Client Node Configuration

From
Revision as of 21:00, 30 August 2020 by Sm6Kcj (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

{{#switch: danger

| danger =

An antenna MUST be connected to the radio at all times when it is powered on, Not having an antenna connected will result in damage to the radio!!!

| info =

An antenna MUST be connected to the radio at all times when it is powered on, Not having an antenna connected will result in damage to the radio!!!

| warning =

An antenna MUST be connected to the radio at all times when it is powered on, Not having an antenna connected will result in damage to the radio!!!

| success =

An antenna MUST be connected to the radio at all times when it is powered on, Not having an antenna connected will result in damage to the radio!!!

}}

Preface

This describes one simple method of configuring your radio modem to connect to HamWAN. It will configure your radio to be used connected directly to a computer(s) without another internet connection. It will provide a DHCP address to computers connected over ethernet and will have a public 44.x.x.x address on the wireless side.

Understanding What HamWAN Is and Isn't

  • Who can use it?
    • Anyone with a valid Amateur Radio license can use our network
  • What can it be used for?
    • Primarily the network is intended to serve as an emergency communications system
    • Encrypted Traffic is not allowed
    • Commercial traffic is prohibited

Integration With An Existing Network

Integrating HamWAN with an existing network is not a simple task an involves complex networking concepts and may be beyond the capabilities of your home networking equipment.

Configuration Steps

{{#switch: info

| danger =

When programming this radio for the first time it is generally easier to use the Mac Address of the device to connect to it from winbox, This will ensure that if you remove the current IP address you remain connected to the radio. You can do this by either typing the mac address into the address field or selecting a detected radio by clicking on the mac address column.

| info =

When programming this radio for the first time it is generally easier to use the Mac Address of the device to connect to it from winbox, This will ensure that if you remove the current IP address you remain connected to the radio. You can do this by either typing the mac address into the address field or selecting a detected radio by clicking on the mac address column.

| warning =

When programming this radio for the first time it is generally easier to use the Mac Address of the device to connect to it from winbox, This will ensure that if you remove the current IP address you remain connected to the radio. You can do this by either typing the mac address into the address field or selecting a detected radio by clicking on the mac address column.

| success =

When programming this radio for the first time it is generally easier to use the Mac Address of the device to connect to it from winbox, This will ensure that if you remove the current IP address you remain connected to the radio. You can do this by either typing the mac address into the address field or selecting a detected radio by clicking on the mac address column.

}}

These steps should get you on the air but do not include any local networking (radio will have HamWAN access but your computer will not)

  1. Upgrade your modem to the latest version of RouterOS
    • If you have connected the modem to your LAN in a way that provides Internet access, the following two command can be used:
      /system package update install

      once the system is done upgrading and rebooting run:

      /system routerboard upgrade
    • Otherwise, use the standalone upgrade method: http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS (also works on older ROS 5.xx that does not support the upgrade command)
  2. Reset the router to a blank configuration.
    /system reset-configuration no-defaults=yes
  3. Give your modem a name, use your callsign so that we can easily identify the owner of this radio
    /system identity set name=MYCALL

    Note: If you have multiple modems you can postfix them like: callsign-location. At a minimum start with your callsign.

  4. Set a password for the admin user
    /user set admin password=
    /console clear-history

    This is an example password generated in your browser. You may choose any password you like.

  5. To support shared administration, add the following HamWAN Network Administration accounts into the "full" group. Usernames are case sensitive.
    /user add group=full name=manage password=
    /user add group=full name=n5hc password=
    /user add group=full name=nm5f password=
    /console clear-history

    The passwords above are randomly generated in your browser, not stored anywhere, and will never be used. Any HamWAN access to your modem will be done with certificates.

  6. In the PDSR instructions you would install the Shared Administrator SSH Certificates here. This is much easier once you are connected to the network so we do this at the end.
  7. Enable Ethernet boot in case you ever need to reinstall the router with NetInstall (this could save you a trip up to your roof, its a good idea)
    /system routerboard settings set boot-device=try-ethernet-once-then-nand
  8. Configure Remote Central Logging
    /system logging action set 3 bsd-syslog=no name=remote remote=44.30.240.232 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
    /system logging add action=remote disabled=no prefix="" topics=info
    /system logging add action=remote disabled=no prefix="" topics=warning
    /system logging add action=remote disabled=no prefix="" topics=error
    
  9. Configure Central Authentication
    /radius add address=44.30.240.232 secret=AmprNET service=login
    /user aaa set use-radius=yes
    
  10. SNMP Monitoring
    /snmp set enabled=yes contact="#HamWAN on irc.freenode.org"
    /snmp community set name=hamwan addresses=44.30.240.0/20 read-access=yes write-access=no 0
    /snmp set trap-version=2
  11. Setup NTP
    /system clock set time-zone-name=America/Denver
    /ip cloud set update-time=no
    /system ntp client set enabled=yes primary-ntp=44.30.244.4 secondary-ntp=44.30.245.4
    
