh using a VPN from anywhere on the Internet. The VPN is openly available to any amateur radio operators who have successfully applied for an X.509 certificate from one of the following Certificate Authorities:<br />
<br />
* [http://www.arrl.org/logbook-of-the-world ARRL Logbook of the World (LoTW)]<br />
<br />
The Certificate Authority (CA) validates using a relatively strong method that the operator is actually licensed, and gives the operator a cryptographic certificate to prove that. Other services, such as this VPN can then check that the operator possesses a valid amateur radio operator certificate (and the accompanying private key), without any manual work being performed by the operators of those services. The operator can use his private key to sign LoTW log files, or any other information he wishes to communicate, and other parties trusting the CA can use the certificate to check that they have been transmitted by someone who has a private key and a certificate for a callsign from the CA.<br />
<br />
If and when other organisations start to give out X.509 certificates, after sufficient amateur radio license validation, the VPN will be configured to accept those in addition to the LoTW. If you're not willing to obtain a LoTW certificate, please set up a CA for your local club or association, document the method of license validation you're using, and I'll be happy to trust your certificates.<br />
<br />
The VPN operator (Hessu, OH7LZB) does not have time to run a CA and validate licenses manually, so please don't ask for a certificate from anywhere else than the CAs listed above. Thanks!<br />
<br />
The VPN is only used to access the IPIP Mesh. While you're connected to the VPN, the VPN client will only transmit packets from you to the IPIP Mesh via the VPN. Packets from you to the rest of the Internet will not go via the VPN - they'll flow out from your local network connection as before. This is called a [http://en.wikipedia.org/wiki/Split_tunneling split tunnel VPN configuration].<br />
<br />
The setup is still a bit complicated - it can be made easier and more automatic with a little additional software in a later phase.<br />
<br />
The VPN is an experimental service. It might be shut down for technical or political reasons - we'll see if it's a feasible idea or not.<br />
<br />
= Getting a certificate from LoTW =<br />
<br />
Go through [https://lotw.arrl.org/lotw-help/getting-started/ these simple steps]. After step 4 you're ready to continue with the VPN.<br />
<br />
It's going to take some time to validate, and you'll have to do some manual work (especially if you're outside the USA), but that is intentional. It significantly reduces abuse of the system, and increases its security.<br />
<br />
= Extracting the certificate from LoTW =<br />
<br />
LoTW uses a custom file format (.TQ*) to exchange certificates, but after the LoTW certificate process is done and the TrustedQSL software has your certificates, they can be easily copied from TrustedQSL's directories. You'll need three files: your '''user certificate''', an '''intermediate certificate''' that was used to sign it, and your '''private key'''. The only secret piece of information is the private key - you should not reveal it to anyone at any point, as they could then use services on your behalf, using your callsign.<br />
<br />
== Windows ==<br />
<br />
* C:\Documents and Settings\your-username\Application Data\TrustedQSL contains two directories, '''certs''' and '''keys'''.<br />
* certs\user contains the '''user certificate'''<br />
* certs\authorities contains an '''intermediate certificate'''<br />
* keys\YOURCALL contains, within some XML, your '''private key'''<br />
<br />
Make copies of those files in another directory, and work on those copies in order to avoid breaking the originals.<br />
<br />
The user and intermediate certificates need to be concatenated to a single file named '''client.crt'''. The user certificate must be first, followed by the intermediate certificate. That can be done by an ascii editor such as Notepad (Wordpad or Word is likely to mess it up in a big way).<br />
<br />
The private key needs to be extracted from the YOURCALL file. The file is a regular ASCII text file, and contains a block which looks something like this (just longer):<br />
<br />
-----BEGIN RSA PRIVATE KEY-----<br />
Proc-Type: 4,ENCRYPTED<br />
DEK-Info: DES-EDE3-CBC,0C7B5495F6A91F31<br />
<br />
0xmWfliK/v9U88MFyYtUbteRoAkfVMK6BllcdID3pZzmdykHaPLZUjXOCUh3vFUX<br />
1bjnYwXpLX/CxgZ6NIxQIk7jMjL3iaP5SkWzCswqi9mCO+zHxuS6PWq7YwbWNFgo<br />
7smNcko1yTp7f/VbS4CZ5kgIF9kCgNaiqdxq+v0IcphQHRR4xjfLpBQ4ckYOi4nC<br />
