In order to setup a tunnel connection between two AREDN nodes, one node needs to act as the server, and the other as the client. See the current list of tunnels to know who to contact.

In this example, VA7FI-HAP-1 is the server and VE7RBE-HAP-1 is the client (and the details are made up):

On VA7FI-HAP-1's Tunnel Server page:

• Client: VE7RBE-HAP-1 is Robert's node name.
• Pwd: Create a unique password for that node.
• Net: 172.31.39.164 is automatically assigned by the hAP.
• Some optional contact info can be added.

In addition to this information, VA7FI's public IP address will also need to be given to VE7RBE. To find your public IP address quickly, you can simply search for “what's my ip” in your favourite search engine:

Search for “what's my ip” in Google

Search for “what's my ip” in DuckDuckGo

On VE7RBE-HAP-1's Tunnel Client page:

• Server: 154.12.201.102 is VA7FI-HAP-1's public IP address
• Pwd: is the password created by VA7FI
• Network: 172.31.39.164 is the Net address automatically generated by VA7FI-HAP-1

Most residential internet services are given a single dynamic IP address, which means that the address can change every few days or so (or when the router power cycles). This means that when a server node suddenly gets a new public IP address, the client node can't find it anymore.

One solution is to use a Dynamic_DNS service like No-IP. These services query your dynamic IP address, and translate it into a static hostname. It's that hostname that you then give the AREDN client (instead of your public IP address).

However, the No-IP service needs to be “told” when your dynamic IP address changes. This can be done by installing a small program that notifies them of the change, or alternatively, some routers have that function already built in. For example, the No-IP account can be entered in the Telus T3200M router here:

Advanced Setup → Dynamic DNS

With this setup, every time Telus gives me a new public IP address, the router notifies No-IP, which updates it so that myfancyhostname.ddns.net continues to point to my router. So using myfancyhostname.ddns.net instead of 154.12.201.102 as the Server address will ensure the connection continues when the IP address changes.

On Telus, I port 5525 had to be forwarded to the hAP. There are two steps to this:

Just like Telus gives the router a dynamic WAN IP address, the router gives the home devices dynamic LAN IP addresses. The first step is to force the router to always give the same IP address to the hAP. On the T3200M this is done in:

Advanced Setup → DHCP Reservation

• Select the MAC address of the hAP from the list.
• Choose an IP address to assign it.
• Disconnect the hAP from the router and reconnect it to clear the IP.

Now that the hAP's LAN IP address is fixed, we can forward a port to it:

Firewall → Port Forwarding

• Select the hAP's IP address from the list
• Enter 5525 in all four Port fields
• Select TCP