WA4DSY Linux APRS server docs

Notes for 2.1.5b12 Nov 2007

11/12/2007 This version has additions and modifications to run on ubuntu server 7.10. There's a new install script for ubuntu: INSTALLDAEMON.ubuntu.

Notes for 2.1.5b11 Feb 2004

This version just fixes some C++ header files so it will compile on SuSE 9.0 . Example: #include is changed to #include . It still uses the old deprecated strstream library so the numerous deprecation warnings should be ignored.

Notes for 215b10

This is a bug fix release combined with several new features. It will now compile and run on Red Hat 7.x and 8.0. For details see the revisions.txt file.

If upgrading, please replace your original aprsd.init file with the new one suppled in this release.
There are also some new features in the aprsd.conf file.

Also please add 2 new log files to your /etc/logrotate.conf file. They are loop.log and reject.log .

Please read README.STLportfor information about a thread-safe stl library and how to build aprsd to use it. It is probabaly not needed if your compile using the newer gcc 3.xx compilers found on RedHat 8 and late versions of Mandrake and Suse .

Most noteworthy changes are:

00) Added new daemon install/remove scripts for Suse Linux. If you have Suse please use INSTALLDAEMON.suse and REMOVE.suse .

0) Now will compile with GNU gcc 2.9 , 3.1 and 3.2 compilers. The 3.1 and 3.2 compilers will emit lots of "deprecated" warnings but they can be ignored.

1) Added wild card "*" support to "gate2rf" command in aprsd.conf. See gating to RF section for details.

2) Added filter code in aprsString to reject "EH?" and "cmd:" packets. Packets that don't look like ax25 format or are longer than 250 bytes are rejected.

3) Removed directed query responses. Fixed general query "?IGATE?" response to comply with APRS spec 1.0.
Example query response:
HOST=lab1.wa4dsy.net,IP=,EMAIL=sysop@myisp.net,VERS=aprsd 2.1.5
Also blocked ?IGATE? queries from RF to Internet. A query from RF will only trigger a single response from the igate(s) that hear the station on RF.

4) Stopped sending System Status messages on Link port (1313) and Message Port (1314).
You will no longer get
"aprsdATL>JAVA::javaMSG :Atlanta_GA Linux APRS Server: connected 2 users online."
and other such messages on these ports as other users connect and disconnect. However, to provide compatibility with some applicaitons that verify their own logon with these messages, the apps own connect and logon status messages still be sent back. In other words, you see your own logon activity by no one elses.

5) Removed code which cleared the 8th bit of users data. This allows 8 bit wide characrter sets to be passed.

6) Added support for NOGATE or RFONLY in path. If a packet from any source has NOGATE or RFONLY in the path it will discarded and not be put on the Internet.

7) The server now adds information to the end of the ax25 PATH indicating the source of each packet . eg: qAR,WA4DSY. This is known as the "q Construct". As of beta 8 the format complies with modifications and improvements made by Pete Loveall AE5PL.

8) Added OmniPort. This new port lets the users define their own custom streams. It defaults to 14600.

9 ) Added new keyword "Server" to aprsd.conf file. It replaces the old "Igate" command (although Igate is still honored). A command such as "server first.aprs.net 23 hub-sr" defines the connection to first.aprs.net as a send/receive hub connection. The user passcode is supplied with another keyword "pass". See aprsd.conf docs for details.

10) Added a new page of data to the html status page. Clicking on the users port number opens port filter status in a new window. There you can observe which streams each user is being sent. This became importaint because of the new OmniPort and its user definable streams.

11) Added bandwidth controls. Sysop may now specify the maximum allowed server load in bytes/sec. New users are rejected when the limit would be exceeded and the latest high bandwith users are disconnected if the load increases beyond the specfied limit. Keyword is "MaxLoad" in aprsd.conf .

12) TNC sysop mode can only be accessed from the new TncSysopPort 14500. Aprsd will now automatically put your telnet client into character-at-a-time mode for better operation with the TNC command line. 13) INIT.TNC now has FILTER OFF as the default. This stops the mangling of some Mic-E packets.

To conform to standard practice I suggest changing your BEACON strings to show a GATEWAY diamond with an "I" overlay. Below is an example from the aprsd.conf file. Your existing file may have the symbol set to "TCPIP" if you are upgrading from previous aprsd versions.

NetBeacon 10 !0000.00NI00000.00W& aprsd Linux APRS Server
The symbols are defined in the APRS Spec document in appendix 2 and on page 89.

Everyone: You will need to compile the code get a working executable for your system. This is done automatically by the install script. Be advised you need the c++ compiler installed on your system. You can also type "make" to compile the program. It is designed to work on RedHat 5.1 and later Linux distributions. This includes Mandrake. Others may or may not work. Early versions before 5.1 will not work. Go the the Installing for more details.