jqFR1BitwBL4K2JeE9PGUkkUBwvU4oOi9PGChuoxMXs8PwKi/dZTmSWM7kOfMiBw<br />
-----END RSA PRIVATE KEY-----<br />
<br />
Copy-paste that block to a separate file named '''client.key'''.<br />
<br />
== Linux and Mac ==<br />
<br />
* ~/.tqsl/certs/user contains the '''user certificate'''<br />
* ~/.tqsl/certs/authorities contains an '''intermediate certificate'''<br />
* ~/.tqsl/keys/YOURCALL contains, within some XML, your '''private key'''<br />
<br />
The user and intermediate certificates need to be concatenated to a single file named '''client.crt'''. The user certificate must be first, followed by the intermediate certificate. That can be done by a single command:<br />
<br />
cat ~/.tqsl/certs/user ~/.tqsl/certs/authorities > client.crt<br />
<br />
The private key needs to be extracted from the YOURCALL file. The file is a regular ASCII text file, and contains a block which looks something like this (just longer):<br />
<br />
-----BEGIN RSA PRIVATE KEY-----<br />
Proc-Type: 4,ENCRYPTED<br />
DEK-Info: DES-EDE3-CBC,0C7B5495F6A91F31<br />
<br />
0xmWfliK/v9U88MFyYtUbteRoAkfVMK6BllcdID3pZzmdykHaPLZUjXOCUh3vFUX<br />
1bjnYwXpLX/CxgZ6NIxQIk7jMjL3iaP5SkWzCswqi9mCO+zHxuS6PWq7YwbWNFgo<br />
7smNcko1yTp7f/VbS4CZ5kgIF9kCgNaiqdxq+v0IcphQHRR4xjfLpBQ4ckYOi4nC<br />
jqFR1BitwBL4K2JeE9PGUkkUBwvU4oOi9PGChuoxMXs8PwKi/dZTmSWM7kOfMiBw<br />
-----END RSA PRIVATE KEY-----<br />
<br />
Copy-paste that block to a separate file named '''client.key'''. If you're going to open up the original private key file in a text editor, it's a good idea to make a backup copy of that file first in case of an accidental corruption of its contents.<br />
<br />
= Configuring the VPN =<br />
<br />
== Windows: OpenVPN ==<br />
<br />
# [http://openvpn.net/index.php/download/community-downloads.html Download the Windows Installer], it's free and open source.<br />
# Run the installer to install it.<br />
# [http://he.fi/amprnet-vpn/amprnet-vpn-win.zip Download the AMPRNet VPN configuration files for Windows]<br />
# Open up the zip file, it contains two files: amprnet-vpn.ovpn and amprnet-vpn-ca.crt.<br />
# In Start menu, under OpenVPN => Shortcuts you'll find an entry named '''OpenVPN configuration file directory'''. Open it, and move the two files from the zip to the configuration file directory. <br />
# Place client.crt and client.key, which were created previously, in the configuration file directory.<br />
# Run the '''OpenVPN GUI''' from the desktop icon or start menu. A new icon will appear in the lower right corner (two computers with red screens + a globe on the side).<br />
# Right-click the OpenVPN toolbar icon and select '''Connect'''.<br />
<br />
If you chose to encrypt your private key with a password (or passphrase) when initially applying for a LoTW certificate and generating the Certificate Request, OpenVPN will ask you for that password when connecting.<br />
<br />
To rephrase: When OpenVPN says "Enter Password", the password being asked is the one you picked when you first applied for a LoTW certificate. It's not something the VPN operator knows (or should know). It's not the one you got on a postcard. Only you have ever been aware of that password (hopefully).<br />
<br />
== Linux: OpenVPN ==<br />
<br />
=== Ubuntu 15.10 ===<br />
<br />
Here is steps to install the VPN to Ubuntu 15.10 destop. Install OpenVPN plugin to network manager.<br />
Open terminal and type<br />
<br />
sudo apt-get install network-manager-open vpn-gnome<br />
<br />
Then add VPN-connection information to NetworkManager<br />
<br />
# Click network manager icon on taskbar<br />
# Edit connections<br />
# Add<br />
# OpenVPN<br />
# Create<br />
#* Connection name: AMPRNet<br />
#* Gateway: amprnet-vpn1.aprs.fi<br />
#* Select proper files to User Certificate, CA certificate and Private key<br />
#* Optionally enter private key password if you are set one<br />
# Click Advanced<br />
#* [x] Use custom gateway port: 1773<br />
#* [x] Use LZO data compression<br />
# Click OK<br />
# Click Save<br />
# Click Close<br />
<br />
Now you can connect to VPN <br />
<br />
# Click network manager icon on taskbar<br />
# VPN connections -> AMPRNet<br />
# Connection should be established<br />
<br />
== Linux (Raspberry PI): OpenVPN ==<br />
<br />
Log in to Raspberry Pi console. Install openvpn software.<br />
<br />
sudo apt-get install openvpn<br />
<br />
Create openvpn client configuration file with your favourite editor to /etc/openvpn/client.conf<br />
<br />
<pre><br />
client<br />
dev tun<br />
proto udp<br />
remote amprnet-vpn1.aprs.fi 1773<br />
resolv-retry infinite<br />
persist-key<br />
persist-tun<br />
