Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Remote connections between SmartSDR and 6700 without SmartLink

Hello folks,
I need to access my Flex 6700 from multiple locations, but I don't want to use SmartLink as a connection broker. Had someone managed to create such configurations (using VPN, port forwarding on your firewalls, 1:1 NAT, etc? I could not find relevant information in the documentation available. Since LAN connection on the same subnet works just fine, I obviously can sniff IP traffic and find out all the details, just want to save myself some time.
Thanks,
Gene W3UA

Best Answer

  • Mike-VA3MW
    Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin
    Accepted Answer

    @w3ua

    Gene

    On a local LAN, the radio broadcasts is IP address to the entire subnet and the client hears it and then shows it in the radio chooser.

    If remote, you will require a VPN that supports Layer 2 broadcasts on the same subnet as SmartSDR does not have a direct IP addressing option. That feature has been requested. SmartSDR for MAC does.

    In your case, the reliable and easy solution is to use SoftEther VPN. Be aware that LAN traffic is not compressed. SmartLink traffic is compressed so it uses less bandwidth.

    The details are published here: http://wiki.flexradio.com/index.php?title=SmartSDR_Ethernet_API under discovery protocol and how we use VITA49.

    73

Answers

  • KD0RC
    KD0RC Broomfield, COMember, Super Elmer Moderator

    Hi Gene, SoftEther VPN can be used (I think it was the solution before SmartLink came into being), but SmartLink works much better. Is there a specific reason you want to stay away from SmartLink?

  • N5NHJ
    N5NHJ Member ✭✭

    Hi Gene,

    Several configuration were discussed previously, mostly when SmartLink had some issues and was not available. You can find those discussions here in the forum.

    If you want to go with your own solution and you do not have the hardware in place yet (routers, computers) I suggest you to find routers which integrate VPN servers. For example, Mikrotik routers have OpenVPN integrated and I'm sure other brands have similar solutions too.

    This way you don't need any computer at the remote site, stability and reliability will be improved.

    73, Max

  • w3ua
    w3ua Member ✭✭
    Thanks Len,

    The main reason I want to stay away from SmartLink is its privacy/security. I don't want to depend on some third party identity management service in this particular case. I have no idea how they manage my credentials and other information. Especially if it does not provide me with any added value. I just need to connect my own resources, why should I depend on the third party? And I simply hate using usernames and passwords ;)

    I use VPNs everywhere, the problem is with network discovery and connection establishment. I know IP addresses of Flex and remote computers (both Maestro and desktops with SmartSDR). I have solid connectivity between the sites. The only problem is that Flex and remotes are on different subnets, and SmartSDR does not allow manual configuration. So, effectively, my question is -- how does SmartSDR search for the Flexes on LAN? Broadcasts? In the worst case scenario I'll wireshark the traffic and figure it out, then set firewall rules, NATs and policy routes accordingly, but maybe someone did that already, so I just can use somebody else's wisdom...

    73, Gene W3UA
  • N5NHJ
    N5NHJ Member ✭✭

    Gene,

    SmartSDR allows manual IP configuration when done from a local computer. The other option is configure the DHCP to provide a fixed, known IP to the radio.

  • w3ua
    w3ua Member ✭✭
    Thanks Mike,

    That really answers my question. Will configure my VPNs accordingly. Also, will be waiting for manual IP configuration in Win SmartSDR and Maestro.
    Another question arises then -- why SmartSDR compresses traffic when it's routed through SmartLink, but not locally? If it's a lossless compression, it makes sense to compress it always, and if it's lossy, then it would nice to have a toggle in SmartSDR to switch compression on and off. Sounds like a feature request ;) . But definitely not urgent. I would rather see Oauth2 authentication in SmartLink, allowing people to select their trusted identity providers. It would be much better than obsolete "second factor" with SMS of OTP.

    Case closed, thanks a bunch.

    73, Gene W3UA
  • Mike-VA3MW
    Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin

    On a local LAN, the compression would not be significant enough to make a performance difference. On a SmartLink connection, every bit helps.

    I can't remember if it is lossless or lossy but I do know that they a bunch of testing on it a long time ago (I wasn't involved).

    A lot of the way a solution comes together is related to the KISS model and ensuring that it doesn't result in a LOT of post-sales support phone calls. And, we agree, there may be better or different ways but can the install base (customers) handle the technology. Look at LOTW as an example. :)

    73

  • w3ua
    w3ua Member ✭✭
    Mike,
    I totally agree. Learning curve is everything; the good news with SDR (versus LotW) is that the customer base is a bit more tech savvy. But LotW set a great example, how need overpowered the complexity. But this topic is kinda unrelated to the content of the thread, so I would rather discuss it in private. If you are interested, of course.
    Thanks again for your help. Just trying to figure out, why UDP broadcasts don't go through this particular SSL VPN. Will check IPSec one later tonight.
    73 Gene W3UA
  • David Decoons, wo2x
    David Decoons, wo2x Member, Super Elmer Moderator
    edited September 10

    I’ll just mention some things about the identity stuff.

    you are opening two ports in your firewall to the radio, not any PC. You create the email and password. It should not be the password for that email account. You don’t even need to use a valid email, unless you plan to use the forgot password recovery. You set up the username and password in your client one time, so you do not need to enter it every time. And last, the SmartLink server only knows the external IP and the radio that resides there.

    One more note from someone who has been down the VPN path before. With default settings using VPN I was using more than 1 gigabyte of data per hour. Depending on you service provider at both ends, you might get flagged as a “heavy user”. Also it will not play very well over a so-so cellular connection. The low data mode in SmartSDR for IOS works well on poor connections. Just tested my Verizon “5G” speed at my kitchen table and got a whopping 1.14 Mbps upload and I am in a very populated area 30 miles from NYC.

    If the VPN works for you then good! If not, at least you have some idea of what information is shared.

    73

    Dave wo2x

  • w3ua
    w3ua Member ✭✭
    Dave,
    Radio IS a computer, so having it accessible by an outside connection poses security risk. At least theoretically. I decided to give SmartLink a try, so for that purpose I moved the radio to the DMZ subnet (which is shared by various cloud gizmos like Nest thermostats, Alexas and Chinese surveillance video cameras) which does not have access to my internal network. Then I created username and password, just to discover that SmartLink uses Auth0 for user management. It immediately raised the question -- why don't they use better authentication, which can be integrated in just a couple of hours, and would satisfy both security paranoiacs like myself, and those who simply value convenience and like to login without usernames and passwords? Second factor as an added benefit, without much of a hassle. Integration is easier than adding WSJT to SmartSDR. I did that last night, it took me more than two hours to put together all the pieces. Excellent Mike's youtube video really helped, but connecting amplifier, logger, configuring various parameters, figuring out times, delays, etc. took time. Auth0 integration is much easier to do IMHO ;)

    73
    Gene W3UA
  • Bill N3HQB
    Bill N3HQB Member ✭✭

    Parallels Access.

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.