SmartSDR v3.8.20 and the SmartSDR v3.8.20 Release Notes
SmartSDR v2.12.1 and the SmartSDR v2.12.1 Release Notes
Power Genius XL Utility v3.8.9 and the Power Genius XL Release Notes v3.8.9
Tuner Genius XL Utility v1.2.11 and the Tuner Genius XL Release Notes v1.2.11
Antenna Genius Utility v4.1.8
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.
SmartLink crashing at connection?
Is anyone else having an issue with SmartLink crashing when they try to connect? That is happening to me on my PC and Maestro. At first everything is normal, then I click to connect to the radio and poof, crash, restart SmartSDR and now it shows no radio online. I can power cycle the radio and it shows up again, try to connect and poof.
Best Answers
-
Sorry, I missed the Private IP part. You make a good point. I have no objection to that. Some might argue that it could be confusing to folks, but I think we could message failed attempts to use an IP outside the private space appropriately. I can't make any promises, but I'll carry this back to the team as a suggestion (tracked as SMART-9790). Thanks for the idea.
1 -
Hmm. That is odd. I'll look into that.
Edit: It looks like the original post was marked as an accepted answer and thus moved to the top of the thread. I wasn't aware of this behavior. I learn something new everyday.
1
Answers
-
What version of the software are you on? Are you trying to connect locally or remotely?
0 -
I am on 3.5.9 across all devices. The problem is only when I attempt to connect remotely. Local works like a champ.
0 -
Ah, ok. Mike, VA3MW acknowledged that SmartLink is still experiencing issues and that Flex is actively working on it. Here is the post (go to the bottom for Mike's most recent post):
0 -
Yeah, I saw that post but I was not sure if these crashes are one of the 'lingering issues' or not. It's beyond frustrating. If Flex does not offer some sort of direct connection/site-to-site through a VPN (without having to build some exotic L2 bridged VPN) then I won't buy another Flex. They went out of their way to make remote users connect via SmartLink, instead of giving us the option to connect across a regular VPN, and now here we are. End rant.
73
0 -
All the SmartLink server does is provide the WAN IP address and the 2 ports your radio is using. Radio traffic does not travel through SmartLink servers. It is just a simple 'look up' service. The user client is a direct IP connection to the radio and this is what is called a peer to peer connection. You also have the choice of opting out of SmartLink and using VPN, for example Softether which I use. It works more reliably but the audio is not compressed as it is with SmartLink so more bandwidth is required. The perfect solution is a robust SmartLink service and Flex are working towards that so let's see how it pans out.
My one main gripe is that non-SmartLink users should have their radios isolated from server issues and not suffer the related audio abberations but hopefully this also something to come.
2 -
If SmartLink is just making the connection for the radio, why can't the user just input the WAN IP addresses in the software? Why does SmartLink have to do it?
Or, why can't it connect using the LAN IP when using an always-on site-to-site VPN?
73
1 -
KI5RLR
It's about security.
Think of your router's firewall as your home's front door.
The analogy to your question is always to keep the front door open for anyone. SmartLink can always get in, but so can the "bad guys."
So, how does your router know when to open the door for SmartLink? We tell the router to only let in packets from ports 4993 and 4994 and send them to your Flex Radio. But, anyone who says their name is 4993 or 4994 can also enter....... and get into your Flex Radio. Not good enough.
So, SmartLink first "Registers" your Flex Radio by your radio, which is inside the firewall, sending its data to a server outside the firewall. The Server then instructs your Flex Radio and SmartSDR only to accept encrypted data from the open 4993 and 4994 ports. This keeps the front door secure.
Alan. WA9WUD
0 -
How is that safer than the radio and SmartLink device connecting with each other through an encrypted VPN tunnel, each with their own router firewalls.
I can connect to any IP client on either of these LANs from both locations, through the secure VPN. For instance, the Flex 6600 is at site A on 192.168.2.10 and my SmartLink device at site B is on 172.16.2.25. They have a direct connection. I can ping 192.168.2.10 from 172.16.2.25 all day long, but SmartLink has been configured to not allow that type of connection, that's crazy. On the same LAN as the radio I use a security camera made by Axis, one of the premier security camera manufactures in the world, they don't block me from typing in the IP address to the camera, through the VPN, for 'security' reasons.
I suspect Flex was afraid they would be blamed for poor performance by some users who were using a poorly performing VPN, so they decided to turn that ability off... at lease without the L2 Bridge VPN method that is a pain to setup and is rarely used due to safety concerns. I also doubt the SmartLink 'door keeper' service is safer than a VPN tunnel.
73
0 -
KI5LR
I responded to your question: "why can't it connect using the LAN IP when using an always-on site-to-site VPN?"
Obviously, instead, you want to rant on Flex. Go for it.
