SmartSDR v4.2.20 | SmartSDR v4.2.20 Release Notes
SmartSDR v3.10.15 | SmartSDR v3.10.15 Release Notes
The latest 4O3A Genius Product Software:
The latest 4O3A Genius Product Software and Firmware
If you are needing assistance with FlexRadio products, please refer to the product documentation or check the Help Center for known solutions. Need technical support from FlexRadio? It's as simple as creating a HelpDesk ticket.
Remote Flex Radio Operation Over 5G CGNAT Using 44net Connect and WireGuard Mesh
By Steve Bunting, M0BPQ
Background
I run three remote amateur radio stations at different UK locations. At one site — a scout campsite — the only available internet is 5G mobile broadband, which uses Carrier Grade NAT (CGNAT). CGNAT means my router gets a private IP address shared among many customers, so nothing on the internet can initiate a connection to my remote site.
My radio is a FlexRadio Flex 6300, controlled over the network using SmartSDR. FlexRadio's SmartLink service is supposed to allow remote operation from anywhere, but as I discovered, it does not work reliably behind CGNAT.
The Problem
SmartSDR discovers radios using UDP broadcast packets, which do not cross router boundaries. SmartLink solves this by registering the radio with FlexRadio's relay servers — but when behind CGNAT, SmartLink advertises the unreachable CGNAT IP address rather than a publicly routable one. I confirmed this by hovering over the radio in SmartSDR and seeing a 92.x.x.x CGNAT address rather than a public IP.
I use 44net Connect (https://connect.44net.cloud) — a free service for licensed amateurs that provides a static publicly routable 44.x.x.x IP address via WireGuard VPN, even behind CGNAT. This solved general internet access but SmartLink still failed, as it continued to pick up the underlying CGNAT address.
The Solution
Two components working together:
1. WireGuard Site-to-Site Mesh Tunnel
I created a direct WireGuard tunnel between my home router (on a non-CGNAT **** Media connection with a 44net address) and the remote CGNAT site router. The critical point: the CGNAT site initiates the outbound connection to home. CGNAT allows outbound connections and their return traffic — it only blocks unsolicited inbound connections. This gives full IP connectivity between sites, bypassing CGNAT entirely.
2. SmartUnlink
Even with full IP connectivity, SmartSDR still could not auto-discover the radio as broadcasts don't cross routers. SmartUnlink (https://github.com/brianbruff/SmartUnlink) is a free utility that runs on the client PC and acts as a broadcast proxy — point it at the radio's IP address and it appears in the SmartSDR chooser as if local.
Equipment
- MikroTik RB750GR3 (hEX) at the CGNAT site — the hAP lite struggles with two simultaneous WireGuard tunnels and may crash
- MikroTik hAP lite or better at home
- 44net Connect account — free for licensed amateurs at https://connect.44net.cloud
- SmartUnlink — free at https://github.com/brianbruff/SmartUnlink/releases
Setup Guide
Prerequisites
- 44net Connect tunnels working on both routers (RouterOS 7.23.1 recommended)
- Know both routers' 44net IP addresses and LAN subnets
Step 1: Create mesh interface on remote router
/interface wireguard add name=wgMesh listen-port=51821 comment="Mesh tunnel to Home" /interface wireguard print
Note the public-key value.
Step 2: Create mesh interface on home router
/interface wireguard add name=wgMesh listen-port=51821 comment="Mesh tunnel to Remote" /interface wireguard print
Note the public-key value.
Step 3: Configure home router
/ip address add address=10.200.0.1/24 interface=wgMesh /ip firewall filter add action=accept chain=input protocol=udp dst-port=51821 place-before=0 /ip route add dst-address=<REMOTE-LAN-SUBNET> gateway=wgMesh /interface wireguard peers add interface=wgMesh public-key="<REMOTE-PUBLIC-KEY>" allowed-address=10.200.0.2/32,<REMOTE-LAN-SUBNET> persistent-keepalive=25s
Step 4: Configure remote router
/ip address add address=10.200.0.2/24 interface=wgMesh /ip firewall filter add action=accept chain=input protocol=udp dst-port=51821 place-before=0 /ip route add dst-address=<HOME-LAN-SUBNET> gateway=wgMesh /interface wireguard peers add interface=wgMesh public-key="<HOME-PUBLIC-KEY>" endpoint-address=<HOME-44NET-IP> endpoint-port=51821 allowed-address=10.200.0.1/32,<HOME-LAN-SUBNET> persistent-keepalive=25s /ip firewall nat add chain=srcnat out-interface=wgMesh action=masquerade
Step 5: Add route on client PC (Administrator command prompt)
route -p add <REMOTE-LAN-SUBNET> mask <MASK> <HOME-ROUTER-LAN-IP>
Step 6: Install SmartUnlink, enter the radio's IP, then launch SmartSDR
Critical MTU Settings
Without correct MTU settings the waterfall will be blank:
| Connection type | WireGuard MTU | SmartSDR Radio MTU |
|----------------|---------------|-------------------|
| Non-CGNAT (wired) | 1380 | 1340 |
| CGNAT (5G/4G) | 1280 | 1240 |
Set SmartSDR radio MTU in Settings → Radio Setup → Network → Advanced → MTU.
Limitations
- Requires a non-CGNAT connection at one end — both ends behind CGNAT would need a different approach (ZeroTier)
- Home router is always in the traffic path — adds latency and requires reliable home internet
- SmartUnlink must be running before each SmartSDR session
- Static route must be added on each client PC
- hAP lite is marginal for two WireGuard tunnels — hEX recommended
Results
Latency of ~80ms, full waterfall, good audio, stable connection. A significant improvement after weeks of troubleshooting SmartLink over CGNAT.
Many thanks to the 44net reflector community, particularly Brian W1BKW for the MTU tip, G4IRN John Warburton for his ZeroTier write-up, and Brian Bruff for SmartUnlink.
A full detailed version of this article including a complete explanation of CGNAT, SmartLink, 44net Connect, and extended troubleshooting notes is available at www.m0bpq.com.
73 de M0BPQ
Comments
-
0
-
Thank you for this. I had suggested using 44 net as a work around this problem (CGNAT) because many of us here in Central Texas are already using 44 Net and Wire guard with our Allstar nodes. The best way to fix this whole problem would be for ISP to switch to IV version 6.
Thank you.
0 -
Flex does not support IPV6 … it would be nice however!
0
Leave a Comment
Categories
- All Categories
- 401 Community Topics
- 2.2K New Ideas
- 681 The Flea Market
- 8.6K Software
- 194 SmartSDR+
- 6.6K SmartSDR for Windows
- 197 SmartSDR for Maestro and M models
- 456 SmartSDR for Mac
- 278 SmartSDR for iOS
- 268 SmartSDR CAT
- 218 DAX
- 393 SmartSDR API
- 9.6K Radios and Accessories
- 98 Aurora
- 338 FLEX-8000 Signature Series
- 7.2K FLEX-6000 Signature Series
- 991 Maestro
- 58 FlexControl
- 872 FLEX Series (Legacy) Radios
- 964 Genius Products
- 479 Power Genius XL Amplifier
- 353 Tuner Genius XL
- 132 Antenna Genius
- 319 Shack Infrastructure
- 224 Networking
- 482 Remote Operation (SmartLink)
- 144 Contesting
- 845 Peripherals & Station Integration
- 147 Amateur Radio Interests
- 1.1K Third-Party Software
