APRS iGate – Part 3 AX25 Config

Now that the Raspberry Pi is configured we can get back to the radio part again, so lets start with configuring the TNC.

Configure AX25 axports file

Before we can start any ax25 configuration we need to define the call signs and ports in the axports file;

$ sudo nano /etc/ax25/axports

edit the last line to look like this;

# /etc/ax25/axports
#
# The format of this file is:
# name callsign speed paclen window description
#
1 VK5ZM-5 19200 236 2 145.175MHz (1200 bps)

Don’t worry about all the speed, paclen and window values just yet, copy what you see below.  These values are as described in the TNC-Pi user manual.

Configure Kissattach

Now before the ax25 tools can use a TNC it has to be attached to the kernel.  We’ll do this using a utility called kissattach.  This utility will create the necessary ax0 networking interface, we’ll assume our TNC will use the Serial Port ttyAMA0.  Lets test that kissattach will start;

$ sudo kissattach /dev/ttyAMA0 1 10.1.1.1

One note make sure that the IP address passed to the ax0 port is not part of your LAN, it needs to be different !  If you want to be old school you can always throw this into the 44.xx.xx.xx IP address range that was reserved for Amateur use, you can find more details here.

If you dont see any error messages type the following command;

$ ifconfig

look for the following lines;

 ax0: flags=67<UP,BROADCAST,RUNNING> mtu 236
 inet 10.1.1.1 netmask 255.0.0.0 broadcast 10.255.255.255
 ax25 VK5ZM-5 txqueuelen 10 (AMPR AX.25)
 RX packets 0 bytes 0 (0.0 B)
 RX errors 0 dropped 0 overruns 0 frame 0
 TX packets 0 bytes 0 (0.0 B)
 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

All going well we now have a working ax25 interfaces and most of the TNC configured.

Now we need to make sure kissattach is started after a reboot, so open the following file;

 $ sudo nano /etc/rc.local

We need to add the following lines somewhere near the bottom, I found that the maintainers of raspbian-stretch print the IP address to the console when the machine boots, so I added the following after this;

# starting ax0 interface using kissattach
if [ -x /usr/sbin/kissattach ]; then
  echo "Starting Kissattach: Binding port ax0"
  /usr/sbin/kissattach /dev/ttyAMA0 1 10.1.1.1
fi

You can test this by rebooting and then checking if the service was restarted, but we’ll need to edit this file again before the end of this post so hang tight for a minute !

AXListen

One of the more tricky aspects of configuring ax25 on linux is we must deal with is non-root access to the ax0 interface that we’ve just created.  On any Linux system you normally must have be root or use sudo to access any network interface.

So what we do is the same trick that admins do with the command ping and set the SUID permission bit on the axlisten file.  By setting this permission bit it will allow non-root users to execute this command as if they were root, without being granted any further root privileges.

$ sudo chmod 4755 /usr/bin/axlisten

now we can test it;

$ls -al /usr/biin/ax*
-rwxr-xr-x 1 root root 50836 Sep 20 2015 axcall
-rwxr-xr-x 1 root root 17516 Sep 15 2015 axgetput
-rwsr-xr-x 1 root root 43064 Sep 20 2015 axlisten

Depending on your shell you may find that the text “axlisten” is coloured with a red background.  If you look carefully at the user permission bits (highlighted above in bold) you should see that instead of an X for execute it has changed to an S for SUID.

Unless you have your TNC connected to a radio and channel traffic there is not much point in testing just yet, however if you do simply run;

$ axlisten -c

It can take time but you should see packets being decoded, the yellow LED on the tncpi will also light when a packet is decoded.

One thing I’ve noted (a of Feb 2018) is that axlisten has not been compiled with ncurses support in the latest Raspbian-stretch packages which means there is no colour support.  You will occasionally see “Could not initialize color support” (sic), wihch is annoying since raspbian-jessie works perfectly.  Hopefully the maintainers will fix this oversight at some point.  We can always compile ax25-tools from scratch, Charles K4GBB has an excellent tutorial and script here for those wishing to try this themselves.

Configure Mheard

The mheard daemon monitors the AX25 channels and records call signs that it hears along with some basic stats.   This can be handy for debugging RF issues and just generally gauging how well your node is working.  It’s much the same as the mheard function found in many packet TNC’s in the day.

To get mheard running we simply edit the rc.local file again;

$ sudo nano /etc/rc.local

Then add the following lines at the bottom of the file after where we start kissattach (see above);

# starting mheard daemon
if [ -x /usr/sbin/mheardd ]; then
  echo "Starting Mheard Daemon"
  /usr/sbin/mheardd
fi

Now is probably a good time to test that we will survive a reboot;

$ sudo reboot

Once the Pi has restarted use the following commands to see what happened;

$ ps -aux | grep mheard
root 2049 0.0 0.0 1908 120 ? S Feb17 0:00 mheardd
$ ps -aux | grep kiss
root 413 0.0 0.0 1908 108 ? S Feb17 0:00 /usr/sbin/kissattach /dev/ttyAMA0 1 10.1.1.1

The mheard command needs to monitor the AX25 channels for a little while before it starts recording information, here’s an example of it working.

$ mheard
Callsign Port Packets Last Heard
VK5ZM-7 1 11 Sun Feb 18 09:52:04

If the output remains blank then using axlisten make sure you’re hearing traffic and that the receive LED (yellow) is being illuminated as traffic is heard.   This needs to be working before mheard will start to do something.

Now we can get onto alignment of the radio and some further testing in the next instalment.