Legal Stuff
Program description
aprsd Files
File Locations
Installing as a daemon
Starting and Stopping the Server
Installing as a user program
Server configuration file aprsd.conf
Com port configuration
Server shutdown
Remote TNC sysop access
Log Files
Station to Station 3rd Party Messages
Message Acks
User Validation
Filtering abusive users
Selective Internet to RF gating
NOGATE or RFONLY in path
Mic-E packet translation
AEA to TAPR conversion
The qAc construct. Packet source path insertions.
OmniPort and user defined data streams.
UDP input port
The ?IGATE? Query
Java Applets
The aprs passcode calculator
Monitoring system operation with a web browser
Determining the source IP address of aprs packets
Known Bugs


Copyright 1997-2002 by Dale A. Heatherington, WA4DSY
Web page:

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA

APRS is a registered trademark, and APRS protocols are copyrighted by Bob Bruninga, WB4APR. The owner reserves all rights and privileges to their use.

HAMS may apply the APRS formats in the TRANSMISSION of position, weather, and status packets. However, the author reserves the ownership of these protocols for exclusive commercial application and for all reception and plotting applications. Other persons desiring to include APRS RECEPTION in their software for sale within or outside of the amateur community will require a license from the author. Also TRANSMISSION of APRS protocols in any NON-AMATEUR commercial application or software will require a license from the author.

Bob Bruninga, WB4APR
115 Old Farm CT
Glen Burnie, MD 21060


This is an APRS Internet server program. It acts as a gateway between the Internet and a local ham VHF APRS packet network. It is interfaced to directly to a TNC via one of the PC serial ports and does not use the Linux ax25 sockets interface. Hamish Moffatt has a
modified version of aprsd with ax25 support.

It has only been tested on RedHat Linux 5.1 , 5.2, 6.0 and Mandrake 5.3 - 8.1 . It requires libstdc++ 2.8.0 or later to run. It will NOT run on RedHat 4.2.

The program gets data from a TNC connected to a serial port and sends it to all clients who have connected to any of several user defined tcp ports. Some defaults are 1313, 10151, 10152 and 14579. It was designed to duplicate most if not all of the functionality of APRServe, a Macintosh APRS server designed and coded by Steve Dimse, K4HG.
See http://www.aprs.net/aprserve.dcc.html
It can also gate data coming from the Internet to the TNC for transmission on the local VHF RF network.


Users can connect using several client programs such as Mac/WinAPRS, javAPRS, Xastir for Linux and Telnet. The logon protocol used by Mac/WinAPRS and others is recognized and properly handled giving registered users the privilige of sending 3rd party messages into the local VHF network.

Clients can use telnet to watch TNC data.
eg: telnet www.wa4dsy.net 14579
If raw TNC data is desired port 14580 can be used.

Scripts written in languages such as perl can connect to the server and interact with the data. A UDP port is provided to simplify injection of data into the aprs stream by scripts.

The system operator can use telnet to monitor the server status by connecting to any port and enter entering his callsign and passcode and entering "monitor" for the version field. eg: user WA4ZZZ pass 12345 vers monitor
Also he can enter remote sysop mode and gain direct control of the TNC on sysop port 14500.


A history of data from the TNC and IGATES going back 35 minutes (time also user defined) is kept in memory and delivered to each user when he connects. This history data is filtered to remove duplicates and certain other unwanted information. Duplicate data are detected by looking for any packets with the same data and source call sign that have been seen in the last 20 seconds. When duplicates are found they are discarded.

There is also a quota system to further reduce the quanity of data in the history list. Each AX25 source call sign is allowed three packets in the history list. One position report, one weather report and one "other". Only the most receint of each type is retained.


Documenation Files:

aprsddoc.html                   This file.
ports.html                      Detailed info about aprsd ports
revisions.txt                   Detailed list of revisions by version number
q.htm, qalgorithm.htm           Q construct docs by Pete Loveall.

Executable files:

aprsd				The APRS server executable
aprspass                        Computes aprs passcodes from callsigns
aprsd.init                      Script that starts and stops aprsd

Configuration files:

aprsd.conf                      Main configuration file for aprsd
user.deny			List of users with restrictions placed on them
welcome.txt			This file is sent to users when they connect
INIT.TNC			This file is read into the TNC when the server starts
RESTORE.TNC			This file is read into the TNC when the server closes


Log Files:

aprsd.log			Created by server to log all user connections
thirdparty.log			Third party packets gated to RF
udp.log				Data from the UDP port logged here
rf.log				Data from our TNC after being digipeated
history.txt			Created by the server when it closes to save the 
                                history buffer. Data is read when it restarts.

Install files:

INSTALLDAEMON			Installation script for running as a daemon 
INSTALLPGM			Installation script for running as a program
REMOVE				UnInstall script - deletes /home/aprsd2/*




	link to aprsd.init

	link to aprsd.init

	link to aprsd.init



(** also see Installing as a Program below **)

Note that this also compiles the program if the executable "aprsd" does NOT exist in the source directory. To re-compile updates in this directory you must do: "make clean" then "make".

