AMPRNet

So I finally got around to setting up an AMPRNet gateway. I first signed up for an account on the AMPRNet portal back in 2017. I requested an IP allocation which I received a few weeks later. By the time I received the IP block, I had lost interest and moved onto something else, but I continued to log into the account to keep it active.

A few weeks ago, I completely revamped my home network. Most of my home network equipment was old, retired Cisco gear from work that was slow and loud and I was just tired of dealing with it. I decided to spend a weekend and a few hundred bucks to upgrade everything.

I picked up a new Cisco gigabit managed switch and a new Ubiquiti access point and I set up an OPNSense router/firewall on an old PC and configured the network from scratch. Once everything was working well, and after a timely reminder email from the AMPRNet portal to re-login to my account if I wanted to keep it, I decided it was time to finally do something with my allocation.

I started doing some research, mainly on the AMPRNet wiki. I found a few guides and tutorials on setting up a gateway. At first, I thought I’d use my old Cisco router, but I ended up just setting up a gateway on an old PC which I set up on it’s own DMZ network.

My new router has three ethernet ports. I configured one as the WAN, the other as my main LAN port going to the Cisco switch, and the third port I set up as a DMZ which is plugged directly into my AMPRNet gateway.

The AMPRNet gateway is an older mini-ITX machine that I installed a dual NIC in. It has three ethernet ports as well, but I’m only using two. I installed Debian on the machine and followed a few guides from the AMPRNet wiki to get the ampr-ripd service running and grabbing RIPv2 broadcasts from the main AMPRNet gateway router.

I modified the scripts documented here and set up a systemd service to launch the script at boot and that’s it. I’m connected to AMPRNet.

The biggest problem I had was configuring the NAT rules in the router. My gateway is behind my firewall, so I have to set up NAT rules for IPIP, IPENCAP, and any other port/service that I want to pass through from my WAN address. For a time, I thought that my ISP was blocking the AMPRNet traffic which apparently some ISPs do, but my problem ultimately ended up being a typo in one of my NAT rules.

According to the AMPRNet wiki, the main tunnel router at UCSD won’t pass traffic to an IP address unless that IP is associated with a hostname in the ampr.org DNS domain. To do this, you have to request DNS entries from your “regional coordinator”. I submitted a request through the AMPRNet portal’s contact form and got the entries added a few days later. Once that was done, my 44.X.X.X IP block was accessible from the internet.

This is a map of active amprnet gateways that you can see live here. This isn’t all of them, only the one’s advertising their locations, but it shows that there are a number of gateways active and running different services. If you find any of this interesting and you have your amateur radio license, I’d encourage you to sign up and request an IP block.