XRPi Documentation - Configuration

Configuring TCP/IP

This is a rough overview, not a detailed HOWTO. You are encouraged to follow the links to access more detailed information.

Do I Need to Configure TCP/IP?

It depends on what you want to do with XRPi...

1. If your only interest is AX25 / NetRom, the answer is no, and you can ignore this page.

2. If you want to run FTP, HTTP, Telnet etc over LAN or public Internet, the answer is still no, and you can probably ignore this page.

3. If you want to experiment with TCP/IP over radio, or become part of the amprnet network, or you are interested in learning more about TCP/IP protocols, then the answer is yes, you probably do need to configure TCP/IP.

Required Knowledge

If you know nothing about IP, or are a bit "rusty", please read the IP Primer page.

Also make sure you are familiar with the concept of multiple IP stacks.

"No-Configuration" TCP/IP

Basic TCP and UDP operations are available by default, without any special configuration. You don't need to set an IPADDRESS, you don't need to do anything with IPROUTE.SYS, and you don't need to run as root or set capability flags.

Assuming your Pi has a working LAN or WiFi connection, with no special configuration you should be able to Telnet to other systems, establish AXTCP and AXUDP links, run an APRS IGate, and various TCP servers.

But there may be limitations... If you don't run as root and don't set the capability flags, you won't be able to use Ping, Tracert or AXIP, and your servers will be restricted to service numbers above 1023.

You will not be able to use IPIP, IPENCAP or IPUDP, or do any form of IP routing, unless you enable XRPi's IP stack.

Enabling XRPI's IP Stack

To enable XRPi's TCP/IP stack you need to specify at least one IPADDRESS in XROUTER.CFG.

Enabling XRPI's TCP/IP stack allows the following:

• IP-over-AX25/NetRom (see below)
• IP-over-SLIP & PPP
• IP-over-UDP tunnelling
• IP-over-IP (IPIP and IPENCAP) tunnelling
• IP routing
• Unrestricted choice of TCP/UDP service numbers
• Protocol tracing
• Intrusion logging
• The ability to "tinker" with TCP/IP and learn more

Which IP Address?

Unlike Linux, Windows, NOS etc., where a unique IP address is bound to each "interface", XRPi has a "main" or "core" IP address which can be used on multiple ports. This can be overridden on a port-by-port basis with additional "port" IP addresses.

This means XRouter nodes need only ONE amprnet IP address, instead of a different one for each port.

If you wish to use any of the IP encapsulation modes, such as IPIP, IPUDP or IPENCAP you MUST set XRPi's main IPADDRESS (i.e. the one in the "global" section of XROUTER.CFG) to the "inner" or "encapsulated" address, not the "outer" (encapsulator) address. For example, if XRPi is to use 44.128.91.34 on amprnet, and 192.168.1.12 on the LAN, you must set the main IPADDRESS to 44.128.91.34.

This rule applies to any other "virtual network" your XRPi belongs to, for example you could establish a virtual network of XRouters in 10.x.x.x address space, using one of the encapsulation modes to "tunnel" the traffic across the Internet. But note, XRPi can only belong to one encapsulated network at a time.

If you define an Ethernet or WiFi port using an EXTERNAL interface, you will need to give it an IP address appropriate to that LAN. If you aren't using amprnet or any encapsulation mode, you could use XRPi's main IP address for this. But it is safer to define a PORT IPADDRESS for that port instead.

What is NOT recommended is to set the main IP address to suit the LAN and the PORT IP address to an amprnet one. Not only will it prevent encapsulation modes, but it will not advertise your amprnet address in the INP3 routing broadcasts.

Host Name

IP Routing

If you enable XRPi's own IP stack, you must tell it how to route datagrams, by specifying at least one route in IPROUTE.SYS. You could simply specify a default route to handle everything, or specific routes, or any combination of the above.