ca amprnet-vpn-ca.crt<br />
cert client.crt<br />
key client.key<br />
comp-lzo<br />
verb 3<br />
</pre><br />
<br />
Extract your client certificate and key as explained above section Extracting the certificate from LoTW. Copy your certificate files client.crt and client.key to /etc/openvpn/ . You also need amprnet-vpn-ca.crt which can be found inside this archive<br />
http://he.fi/amprnet-vpn/amprnet-vpn-win.zip . Extract it and copy to /etc/openvpn/<br />
<br />
Restart openvpn<br />
<br />
service openvpn restart<br />
<br />
All done.<br />
<br />
== Mac OS X: Tunnelblick ==<br />
<br />
# [https://tunnelblick.net/ Download Tunnelblick], it's free and open source, and works like a charm. It's based on OpenVPN.<br />
# [http://he.fi/amprnet-vpn/amprnet-vpn-tblk.zip Download the VPN configuration for Tunnelblick], it's a zip file containing a directory with a couple files<br />
# Double-click the downloaded zip file to extract it, you'll get a directory named '''amprnet-vpn.tblk'''<br />
# Move the '''private key''' (in a file which was named '''client.key''' in the previous step) to that directory<br />
# Move the certificates (in a file which was named '''client.crt''' in the previous step) to that directory<br />
# Double-click the '''amprnet-vpn.tblk''' directory - this will launch Tunnelblick and install the VPN configuration<br />
<br />
You should now see a "tunnel" icon in the top right corner of the screen. Click it to see a few menu items allowing you to connect and disconnect the VPN.<br />
<br />
If you chose to encrypt your private key with a password (or passphrase) when initially applying for a LoTW certificate and generating the Certificate Request, Tunnelblick will ask you for that passphrase when connecting.<br />
<br />
To rephrase: When Tunnelblick says "A passphrase is required to connect to amprnet-vpn", the passphrase being asked is the one you picked when you first applied for a LoTW certificate. It's not something the VPN operator knows (or should know). Only you have ever been aware of that passphrase (hopefully).</div>G1fefhttps://wiki.ampr.org/w/index.php?title=User:G1fef&diff=1020User:G1fef2023-09-15T21:02:05Z<p>G1fef: G1fef moved page User:W9GYR to User:G1fef: Automatically moved page while merging the account "W9GYR" to "G1fef"</p>
<hr />
<div>I am one of the coordinators of the Rhode Island HSMM-MESH network.<br />
<br />
-mikeu<br />
<br />
W9GYR<br><br />
FN41hu</div>G1fefhttps://wiki.ampr.org/w/index.php?title=API&diff=1019API2023-08-16T17:26:48Z<p>G1fef: </p>
<hr />
<div><br />
The AMPRNet [[Portal]] has an associated API that allows the data and functionality of the [[Portal]] to be accessed programatically.<br />
<br />
Version 1 of the API uses a RESTful design, accessible only via SSL (https://) to increase security.<br />
<br />
All requests to the API require the client to authenticate by using Basic HTTP authentication, <br />
so you will need a username and password in order to access any part of the API, <br />
this can be obtained by registering for an account on the [[Portal]].<br />
<br />
Once you have an account, you can create your API Key (password) from the "Profile' menu link, in the "Security" section.<br />
The API username is the same username you used to login to the [[Portal]] via your web browser.<br />
<br />
Full details of how to use the API, along with examples, can be found once you login to the [[Portal]], under the "API" menu link.</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Portal&diff=1018Portal2023-08-16T17:24:43Z<p>G1fef: /* Background */</p>
<hr />
<div>We have developed a Portal that allows users of the AMPRNet address space to manage their allocations, configure gateway information and manage their entries in the ampr.org domain. The portal can be found here:<br />
<br />
[https://portal.ampr.org https://portal.ampr.org]<br />
<br />
If you are looking to get an IP assignment within AMPRNet please register on the portal and place your request.<br />
<br />
==Background==<br />
The main problem ARDC have is how to ensure the data we have is accurate and up to date.<br />
<br />
With commercial services, it is easy to ascertain if the client does not want the services provided anymore, because they stop paying the invoices! With ARDC it is a little more difficult: members often lose interest and drift away to other amateur radio topics, or to other hobbies altogether. In the worst case scenario, members occasionally go SK. In either scenario, we are typically not advised that the member no longer requires the resources we have provided. So the method we use to gain this information is to require you to login to the Portal on a regular basis.<br />
