(DIR) Josip Tišljar Mataušić (9A3SFZ)
Published on: 2026-03-22
There are many packet radio networks across the world. Some of the
larger ones like the German HAMNET[1] can be VPN-ed into, but others
can't. Furthermore, if you, for example, VPN into HAMNET using
HamCloud VPN[2] you'll only have access to HAMNET, not to the
Internet and not to other packet radio networks.
(HTM) 1: http://hamnet.eu
(HTM) 2: http://vpn.hamnet.network
This can be circumvented by not connecting to any one network, but to
a long-standing mesh of independent packet radio networks. I'm of
course referring to AMPRNet, an IPIP overlay network, which is one of
the oldest ways people utilize 44net address space. By participating
in the IPIP mesh you'll be able to access the aforementioned HAMNET,
HamWAN[3], and any other network a person or a club made available
over the IPIP mesh. You'll also be able to utilize the same addresses
to access the public Internet. Heck, if you decide to host something
on the IPIP mesh, it can be made available via HAMNET, HamWAN and the
public Internet all at the same time from the same IP address!
Additionally, having IPIP connectivity can significantly optimize
routing paths for those who announce a prefix over BGP or use 44net
Connect[4]. This is because traffic to prefixes not directly
announced will skip the UCSD gateway and go directly to whoever is
hosting the service, drastically reducing latency and skipping a
potential bottleneck.
(HTM) 3: http://hamwan.org
(HTM) 4: http://connect.44net.cloud
If you're curious what services are exclusive to AMPRNet, check out
what can be accessed.
Requesting a subnet
First of all, I needed an address allocation. This was easy enough to
get. I just went to the ARDC portal[5], and since I already had my
callsign verified, the only thing I had to do was to visit Network >
Request address. I then chose IPIP tunnel mesh as the use case,
filled out the form with some very basic information, and submitted
the request. I used IPIP test as the title, and for size I chose /30,
giving me enough addresses to set up a local subnet with one router
and a PC.
(HTM) 5: http://portal.ampr.org
An advantage of requesting a small subnet size was that I had to do
almost no justification whatsoever. A description that reads: For
exploring the IPIP mesh and seeing how it interconnects with HAMNET
which was enough to get the request approvide on the same day. Of
course, if you plan to set up a LAN segment with access to IPIP and
want to connect more than one PC and a router you'll need a bigger
preifx, feel free to request any size.
Defining a Gateway
While I was waiting for an approval, I continued on to adding a
gateway entry. A gateway entry in the portal, not to be confused with
AmprGW[6], is what defines where to route traffic addressed to your
subnet. The process of defining a gateway can be completed even
before you're allocated a subnet, therefore I immediately went to
Networks > My gateways in order to create a new gateway. I used my
callsign as the description and in the IP field I put the public IP
address ISP assigned me: 213.190.26.133. I left the hostname field
empty. If you have a dynamic address your best bet is dynamic DNS,
alternatively or if you're behind CG-NAT 44net Connect[7] can be used
to obtain a static IPv4 address which can then serve as the gateway
IP. Thankfully, I haven't had to do any of that since my ISP gave me
a static address free of charge.
(HTM) 6: http://wiki.ampr.org/wiki/Amprgw
(HTM) 7: http://connect.44net.cloud
After receiving a subnet, I went to the previously created gateway
and clicked Add New Network, then I selected the newly allocated
subnet from the dropdown, left the Find Network field empty and added
the nework. At this point the administrative process was done and it
was time to set up a Linux machine which will serve as the gateway.
Configuring Linux as a Router
First of all, I have to say that most Linux distros don't ship with
systemd-networkd out of the box. Ubuntu uses netplan, Fedora
NetworkManager and Debian is still stuck on ifupdown. The machine I
am using is Debian 13 and it was set up to use systemd-networkd
before I even started experimenting with IPIP mesh so I won't write a
lot about switching from ifupdown or whatever your distro is using to
systemd-networkd, but there is an awesome, easy to follow guide[8]
consisting of just a few commands specifically for Debian. It boils
down to:
(HTM) 8: https://wiki.debian.org/SystemdNetworkd
sudo apt update
sudo apt install systemd-resolved
sudo mv /etc/network/interfaces /etc/network/interfaces.save
sudo mv /etc/network/interfaces.d /etc/network/interfaces.d.save
sudo systemctl enable systemd-networkd
sudo systemctl enable systemd-resolved
sudo cat > /etc/systemd/network/10-physical.network << EOF
[Match]
Name=enp8s0 # Your interface name
[Network]
Address=192.168.1.20/24
Gateway=192.168.1.1
DNS=192.168.1.1
EOF
sudo reboot
To start, I went into my router and forwarded all IPIP traffic to a
machine running Linux (192.168.1.20). In my case the router was a
MikroTik box, so this was fairly easy. On a generic home router,
adding the machine to DMZ is usually what does the trick.