  • Login as root.
  • Copy the archive into your home directory.
  • Issue the following command:
  • tar zxvf aprsd215.tgz
  • Of course you already did it or you wouldn't be reading this ;-)
  • cd aprsd215
  • Note: The following command will also compile the source files
  • cd /home/aprsd2
  • Now make any changes you may require to these files (in /home/aprsd2/):
    Note: The install program will not overwrite these if they already exist.
    • aprsd.conf
    • user.deny
    • welcome.txt
    • INIT.TNC
Note: If you have defined a serial port in aprsd.conf (eg: tncport /dev/ttyS0) the value of "MyCall" specified in aprsd.conf will be replaced with whatever it is in INIT.TNC. This action is new in version 2.1.2.

At this point INSTALL has created a directory /home/aprsd2/ and copied several files into it. It also has copied aprsd.init to various /etc/rc.d/ directories.

Starting and Stopping the Server

After you run INSTALL the server will start when the machine is booted up. To start without rebooting cd to /etc/rc.d/init.d and run the aprsd.init script with "start" as the parameter. eg: ./aprsd.init start

You can also start it as a daemon by using the -d option. eg: ./aprsd -d

The serial device for TNC data and tcp port numbers are set in the /home/aprsd2/aprsd.conf file. You can edit this file in the directory you used to uncompress the distribution files then run INSTALL to make the changes effective. INSTALL also will copy the distribution welcome.txt, INIT.TNC and RESTORE.TNC to /home/aprsd so be sure you make changes to these in the distribution directory before running INSTALL.

To stop the server go to the /etc/rc.d/init.d directory and enter "./aprsd.init stop". To restart enter "./aprsd.init start" . Also, you can use the "service" command. eg: service aprsd.init start .


The server can be run as a regular program for testing purposes or if you don't want it to auto start when Linux boots.

First, stop the aprsd daemon by entering: /etc/rc.d/init.d/aprsd.init stop or "service aprsd.init stop" .

It can be re-started as a user program changing to the /home/aprsd2 directory and typing its name " ./aprsd " Note: you will need to be logged on as root unless your user name has write priviliges on the directory /home/aprsd2 and all the files in it.

If you want to be able to log on as remote sysop and take control of the TNC you will need to add a "tnc" group to the /etc/group file. See "REMOTE TNC SYSOP ACCESS" below for more details.


(You may want to do this first to try it out)

Note that this also compiles the program if the executable "aprsd" does NOT exist in the source directory. To re-compile updates in this directory you must do: "make clean" then "make".

  • Login as root.
  • Copy the archive into your home directory.
  • Issue the following commands:
    • tar zxvf aprsd215.tgz
    • cd aprsd215
    • Note: The following command will also compile the source files
    • cd /home/aprsd2
    Now make any changes you may require to welcome.txt, INIT.TNC, RESTORE.TNC and aprsd.conf to reflect your call sign, location and TNC paramters.
    Note: The install program will not overwrite these if they already exist.
The program and configuration files are copied to /home/aprsd2. You will need to change the permissions on /home/aprsd2 and all the files in it if you want to run it as a user other than root. The Linux password validator will only work if aprsd run as root.


The server has two command line arguments, the name of the server configuration file and one switch "-d" for daemon mode. If no file name is provided the server will use /home/aprsd2/aprsd.conf .

While running, once each minute this server will emit a status message to the console. Also, it tells you each time it sends out a packet and to how many users. It also shows you what it's sending to the TNC. One field in the status message is aprsString Objs. This is a debugging tool to help find memory leaks. It should be no more than 1 or 2 higher than the History items field. Sometimes it will read much higher but should return to a difference of 1 or 2 within a minute or so.

Ctrl-C or "q" will shut down the server in an orderly manner and save the current history list (last 30 mins of select received data) to disk.


The default configuration file is /home/aprsd2/aprsd.conf. The file is read on start up. Lines starting with "#" are comments and are ignored. Documentation on syntax and key words are in the file. More information on the tcpip ports used by the server can be found in


The "igateMyCall <yes|no>" command is new in version 2.1.0 . If the "yes" option is chosen packets sent from your TNC and digipeated will be igated to the Internet. If you have a beacon sending the same position as in your NetBeacon both will be overlayed and unreadable on the users map. If you must igate your own TNC beacons you can offset the location of one of them about .02 north or south so they show as separate objects.