<br />
The Portal sends out a friendly reminder via email if you have not logged in for at least 6 months. Another reminder is sent out after 9 months of inactivity, a final notification of removal is sent out after 12 months of inactivity.<br />
<br />
So you only need to login once every 12 months to avoid your account being removed, or once every 6 months to avoid the reminder emails. ARDC feel this is not too onerous and is a reasonable balance between keeping our records up to date and your time.<br />
<br />
== API ==<br />
The Portal has an associated [[API]]</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Portal&diff=1017Portal2023-08-16T17:18:07Z<p>G1fef: </p>
<hr />
<div>We have developed a Portal that allows users of the AMPRNet address space to manage their allocations, configure gateway information and manage their entries in the ampr.org domain. The portal can be found here:<br />
<br />
[https://portal.ampr.org https://portal.ampr.org]<br />
<br />
If you are looking to get an IP assignment within AMPRNet please register on the portal and place your request.<br />
<br />
==Background==<br />
The main problem we faced with the old setup was how to ensure the data we have is accurate and up to date.<br />
<br />
The new portal is our answer to that problem: folks register and are allocated an IP or subnet of IP's that they are responsible for. The system doesn't then just let them get on with it - the system is designed to actively ensure that each allocation is still being used, the person must login to the portal on a regular basis, or if they do not, an email will be sent automatically to them asking them to confirm their continued use of the IP(s). If no response is received from the emailed request, two further attempts are made to contact the person, after which the system places their allocation in a de-activated state. The person is able to login and re-activate the allocation for a certain time after de-activation, beyond that time period the allocation will be deleted from the database - thus keeping it all as up to date as is possible.<br />
<br />
Some manual intervention is encouraged, for example the second, and all subsequent reminder emails and de-activation emails are cc'd to the co-ordinator responsible for the next higher subnet, so they could attempt a more manual approach to remind the person to login - this is to be encouraged as sometimes emails (especially automated ones) can be blocked in spam folders, people change their email address and forget to update the portal, etc.<br />
<br />
<br />
== API ==<br />
The Portal has an associated [[API]]</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Main_Page&diff=1016Main Page2023-08-16T17:17:09Z<p>G1fef: </p>
<hr />
<div>Welcome to the AMPRNet Wiki.<br />
<br />
44Net is shorthand for Internet network 44 (44.0.0.0/9 & 44.128.0.0/10), also known as AMPRNet. Since its allocation to amateur radio in the mid-1980s, the network has been used by amateur radio operators to conduct scientific research and to experiment with digital communications over radio. The goals are to of advance the state of the art of Amateur Radio networking, and to educate amateur radio operators in these techniques.<br />
<br />
To request an assignment of IPv4 addresses see below.<br />
<br />
__NOTOC__<br />
== Starting points ==<br />
* [[Quickstart]] guide for getting onto the 44Net<br />
* Basic information about 44Net and the [[ampr.org]] domain<br />
* [[Services]] available on 44Net<br />
* If you are looking to get an IP assignment from ARDC please read the [[Portal]] page.<br />
* Frequently Asked Questions (FAQ) [[FAQ]]<br />
* [[Getting started with Linux and packet radio]]<br />
* [[Networks that use 44Net]]<br />
<br />
== How to connect to the 44Net ==<br />
<br />
* Instructions for [[Setting up a gateway on Linux|setting up a Linux gateway]]<br />
* Instructions for [[Setting up a gateway on OpenBSD|setting up an OpenBSD gateway]]<br />
* Instructions for [[setting up a gateway on Cisco Routers|setting up a gateway on Cisco Routers]].<br />
* Instructions for [[setting up a gateway on MikroTik Routers|setting up a gateway on MikroTik Routers]].<br />
* Instructions for [[setting up a gateway on OpenWRT|setting up a gateway on OpenWRT]].<br />
* Instructions for [[setting up a gateway on Ubiquiti EdgeRouter|setting up a gateway on Ubiquiti EdgeRouter]].<br />
* Instructions for [[setting up a gateway on a VyOS instance|setting up a gateway on a VyOS instance]].<br />
* Instructions for [[Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X|Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X]].<br />