Alan. WA9WUD
-1 -
SmartLink vs. VPN: A Comparative Analysis
As is common in any industry, you often have a dialogue with all the stakeholders of your product. This is not limited to just the customers, but those involved in Development, Pre-Sales and Post-Sales teams and the short and long term goals of the product. A lot of the design is also related to the economics of the product.
In the realm of remote radio operation, two prominent methods have emerged for connecting to your FlexRadio: SmartLink and Virtual Private Networks (VPNs).
Both approaches have their merits, but this report aims to shed light on why SmartLink is the superior choice, particularly for users who may lack advanced networking skills.
1. **Ease of Use and Cost:**
- **SmartLink:** SmartLink was purpose-built with user-friendliness in mind. Its intuitive interface and straightforward setup process ensure that users, regardless of their networking proficiency, can easily connect to their FlexRadio device from anywhere. SmartLink is available at no extra cost to all FlexRadio customers who use SmartSDR V2 and above.
- **VPN:** VPNs, on the other hand, often require users to navigate through complex configurations, including router settings, port forwarding, and security protocols. This can be daunting for individuals without extensive networking knowledge. Users also have to deal with SplitTunnelling and decide if all other traffic should travel through the VPN or not. This does require networking and VPN expertise. VPN can introduce an additional cost should additional hardware be required or additional software licenses. This can also include DNS licensing or increased costs due to static IP addresses.
2. **Security:**
- **SmartLink:** FlexRadio has invested significantly in ensuring SmartLink's security. It employs Transport Layer Security (TLS) encryption, authentication mechanisms, and firewall traversal techniques to create a secure connection, safeguarding users' radios from unauthorized access.
- **VPN:** While VPNs offer a secure tunnel for data transmission, configuring them incorrectly can expose vulnerabilities. Users must correctly set up VPNs, manage certificates, and stay vigilant against potential security breaches.
3. **Reduced Support Calls:**
- **SmartLink:** The simplicity of SmartLink minimizes the need for customer support calls. Users can typically establish a remote connection without assistance, reducing the burden on support teams.
- **VPN:** VPN-related issues often lead to support calls due to their complexity. This not only increases support costs but also frustrates users who encounter difficulties during setup. Increases in support costs are directly related to the final purchase price of the radio.
4. **Reliability:**
- **SmartLink:** SmartLink has a very good uptime over the years, but, yes, users have been impacted more than we like. It is still over a 99% uptime. FlexRadio is working to address this issue.
- **VPN:** VPN connections can be affected by various factors, including network congestion, server availability, and user error. This unpredictability can result in unreliable remote access.
5. **Scalability:**
- **SmartLink:** SmartLink is a scalable solution that accommodates users with varying levels of expertise. It offers a consistent and straightforward experience for both novice and advanced users.
- **VPN:** Scaling a VPN solution to support a growing number of users can become complex and may require additional hardware and expertise, making it less accessible for those with limited networking skills.
6. **Bandwidth**
- **SmartLink** Smartlink audio streams are compressed slightly to reduce bandwidth and improve data transmission performance. As the audio is sent via UDP streams, this results in less data loss and less audio corruption. Users will be hard press to hear any audio differences between a local LAN connection and a SmartLink connection.
- **VPN** Since SmartSDR will see the radio on the local subnet due to the network broadcasts by the radio, SmartSDR will see this as a Local LAN connection. This will result in a much larger bandwidth. It may be possible that the user could impact or exceed their upstream bandwidth and this will result in audio data corruption.
In conclusion, while VPNs can serve as a viable option for remote radio operation, SmartLink outshines them in terms of ease of use, security, reduced support overhead, and scalability.
Users are more than welcome any tool they choose to connect to their radios. FlexRadio Engineering is aware of the request to allow direct IP connections via an SSH/TLS process, however, at this time, it is not something that will be approached in the near future.
We are aware that SmartSDR for iOS and SmartSDR for MAC do allow for a direct non-secure connection to your radio. While this is acceptable for a Local Lan connection, it is not something that should ever be implemented on the Internet side (WAN) of your Router as it leaves your radio open to the Internet on port 4992. This is a high risk configuration.
FlexRadio's commitment to providing an accessible and dependable remote operation solution has made SmartLink the preferred choice for users who want a hassle-free and secure way to connect to their FlexRadio devices.
0 -
I appreciate the response, but I would have to say the 'Reduced Support Calls' and 'Reliability' turned out to be incorrect assumptions. I also find it ironic that the SmartLink server meltdown was triggered by poor 'certificate management'... the kind of rookie mistake a lowly end user would make.
Bandwidth
Since SmartSDR will see the radio on the local subnet due to the network broadcasts by the radio, SmartSDR will see this as a Local LAN connection. This will result in a much larger bandwidth. It may be possible that the user could impact or exceed their upstream bandwidth and this will result in audio data corruption.