  12. Clear the firewall rules
    /ip firewall filter remove [find dynamic=no]
    

  13. Set the HamWAN Maximum Transmission Unit (MTU) policy
    /ip firewall mangle
    add action=change-mss chain=output new-mss=1378 protocol=tcp tcp-flags=syn tcp-mss=!0-1378
    add action=change-mss chain=forward new-mss=1378 protocol=tcp tcp-flags=syn tcp-mss=!0-1378
    
  14. Remove local DHCP server
    /ip dhcp-server remove [find]
    /ip dhcp-server network remove [find]
      
  15. Remove local IP address
    /ip address remove [find interface~"^wlan1"]
  16. Disable DNS Service Important!!!
    /ip dns set allow-remote-requests=no
  17. Add HamWAN sector channels. HamWAN uses custom channels outside the normal frequency range for 5ghz WiFi, you need to add these channels to the radio. Currently all of our sector sites use 10mhz channels but you should add both 5 and 10 variants to be safe.
    /interface wireless channels add band=5ghz-onlyn comment="Cell sites radiate this at 0 degrees (north)" frequency=5920 list=HamWAN name=Sector1-5 width=5
    /interface wireless channels add band=5ghz-onlyn comment="Cell sites radiate this at 120 degrees (south-east)" frequency=5900 list=HamWAN name=Sector2-5 width=5
    /interface wireless channels add band=5ghz-onlyn comment="Cell sites radiate this at 240 degrees (south-west)" frequency=5880 list=HamWAN name=Sector3-5 width=5
    
    /interface wireless channels add band=5ghz-onlyn comment="Cell sites radiate this at 0 degrees (north)" frequency=5920 list=HamWAN name=Sector1-10 width=10
    /interface wireless channels add band=5ghz-onlyn comment="Cell sites radiate this at 120 degrees (south-east)" frequency=5900 list=HamWAN name=Sector2-10 width=10
    /interface wireless channels add band=5ghz-onlyn comment="Cell sites radiate this at 240 degrees (south-west)" frequency=5880 list=HamWAN name=Sector3-10 width=10
    
  18. Configure the modem to announce your callsign. This is your on the air identification.
    /interface wireless set 0 radio-name="MYCALL"

    Note: If you have multiple modems you can postfix them like: callsign-location. At a minimum, unambiguously for FCC identification, start with your callsign.

  19. Set your location, so that your station shows up on the HamWAN map. Supply your latitude and longitude in decimal degrees separated by a comma, like location=47.1234,-121.1234.
    /snmp set location=LAT,LON
  20. Configure the wireless card to connect to HamWAN
    /interface wireless set 0 disabled=no frequency-mode=superchannel band=5ghz-onlyn mode=station scan-list="HamWAN" ssid=HamWAN wireless-protocol=nv2
  21. Configure your modem to request a DHCP address from the HamWAN network.
    /ip dhcp-client add add-default-route=yes dhcp-options=hostname,clientid disabled=no interface=wlan1
    
  22. Now that you have an internet connection install the keys that support shared administration. Note username are case sensitive.
    Download:
    /tool fetch url="http://www.nmhamwan.net/keys/key-rsa-n5hc.txt" dst-path=key-rsa-n5hc.txt;
    /tool fetch url="http://www.nmhamwan.net/keys/key-rsa-nm5f.txt" dst-path=key-rsa-nm5f.txt;
    /tool fetch url="http://www.nmhamwan.net/keys/sshkey-manage.pub" dst-path=sshkey-manage.pub; 
    

    Install:

    /user ssh-keys import public-key-file=key-rsa-n5hc.txt user=n5hc
    /user ssh-keys import public-key-file=key-rsa-nm5f.txt user=nm5f
    /user ssh-keys import public-key-file=sshkey-manage.pub user=manage
    


Next Steps

Integrating With AMPRnet

There are a number of ways to integrate AMPRNet into your local network. We will discuss only the simplest here for now. PDSR has an in depth article describing other methods here.


Standalone Private LAN + HamWAN Dish

{{#switch: danger

| danger =

Remember to ensure you are within the restrictions of your license, it is important to fully understand your network implementation and how traffic will move through it.

| info =

Remember to ensure you are within the restrictions of your license, it is important to fully understand your network implementation and how traffic will move through it.

| warning =

Remember to ensure you are within the restrictions of your license, it is important to fully understand your network implementation and how traffic will move through it.

| success =

Remember to ensure you are within the restrictions of your license, it is important to fully understand your network implementation and how traffic will move through it.

}} In this simple configuration all WAN bound traffic will be transmitted/received over your HamWAN radio.