* Instructions for [[Announcing_your_allocation_directly|directly announcing your assignment via your Internet Service Provider (ISP)]].<br />
* Instructions for [[AMPRNet_VPN|Accessing 44Net via VPN]] (experimental).<br />
* <b>[[Why can't I just route my AMPRNet allocation directly myself ?]]</b><br />
* If you already operate a [[gateway]] please ensure you have registered on the [[portal]] and "claimed" your [[gateway]].<br />
* After your gateway is operational, consider '''[[Firewalls]]''' and other best practices<br />
<br />
== Mailing List ==<br />
To keep up-to-date on AMPRNet information please consider joining the [[44Net mailing list]].<br />
<br />
== Contribute! ==<br />
If you wish to contribute to the wiki, please send an email to <tt>wiki (at) ampr.org</tt> introducing yourself. Please specify your full name, amateur radio callsign and your preferred username. A login will then be created for you.<br />
<br />
== Terms of Service ==<br />
Use of AMPRNet address space is governed by these [https://www.ampr.org/terms-of-service/ Terms of Service]<br />
<br />
== Other useful features ==<br />
* Instruction on using the [[ampr-map]] position reporting<br />
<br />
== All Pages ==<br />
[https://wiki.ampr.org/wiki/Special:AllPages Here's a list of all pages currently on the 44Net Wiki]</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Setting_up_a_gateway_on_Linux&diff=993Setting up a gateway on Linux2023-02-28T21:19:31Z<p>G1fef: </p>
<hr />
<div>There are a few different ways to run an AMPRnet gateway on a Linux system. Each has some benefits, so you'll need to pick your favourite.<br />
<br />
Before configuring the Linux gateway you'll need to:<br />
# Using the [[Portal]], obtain your AMPRnet IP addresses from a regional coordinator.<br />
# Obtain a public static IP address for your gateway. <br />
# Using the [[Portal]], create an entry for your gateway.<br />
# Get some of your AMPRNet IP addresses registered in the [[ampr.org]] DNS.<br />
<br />
<br />
= Flavours of Linux gateways =<br />
<br />
== Native Linux kernel AX.25 and IPIP tunneling ==<br />
<br />
Linux contains the necessary building blocks for a gateway without much added software. Radio interfaces are configured much like any other network interfaces such as Ethernet, they're just given amateur radio callsigns in addition to an IP address (callsign will act the role of the Ethernet MAC address). If you're familiar with Linux configuration but have not heard of NOS, or if you wish to go with minimal amount of moving parts, this would probably be your choice.<br />
<br />
Setting up a native Linux gateway consists of two main steps:<br />
<br />
=== Step 1: Setting up tunnel routing to the rest of the AMPRnet===<br />
Configuring your Linux system to learn about other AMPRNet [[gateway| gateways]] can be done two ways:<br />
<br />
# Automatically learn about other gateways via modified RIPv2 advertisements. Two popular programs to do this are:<br />
## Using [[ampr-ripd]], a C based routing daemon<br />
## Using [[rip44d]], a PERL based routing daemon<br />
# Manually Downloading the [[encap.txt]] file using FTP and setting up routes using a [[munge script]] is the traditional method<br />
<br />
====Example Gateway Configuration Instructions====<br />
* [[Ubuntu Linux Gateway Example]]<br />
* [http://www.qsl.net/k/kb9mwr//wapr/tcpip/ampr-ripd.html Two Interface Debian Linux Amprnet Gateway Example]<br />
* [https://k7ilo.blogspot.com/p/server-setup.html K7ILO'S Two Interface Debian 11 AmprNet Gateway Build in layman's terms]<br />
<br />
=== Step 2: Setting up radio interfaces in Linux===<br />
<br />
* [http://www.tldp.org/HOWTO/AX25-HOWTO/ Linux AX.25 set-up]<br />
* 802.11 WiFi on amateur frequencies (2.4 or 5 GHz) is a new popular way to set up fast links.<br />
<br />
== Running JNOS (or other NOS) on top of Linux ==<br />
<br />
If you're already familiar with running NOS on top of DOS or Linux, or wish to keep the AMPRnet IP packet routing away from the host Linux system, it might make sense to run JNOS as an application on top of Linux.<br />
<br />
The downside is that it'll have a slightly higher overhead (consumed memory and CPU), and you'll have two IP routers running on top of each other instead of just one, which is seen as slightly complicated by some.<br />
<br />
The upside is that you'll also get the JNOS BBS-type features, and some other traditional services without installing additional software on top.<br />
<br />
John Martin KF8KK has written a [http://kf8kk.com/packet/jnos-linux/linux-jnos-setup-1.htm Linux - Jnos Setup and Configuration HOW-TO].<br />