#aprsd 2.1.5 server configuration file
#This file is read ONCE on server startup.
#You must restart aprsd for changes to take effect.
#eg: /etc/rc.d/init.d/aprsd.init stop (then start)
# OR:  service aprsd.init stop
#Lines starting with "#" are comments and are ignored
#Key words such as "mycall" and "maxusers" are NOT case sensitive.
#MyCall is the same as mycall.
#*** There is no error checking so be careful ******
#Servercall is the ax25 source call used in packets
#sent from the server to Internet users. (9 chars max)
#Note: Does not go out on the air.
servercall aprsdATL
#MyCall  This is over-written by the MYCALL string in INIT.TNC
MyLocation Atlanta_GA
#This email address will be sent in replies to ?IGATE? queries.
#It also appears on the HTML status page.
MyEmail sysop@myisp.net
#Set MaxUsers to a value that your Internet connection can support.
MaxUsers 25
#Set maximum server load in Bytes/sec.
MaxLoad 3000
#This determines if Mic-E packets are converted to classic APRS packets.
#Put 'no' unless you have a very good reason to do conversions. 
#This option must also be enabled in the SOURCE CODE. To turn it on
#you must edit "constant.h" and change CONVERT_MIC_E from FALSE to TRUE.
#then recompile aprsd. 
ConvertMicE no
#Define beacon text. The server will supply the ax25 path header.
#The first number after "NetBeacon" is the time interval in minutes.
#Comment out the line or set time interval to 0 to disable beacon.
#The rest of the line can be any aprs protocol conforming packet.
NetBeacon 10 !0000.00N/00000.00W& aprsd Linux APRS Server
#Define the TNC beacon. The TNC will supply the ax25 path header.
#It's optional and you may use the TNC BTEXT in the INIT.TNC file instead.
#TncBeacon 15 !0000.00N/00000.00W& aprsd Linux APRS Server
#Send 2 extra message acks is addition to each received ack to TNC
#Range 0 to 9
ackrepeats 2
#Send extra acks at 5 second intervals
#Range 1 to 30 seconds
ackrepeattime 5
#Set history list items to expire in 35 minutes
expire 35
#Define the TNC serial port (9600 baud)
#Note: This device must have write permissions
#If undefined all TNC related functions are disabled.
tncport /dev/ttyS0
#Set TNC baudrate. Values are: 1200,2400,4800,9600,19200 .
tncbaud 9600
# Allow Internet to RF message passing.
rf-allow yes
#TRACE causes the server to append its own callsign to the end
#of the AX25 path of every packet processed.  
#To conserver bandwidth this should only be
#done for short periods to track sources of problems.
Trace no
#Set filterNoGate YES to block RFONLY and NOGATE packets
filterNoGate yes
#Set history-allow to NO if you do not want users to get history dumps.
history-allow yes
#Set the minimum time between TNC transmit packets in milliseconds
TncPktSpacing 1500
# Disallow packets transmitted from our own TNC from 
# being igated back to the Internet after being digipeated.
igateMyCall no
#Set this to 'yes' if you want to log ALL PACKETS heard on RF to /home/aprsd2/rf.log
#If 'no' then only packets with your callsign will be logged.  (New in 2.1.4)
logAllRF no
#Server connection definitions
#usage: Server <host name> <host port> <TYPE-DIR> <optional OmniPort filter command>
#The TYPE-DIR field sets the connection type and data flow.
#TYPE is  either "SERVER" or "HUB"
#SERVER connections attempt to maintain a connection to the designated host.
#HUB connections maintain a connection to only ONE hub and rotate to the next
#if the connection fails.
#DIR is either "RO" or "SR"  RO is Receive Only. SR is Send and Receive.
#If you select -SR to send data you must also supply a passcode
#using the "PASS" command.
#These commands are NOT case sensitive.
#The PASS command.  The callsign supplied in MyCall and this
# passcode allow you to send data to distant servers.
# PASS can be computed from MYCALL with the aprspass program.
# Note: this example is invalid.
pass 93456
#Example send-receive  HUB connections
#Hub is like Server except only ONE hub connection is active at a time.
#If the hub connection fails the next hub is tried in rotation until one accepts a connection.
Server second.aprs.net 23 hub-sr
Server first.aprs.net 23 hub-sr
Server third.aprs.net 23 hub-sr
#Example Receive-Only HUB connecton
#Server first.aprs.net 23 hub-ro
#Example Send-Receive SERVER connection.  The SERVER type maintains a connection to
#the specified server.  No rotation.
#Server first.aprs.net 23 server-sr
#Example of OmniPort connection to receive the local stream (tnc).
#Note: OmniPort is currently available only on aprsd 2.1.5
#Server wa4dsy.net 14600 server-ro portfilter(local)
#Define server listen ports (see ports.html)
rawtncport 14580
localport 14579
mainport 10151
mainport-nh 10152
linkport 1313
msgport 1314
udpport 1315
httpport 14501
ipwatchport 14502
errorport 14503
omniport 14600
sysopport 14500
#define trusted users of the UDP port.
#usage: trust <ip address>  <subnet mask>
#Selected call signs which are always gated to RF
#if they are not seen locally. All packets from
#these are gated in real time. Do not use unless
#you really need real time data.  Consider posit2rf below.
#They are case sensitive! Use upper case. Up to 64 may be defined.
#As of version 2.1.5 the * wild card character is supported.
#All characters beyond the * are ignored.  
#ie: WA4* would match ALL call signs beginning with "WA4"
#gate2rf K4HG-8 N4NEQ* 
#gate2rf W7LUS-14
#Call signs of stations whose posits are gated
#to RF every 15 minutes.  Only posit packets are
#gated.  Posits are taken from the history list.
#They are case sensitive! Use upper case.
#posit2rf N4NEQ-9 
#posit2rf W7LUS-14
#Define a list of message destination call signs or aliases 
#to gate to RF full time.  Note: the CQGA example 
#below is CQ GA (Georgia). Edit to suite your locale.
#Up to 64 of these may be defined. They are case sensitive.


