Table of Contents
Hamnet Hotspots
Hamnet hotspots' goal is to provide fellow amateur radio operators simple, easy, secure connectivity to your local (and/or to global) Hamnet resources, through the use of unlicensed Wi-Fi networks (the access radio is to be operated within the rules of FCC part 15, but it grants access to Part 97 resources).
To ensure inter-operation:
- The SSID of Hamnet hotspots SHALL be set
Hamnet. - Security SHALL be set with WPA2-Enterprise or WPA3-Enterprise, with backwards compatibility with WPA2-Enterprise.
- When possible, the beacon interval SHOULD be set to
100ms, and DTIM SHOULD be set to3.
Freeradius
Generic Realm
The generic (or null) realm is used to accept ham connections using their APRS-IS credentials.
You can rely on rlm_aprsis to do this.
Note: APRS-IS is a basic mechanism which doesn't provide reliable authentication. You shouldn't rely on such an authentication for privileged access to resources (internet access).
Membership realm
If members of an amateur radio association/club are to be granted access to the Internet, you can delegate the authentication to a third party RADIUS server hosted by them.
To tell apart registered members and generic hams, you can use a UAM/Captive Portal solution to filter access to restricted services.
Coovachilli (UAM)
Example config
List of open services
If you choose to provide restricted unauthenticated online access, you should grant access to the following list of services:
*.ampr.org⇒ Domain name for Hamnet resources44.0.0.0/9,44.128.0.0/10⇒ Network scope for Hamnetwinlink.org, server.winlink.org, webmail.winlink.org⇒ Access to the WL2K network
Additionally, you should also serve your local resources in a subdomain such as “.hnet.yourdomain.org”, so that your services stay reachable, shall your connectivity to ampr.org be disrupted.
Well-known local services
Below, you'll find a list of “well-known” dns records that you SHOULD set up, if you're providing one of those services (to allow automatic discovery).
__aprs.__tcp.lan⇒ APRS message server (may be connected to the APRS Tier 2 network).__irc.__tcp.lan⇒ Instant messaging server (may be connected to other networks).__dextra.__udp.lan⇒ DPlus local DSTAR reflector__dplus.__udp.lan⇒ DExtra local DSTAR reflector
On top of that, your DNS server should reply with your NTP server(s) when queried for *.pool.ntp.org.