<br />
=See also=<br />
<br />
* [[Ubuntu Linux Gateway Example]]<br />
* [[startampr]]</div>G1fefhttps://wiki.ampr.org/w/index.php?title=MediaWiki:Sidebar&diff=984MediaWiki:Sidebar2022-10-28T19:28:30Z<p>G1fef: </p>
<hr />
<div><br />
* navigation<br />
** contribute|Contribute<br />
** mainpage|mainpage-description<br />
** recentchanges-url|recentchanges<br />
** randompage-url|randompage<br />
** helppage|help-mediawiki<br />
* SEARCH<br />
* TOOLBOX<br />
* LANGUAGES</div>G1fefhttps://wiki.ampr.org/w/index.php?title=MediaWiki:Sidebar&diff=983MediaWiki:Sidebar2022-10-28T19:12:15Z<p>G1fef: </p>
<hr />
<div><br />
* navigation<br />
** contribute|contribute<br />
** mainpage|mainpage-description<br />
** recentchanges-url|recentchanges<br />
** randompage-url|randompage<br />
** helppage|help-mediawiki<br />
* SEARCH<br />
* TOOLBOX<br />
* LANGUAGES</div>G1fefhttps://wiki.ampr.org/w/index.php?title=MediaWiki:Sidebar&diff=982MediaWiki:Sidebar2022-10-28T19:06:02Z<p>G1fef: </p>
<hr />
<div><br />
* navigation<br />
** Contribute|contribute<br />
** mainpage|mainpage-description<br />
** recentchanges-url|recentchanges<br />
** randompage-url|randompage<br />
** helppage|help-mediawiki<br />
* SEARCH<br />
* TOOLBOX<br />
* LANGUAGES</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Contribute&diff=981Contribute2022-10-28T19:05:35Z<p>G1fef: /* Contribute to this Wiki (please!) */</p>
<hr />
<div>== Contribute to this Wiki (please!) ==<br />
<br />
To stop this Wiki getting completely filled up with spam we unfortunately have to password protect edit access.<br />
<br />
However, access is open to anyone wishing to make a useful contribution. All you need to do is drop a short email to wiki [at] ampr.org and ask for access. If you are a licensed radio amateur please include your callsign. If you have a preferred username please include that too.<br />
<br />
Someone will action your request and you will receive an email with your login details in due course. Please bear in mind that we are all volunteers, so if you don't get an instant response that's why. Someone will get back to you!<br />
<br />
Thank you in advance for your contributions!</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Contribute&diff=980Contribute2022-10-28T19:04:01Z<p>G1fef: Created page with "== Contribute to this Wiki (please!) == To stop this Wiki getting completely filled up with spam we unfortunately have to password protect edit access. However, access is open to anyone wishing to make a useful contribution. All you need to do is drop a short email to wikiw@ampr.org and ask for access. If you are a licensed radio amateur please include your callsign. If you have a preferred username please include that too. Someone will action your request and you wil..."</p>
<hr />
<div>== Contribute to this Wiki (please!) ==<br />
<br />
To stop this Wiki getting completely filled up with spam we unfortunately have to password protect edit access.<br />
<br />
However, access is open to anyone wishing to make a useful contribution. All you need to do is drop a short email to wikiw@ampr.org and ask for access. If you are a licensed radio amateur please include your callsign. If you have a preferred username please include that too.<br />
<br />
Someone will action your request and you will receive an email with your login details in due course. Please bear in mind that we are all volunteers, so if you don't get an instant response that's why. Someone will get back to you!<br />
<br />
Thank you in advance for your contributions!</div>G1fefhttps://wiki.ampr.org/w/index.php?title=MediaWiki:Sidebar&diff=979MediaWiki:Sidebar2022-10-28T18:57:34Z<p>G1fef: Created page with " * navigation ** contribute|contribute ** mainpage|mainpage-description ** recentchanges-url|recentchanges ** randompage-url|randompage ** helppage|help-mediawiki * SEARCH * TOOLBOX * LANGUAGES"</p>
<hr />
<div><br />
* navigation<br />
** contribute|contribute<br />
** mainpage|mainpage-description<br />
** recentchanges-url|recentchanges<br />
** randompage-url|randompage<br />
** helppage|help-mediawiki<br />
* SEARCH<br />
* TOOLBOX<br />
* LANGUAGES</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Main_Page&diff=968Main Page2022-07-12T09:02:40Z<p>G1fef: </p>
<hr />
<div>Welcome to the AMPRNet Wiki.<br />
<br />
Since its allocation to Amateur Radio in the mid-1980's, Internet network 44 (44.0.0.0/9, 44.128.0.0/10), known as the AMPRNetâ„¢ or the 44Net, has been used by amateur radio operators to conduct scientific research and to experiment with digital communications over radio with a goal of advancing the state of the art of amateur radio networking, and to educate amateur radio operators in these techniques. 44Net is owned and maintained by Amateur Radio Digital Communications ([[ARDC]]).<br />
