How i met HamNET.
My first encounter with HamNET happened during work. I spoke to another engineer ( PD1AEM ) and during our conversation he told me about his “home network” including a pretty nice 44.137.*.* subnet he used. After a short while i just asked him if he was an HAM Operator and off course, he was! NICE!
What is HamNET?
The idea behind HamNET is creating an online place for HAM Operators to experiment, since all we do is experimenting. The international organisation AMPRNet hold their own public IP Space ( 22.214.171.124/8 ) and every HAM Operator who wants to experiment can request a subnet. In The Netherlands there is a country node which advertises 126.96.36.199/16 managed by PE1CHL. All requests for a subnet in the dutch ip range have to be made via PE1CHL. In the bottom of this text i will include all the links to the websites and contacts i mention.
Why would i want to use a personal subnet?
We’ll quite easy! because i can would be a very quick answer, However i plan to use the HamNET connection for various experimenting with internet connecter services like my SDR’s and for instance this website! ( You can connect to this website via www.pb0fh.nl or via www.pb0fh.ampr.org in the last case you will be routed thru HamNET. ). What you might notice scrolling through the hosts file of services connected in the Netherlands is some amateurs have very interesting services online which are only available via HamNET. Therefore having HamNET gives you a very nice place to work with other Ham’s or build your own HAM services online!.
How I did it.
My first steps into getting access to HamNET where quite easy. After sending PE1CHL an email requesting a small subnet in HamNET i received an email back with a question. The questions was; Can you give me a list of hostnames for the HOSTS file. ( If you did not specify any hostnames, they would show up as sys1.pb0fh and sys2.pb0fh,..). This gave me something to think about! Yay! PE1CHL also mentioned my callsign should be registered by Agentschap Telecom. Fortunately this happened really fast after getting my license.
I finally got my hostnames together, and i sent out an email with a basic list of my hostnames. ( the other hosts in my /28 subnet dont have a hostname for now ).
- gw.pb0fh.ampr.org ( SRX Adres ) preferable the first address
- www.pb0fh.ampr.org ( This webserver )
- sdr1.pb0fh.ampr.org ( SDR – Webserver )
- sdr2.pb0fh.ampr.org ( SDR – Webserver )
- shack.pb0fh.ampr.org ( Nat Adres for my shack )
- services.pb0fh.ampr.org ( Webserver )
Thats it! Now we had to discuss about how to get an uplink to Amsterdam. In The Netherlands there are multiple ways of connecting to HamNET. You can choose to connect via;
- Point 2 Point wireless beam.
- IPSec,OpenVPN or L2TP Tunnel for people without Line Of Sight.
Unfortunatly i had no Line Of Sight, but i do know how to get IPSec working ( At least i thought! ). And after receiving the right settings for an IPSec tunnel i started building. As you might expect when building something, some stuff just needs a bit more attention. Initially my IPSec tunnel did not work. However after some troubleshooting on both sides, PE1CHL and me got everything online! NICE, We had connection!
After working with the HamNET connection a bit i noticed was not able to reach my endpoints via internet. Fortunately i remembered PE1CHL telling me, under normal circumstances your subnet is not reachable via the internet. Only via HamNET. This was done to protect the HAM Operators from unexpected visits at their subnet from Internet. Eventually, one email to PE1CHL was enough to get the firewall to open up a bit for my subnet to be reachable via Internet.
Configuring en IPSec VPN Tunnel is pretty easy on a Juniper SRX Firewall which i use for setting up this VPN, however when i said i wanted my whole subnet to be reachable from internet i introduced a small challenge. Caution! This is the part where the IT-Nerd kicks in!
I already had my firewall connected to the internet. Adding a default route via HamNET to ensure the connections received from HamNET finding their way back would break my own internet. Not so nice! Lucky for me i knew how i could get around this.
A Juniper SRX has a way of creating additional so-called Routing-Instances. Within a Routing-Instance all traffic is separated from the default Routing-Instance which i used for my internet connection and home network. Creating a Routing-Instance is just a 2 second job. After creating the Routing-Instance and defining another “default-route” via the HamNET IPSec Tunnel traffic started flowing.
In the background i added some rules to nat my home traffic behind one of my HamNET ip’s so i’m able to use the HamNET services throughout my complete house. and with all my connected servers and applications. And thats the end, i’m connected to HamNET!
If you are planning on building the same thing and you’re stuck, let me know! we’ll find a way.
End Credits and Links.
First of all, i really would like to thank PE1CHL for putting in some effort to get my HamNET connection working. In the end we spent maybe 3-4 hours altogether troubleshooting the VPN. This was because of minor mis-configurations.
If you want to connect to HamNET, please visit the following links!