Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Flex behind CGNAT network; experiences with SoftEther / VPN Azure and alternatives

HB9CAT
HB9CAT Member ✭✭
If your Flex is connected behind a router using a CGNAT connection (typically a 4G/5G router in Europe), you can't use Smartlink because the public IP address your router gets is not reachable (typically 10.x.y.z).

Flex recommends to use the SoftEther VPN software to get around this problem; the advantage of SoftEther is it's bridging function; so the SoftEther client will create a new virtual IP interface that is virtually sitting on the same LAN as the Flex on the server's side, so you get to see the Flex just like if it was on your local LAN.

SoftEther works just fine if the Server (so the Flex) are on a reachable network; if not (the CGNAT case) it can relay through a VPN Azure connection to resolve the connectivity issue.
It works. The issue is that going through VPN azure introduces latency, in my case around 500ms, which is functionally OK (SmartSDR works) but quite frustrating.

I had already deployed an alternative solution to the CGNAT problem by using LogMeIn Hamachi ( https://www.vpn.net/ ) ; one PC (or Raspberry) on the Flex side connects to the LogMeIn cloud, and so does the client PC: they find themselves to be in the same IP network ( in my case a 25.x.y.z network).

So I tested using Softether with no VPN Azure funtionality, instead the Softether client connects to the LogMeIn IP of the Server (where the Flex is). The bridging function of Softether is performed and voilà I see my Flex virtually on my LAN.
The good thing is that latency is much much better than going through the Azure cloud, in my case it was just 30ms, so perfectly usable :-)

I believe LogMeIn comes for free for up to 5 connected PCs; as I have more than 5 I did buy a yearly subscription and I'm very happy with it. (Disclaimer: I do not work or am in any way associated with Hamachi / LogMeIn).

I know that a Flex behind CGNAT is a pain for many people, so I throught that sharing experiences in the community is important.

73
Marco HB9CAT

Comments

  • Dave W5UN
    Dave W5UN Member, Unconfirmed ✭✭
    Marcos I would like to try this. I already have Softether server installed on the Flexradio connected computer. So let me understand, I install LogMeIn on the server computer, how do I link that to Softether server, or is this automatic? On the client computer do I install LogMeIn and Softether client? I apologize for my ignorance.
  • Roland HB9VQQ
    Roland HB9VQQ Member ✭✭

    As an easy alternative, I recommend using ZeroTier SD-WAN. In the screenshot below you can see using SSDR with the Flexradio installed behind an LTE/4G Router. No fiddling with NAT at all and very low latency


    Make your entire (Home)LAN accessible while on the Road with the help of ZeroTier Bridge running on a Raspberry Pi


    73

    Roland

  • Dave W5UN
    Dave W5UN Member, Unconfirmed ✭✭
    Roland, I would like to try this, but I don’t know how to get started. I have many questions. Can we correspond using email, or Skype? Please be my mentor.
  • flyham
    flyham Member ✭✭

    Roland, Marco,

    I am also interested in your solution. It sounds relatively simple but also getting into foreign territory for me. I’m in search of the best solution to remote operation behind a 4G home router. Any further tips or explanation would be greatly appreciated

    mitch

    ke0uas

  • HB9CAT
    HB9CAT Member ✭✭
    > @"Dave W5UN" said:
    > Marcos I would like to try this. I already have Softether server installed on the Flexradio connected computer. So let me understand, I install LogMeIn on the server computer, how do I link that to Softether server, or is this automatic? On the client computer do I install LogMeIn and Softether client? I apologize for my ignorance.

    Hello Dave, sorry for the delay, I didn't log in here for a while.
    BTW my US callsign is W2UN ;-)

    So if already have Softether server installed click on the "Local Bridge Settings" on the lower left; I am assuming that the server is sitting on the same LAN as the Flex; in the configuration select the virtual hub you probably already configured for basic functionality, and select the ethernet physical interface common to the Flex.