In the L2 Bridged VPN type connection, this is true. This is not the case with more common VPNs, which is the main reason L2 bridged VPNs are frowned upon in the IT sector.
In conclusion, while SmartLink can serve as a viable option for many remote radio operation most of the time, VPNs outshine them in terms of reliability, reduced outages, and freedom to operate your radio how you prefer.
After the weeklong outage I did get back up and running... only to now be back offline for several days due to 'lingering issues'. I certainly won't buy another Flex until some sort of direct connection over a normal VPN site-to-site is allowed. Why will Flex not allow both regular VPN connections AND SmartLink, is that such a crazy idea??
73
KI5RLR
1 -
You absolutely did not answer my question. If you believe your reply is factually correct, you should read what Mike posted immediately after you.
0 -
You should be able to connect using LAN IP on a site to site VPN as long as it accommodates Layer 2 communications and is on the same subnet. Or, you could spoof the broadcast messages and do your own thing. I am actually surprised no one has done that yet.
But, yes, it is unusual to have a site to site VPN on the same subnet as most configure them as unique subnets. Why? Well, when it was designed it was for the typical customer who has a basic LAN network at home and this was back in 2011 or so.
The door is closed on the discussion regarding this. All I can say is that if you urgently require a plan B that isn't SmartLink, it will have to be something you do with the tools you have available today. There are other things higher up the priority list. I'm sharing that just so the timeline is understood, that is all.
-1 -
Even though I disagree with Flex's stance not to budge on, or even make a priority to fix, a flawed system that is integral to the remote operation by the end users, I do appreciate you being straightforward about what you are not going to do.
Speaking of timelines, when do you expect SmartLink to be back up?
0 -
We do try to give answers that allow you to make an informed decision.
We should have more updates on SL on Friday.
73
0 -
Thanks Mike. Mine just keeps crashing SL and then the radio is gone until I power cycle it. I opened a ticket, the tech had me do the full reset procedure and try connecting without loading any profiles back. Still doing the same thing.
It's just a shame that I am spending my evenings learning how build some hack-ish VPN so I can use my $4500 radio, instead of using my radio. All this while the manufacturer is telling me it's just unfortunate, hold tight, and that they don't plan to add a separate option for remote access in the future... because they have higher priorities.
I know it's not you making these decisions. You have always been very helpful and I have learned a lot sifting through your threads and tutorials.
73
0 -
-
Seriously? A 20 year old article about a vulnerability of leaving the device root account facing the open web? That is not what we are talking about here.
0 -
Isn't it though? What is the likely result of making it easier to connect directly to an IP address outside of your local network? Many less network savvy hams would end up forwarding ports to their radio and exposing an unauthenticated interface to the web, just like those cameras. This would enable our customers to easily have their radios become vulnerable to anyone on the web with enough knowledge to find these radios and exploit them.
At FlexRadio, we don't compromise on security for the sake of convenience. As annoying as that appears when faced with a seemingly benign request like this, it simply isn't in the best interest of our customers to encourage that kind of vulnerability.
Those with the networking knowledge to avoid such vulnerabilities can already access their radios without SmartLink via a number of methods documented here on the community.
1 -
You are being disingenuous at best. This conversation/thread was not about opening up a direct connection to an outside WAN IP address. We are talking about the ability to connect to a LAN IP subnet using a VPN tunnel. No need to forward ports or turn on UPnP.
... "we don't compromise on security for the sake of convenience" ... while simultaneously telling customers that UPnP is safe, is clearly compromising security for the sake of convenience.
1 -
Can you explain how we would enable what you are asking for ("the ability to connect to a LAN IP subnet using a VPN tunnel") without enabling what you are saying this thread is not about ("opening up a direct connection to an outside WAN IP address")?
0 -
Site is A has a subnet of 192.168.2.x Site B has a subnet of 172.16.2.x. I have VPN connected between the two site. With a PC on 172.16.2.20 (in my case) and a 6600 on 192.168.2.20 why can I not connect SSDR on my PC at 192.168.2.20 to the radio at 172.16.2.20? I can ping the radio from the PC. How does that require opening up WAN IP address direct connection like you are going on about? This is a direct SUBNET IP to IP connection across an encrypted VPN tunnel. It is certainly safer than having UPnP blast holes in people's firewalls.
Mike has already explained that Flex installed a roadblock to keep people from connecting across modern VPNs. Are you trying to deny it? Are you the one who caused the SL server meltdown by forgetting to update the certs? Because for a software engineer you are really showing your ignorance.
-1 -
Without the context for Mike's comment, it is hard to say what the roadblock is he was discussing.