<br />
<br />
__NOTOC__<br />
== Starting points ==<br />
* [[Quickstart]] guide for getting onto the 44Net<br />
* Basic information about 44Net and the [[ampr.org]] domain<br />
* [[Services]] available on 44Net<br />
* If you are looking to get an IP assignment from ARDC please read the [[Portal]] page.<br />
* Frequently Asked Questions (FAQ) [[FAQ]]<br />
<br />
== How to connect to the 44Net ==<br />
<br />
* Instructions for [[Setting up a gateway on Linux|setting up a Linux gateway]]<br />
* Instructions for [[Setting up a gateway on OpenBSD|setting up an OpenBSD gateway]]<br />
* Instructions for [[setting up a gateway on Cisco Routers|setting up a gateway on Cisco Routers]].<br />
* Instructions for [[setting up a gateway on MikroTik Routers|setting up a gateway on MikroTik Routers]].<br />
* Instructions for [[setting up a gateway on OpenWRT|setting up a gateway on OpenWRT]].<br />
* Instructions for [[setting up a gateway on Ubiquiti EdgeRouter|setting up a gateway on Ubiquiti EdgeRouter]].<br />
* Instructions for [[setting up a gateway on a VyOS instance|setting up a gateway on a VyOS instance]].<br />
* Instructions for [[Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X|Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X]].<br />
* Instructions for [[Announcing_your_allocation_directly|directly announcing your assignment via your Internet Service Provider (ISP)]].<br />
* Instructions for [[AMPRNet_VPN|Accessing 44Net via VPN]] (experimental).<br />
* <b>[[Why can't I just route my AMPRNet allocation directly myself ?]]</b><br />
* If you already operate a [[gateway]] please ensure you have registered on the [[portal]] and "claimed" your [[gateway]].<br />
* After your gateway is operational, consider '''[[Firewalls]]''' and other best practices<br />
<br />
== Mailing List ==<br />
To keep up-to-date on AMPRNet information please consider joining the [[44Net mailing list]].<br />
<br />
== Contribute! ==<br />
If you wish to contribute to the wiki, please send an email to <tt>wiki (at) ampr.org</tt> introducing yourself. Please specify your full name, amateur radio callsign and your preferred username. A login will then be created for you.<br />
<br />
== Terms of Service ==<br />
Use of AMPRNet address space is governed by these [https://www.ampr.org/terms-of-service/ Terms of Service]<br />
<br />
== Other useful features ==<br />
* Instruction on using the [[ampr-map]] position reporting<br />
<br />
== All Pages ==<br />
[https://wiki.ampr.org/wiki/Special:AllPages Here's a list of all pages currently on the 44Net Wiki]</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Main_Page&diff=967Main Page2022-07-12T09:01:18Z<p>G1fef: </p>
<hr />
<div>Welcome to the AMPRNet Wiki.<br />
<br />
Since its allocation to Amateur Radio in the mid-1980's, Internet network 44 (44.0.0.0/9, 44.128.0.0/10), known as the AMPRNetâ„¢ or the 44Net, has been used by amateur radio operators to conduct scientific research and to experiment with digital communications over radio with a goal of advancing the state of the art of amateur radio networking, and to educate amateur radio operators in these techniques. 44Net is owned and maintained by Amateur Radio Digital Communications ([[ARDC]]).<br />
<br />
<br />
__NOTOC__<br />
== Starting points ==<br />
* [[Quickstart]] guide for getting onto the 44Net<br />
* Basic information about 44Net and the [[ampr.org]] domain<br />
* [[Services]] available on 44Net<br />
* If you are looking to get an IP assignment from ARDC please read the [[Portal]] page.<br />
* Frequently Asked Questions (FAQ) [[FAQ]]<br />
<br />
== How to connect to the 44Net ==<br />
<br />
* Instructions for [[Setting up a gateway on Linux|setting up a Linux gateway]]<br />
* Instructions for [[Setting up a gateway on OpenBSD|setting up an OpenBSD gateway]]<br />
* Instructions for [[setting up a gateway on Cisco Routers|setting up a gateway on Cisco Routers]].<br />
* Instructions for [[setting up a gateway on MikroTik Routers|setting up a gateway on MikroTik Routers]].<br />
* Instructions for [[setting up a gateway on OpenWRT|setting up a gateway on OpenWRT]].<br />
* Instructions for [[setting up a gateway on Ubiquiti EdgeRouter|setting up a gateway on Ubiquiti EdgeRouter]].<br />
* Instructions for [[setting up a gateway on a VyOS instance|setting up a gateway on a VyOS instance]].<br />