    Install LogMeIn on the server, create a "meshed" network and have the server join it, same thing for the client PC; they end up being on the same network (in my case a 25.x.y.z, automatically generated).

    At this point in the Softether client configuration create a connection targeting the server's LogMeIn address (25.x.y.z) as the "Host Name", and the same TCP port you configured on the server; the drop down menu "Virtual Hub Name" will show you the Virtual Hub you originally configured on the server.

    This is it

    The SoftEther Server will accept incoming connections to any of his interfaces, that also includes the LogMeIn interface.
    On the client side you will know that it worked because a pop up window will let you know that you're getting an IP assigned from the remote DHCP server.

    (If both server and client LAN's would be on the same classical 192.168.1.x network there may be a problem; to make it simple change one of the 2 networks to be 192.168.y.x , y being any number other than 1.... )

    Let me know if this works.

    I thank Roland HB9VQQ for the hint on ZeroTier, I am trying it out right now, by the looks of it it takes some thinking on which network connects to which and the bridging function on windows seems a bit more complicated than with SoftEther.

    By the way Softether works on Raspberry PI as well
  • HB9CAT
    HB9CAT Member ✭✭
    > @flyham said:
    > Roland, Marco,
    > I am also interested in your solution. It sounds relatively simple but also getting into foreign territory for me. I’m in search of the best solution to remote operation behind a 4G home router. Any further tips or explanation would be greatly appreciated
    > mitch
    > ke0uas

    Hey Mitch,

    it's always hard to judge what's the "best solution", it depends on what's important to you; the solution I found is relatively easy to configure, even if it's a 2-step solution.

    The reason for building this 2-step solution was to make it work behind a so called CGNAT router, which is typically the case (at least in Europe) for small 4G routers. They 're OK for browsing but if you want to reach them directly from the internet it just doesn't work because they are using private adresses (typically 10.x.y.z), that are not reachable from the internet.

    So as a first layer I used LogMeIn: all members of the same group will get new virtual ethernet interfaces, all clients will initiate a connection to a centralized cloud server; by doing this we solve the CGNAT issue.

    Softether is yet another VPN solution, what it brings to Flex users is the fact that it provides bridging on the target LAN, where the Flex is sitting. So you'll be able to see the Flex as "local", not even having to use SmartLink to reach it.

    In terms of simplicity SoftEther is configured graphically (no cryptic CLI commands), which does surely make it easier to configure.

    Hope this clarifies the logics, if I'll have some time I'll create a step-by-step guide

    Best 73

    Marco HB9CAT / W2UN / F4WDR
  • flyham
    flyham Member ✭✭

    Marco,

    thank you very much for all the info. Do you know if softether and logmein are compatible with iOS devices for Remote operating such as iPhone?

    if you do get zerotier working I would like to hear your experience and see which service you prefer? I’m looking into both options currently. Again thank you for the help.

    mitch

    ke0uas

  • HB9CAT
    HB9CAT Member ✭✭
    Hello Mitch,

    I found out that zerotier is not performing the bridging function on the Windows version, so I can't use it right now; I'll test it with a Raspberry later on.
    iOS:
    - iOS: in fact I do have SmartSDR on my Ipad, both Softether and LogMeIn are supposed to work on it, I'll try it out.

    Marco HB9CAT
  • HB9CAT
    HB9CAT Member ✭✭
    SmarSDR works well with Softether on Ipad, but it's not giving you anything more than SmartLink.
    LogMeIn works as well, but they can't work together, iOS only supports 1 VPN at the time.
    So no solution solved the CGNAT issue.
  • flyham
    flyham Member ✭✭

    Oh wow this is good to know before I’ve gotten too far into it. I primarily want to use the iPad for my remote operation. Someone said that with 5G internet service you get an actual public IP address. Don’t know if this is true in every situation. May be a possibility?

    Thanks for the updates,

    mitch

    ke0uas

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.