There are basically 2 things that could get in the way of connection:
- Enforce Private IP Connections. This is described in the manual and is defaulted on to prevent accidentally exposing your radio to the internet. This shouldn't matter in your case though.
- Visibility to discovery packet broadcasts. This what tells the SmartSDR radio chooser about available radios.
There's nothing that prevents a client from connecting to a radio other than regular TCP/IP rules and the 2 things mentioned above. This is how RHR allows customer's to connect their Maestro devices to their radios.
You can try it with telnet.
As mentioned in prior posts, we have intentionally set things up to do our best to prevent folks from putting their radio on the open internet. This is why we do discovery broadcast the way that we do. This is why we have Enforce Private IP Connections. It's the reason we don't have a direct IP connection option in SmartSDR.
You're welcome to disagree with the rationale, but it isn't for lack of design or forethought. IMHO, if you're going to make a case for doing it differently, I would suggest doing so with a bit more tact. Insulting those that could help you is a losing proposition.
2 -
KI5RLR,
I have exactly the same problem which I just solved (my radio site is remote). The problem for me was I was using an older router that does not do UPNP properly. The solution on the old router was to set static IP on my 6600 with static lease and port forwarding in the router for 4993 and 4994. Then set the ports to Manual on the 6600. You MUST get a green light when you do the SL test. If any of these things are not done you crash when connecting via SL, and the radio reboots. A factory reset will not help you.
I have now upgraded to use a new router, set the 6600 to dynamic IP, static lease, no port forwarding needed. I get a green SL test and all is good.
GL de Graham VK3GA
0 -
I don't use UPnP, it's not a safe. My SL works fine when the Flex servers are working.
0 -
Eric - Why does SSDR not allow connection to a Flex radio unless they are both on the same exact subnet? For instance, what is the danger (in your opinion) of a PC being on 192.168.1.x and the radio being on 192.168.2.x? Those are all private IP ranges.
Private Address Ranges
- Class A: 10.0. 0.0 to 10.255. 255.255.
- Class B: 172.16. 0.0 to 172.31. 255.255.
- Class C: 192.168. 0.0 to 192.168. 255.255.
0 -
SmartSDR absolutely DOES allow connection to a radio across private IP subnets as mentioned above (try it with telnet). What doesn't happen in that scenario is the discovery broadcast doesn't make the trip across the subnet.
0 -
Eric - Are you saying I can connect and operate my Flex (using SSDR) with the radio on 192.168.1.x and the PC on 192.168.2.x? Because that is NOT what Mike is saying will work, nor is it my experience. Please explain exactly how this works using Telnet to connect SSDR and a Flex radio across private IP subnets, without using SL. I look forward to your reply.
0 -
I think what I said might have been misinterpreted.
Yes, you can community across subnets. However, SmartSDR will not be able to hear the radio broadcasts from the radio. SmartSDR will only connect to radios it hears broadcasting or radios on SmartLink and broadcasts are limited to the same subnet as they are non-routable.
To test this, Telnet to the radio IP address on port 4992 across your VPN. You will see the radio connects.
Anna explains how it works here
My apologies for the confusion.
0 -
Below is what you said, I marked in bold the key takeaways.
Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin
You should be able to connect using LAN IP on a site to site VPN as long as it accommodates Layer 2 communications and is on the same subnet. Or, you could spoof the broadcast messages and do your own thing. I am actually surprised no one has done that yet.
But, yes, it is unusual to have a site to site VPN on the same subnet as most configure them as unique subnets. Why? Well, when it was designed it was for the typical customer who has a basic LAN network at home and this was back in 2011 or so.
The door is closed on the discussion regarding this. All I can say is that if you urgently require a plan B that isn't SmartLink, it will have to be something you do with the tools you have available today. There are other things higher up the priority list. I'm sharing that just so the timeline is understood, that is all.
0
Leave a Comment
Categories
- All Categories
- 260 Community Topics
- 2.1K New Ideas
- 538 The Flea Market
- 7.6K Software
- 6K SmartSDR for Windows
- 139 SmartSDR for Maestro and M models
- 368 SmartSDR for Mac
- 242 SmartSDR for iOS
- 226 SmartSDR CAT
- 175 DAX
- 345 SmartSDR API
- 8.8K Radios and Accessories
- 6.9K FLEX-6000 Signature Series
- 44 FLEX-8000 Signature Series
- 859 Maestro
- 45 FlexControl
- 849 FLEX Series (Legacy) Radios
- 807 Genius Products
- 424 Power Genius XL Amplifier
- 280 Tuner Genius XL
- 87 Antenna Genius
- 227 Shack Infrastructure
- 153 Networking
- 409 Remote Operation (SmartLink)
- 130 Contesting
- 640 Peripherals & Station Integration
- 116 Amateur Radio Interests
- 878 Third-Party Software