Then, I created an IPIP interface:
sudo nano /etc/systemd/network/46-ampr_ipip.netdev
[NetDev]
Name=ampr_ipip
Kind=ipip
[Tunnel]
Remote=0.0.0.0 # Important
Local=192.168.1.20
TTL=255
This file creates a tunnel interface that will carry the AMPRNet
traffic. It has Remote set to 0.0.0.0 which is necessary to create a
point-to-multipoint tunnel with no single remote end.
Following this, I associated the tunnel with a physical interface
that will carry the encapsulated traffic. I also added a second
address which devices connecting to the mesh will use as the gateway.
sudo nano /etc/systemd/network/10-physical.network
[Match]
Name=enp8s0 # Your interface name
[Network]
Address=192.168.1.20/24
Gateway=192.168.1.1
DNS=192.168.1.1
Tunnel=ampr_ipip # Added
Address=44.63.3.165/30 # Added, use an address from your allocated
subnet
I also had to define the network part of the tunnel configuration:
sudo nano /etc/systemd/network/46-ampr_ipip.network
[Match]
Name=ampr_ipip
[Network]
Address=44.63.3.164/32 # Your assigned subnet, IMPORTANT: use /32
regardless of your allocated size
# A default route for IPIP subnet over the UCSD Gateway
[Route]
Destination=0.0.0.0/0
Gateway=169.228.34.84
GatewayOnLink=yes
Table=45
# Local subnets should be resolved with the default table!
[RoutingPolicyRule]
To=44.63.3.164/30 # Your assigned subnet, use the real allocated
subnet size
Table=1
Priority=508
# Local subnets should be resolved with the default table!
[RoutingPolicyRule]
To=192.168.1.0/24 # The normal LAN
Table=1
Priority=509
# Route everything from the IPIP subnet via routing table 45
[RoutingPolicyRule]
From=44.63.3.164/30
To=0.0.0.0/0
Table=45
Priority=510
# Route everything to the IPIP subnet via routing table 45
[RoutingPolicyRule]
To=44.63.3.164/30
From=0.0.0.0/0
Table=45
Priority=511
The first two policies ensure that local subnets (i.e. my own IPIP
subnet and my normal LAN) are routed via the main table. The second
two policies ensure that everything not locally accessible is
encapsulated and sent via IPIP mesh.
> Note when using VRFs with policy routing:
>
> in order for the rules to take precedence over the VRF rule
> (l3mdev-table).
> If this is not taken care of, custom rules won't get evaluated.
Lastly, IP forwarding needed to be enabled in order for the machine
to act as a router:
sudo nano /etc/sysctl.d/10-ip_forwarding.conf
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1 # Not strictly neccesary, but good
to have if you ever decide to do something with IPv6
After all of this, it was time for a reboot:
sudo reboot
There is only one more thing that needs to be configured before I can
access the AMPRNet. That is ampr-ripd[9], a small daemon that runs in
the background and populates the routing table with the latest
information on how to reach different network parties. I installed it
inside the /opt directory:
(HTM) 9: http://git.ampr.org/yo2loj/ampr-ripd
cd /opt
sudo git clone https://git.ampr.org/yo2loj/ampr-ripd.git
cd ampr-ripd
sudo mkdir /var/lib/ampr-ripd
sudo apt install build-essential
sudo make
Then I made a systemd unit file that manages ampr-ripd:
sudo nano /etc/systemd/system/ampr-ripd.service
[Unit]
Description=AMPRNet RIP routing daemon
After=network-online.target
[Service]
# routing table
metric
# | IPIP interface |
your public IP
ExecStart=/opt/ampr-ripd/ampr-ripd -r -d -t 45 -s -i ampr_ipip -m 40
-a 213.190.26.133
User=root
Group=root
[Install]
WantedBy=multi-user.target
> ampr-ripd docs say that the -r option is ignored:
> Compatibility only (ignored, raw sockets are always used),
> however, I found that -r is actually required, without it, RIP
> broadcasts will not be received.
Finally, make ampr-ripd start on boot, then reboot:
sudo systemctl daemon-reload
sudo systemctl enable ampr-ripd
sudo reboot
Configuring clients
At the end, this is how I configured a PC to use the newly setup IPIP
gateway:
IP address: 44.63.3.166
Gateway: 44.63.3.165
Subnet mask: 255.255.255.252 # equivalent to /30
DNS: 44.143.40.30 # HAMNET DNS server
Now, to test the connection, I tried pinging various hosts from the
PC:
ping 44.143.40.30 # HAMNET DNS Server - only accessible from AMPRNet,
inaccessible from the public Internet
ping 44.0.0.1 # UCSD Gateway - bridges AMPRNet and the Internet
ping 9.9.9.9 # A generic Internet host - expected to fail at this
point
Fixing Internet access
At this point pinging a generic Internet host is expected to fail.
