SMART SDR LAN remote working well over PPTP VPN

ctate243

Smart SDR 1.4 has been optimized so well that I am running it with solid connection from the office via a PPTP virtual private network to my home LAN (with broadcast traffic enabled) over the internet from an ATT uverse DSL link.  AMAZING WORK FLEX TEAM!  We even got it to run over a mifi hot spot briefly.. but there was worse latency.  local network utilization is ~ 200k. VPN  In my opinion Challenge has passed the test.  Not for the masses yet.. but it does seem to work and puts a shining light on the future.

Ken - NM9P

How do you do this?
I have ATT Uverse 6 Mb/s service at home and Uverse 12 Mb/s service at my office.
I have been doing computers since the late 70's but the finer points of VPN have eluded me so far because of lack of experience and tutoring.

Can you talk me (us) through it?

Thanks

Ken - NM9P

SteveM

Chris,

Out of curiosity, are your office and home on the same network? A VPN from my home to my office would involve a single ISP, thus I would expect it to work as well as it does on my own LAN.

SteveM

Ken,

Do you "remote-in" to your office workstation from home? If so, then what you want to do is the same thing, but in the opposite direction. You'll need a home router capable of hosting the VPN.

K6OZY

The key is to use a VPN server that allows bridged mode.   I use OpenVPN and their terminology is "TAP".   Most VPN implementations use a routed method that put the VPN clients into a different subnet.   It won't work that way.  I can write up a way to do this using pfSense firewall.  It's an open source firewall that I use and love.

ctate243

Ken,  basically you can configure your router in U-verse to bridged mode.. you can look it up on google for instructions.  In this type of setup you can install the router of your choice and it will get a routeable dhcp address (and if you want to go the extra step register a dyndns account so you can have a friendly vpn dns domain..yourcallsign.dyndns.org or whatever.  If you pick a router with VPN capability, (I use an ASUS router) you can set it up to accept VPN connections.   This router allows your vpn settings to enable broadcast traffic through the VPN(required for the SSDR client).  I also enable the "use default gateway on remote network" setting in advance tcp settings of the vpn connection.  When I did this the radio showed up as available to SSDR.  My findings are that performance is excellent in the 30ms latency range.. but degrades a bit as it approaches 35ms. the network resources take about 400 k for DAX and 200k for SmartSDR so any connection you have will need to allow for that.  at 32 ms latency the performance is not visibly discernable from direct lan use.  This is fantastic.  Great job flex!

ctate243

No they are not.  My office has its own connection. the VPN is set up to create a point to point tunnel to my home lan, and with brodcast traffic enabled my laptop is effectively on my home lan less the latency of the internet link.  My findings as far as resources that a bi directional 600k of internet throughput with low latency will be required, likely making some entry level DSL connections less than optimal for this use.. but if you have the throughput and the latency is ok it seems to work
 

SteveM

Chis, I think this was your response to me.

I understand what you are doing with the VPN. What I meant to ask is whether your home and office traffic travel over a long-haul backbone network between two ISPs. As I said, my home and office use the same ISP, therefore any traffic between the two never leaves the fiber-ring that encircles my city. Thus, a VPN between the two is not much different than a direct connection on my local LAN.

ctate243

Oh ok steve.  No these are separate ISP's.. A trace route revealed about 8 hops to my router from a different carrier.

Rob Fissel

Ken, 

I now have SmartSDR Remote working FB via WAN using PPTP VPN. 

I was having issues with my router (Buffalo with DD-WRT) passing UDP broadcast packets, so I flashed the router to a new release of DD-WRT. Set up a PPTP VPN through DD-WRT's interface, and it works great. 

I'd be happy to guide you through this procedure if you'd like. DD-WRT is really amazing, and can turn a $30 router into a $400 router. 

KY6LA_Howard

@Rob

Please post it on this community with lots of screen shots so that everyone can benefit from your trials, tribulations and ultimate wisdom

Rob Fissel

Howard, 

Gladly. 



First, familiarize yourself with dd-wrt. The scope of flashing a router with this custom firmware is too broad to to cover here, and there is plenty of terrific how to guides and supporting documentation on their website. Way better than what I could do. dd-wrt is custom firmware that allows your router to typically do way more than with the manufacturer's firmware, and many many routers are supported. My router is a cheap $60 Buffalo router. 

As you can see, I've enabled the PPTP Server, as well as enabled Broadcast support and MPPE Encryption (worthless, I know, but better than nothing). 

I provide google's DNS servers in DNS1 and DNS1, and add my router's IP to WINS1. It's worth double checking your router's IP address if you're not sure. There are other common IP router addresses, like 192.168.0.1, or 10.0.0.1. Double check to be sure. 

Server IP - you want this to be an IP address that isn't in use on the network. I don't start my DHCP until 1.10, so I have 8 static IP's to work with (192.168.1.2-9). I chose 192.168.1.3 (192.168.1.2 is already statically assigned to a server on my network). 

Set a range of IP addresses to be assigned to VPN connections, as seen in "Client IP(s)." You would want this to be outside of your DHCP pool for sure. My DHCP starts at 192.168.1.10, and assigns up to 50 addresses. I chose 192.168.1.80-85 as it's well outside of where dynamic IP addresses are assigned. 

The number of clients is arbitrary, but you cannot have more "Max Associated Clients" than you have "Client IP(s)" assigned. 

Chap Secrets follow a specific format: username <space> * <space> password <space> *

Eg:
admin * password *

This is the username and password you would use when setting up your VPN client on your remote computer. 