* Instructions for [[Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X|Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X]].<br />
* Instructions for [[Announcing_your_allocation_directly|directly announcing your assignment via your Internet Service Provider (ISP)]].<br />
* Instructions for [[44Net_VPN|Accessing 44Net via VPN]] (experimental).<br />
* <b>[[Why can't I just route my AMPRNet allocation directly myself ?]]</b><br />
* If you already operate a [[gateway]] please ensure you have registered on the [[portal]] and "claimed" your [[gateway]].<br />
* After your gateway is operational, consider '''[[Firewalls]]''' and other best practices<br />
<br />
== Mailing List ==<br />
To keep up-to-date on AMPRNet information please consider joining the [[44Net mailing list]].<br />
<br />
== Contribute! ==<br />
If you wish to contribute to the wiki, please send an email to <tt>wiki (at) ampr.org</tt> introducing yourself. Please specify your full name, amateur radio callsign and your preferred username. A login will then be created for you.<br />
<br />
== Terms of Service ==<br />
Use of AMPRNet address space is governed by these [https://www.ampr.org/terms-of-service/ Terms of Service]<br />
<br />
== Other useful features ==<br />
* Instruction on using the [[ampr-map]] position reporting<br />
<br />
== All Pages ==<br />
[https://wiki.ampr.org/wiki/Special:AllPages Here's a list of all pages currently on the 44Net Wiki]</div>G1fefhttps://wiki.ampr.org/w/index.php?title=Main_Page&diff=966Main Page2022-07-12T08:59:10Z<p>G1fef: </p>
<hr />
<div>Welcome to the AMPRNet Wiki.<br />
<br />
Since its allocation to Amateur Radio in the mid-1980's, Internet network 44 (44.0.0.0/9, 44.128.0.0/10), known as the AMPRNetâ„¢ or the 44Net, has been used by amateur radio operators to conduct scientific research and to experiment with digital communications over radio with a goal of advancing the state of the art of amateur radio networking, and to educate amateur radio operators in these techniques. 44Net is owned and maintained by Amateur Radio Digital Communications ([[ARDC]]).<br />
<br />
<br />
__NOTOC__<br />
== Starting points ==<br />
* [[Quickstart]] guide for getting onto the 44Net<br />
* Basic information about 44Net and the [[ampr.org]] domain<br />
* [[Services]] available on 44Net<br />
* If you are looking to get an IP assignment from ARDC please read the [[Portal]] page.<br />
* Frequently Asked Questions (FAQ) [[FAQ]]<br />
<br />
== How to connect to the 44Net ==<br />
<br />
* Instructions for [[Setting up a gateway on Linux|setting up a Linux gateway]]<br />
* Instructions for [[Setting up a gateway on OpenBSD|setting up an OpenBSD gateway]]<br />
* Instructions for [[setting up a gateway on Cisco Routers|setting up a gateway on Cisco Routers]].<br />
* Instructions for [[setting up a gateway on MikroTik Routers|setting up a gateway on MikroTik Routers]].<br />
* Instructions for [[setting up a gateway on OpenWRT|setting up a gateway on OpenWRT]].<br />
* Instructions for [[setting up a gateway on Ubiquiti EdgeRouter|setting up a gateway on Ubiquiti EdgeRouter]].<br />
* Instructions for [[setting up a gateway on a VyOS instance|setting up a gateway on a VyOS instance]].<br />
* Instructions for [[Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X|Installing ampr-ripd on a Ubiquiti EdgeRouter or EdgeRouter X]].<br />
* Instructions for [[Announcing_your_allocation_directly|directly announcing your assignment via your Internet Service Provider (ISP)]].<br />
* Instructions for [[44Net_VPN|Accessing 44Net via VPN]] (experimental).<br />
* <b>[[Why can't I just route my ARDC assignment directly myself ?]]</b><br />
* If you already operate a [[gateway]] please ensure you have registered on the [[portal]] and "claimed" your [[gateway]].<br />
* After your gateway is operational, consider '''[[Firewalls]]''' and other best practices<br />
<br />
== Mailing List ==<br />
To keep up-to-date on AMPRNet information please consider joining the [[44Net mailing list]].<br />
<br />
== Contribute! ==<br />
If you wish to contribute to the wiki, please send an email to <tt>wiki (at) ampr.org</tt> introducing yourself. Please specify your full name, amateur radio callsign and your preferred username. A login will then be created for you.<br />
<br />
== Terms of Service ==<br />
Use of AMPRNet address space is governed by these [https://www.ampr.org/terms-of-service/ Terms of Service]<br />
<br />
== Other useful features ==<br />
* Instruction on using the [[ampr-map]] position reporting<br />
<br />
== All Pages ==<br />
[https://wiki.ampr.org/wiki/Special:AllPages Here's a list of all pages currently on the 44Net Wiki]</div>G1fef