This is because to access the Internet, a DNS record pointing to each
PC that needs Internet access must be created. That is done to
prevent Internet traffic from flooding hosts on possibly
low-bandwidth RF links.
To add a record, I went to the ARDC portal DNS > My subdomains >
Request a subdomain. Chose ampr.org as the domain and typed in my
callsign as the subdomain. The request was automatically approved the
moment it was submitted. Next, I opened up the subdomain and clicked
add a record, set type to A, hostname to ipiptest, left TTL empty and
set address to the address of the PC, of course. After the record was
created, it took multiple hours before I was able to access the
Internet using my AMPRNet address. The important thing was not to
turn off or restart the gateway while waiting.
What can be accessed?
What follows is only a small list of services that can be accessed
via AMPRNet but not via the public Internet.
- HAMNET
* HAMNET Search engine[10]
* Video conferencing[11]
* Webcams * DK0MAV HTTP Preview[12]
* DK0MAV RTSP[13] - open in VLC
* DB0FC Wets HTTP Preview[14]
* DB0FC West RTSP[15] - open in VLC
* DB0BI Webcam panel[16]
(HTM) 10: http://search.hamnet.cloud/
(HTM) 11: https://video.db0sda.hamnet.radio/DB0SDA
(HTM) 12: http://webcam.dk0mav.hamnet.radio/cgi-bin/viewer/video.jpg
(HTM) 13: http://db0xx.hamnet.radio/DK0MAV-Streams.m3u
(HTM) 14: http://webcam-west.db0fc.hamnet.radio/cgi-bin/viewer/video.jpg
(HTM) 15: http://db0xx.hamnet.radio/DB0FC-West-Streams.m3u
(HTM) 16: http://db0bi.hamnet.radio/webcam/bielefeld-nord
* ATV RTSP streams * DB0OL RTSP[17] - open in VLC
* DB0YZ RTSP[18] - open in VLC
* DB0HEX RTSP[19] - open in VLC
* DB0ROB RTSP[20] - open in VLC
(HTM) 17: http://44.149.79.70:9000/live.nsv.m3u
(HTM) 18: http://db0xx.hamnet.radio/DB0YZ-Stream.m3u
(HTM) 19: http://db0xx.hamnet.radio/DB0HEX-Stream.m3u
(HTM) 20: http://44.149.148.167:9000/live.nsv.m3u
* WebSDR * DC4HF[21]
* DM0DOS[22]
* DM0SZ[23]
* DB0ZRB[24]
* DB0ZRB[25]
(HTM) 21: http://dc4hf-2.hamnet.radio:8073/
(HTM) 22: http://websdr.dm0dos.hamnet.radio/
(HTM) 23: http://websdr.dm0sz.hamnet.radio/
(HTM) 24: http://sdr-2m.db0zrb.hamnet.radio/
(HTM) 25: http://sdr-70cm.db0zrb.hamnet.radio/
* Weather * DB0RES[26]
* DB0NU[27]
* DC4HF[28]
* DL1NUX[29]
(HTM) 26: http://wx.db0res.hamnet.radio/
(HTM) 27: http://weewx.db0nu.hamnet.radio/weewx/
(HTM) 28: http://dc4hf.hamnet.radio:5000/
(HTM) 29: http://wx.dl1nux.hamnet.radio/weewx/
* Social * Forum[30]
* IRC Server list[31]
(HTM) 30: http://dl5ocd.db0alg.hamnet.radio/db0tv/
(HTM) 31: http://db0uc.hamnet.radio/wordpress/hamircnet/serverliste/
* Maps * Airmap by DC4HF[32]
* OpenStreetMap mirror by OE2XZR[33]
(HTM) 32: http://dc4hf.hamnet.radio/airmap/
(HTM) 33: http://osm.oe2xzr.hamnet.radio/
* A bigger link list[34]
(HTM) 34: http://cq0elx.hamnet.radio/index.php?id=linksinteressantes
Related
(DIR) 2026-03-29 IPv6 on HAMNET with 6to4
Latest
(DIR) 2026-05-30 RadioZ now on Gopher
(DIR) 2026-05-06 Easy IPv4 to IPv6 proxy
(DIR) 2026-04-27 Test your HAMNET IPv6 setup
(DIR) 2026-03-29 IPv6 on HAMNET with 6to4
--------------------------------------------------------------------------------
(DIR) Home
(DIR) Logbook