Once this is set, click Apply Settings, then head on over to Administration, scroll down, and reboot the router. You should be good to go. 

Follow this tutorial for setting up a VPN connection on your remote computer:

https://www.hideipvpn.com/2009/09/howto-windows-7-pptp-vpn-setup-tutorial/

Substitute the username and password with the one you created in your PPTP VPN server. 

Also worth noting is that for "Internet Address" during setup, you would enter your WAN IP address or DDNS address. A DDNS service is worth the money in this instance, especially if your WAN IP is dynamic. 

If all's well that end's well, you should be able to connect to your VPN, start SSDR, and have your Flex show up, ready for action!

***Note that PPTP is not a secure solution, and it's encryption is compromised. While Microsoft has patched it's known issues, it is widely accepted that PPTP is compromised. OpenVPN provides a bridge solution that is far more secure, but is also far more complicated to set up. Use at your own risk. 

Bob-N4HY

Ken,  I have my computers at home VPN to Virginia Tech which has an amazing IT infrastructure and in fact, is one of the largest IPv6 installations in the world.  I use NRV Unwired is my WISP, so I have to VPN TO my network from home because NRVU does not pass ports through routers/etc in the wifi-like connection.  My major improvements here came when I forced them to install 5 GHz here rather than 2.4 GHz which collapsed every night when everyone got home and jumped on Netflix, Hulu, etc.

It is looking pretty good...

Bob
N4HY

Tim - W4TME

To everyone on this thread:

If you write up your procedures in great detail with 8x10 glossy photos of all the screen shots (sorry Arlo) so that a networking neophyte can reproduce your configuration and send it to me via e-mail in MS Word format, I'll convert it and post it on the HelpDesk HelpCenter so it can be accessed by anyone.  The HelpCenter articles are searchable via the Community, so there is information continuity. 

Steve-N5AC

Just a note here to explain for anyone trying this out how much control you have over the bandwidth.  The SmartSDR architecture was designed to allow a lot of control over the bandwidth between the client and the server.  Here are the components that generate network traffic and the control you have over that traffic:

1. The audio codec today has a single setting that we control that provides excellent fidelity -- we really felt that this was the last thing most folks would want to compromise and so today, you don't get to control the bandwidth here.  The codec is running at something under 80kbps for receive audio, independent of the number of slices you are running.  
2. Each panadapter consumes bandwidth based on two factors: the frame rate and the width of the panadapter.  The height does not matter.  You can reduce the width of the display and you can control the frame rate by adjusting the FPS control on each panadapter.  A typical 25FPS fram rate and a 1500 pixel width will generate about 500kpbs of data.  Slow the frame rate to 5FPS and the bandwidth will perfectly scale down to 100kbps
3. The waterfall works very similarly to the panadapter.  With the same 1500 pixel width and a rate of 80, the waterfall will consume about 650kbps.  Reduce the rate to a setting of 40 and now the same display will consume only 55kpbs
4. Metering today is fixed and will vary based on the number of slices you have (largely) and will consume about 30-60kbps
5. The discovery protocol will take about 2kbps

So if you are in a constrained bandwidth situation, altering the speed of your displays will give you a lot of control.

Ken - NM9P

Excellent info. What effect does hiding the waterfall have? And when hidden, does the rate have any effect, I.e. Does it still run in the background?

ctate243

Thanks Steve good info.  Your team has made some big time advances here and we are all digesting all of this.. and very excited about the network optimization that has occurred. the LAN remote feature has proven to be much more than that.. 

K1VL

This is an excellent thread! Kudos to the Flex team for making it happen and choosing the high fidelity and robust Opus audio codec.

I would agree that a DD-WRT based router on the "Flex host" (radio) side is a very good, cost effective way to go. I have used multiple Cisco/Linksys E3000 and E4200 routers flashed with DD-WRT firmware for over six years now with great results. I have had them configured as both PPTP servers and a OpenVPN point to point VPN (you can do both at the same time by the way) between my primary and second home.  PPTP is reasonably secure for home use if implemented correctly (force maximum encryption and use a long password - the password is linked to the how secure the encryption is) and is very simple to setup and works with the native Windows, Mac and IOS software clients. OpenVPN requires more networking and technical know-how but is a more secure and open standard. The OpenVPN site to site tunnel is robust and can be configured as a bridge (TAP mode) or as a routed connection (TUN mode).

For those who are interested in getting started in DD-WRT here are some great links:

How to install and setup DD-WRT (this is an excellent site):
http://www.stevejenkins.com/blog/2013/01/my-cisco-linksys-e4200-dd-wrt-settings-for-max-speed/

How to setup a PPTP server on DD-WRT:
http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration

How to setup a OpenVPN Site to Site VPN on DD-WRT (easiest instructions - especially on how to generate needed encryption keys):
http://wadihzaatar.com/?p=11

Carmine
W1EQX

Mike va3mw

Since we are on the VPN discussion, are there any Astaro/Sophos VPN users that have been able to see the radio on either an SSL or PPTP connection?  

I can ping the radio from the vpn side and I have added the required firewall rules (using 'ANY' as services), but I can't seem to get the radio to be seen from the remote (VPN) end.

I have even forced 4993 UDP packets to be echo'd (I think) between local and remote ends.  

Looking at Wireshark on the radio end, I see a Protocol called VITA 49 as a type that is also sourced from the radio.

Thoughts  ... Mike va3mw