APRS iGate – Part 2 Pi Config

Bringing up a Raspberry Pi (rPi) is not difficult for anyone with some basic linux admin skills.  If you haven’t looked at the hardware I’m using you can read this back here in part 1.  The instructions below are the basics of what I’ve done for my rPi, yours will likely be different YMMV.

Prepare Raspbian

I downloaded the latest “lite” version of Raspbian from here at the time of writing that was Raspbian Stretch.  For an iGate you don’t really need all the graphics and bling, the command line is easy to use.

Once downloaded I extracted and wrote the image to an 8Gb SDCard using win32diskimager.   From there the card went in to the Pi and then let it boot with a screen and keyboard attached.   Watch carefully and make sure that the OS expands the image to fill your entire SDCard.

I’d suggest plugging the Pi into your network using the Ethernet adaptor to start with, this is somewhat easier to deal with than setting up the WiFi.

Update, Upgrade and Configure

Once the Pi has booted log in using the default pi user name and password, you can find this on the rPi website.  Once you’re logged in run the following commands;

#sudo apt-get update
#sudo apt-get update

Answer yes to any questions regarding increased disk usage.   This will bring your Pi up to date with all of the latest changes.  Now we’re ready to configure the Pi hardware, execute the following command;

#sudo raspi-config

This will bring up a ncurses menu in which you can configure your Pi.  I’d suggest the following changes are made;

  • Configure your WiFi in the network options menu
  • Configure your localisation options (locale, timezone and keyboard layout)
  • Configure the Interfaces
    • Enable SSH
    • Enable i2c
    • Enable Serial

Once you have finished then exit the raspi-config tool and reboot your Pi

Change the Default User

Personally I don’t use the Pi user account and prefer to create my own user.   I usually run the following commands;

#sudo adduser myuser

Where myuser is your preferred user name.  Follow the questions and when faced with the password don’t be tempted to make it an easy one, especially if you intend to allow external ssh.   If you fear loosing the password then look at Lastpass, there are others but I like Lastpass.

Now still using the pi user open the following file;

#sudo nano /etc/group

Working your way down the file every time you see a line that contains pi add your new users name.  This will then grant your new user the same privileges as the default pi user.  It’s really important you update this one;

sudo:x:27:pi,myuser

Again change “myuser” to your preferred user name and before anyone tries to hack my systems this isn’t the user name I use either (Duh!).   Once you’ve worked your way to the end of this file then save your changes, again google will help you here.

It’s time to test your new account, make sure that you can login and execute sudo commands before you go any further.

Open the following file in your favourite editor;

#sudo nano /etc/shadow

Did I mention I like nano ?  Now look for the line starting with pi, it will be long compared to the others in this file, between the first and second colon replace the text with an asterisk.  Pay careful attention while deleting that you don’t go too far !   It should end up looking something like this;

pi:*:17499:0:99999:7:::

The text between the first and second colon is a hash of the user password, replacing it with the asterisk disables this user from logging in from the console or ssh without deleting the user.  It means you can use the command;

#sudo su pi

to switch to the pi user should you ever need to in the future.

 

Firewall

Personally I don’t like running my Pi’s without some form of firewall.   Right now the firewall is not configured this will be done after the AX25 tools have been installed.  It is up to the reader if they decide to enable the firewall before allowing remote logins to the Pi.

WiFi & Bluetooth

The rPi-3 comes with WiFi and Bluetooth enabled.  I was pleasantly surprised to see both interfaces in the boot up sequence appear and be configured.   The Bluetooth interface does not present any security risks and it should be safe to leave this enabled.

I prefer to connect my rPi’s to Ethernet interfaces in preference to using WiFi.  I’d also like at some point to work out how to get the rPi to perhaps be a WiFi access point, meaning I can log into the machine locally.  That will certainly be a blog entry at some point in the future.  For the time being I’ve simply left the interface un-configured.  Both the Bluetooth and WiFi can be disabled by adding the lines shown to config.txt file in the boot directory;

#sudo nano /etc/config.txt

>> Add these lines to the bottom of config.txt <<
dtoverlay=pi3-disable-bt
dtoverlay=pi3-disable-wifi

Finished ?

Anyway the basic installation and configuration of the Pi is now complete.  Next we can concentrate on configuring the AX25 and iGate software, which I’ll continue in Part 3.

APRS iGate – Part 1 Hardware

In late 2012 I built my first receive only APRS iGate from a Raspberry Pi (rPi) and a Argent Data Tracker T2-301.   This has faithfully sat in a corner of my garage forwarding APRS packets to the internet all this time.  Drawing just shy of 1 watt in power, it doesn’t add any significant costs the household power bill.   I’ve been surprised just how reliable this setup has been and from time to time I even remember to login and check for security updates.

Since I built that first machine there’s been some nice developments in the world of rPi’s and AX25, so I thought I’d share the details of my latest APRS iGate project.

While searching for rPi power supplies I came across the BitScope Blade Uno which can power and hold a Model-B rPi and a HAT.   I was pondering one of these when it hit me that if you take this board, add a rPi and a Coastal ChipWorks TNCPi then I’d have a rather nice hardware platform on which to build a new APRS iGate  Even better is I can stuff it in a small 19″ rack mount case instead of sitting it on a shelf in the garage !.

So I just had to order the bits and wait the for the shipping.  Below is the hardware assembled, total cost just shy of A$150

I ordered the TNCPi as a kit and soldered it together in an hour or so, John W2FS’s kit is easy to build and the instructions are great.   I’ve also decided to use a Raspberry Pi 3 which includes on-board WiFi and Bluetooth.   With the hardware assembled then all we’ve got to do is configure it, which I’ll continue in Part 2.