The "Server" commands in the configuration file above define the distant APRServe and other Servers or HUBS you want to establish connections to. You may choose zero to 100. Duplicate data will not be relayed to your users. Connections which drop will be reestablished automatically. After a connection drops it will attempt to reconnect after 1 minute. If that attempt fails it will try again in 2 minutes. The time will double each time until it hits 16 minutes. Then it will retry forever at 16 minute intervals. These connection attempts appear in the aprsd.log file.

Use the HUB mode (hub-sr) only with APRS servers which carry the full global feed such as first.aprs.net, second.aprs.net and third.aprs.net. Using HUB with all 3 of these establishes a single connection to one of them. When that connection fails the next one will be tried until a new connection is established.

Server mode (server-ro or server-sr) connections should be used for regional servers that do not carry the full aprs data stream.

This server has a port (1314) which only supplies station to station messages and corresponding posits. Other servers which will be used ONLY to relay 3rd party station to station messages to their local VHF network may want to connect to this port to greatly reduce the amount of data on their tcpip connection.

Click here for a list of APRS servers and active port numbers.


The TNC COM port default to 9600 baud, 1 stop bit, 8 data bits and no parity. You may change the baud rate with the "TNCBAUD" command in aprsd.conf. Be sure the TNC is configured to these parameters. You can use the terminal program "minicom" that comes with Linux to prepare the TNC. Make sure the TNC is NOT in KISS mode.

Be sure the device ( dev/ttyS* ) has the proper read/write permissions or the server will not be able to access it.

Root can set the serial port so it can be written to by anyone with the following command:

chmod ugo+w /dev/ttyS0

NOTE: If you don't define a device for the com port in the aprsd.conf file all TNC related functions in the server are disabled.


Ctrl-C or "q" will shut down the server in an orderly manner and saves the current history list (last 30 mins of received TNC data) to disk.

Ctrl-\ shuts down without saving anything.

When running as a daemon you can shut it down when logged on as root by issuing this command: "service aprsd.init stop".


You may telnet to the APRS server and connect to the TNC for the purpose of changing parameters or even sending data out over the radio channel. As of version 215 you must use the SysOpPort (default 14500). Use the (ESC) key from a telnet session to enter remote access mode. You'll be prompted for your user name and password. These must match an entry in the Linux password file. In other words, a valid Linux login user/password. Also, aprsd must be running as root to be able to validate Linux passwords. If the password is incorrect remote sysop mode will be exited. The user must also belong to the "tnc" group. This group must be created in the /etc/group file. Here is an example line:


In this example users root,wa4dsy and bozo are assigned to the tnc group.

After you have logged on, everything you type goes to the TNC and all TNC output data goes only to you. The TNC is effectivly disconnected from all other internet users. Hit control-C to get the TNC into command mode.

To exit remote TNC access hit the key. You may also need to hit if your Telnet program sends data a line at a time. Some Telnet programs can be configured for character at a time mode. Check your documentation for details. As of version 2.1.5 aprsd should put your telnet client into character-at-a-time mode automatically.


To disconnect hit ctrl-D .


/home/aprsd2/aprsd.log	User logons and logoffs and some system activity msgs.

/home/aprsd2/thirdparty.log	 3rd party messages sent on RF.

/home/aprsd2/udp.log	Record of data entering from the UDP port.

/home/aprsd2/rf.log     Record our own packets heard on RF by the TNC. 
                        (After being digipeated)
/home/aprsd2/loop.log   Packets that were NOT flaged as duplicates and
                        rejected by the LOOP detector.

/home/aprsd2/reject.log Packets rejected by aprsd excluding dups.

These can be viewed in real time with: tail -f /home/aprsd2/aprsd.log or the name of the log you want to monitor.

You can also use the "less" program to view it. After entering "less /home/aprsd2/aprsd.log" you type "F" to follow it in real time. Type ctrl-C to exit "F" mode.

All 3rd party station to station messages relayed from the Internet to RF are logged in /home/aprsd2/thirdparty.log

3rd party formatted packets received by the TNC with "TCPIP" in the 3rd party path will never be sent anywhere.

Data from the UDP port are logged in /home/aprsd2/udp.log .

All data heard on RF with the "MYCALL" callsign with be logged in rf.log . This feature lets you see what you have sent out on RF if you are being digipeated by someone else.

To keep the log files from getting too large they need to be rotated on a regular basis. Add the following to your /etc/logrotate.conf file. Log files will be rotated daily or weekly and the oldest deleted after 4 rotations. Feel free to modify the schedule to suit your needs.

/home/aprsd2/aprsd.log {
        rotate 4

/home/aprsd2/thirdparty.log {
        rotate 4
/home/aprsd2/udp.log {
        rotate 4
/home/aprsd2/rf.log {
        rotate 4

/home/aprsd2/loop.log {
        rotate 4

/home/aprsd2/reject.log {
        rotate 2

I use the "joe" editor to edit my configuration files remotely. It isn't installed by default so you may need to install it from the cdrom. To install mount the CD and do rpm -iv /mnt/cdrom/RedHat/RPMS/joe-2.8-13.i386.rpm .