  1. Assign an IP address to your dish's LAN port
    /ip address add address=192.168.88.1/24 interface=ether1
    
  2. Configure DHCP server
    /ip pool add name=dhcp-pool ranges=192.168.88.100-192.168.88.199
    /ip dhcp-server network add address=192.168.88.0/24 dns-server=44.30.244.1,44.30.245.1 gateway=192.168.88.1
    /ip dhcp-server add address-pool=dhcp-pool interface=ether1 name=dhcp disabled=no
    
  3. Configure NAT (Network Address Translation)
    /ip firewall nat add chain=srcnat action=masquerade out-interface=wlan1
    
  4. Connect one end of an Ethernet cable to your modem and the other to the PoE injector (the injector included with the Metal feeds power to the socket side of the adapter). Plug the injector directly into your PC, or into a switch for use with multiple PCs. The modem will assign IP addresses to connected PCs and route their packets to AMPRNet.

AMPRnet LAN + HamWAN Dish

{{#switch: danger

| danger =

Remember to ensure you are within the restrictions of your license, it is important to fully understand your network implementation and how traffic will move through it. This configuration requires more knowledge and understanding of IP network routing!

| info =

Remember to ensure you are within the restrictions of your license, it is important to fully understand your network implementation and how traffic will move through it. This configuration requires more knowledge and understanding of IP network routing!

| warning =

Remember to ensure you are within the restrictions of your license, it is important to fully understand your network implementation and how traffic will move through it. This configuration requires more knowledge and understanding of IP network routing!

| success =

Remember to ensure you are within the restrictions of your license, it is important to fully understand your network implementation and how traffic will move through it. This configuration requires more knowledge and understanding of IP network routing!

}} In this configuration all AMPRNet WAN bound traffic will be transmitted/received over your HamWAN radio.

Pre-Configuration

You should have been assigned an AMPRnet subnet. If not, before continuing, send a subnet request by email to netops@nmhamwan.net

After receiving an assigned AMPRnet subnet (we will use 44.30.255.32/28 as an example of an assigned subnet) proceed with this configuration but substitute your assigned subnet as required.

{{#switch: warning

| danger =

AMPRNet subnet assignment is static to the MAC address of the dish (radio) and the current sector you are connected to. i.e. If you change your radio to have another MAC address or connect to another sector this subnet is not available.

| info =

AMPRNet subnet assignment is static to the MAC address of the dish (radio) and the current sector you are connected to. i.e. If you change your radio to have another MAC address or connect to another sector this subnet is not available.

| warning =

AMPRNet subnet assignment is static to the MAC address of the dish (radio) and the current sector you are connected to. i.e. If you change your radio to have another MAC address or connect to another sector this subnet is not available.

| success =

AMPRNet subnet assignment is static to the MAC address of the dish (radio) and the current sector you are connected to. i.e. If you change your radio to have another MAC address or connect to another sector this subnet is not available.

}}

Your subnet is in (CIDR Notation) so if you have been assigned a "/28" it is the same as a 255.255.255.240 subnetmask. This IP Subnet Calculator could be helpful to sort out your current subnet assignment or any other subnet sizes.

For this example subbnet (44.30.255.32/28) assignment:

The first assigned address will be 44.30.255.32 and are referred to as the Subnet ID, and should not be used. The last assigned address will be 44.30.255.47 and is used as a LAN broadcast address and should not be used.

This leaves us with a subnet host range of 44.30.255.34-44.30.255.45

One popular address assignment scheme is to assign the lowest usable address to the LAN interface (ether1) on your dish. And leave the highest usable address to a future LAN router connected to your AMPRnet LAN. This configuration will not go in to detail how this would work.

With just the dish, your default gateway on the AMPRNet LAN will be the IP address of the dish.

That leaves us with 12 (44.30.255.34-44.30.255.45) available IP addresses for a assignment by the DHCP server.

Reserved (do not use)

  • 44.30.255.32/28 Subnet ID
  • 44.30.255.47/28 Broadcast address

Assigned

  • 44.30.255.33/28 HamWAN Dish
  • 44.30.255.46/28 Future LAN router

Free to assign

  • 44.30.255.34-44.30.255.45
Configuration Steps
  1. Assign the IP address to your dish's LAN port
    /ip address add address=44.30.255.33/28 interface=ether1 network=44.30.255.32/28
    
  2. Configure DHCP server
    /ip pool add name=dhcp ranges=44.30.255.34-44.30.255.45
    /ip dhcp-server add address-pool=dhcp interface=ether1 name=dhcp1
    /ip dhcp-server network add address=44.30.255.32/28 gateway=44.30.255.33 netmask=28 dns-server=44.30.244.1,44.30.245.1
    
  3. Connect one end of an Ethernet cable to your modem and the other to the PoE injector (the injector included with the Metal feeds power to the socket side of the adapter). Plug the injector directly into your PC, or into a switch for use with multiple PCs. The modem will assign IP addresses to connected PCs and route their packets to AMPRNet.

NOTE: For any Static assigned IP addresses (between 44.30.255.34-44.30.255.45) on your AMPRNet LAN, either reserve (exclude) or modify the POOL ranges accordingly.