Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

VPNs and local network conflicts using SmartSDR for iOS and SoftEther.

Ria
Ria Member ✭✭
I was asked by someone to help them set up a VPN to use SmartSDR. Eventually I got it working to the point where it would connect on some wifi networks but not others. It was working perfectly on my iPhone, iPad, PC and mac but not on his when he connected to certain wifi. The VPN would connect without a problem but the SmartSDR for iOS would connect briefly then kick you back saying it is not connected. 

Eventually we found out that because his home network subnet (where the radio is) was 192.168.1.0/24 it would conflict with the local wifi network. What we did was changed the network at his home to 192.168.73.0/24. So far, so good.

It all makes sense because by default SoftEther VPNs are dual homed, meaning you are on two networks at once, with your internet traffic going directly through wifi/cellular and the local  traffic for the radio going through the VPN. If both the local and VPN networks are the same, traffic doesn't know where to go sometimes. 

I'd like to say thanks to Rob K2RWF who posted the solution sometime back and Dave WO2X who suggested it. 

Something to keep in mind. 

73
Ria

Comments

  • Ken - NM9P
    Ken - NM9P Member ✭✭
    edited June 2020
    I dealt with that at my station, too.  To those who have never done VPN before (like me) it doesn't make sense, but that is the way it seems to be.  If the home and remote computers are set for the same subnet, then expect problems.  That is why, like you, I made my home and office subnets to oddball, and different, iP Subnets.  Indeed, thanks to those networking gurus who steered me the right direction.

    Ken - NM9P
  • Ria
    Ria Member ✭✭
    edited October 2016
    Another option is to setup the VPN to route all traffic through the VPN rather than the dual homing setup. That will work. That is also how a lot of corporate VPNs are setup for security/monitoring reasons. 
  • Ken - NM9P
    Ken - NM9P Member ✭✭
    edited December 2016
    Can you expand on that a little?  I think I know what you mean, but want to make sure.

    On my Home router, using OpenVPN, I have figured out how to set it so that when I am at the office or on the road, my internet either goes through the Home Network connection via the VPN, or whether my internet goes through the local connection the remote computer is connected to - WiFi or Cell Phone connection.  

    I usually let my local connection take most internet traffic because if it all passes through the VPN to my home connection I am severely limited by the upload speed of my Home ISP (currently a very slow connection of only 756K upload speed!).

    If I had 3-6 or more Upload speed to the home station, then I would channel ALL internet traffic through the home internet connection.
  • Ria
    Ria Member ✭✭
    edited October 2016
    It's the former, where your internet goes through the VPN home network while on the road. 

    And yes, the tradeoff is speed. I have only 10MBps up (no FiOS here, just DOCSIS3 cable) so things like youtube and Amazon prime video will be lower quality if it goes through the vpn. Of course when I travel to foreign countries I will be able to watch US streaming services so that is a plus. I may set it up that way before I travel next. 
  • Ken - NM9P
    Ken - NM9P Member ✭✭
    edited December 2016
    ONLY 10MBps?  I would LOVE to have uplink that fast!  (I'm stuck with 756KBps or so).  ...   But then my brother has 300 UP/300 DN  MBps and would think that 10 MBps is SLOW!  it's all a matter of perspective, I guess!
  • Jim Gilliam
    Jim Gilliam Member ✭✭
    edited September 2016

    I am completely confused by the above dialogue. When I am remoting and using Softether, when I connect to the remote location, my remoting device is given an I/p designation of one of  the available I/P addresses of my router. For example my Linksys router assigns I/P address from 192.168.1.100 to .254. When I connect I am assigned an address that falls within that range. Also the subnet addresses of my remoting WiFi have the same range because I am using the same kind or router. When I access the remote location using Verizon LTE, I am still assigned an I/P address of the LAN which I am connecting. The above dialogue makes no sense to me.

    Jim, K6QE

  • Ken - NM9P
    Ken - NM9P Member ✭✭
    edited December 2016
    Apparently some routers with their own VPN routines in them get confused when the local and remote ends of the VPN connection both are in the same subnet, they don't seem to be able to figure out WHICH 192.168.2.**** to send the packets to....

    It doesn't seem to make sense, but it is what many folks have experienced.  Perhaps SmartEther doesn't experience this.  But I have had it happen with OpenVPN on my ASUS router.  
  • Ria
    Ria Member ✭✭
    edited October 2016
    Jim, what VPN software are you using?
  • Dave Bottom
    Dave Bottom Member
    edited September 2016
    The reason you want different a subnet for your local router and the one you are remotely connecting to is that they each have a different gateway (the way out).

    If the private networks are in the same address range then your network traffic gets confused and doesn't know which way is out (out to the Internet).  The Gateway for your Home router is your local ISP's assigned IP address.  The Gateway for the remote router is their ISP's assigned IP address for the remote site.  The packets are pretty dumb.  They need directions how to get out.

    If you assign a private network to your home router that is not common, then you have a very remote chance of having this confusion.  You have three sets of IP address ranges that don't exist on the Internet, specifically for assigning to your private networks.  

    Private networks can use IP addresses anywhere in the following ranges:
    • 192.168.0.0 - 192.168.255.255 (65,536 IP addresses)
    • 172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
    • 10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)
    Many of the garden variety home routers attached to, or part of, your cable or DSL modem use a private network in the 192.168.0.0 - 192.168.255.255 range as the default private network, including many public WiFi networks.  With so many doing so it is wise to avoid that range.  

    Businesses often use the 10.0.0.0 - 10.255.255.255 range because it has so many addresses available.  

    This makes private networks in the 172.16.0.0 - 172.31.255.255 range interesting to use as your home private network(s).

    There are some excellent tutorials on general networking you can goggle.

    Hopefully you have access to change settings on your router.  Some cable providers are taking this option away - Both Charter and Comcast have taken this away for new installs, so you have to get your own router and have them make your modem/router just a modem and connect your router/WiFi box to it so you do have access.  

    This may actually be a blessing as some, like Comcast, are using your WiFi router to do double duty as a public access point!

    Your ISP will provide you with the IP's for Gateway, Netmask and Broadcast so you can setup your router.  Here is a handy tool to help your define these for your private networks.

    http://jodies.de/ipcalc

    Dave WI6R


Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.