Configuring VPN for SmartSDR

carsco

Hello everyone.

I own a Flexradio 6400 which is behind CGNAT.
My local PC is behind a public IP.

I can't use Smartlink because I don't have a public address on 6400 and I cannot open TCP/UDP ports.

I bought two GL-MT300N mini routers with VPN capabilities (OpenVPN and Wireguard) to set up a VPN between the two locations but neither Wireguard nor OpenVPN provide the layer 2 access that SmartSDR requires.

Maybe it's me who doesn't know network theory well, maybe there is someone who has succeeded...
Could anyone help me?

Currently I have the VPN server where I have the public IP (local PC) and the VPN client where I have the Flex6400 behind CGNAT.

CGNAT Router > WAN MT300N
Flexradio > LAN MT300

Local router (with public IP) > MT300N WAN
Local PC > LAN MT300N
TCP and/or UDP VPN ports opened router side

From a remote location (Flexradio) I can ping and see the entire local network (local PC) and vice versa, but from a local PC using Smartlink I can't see the radio.

The problem (I think) is that the broadcast packets that SmartSDR requires (ISO-OSI stack level 2) do not pass.
How did you solve it?

My intention is to use the two mini routers, not other software or OS based VPNs so as to be more flexible.

Thanks.

Gord-VA7GP

Hello @carsco

There are at least 3 ways to tackle your situation:

1. Configure a TAP device in the router at your Flex location, and "join" the VPN to your local network. I did, once, get this to work with my Ubiquiti UDM-Pro, but I now have more grey / less overall hair, and I made no notes along the way. Google will be your best friend for this approach. In a nutshell, a TAP device will allow your local-LAN UDP discovery packets to cross into the VPN. I abandoned this because it was challenging and I forgot to make my changes persist across reboots ("the cat ate my homework")
2. You can obtain and configure software that runs on your Flex LAN, catches the UDP packets, then re-emits them over the VPN. I have never tried this approach:

https://github.com/res3066/flexrelay

3. In a reverse-but-similar vein, you can run software at your travelling-VPN-loation, which produces "fake" UDP discovery packets for SmartSDR to then use to reach out and connect to your Flex radio. I have used this, and it works for me - as a standby should SmartLink be unavailable:

https://community.flexradio.com/discussion/8030063/mikes-python-script-for-non-smartlink-and-simple-vpn

In general, I find Wireguard + Mike's python-script works well; SmartLink works very well. Day-to-day I prefer to use SmartLink but I want to be well-prepared in case SmartLink isn't there for me.

HTH!

Alan

I have been a user of the Pep Wave products, including SD-WAN, but until recently, the costs have been high.

SD-WAN a VPN, is built into the PepWave routers, allows level two of bridging, and requires only one side of the bridge to have a public IP.

https://www.peplink.com/technology/sd-wan-solutions/

There are a wide range of products, and prices. All routers have SD-WAN. Here is a link to the now, low end router for $299. You will need one PepWave router on each end.

https://www.peplink.com/products/soho-routers/b-one/

You can configure VLANS at each end, if you want to isolate the shared Flex LAN from your home LAN.

Alan. WA9WUD

carsco

Ok. I've solved using Ubuntu server and Zerotier with a level 2 bridge.
Now I can connect my flexradio behind 4g CGNAT.

All works well without Smartlink (not logged) but I've stutter RX every 7-10 seconds during which waterfall become black and I can't listen nothing for a few milliseconds.
Why?

Tried to lower FPS and RATE to minimum, nothing changes: it doesn't depend on this.

I've a good 4G bandwith (over 30Mbps-up, 60Mbps-down) and a good latency (<80ms) but I've 120-200ms Zerotier latency from peer to peer.
All ok if I use FFTH on each peer, server and clients.

What I can check?