This program will reformat and relay APRS messages from the Internet to the TNC for RF transmission under the following conditions.

It came from a logged on verified registered user.


The originator was not seen on the TNC RF data stream in the past 30 minutes.


The destination HAS been seen on the TNC RF data stream in the past 30 minutes and doesn't have "GATE*" in his path and has been repeated less than 3 times.


The line "rf-allow yes" is in the /home/aprsd2/aprsd.conf file.

Version 2.0.8 and later allows you to define up to 64 message destination call signs or aliases which will always be gated to RF if "rf-allow yes" has been defined. See the example aprsd.conf file for an example of how to use the "msgdest2rf" command to enable this feature. For each 3rd party messge delivered to RF the latest position report packet of the originating station will also be sent after reformating the path in 3rd party format. The program pulls the posit from the history list if it's in there.





(assuming "MyCall" is WA4DSY )

During a series of messages the position packet will only be sent with a message every 10 minutes unless the station emits and new one.

This server will NOT igate a 3rd party _reformatted_ message from RF to the Internet which has been previously on the Internet. ie: has TCPIP in the 3rd party path. 3rd party packets without TCPIP in the 3rd party path will be converted to normal packets and processed in the usual way.

Users of unregisterd client programs can send their own station-to-station messages to other Internet users. These messages will not go out on the TNC RF channel and the path will be modified (TCPIP is changed to TCPXX*) so other hubs will know not to send these messages out on their RF channels. Unregistered users cannot Igate packets other than their own. In other words, the ax25 source call in their packets must match their logon call and "TCPIP" must be in the path. (TCPIP* or TCPXX* will not work either)

eg: assume N0CALL is unregistered and attempts to send the following into the server.

This will be converted to N0CALL>APRS,TCPXX*:>TESTING and gated to other users (but not to RF!)

will be deleted and not sent anywhere.
Telnet users must provide a user name or call sign before any of their data can be relayed to the internet. They need to enter "user callsign pass -1" so the server will accept the data. The ax25 FROM call in packets they send must match the call sign they loggon with. If they provide a valid password full priviliges are granted since they used the keyboard to emulate a client program logon string. (Not that anyone would want to do this except for testing)

This server will also accept valid user/password combinations for the Linux system it is running on. These users must be in the aprs group. This group can be added by editing the /etc/group file.


This program trusts other versions of itself and APRServe to flag the paths of data from unregistered Internet users with "TCPXX*". Station to station messages flagged this way will not be sent out on RF. The IGATE commands in the aprsd.conf file should specify a remote host port which is secure. For IGATES it must be a port which doesn't echo any Internet user data, only TNC data. Full function servers such as APRServe and this version (2.x.x) of aprsd will change TCPIP* to TCPXX* in the paths of unregistered users on all ports.

Users of the current java APRS applet don't log in at all and are granted read-only access

MESSAGE ACKS (New in 2.0.7)

At the suggestion of Bob Bruninga I have implemented redundent message acks. Message packets of the form "WA4DSY>APRS::W4XYZ :ack{1" will be reformatted to 3rd party format and sent to the TNC as usual. However, the packet will be repeated several times at intervals of 5 (typical) seconds. The number of repeats and the time between them are defined by the "ackrepeats" and "ackrepeattime" statements in the aprsd.conf file. The defaults are 2 repeats at 5 second intervals. You can set the repeats to any value from 0 to 9 and the time interval from 1 to 30 seconds. Note the "ackrepeats" value is in additon to the first message ack. You will always send at least one.


I obtained the user validation code from Steve Dimse K4HG. He has recently allowed the source code to be released. The source is in validate.cpp.

If the users APRS name and pass code aren't valid the validate module tries the Linux pass word validator for the "aprs" group. If that also fails it waits 10 seconds then returns the bad news to aprsd which notifies the user.

NOTE: aprsd must be run as root for the Linux password validator to work. However, the APRS user and passwords (from Mac/WinAPRS users) will be properly tested regardless of what user is running aprsd if "aprsPass yes" is in the aprsd.conf file.

The logon format:

user pass vers

eg: user N0CALL pass 00001 vers MacAPRS 3.0
might be sent by a MacAPRS user.
As pass code of -1 means you are an unregistered user, not a hacker trying out an bogus password.

You can telent to a port and enter the following, assuming your Linux user name is bozo and you password is xyzzy and you are part of the aprs group as defined in the /etc/group file.

user bozo pass xyzzy

To monitor some server status data you can enter:

user bozo pass xyzzy vers monitor

The aprs data stream is turned off and "Monitor Mode" is entered. Once a minute the server will send a status message to you.

Once you have logged on, ctrl-D will not cause a disconnect. You have to use your Telnet escape key then do a quit. I had to do this to prevent inadvertant disconnects due to possible spurious control codes in some users data.


You can put the call signs of the users you want to restrict in the users.deny file. The format is the users call sign followed by either the letter "L" or "R". The "L" prevents logons and RF access. The "R" prevents only RF access while allowing the user to send packets into the aprs network.

user.deny example:

W4EVIL L   <--- Prevents sending of packets into the server or RF
W4SOB R    <--- Prevents any of his packets from getting on RF
		even if they came from another igate.