The entries in IPROUTE.SYS also dictate which IP stack is used for things like Ping, Telnet and Tracert. If the destination is reachable via XRPi's stack, it will use that stack, otherwise it will use Linux's stack.

Domain Name Resolution

If you only want to use the Linux resolver, remove all the DNS entries from XROUTER.CFG. Otherwise add DNS entries as required. Don't forget you will need a viable IP route to the specified DNS.

Encapsulated Modes via XRPi IP Stack

IPIP and IPENCAP are available by default on XRPi's stack, i.e. using XRPi's port ipadress as the "outer" (encapsulator) address. IPUDP transmission depends on entries in IPROUTE.SYS, but IPUDP reception is only enabled if IPUDPPORT is non-zero.

Permissions

XRPi needs no special permissions to use its own IP stack over SLIP, PPP or AX25, BUT it needs CAP_NET_RAW capability flag (or run from root account) to use the EXTERNAL interface for LAN / WiFi operations.

TCP/IP Over AX25

XRPi needs no special permissions for this. All you need is an amprnet IPADDRESS in XROUTER.CFG and at least one valid 44-net entry in IPROUTE.SYS.

No distinction is made between AX25-over-radio and AX25-over-Internet. IP over AX25 works the same in both cases.

Set the global IPADDRESS and HOSTNAME to the ones assigned to you by your IP coordinator.

Setting IPADDRESS enables XRPI's own IP stack, so the Ping and Tracert functions are enabled, and there is no restriction on the layout of TCP ports associated with that IP address.

You can either specify how outgoing datagrams should be routed by including sutable entries in IPROUTE.SYS, or by setting RIP LEARN ON. In the latter case the routing is learned from routing broadcasts, but is lost when XRPi is rebooted. It takes time to "learn" routes, so you are advised to used fixed routing entries where possible.

You are advised to add ARP entries to IPROUTE.SYS for your IP-capable AX25 neighbours. This helps to speed up operations, by removing the need for ARP resolution.

If your Pi has an Internet connection, it is usually sufficient to use the Linux kernal resolver for resolving amprnet hostnames into IP addresses, in which case you wouldn't need any Domain Name Server (DNS) entries in XROUTER.CFG.

However, if you don't have an Internet connection, e.g. in a purely radio network, you either have to add suitable entries to DOMAIN.SYS, or specify a DNS which can resolve the addresses for you. You can use the DNS command to do this "on-the-fly", or add a DNS entry to XROUTER.CFG. Note you MUST have a viable IP route to the chosen DNS.

There may be some hostnames that are unknown to "upstream" DNS's, e.g. because they are part of your own private part of the network. In this case you must add them to DOMAIN.SYS if you want them to be resolved.

TCP/IP Over UDP

You can "tunnel" TCP/IP traffic between systems using IPUDP. In this case you will need to set a main IPADDRESS for XRPi. This must be different from the Raspberry Pi's IP address, and would usually be your amprnet one. But you could use it to set up a virtual network in private IP space if required.

You won't be able to use the default IPUDP service number (94) on the Linux stack unless you either run as root OR set the CAP_NET_BIND_SERVICE capability flag on the program. But you can easily reassign the service number above 1023 using the IPUDPPORT directive in XROUTER.CFG.

There is no restriction on the service number when using XRPi's stack to do the encapsulation/decapsulation.

TCP/IP Over SLIP / PPP

This doesn't require root privileges or capability flags, but it does require XRPi to have an IPADDRESS, thus enabling XRPi's own IP stack, as described in detail above.

TCP Servers

By default most servers are enabled on XRPi's own IP stack, with no restrictions on the service number. But XRPI's own stack is not enabled unless you specify a least one IPADDRESS.

If you want to enable servers on the Linux stack, please note that they cannot use service numbers below 1024 unless you run XRPi from an account with root privileges or set the CAP_NET_BIND_SERVICE capability flag.

Prev: Configuring Interfaces

Next: Running As Root