Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Easy Solution for Double NAT: Tailscale VPN and Smart SDR Using "Sub Net Routes"

I found an easy solution for using Smart SDR outside your home network (WAN), including when you have a double NAT (think cellular and StartLink). Also, perhaps, an easy work around to the current SmartLink not working with static Flex IP addresses.

Disclaimer - I have not give this a lot of testing, but it appears to be working in my situation with a Starlink connection on one end and a cellular connection on the other end (both have cellular grade NAT). I am so excited to share, I hope it works as well for others.

I have been a user of Tailscale, an easy to use VPN with secure validation. For one user, there is no charge.

Up until the latest TailScale update, it was necessary to install the TailScale client on each machine in your network.....this prevented accessing the Flex Server thru Tailscale because it is not possible to install Tailscale on the Flex Server itself.

Tailscale recently announced two new features, "Sub-Net Routes" and "Exit Nodes". Of interest for Flex WAN access is "Sub-Net Routes". Current users of Tailscale must upgrade to get this new feature.

From the Tailscale description:

===============

However, you may have machines you don’t want to, or cannot, install Tailscale on directly. In those cases, you can set up a Tailscale “relay node” to advertise whole subnets at once. Relay nodes route all traffic from the Tailscale network onto your physical subnet. This makes it easy to incrementally deploy Tailscale, even on legacy networks.

=================

Here is a link to the installation instructions.

I updated my TailScale and ran the command to link my local subnet to the TailScale network of devices (devices I installed Tailscale on and validated myself).

Then with my laptop, running Tailscale, connected only to my cell phone, I ran Smart SDR (outside my LAN). Smart SDR showed my Flex Server on its local IP address. I clicked to connect and it connected and ran very smoothly......easy peasy!

Note - Tailscale has apps to install on all devices and operating systems. However, for now, they warn the machine providing the "Sub-Net Route" link to the Tailscale network must be a unix machine.....they plan to include the option for Windows and Mac on upcoming upgrades.

Alan. WA9WUD

Comments

  • Alan
    Alan Member ✭✭✭✭

    False Alarm....Sorry!

    Seems I had another connection to my LAN from the laptop that I missed during the test.

    After correction, we are back to the level two bridge problem.....I can see the discovery VITA packets, but the UDP port 4992 packets cannot get thru.

    In any evert, the Tailscale subnet routs seems to work with other devices on my LAN.

    I will keep experimenting with SmartSDR, perhaps a solution will appear.

    Alan. WA9WUD

  • Mike VE3CKO
    Mike VE3CKO Member ✭✭✭

    Had me excited their Alan for 74 minutes, lol.

  • G7UFO
    G7UFO Member ✭✭
    Alan - did you persevere with this at all? I found this topic when hitting the same issue myself and wondered if you may have found some magic incantation... :D
  • Alan
    Alan Member ✭✭✭✭

    G7UFO

    I have not found a direct solution to use Flex SmartLink directly with Carrier Grade NAT, as used in cell phone hot spots and StarLink.

    I had some success using PepLink routers, with "Pep Link" VPN, level two binding, with "speed fusion". This solution is expensive and was bandwidth challenged. The connection to the Flex Radio Server, was sometimes lost.

    I am now setting up a screen share solution, using "Tailscale" VPN, to get through the double NAT. I have a NUCi7 at the remote station running Windows 10 pro....Microsoft Remote Desktop enabled. At the shack, I can access the remote NUC desktop as if it were running locally.

    For audio, I found if I enabled audio on the Remote Desktop, then DAX would not work. So.... I am using "Dante" audio connectors, connected directly to the speaker and microphone jacks of my Flex 6600. Then, "Audio Movers" to move the audio over the internet (via the double NAT WAN), from the remote site to my station. Except for the audio latency, it works very well. Latency is comparable to the same with Flex SmartLink.

    Digital modes run on the remote NUC, so no issues there.

    Here are links to the products I mention:

    Alan. WA9WUD

  • Alan
    Alan Member ✭✭✭✭

    Tailscale Update

    For the group's information, I have submitted a "Feature Request" to Tailscale, for adding a Level Two Bridge option.

    Alan. WA9WUD

  • Dave W5UN
    Dave W5UN Member, Unconfirmed ✭✭
    Alan, based on your conversation with Tailscale, did they ever do any adjustments to their VPN to allow the passing of the Flex data?
  • Alan
    Alan Member ✭✭✭✭

    Tailscale Tech Support says their current version of "Sub Net Routing should be used,(https://tailscale.com/kb/1019/subnets/

    I tried it out, and it works great for TCP packets.

    Followup with Tailscale found I needed to build a UDP/TCP bridge on both ends, and pass through Tailscale with a TCP packet.....That was a show stopper for me.

    I went back to my hardware based PepWave routers VPN, with level II bridge built in....works reasonably well....but expensive.

    Alan. WA9WUD

  • rdwing
    rdwing Member ✭✭
    This should work with ZeroTier, you'd just need to configure your ZeroTier endpoint on your network to allow traffic out from the VPN onto the local LAN. Best thing is its free and open source.
  • Mark - W0QL
    Mark - W0QL Member ✭✭
    Roland,
    Thank you for posting the link to bridge ZeroTier. Have you tried it yourself and had success? I am getting stumped at the “systemd-networkd” steps. Can you help? It’s beyond my ability at this point.
    Thank you,
    Mark - W0QL

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.