Using Openvpn with Flexradio/Smartlink/ and SmartSDR on DD-WRT router

KP4TR

A recent convert to the Flexradio 6300 SDR, I spent a few hours yesterday trying to solve a problem that initially stumped me, then I had to kick myself for not seeing it quicker.

I have spent many years working with "voice over IP" systems helping friends get their systems working behind firewalls, and also setting up "remote stations" using Remoterig solution.

Many issues involve port forwarding, public IP assignment, and ISP port blocking. In Puerto Rico, a local cable company has decided to use "shared IP" assignment, essentially killing many existing VOIP systems like Echolink, Allstar and IRLP. I have been able to help a few friends work around this by setting them up with a VPN provider using OpenVPN, and DD_WRT router OS on Netgear routers.

But I got hit by the same disease many ISP has done to friends without realizing it myself. After succesfully setting up Softether at home, then setting up Smartlink, I kind of assumed all was working.  But ISP (Frontier Fios) suddenly is blocking all my ports. Softether stopped responding, and Smartlink failed test on my Maestro. I guess they took notice of all my recent activity.

So I had no choice than to setup a spare Netgear R6300V2 router (use and cheap on Ebay) with DD-WRT with openVPN client. This router, with the installed firmware, supports Softether. But with ports being blocked, L2TP port is of no use and Smartlink ports aren't either.

So I setup a new openVPN account with my favorite VPN provider (StrongVPN), setup router as an openVPN client, and now I have a static IP with all ports open going to the router and all is working well again. Smartlink responds, and I can use my Flex on my iphone again.

So my VPN solution was:

1. Install DD-WRT on a Netgear R6300V2 (tested and works)
2. Open a VPN account as a "router Account". I use StrongVPN
3. Use their DD-WRT installer (a shell script) and run on the router itself.
4. Once script sets up OpenVPN client on router, it reboots itself
5. The router will then connect to OpenVPN account at startup
6. Set a static IP to Flexradio based on MAC address within DHCP range
6. Assuming Flexradio IP assigned IP is 192.168.1.100, setup a firewall rule on router as follows: 

#Flexradio SmartLink ports via OpenVPN tunnel  iptables -I FORWARD -i tun1 -p udp -d 192.168.1.100 --dport 4993 -j ACCEPT   iptables -I FORWARD -i tun1 -p tcp -d 192.168.1.100 --dport 4994 -j ACCEPT   iptables -t nat -I PREROUTING -i tun1 -p udp --dport 4993 -j DNAT --to 192.168.1.100  iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 4994 -j DNAT --to 192.168.1.100     

Save firewall rule, reboot, and use this router to connect Maestro and Flexradio.

To use remotely, you can use the fixed IP the VPN company gives you, or use DynDNS or NO-IP to setup a DDNS. This can be done in DD-WRT as well.

So now I took my own medicine and now have my radios back in action.

Hope this helps.
  

Mark Erbaugh

Would this help in my situation? My ISP uses a wireless link from a hotspot on a tower to a dish at my location. At the tower location, my router is assigned an address in the 198.168 range and I have no control over the router. I couldn’t get SoftEther working because I assume no ports are visiable on the public side of the router at the tower.

KP4TR

You probably have a private IP assigned, so yes it would. This solution opens up a connection to an account that provides a public IP.

I chose this solution because the cost is minimal ($70 /year).

Mark Erbaugh

Thanks, I’ll have to try it.

Wim

FYI the Netgear R7000 supports Open VPN and Dynamic DNS out of the box, so very plug and play

KP4TR

In my case I dont want to put my entire household behind a VPN on an expensive router. Only my Flexradio and my VOIP stuff. So using a used secondary router works for me. I have even used the Netgear WNR2000 with openvpn and DD-WRT.which sell for like $10 used and works ok. Plus there is a version of DD-WRT that actually has Softether server and bridge included and works very well.

Wim

The whole house won't be behind the VPN, that's not how it works, but the VPN server is build into the router so you can VPN into your network from anywhere on the internet, when your household PC's go out to the internet they don'tt go through the VPN ...

And you can pick up these routers for hundred bucks on the fleabay 

KP4TR

If your ISP blocks your VPN port, or you’re placed behind a private NAT or shared IP, how can you run a VPN server at home and connect from outside?

Wim

Well, that's not typical I would say what you're asking. But have you tried using smartSDR 2.0 in that case ?

KP4TR

I have, and it stopped working when ISP blocked my incoming ports. Thats the reason for my initial post.

Ted VE3TRQ

A side benefit of using a VPN provider with public IP and all ports available is the ability to run IRLP, EchoLink, etc. With more double NATing and IPv6, the VPN providers just make life easier. I use LiquidVPN - relatively expensive and provide an IP address that forwards all ports (effectively in a DMZ).

Wim

Like Ted says you might have to resort to using a public VPN provider, though I wonder if your ISP has 'the right' to block ports. Perhaps give them a call and tell them you're not running servers but just using your radio remotely from time to time, perhaps they will open up your ports again. Or switch ISP !

KP4TR

Really? Did you read my first post? ISP have policies which include prohibiting from running services like email, web servers etc. If I need to run ‘services’, they will tell you to switch to a more expensive business account, which blocks nothing.

KP4TR

I agree and is exactly what Im doing.

Mark Erbaugh

I will assume that the ISP has the right to block ports in an effort to charge more for non-typical or typically business type internet usage. In Ohio, it is a felony to use wireless internet access without the owner’s permission. My internet is wireless, so would I be committing a felony if I used a VPN to get around a limitation from the ISP?

KP4TR

I think the Ohio law sounds more like to avoid access to residential unsecured wireless routers from your neighbors without their permission. But if its your account and your wireless router you should be ok.

Mark Erbaugh

The issue is that my internet access wireless. The ISP has an access point on a tower and I have a dish pointed at it, so it’s not my router.

KP4TR

If youre paying for the service it should not be an issue. Youre the customer.