NOTE: This file is read every time aprsd needs to check users
so you will NOT need to restart the server when you change it.
If the abuse becomes serious enough you might consider putting "aprsPass no" in the aprsd.conf file. This turns off the checking of aprs passcodes and only allows Linux user/passwords. You will need to have all your users in the Linux passwd file.

Full time gating of selected stations from Internet to RF

For special events or personal reasons it may be desirable to allow the transfer of packets of selected stations from the Internet to RF. Allowing all stations to do this would overload the 1200 baud VHF packet frequency and isn't allowed. These packets are only sent on RF if they came from the Internet and were NOT heard on the local VHF frequency.

There are three "modes" of doing this. The most permissive allows all packets from a selected station to be sent to RF in real time. The second mode only allows position report packets to be sent on RF every 14.9 minutes. This puts much less strain on the RF network and is the recommended mode.

The third mode which was new in version 2.0.8 gates 3rd party station to station messages to RF full time if the DESTINATION call sign or alias is defined in the aprsd.conf file after the msgdest2rf keyword.

You select the stations by entering them in the /home/aprsd2/aprsd.conf file. Up to 64 stations can be defined. Several can be put on each line. The server must be restarted before any changes to aprsd.conf take effect.

In version 2.1.5 the "*" wild card character is supported. Characters past the "*" will be ignored in the compare operation. For example W7LUS* would allow all W7LUS ssids to match. Examples:

These stations posits are sent to RF every 15 minutes: 
posit2rf K4HG-8 N4NEQ-9 
posit2rf W7LUS-14

All packets from this station are gated to RF full time.
gate2rf N0CLU-9

Any call with the first 5 characters matching W7LUS will
be gated to RF full time. eg: W7LUS-1 and W7LUS-13.
gate2rf W7LUS*

This allows any message addressed to SCOUTS, KIDS or CQGA to go to
RF even though these "call signs" were not heard locally.

Note: The posits of stations in the "posit2rf" list are sent at 14 second intervals. It takes 14.9 minutes to scan the list of 64 before it repeats. The posits are taken from the 30 minute history list. If no posit is available for the station then no data is transmitted.


Version 2.1.5 adds support for NOGATE and RFONLY in the path. Any packet from any source with "NOGATE" or "RFONLY" in its path will be discarded.


If you have "ConvertMicE yes" in your aprsd.conf file AND have set "#define CONVERTMICE TRUE" in the source file constant.h and recompiled the code, compressed TAPR Mic_E packets are converted to standard APRS format before being sent anywhere else. I used the Mic_E decoder written by Alan Crosswell, N2YGK to do the conversion. This is the same code that's in his aprsmon program.

The unconverted raw Mic_E packets from the local TNC can be observed by telneting to port 14580.

AEA to TAPR conversion

All packets in the AEA format are converted to TAPR format before any other processing. Clients never see an AEA formatted packet except from the RAW TNC port (14580) if the system operator is using an AEA TNC.

Packet Source path insertions

To aid in determining where packets were inserted into the APRS Internet stream, aprsd 2.1.5 appends identifier path elements at the end of the existing path if not present. Incoming packets with the "qAc,callsign" in them are not modified.

The first added path elemement is a three letter code indicating data protocol and info about the source of the packet. This code can be expanded in the future as needed.

The first character is always "q". The second character is a protocol identifier for the data payload. Currently only A=APRS is defined. The third character is a code that identifies the source of the packet. The possible codes are C, X, R, , r, S, U, I, Z. They are defined as follows:

Code          Source

C        Validated Client (User). Packet had no q construct.
X        Unvalidated Client
R        RF packet from local TNC or converted from CALLSIGN,I construct
r        Same as above but received indirectly via another server.
S        Server or Hub
U        UDP port on aprsd server
I        Internal status message from aprsd server and Trace Packet
Z        Zero hops and Internal, do not repeat this packet

Following the qAc path element is the identifier callsign:

Source            Identifier

C or X User   Users Login Call sign. 
S APRS Hub    IP address of distant server in HEX. This is the "Hex IP Alias".
I Internal    Server callsign.  (ServerCall in aprsd.conf)
R TNC         IGATE callsign or Callsign preceeding the "I" if converted from CALLSIGN,I .
r             Callsign preceeding the "I"
U UDP         Server callsign.
Z             Server callsign.

Here are some examples.
Assuming MyCall is WA4DSY, ServerCall is aprsdATL, Logged on user is WA4ABC, we are connected to and receiving data from first.aprs.net and the path does NOT already have an qAc, we add:

qAC,WA4ABC     from validated internet Client WA4ABC
qAX,WA4ABC     from unvalidated client
qAR,WA4DSY    from local TNC (RF) 
qAR,W4ABC      from logged on client "W4ABC" and converted from W4ABC,I.
qAr,N4ZZ       from a server and converted from N4ZZ,I format.
qAS,C6581502  from Server/Hub third.aprs.net (IP address = (no q and no I )
qAU,aprsdATL   from UDP port
qAI,aprsdATL   from Internal source (server beacon, etc). Packet will be traced.
qAZ,aprsdATL   from Internal source that should not be repeated (server status messages)

If a packet comes in from directly connected client "MYCALL" and already has a MYCALL,I on the end of the path aprsd 2.1.5 swaps the position of the "I" and preceeding callsign and changes the I to qAR. WA4DSY>APRS,WA4ABC,I:data becomes WA4DSY>APRS,qAR,WA4ABC:data .

If a packet is received from another server and has MYCALL,I in the path, the packet is converted to the qAr,MYCALL format.

The path will be either zero or 2 elements longer than the original.

If trace is enabled by setting "TRACE YES" in aprsd.conf, all packets passing through aprsd will have the servers call appended to the end of the AX25 path.

Click here for more about the qAc,Callsign construct written by Pete Loveall.


The UDP input port (default 1315) is provided for interface with scripts. Only IP addresses listed in the "trust" line(s) in the aprsd.conf file are can send data to this port. You can enter up to 20 trust commands.



You may also provide a subnet mask after the ip address to open up an entire sub net. The example below allows 16 address from to .



The script can format packets to be sent to the TNC for RF transmission or TCPIP. The routing is determined by the "TO-CALL" field. If it's "TNC" the packet goes on on RF via the TNC after the path is striped off.

This goes to the TNC: WA4DSY>TNC:Data for TNC here
This goes to TCPIP: WA4DSY>APRS:Data for the Internet

The complete string including the path goes out on the Internet.

See the file "udp_example" for a sample perl script.


The aprsd 2.1.5 server will respond the general ?IGATE? query as follows:
EMAIL=sysop@myisp.com,VERS=aprsd 2.1.5

Most of the data comes from the aprsd.conf file.

  • MSG_CNT=11 is number of packets sent to RF
  • LOC_CNT=59 is number of items defined as "LOCAL" in the history buffer
  • CALL=WA4DSY is from mycall from INIT.TNC
  • LOCATION=Atlanta_GA is from mylocation
  • HOST=wa4dsy.net is host name obtained from Linux OS
  • IP= is IP address from Linux OS
  • EMAIL=sysop@myisp.com is from myemail
  • VERS=aprsd 2.1.5 is internal version number string.
A query from the RF side will not be passed to the Internet but will be responded to on RF only. Internet queries will be passed to other connected servers and will result in replies from every query enabled IGATE connected to the Internet.

Note that directed queries are no longer supported because of problems with RF flooding.

Java Applet

The JavAPRS applet by Steve Dimse is a completely separate product and is not supported by me. Surf over to
www.ae5pl.net/html/javAPRS.htm for more information.

APRS passcode calculator (new in 2.1.1)

The aprspass program is located in the /home/aprsd2 directory. You may move it to another more convienient location if you wish. To determine the aprs passcode required for a callsign "N0CALL":
Change to the /home/aprsd2 directory.
./aprspass N0CALL
APRS passcode for N0CALL = 12345
The program will print the passcode "12345". You may use this 5 digit number as a password to connect and login to other igates and APRServe. The callsign and passcode are used as follows in aprsd.conf.
igate second.aprs.net 23 N0CALL 12345
This causes aprsd to connect the second.aprs.net, port 23. Data from that server becomes available at your server. Your TNC data and logged on Internet user data is sent to second.aprs.net over the two way connection.
Please use your real callsign!

Monitoring system status with a web browser (new in 2.1.2)

System operators can now check the operational status of their aprsd server with a web browser. The default port is 14501. To see the information simply enter the URL into the browser.
Example: To see the Miami server: http://first.aprs.net:14501/
To refresh the data click the browser reload button. Notice the igate domain names and user IP addresses are links. If the host is running aprsd 212 or later you can click on the link to see the status of that server. This is an open port, no passwords are required.

To disable this feature add to your aprsd.conf file: httpport 0

Determining the source IP address of aprs packets (new in 2.1.2)

This TCPIP port (default 14502) supplies all data streams without dup filtering with a special header prepended. The header contains the source IP address of the packet and the user login name, "IGATE" or "UDP". An example: !! Packets from other igates this server connected to will show the domain name instead of the IP address and the user will be "IGATE". Packets from the UDP port will have the IP address and the user field will be "UDP". Packets from the TNC will have "TNC" in the IP address field and "*" in the user field . Use telnet or nc optionally with grep to determine the source of packets.
eg: telnet first.aprs.net 23 | grep ''
Will display only packets from IP address

To disable this feature add to your aprsd.conf file: ipwatchport 0


Memory Leak Under RedHat 5.1 this program leaks 8K of memory for each user connect/disconnect event. This appears to be a problem with one or more C libraries in the thread creation/destruction code. It has been fixed in 5.2.

To get the fix for 5.1surf over to ftp://ftp.redhat.com/pub/redhat/upgrades/5.1/i386/

Then get this file:

The memory leak seems to be fixed in this version. To install do: rpm -U glibc-2.0.7-19.i386.rpm then reboot. You don't need to recompile aprsd!