Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Any Edgerouter X users with VPN?

Doug Hall
Doug Hall Member ✭✭
edited April 2019 in SmartSDR for Windows
I recently replaced my old router with a Ubiquiti Edgerouter X. The Edgerouter is fantastic, highly recommended, by the way. Since it has VPN capabilities I decided to see if I could also eliminate my existing VPN solution, a Raspberry Pi running Softether, and just use the Edgerouter X. (Hang in there, there is a Flex tie-in here...)

Well, the VPN on the Edgerouter (L2TP/IPSEC) works fine for most things, but it won't work with SmartSDR because broadcast packets are not relayed across the VPN tunnel, and SmartSDR uses broadcast discovery to find any radios on the LAN. I'm not sure why Softether works and the Edgerouter doesn't, but I assume it has to do with the hardware - the Edgerouter has a WAN and LAN port and broadcast packets aren't relayed across, whereas the RasPi VPN works over a single ethernet port. I freely admit that I am far from being a VPN expert, so the problem may lie there. From my reading I have determined that a number of VPN solutions do not relay broadcast traffic, while some do. There are even some old messages here in the Community discussing this, but nothing about the Edgerouter.

Does anyone have an Edgerouter product working with SmartSDR over VPN? For now I have reverted to the Softether solution, but it would be nice to eliminate another box to maintain.

Yes, I have scoured the knowledge base at Ubiquiti, maker of the Edgerouter, and so far have come up empty. I've asked on their forum but nothing yet...

73,
Doug K4DSP

Answers

  • Mike-VA3MW
    Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin
    edited April 2019
    Hi Doug

    I think you will find that the Edgerouter does not set up its vpn client on the same subnet as the Radio.  This is something that SoftEther does.  

    Most VPN's have their VPN client on a different subnet.  

    Mike

  • Doug Hall
    Doug Hall Member ✭✭
    edited March 2018
    Mike,

    At least in my setup the radio and my VPN client are on the same subnet.

    Perhaps I am showing my ignorance here, but isn't that the whole purpose of a VPN? All the IP traffic thinks it's on the same subnet.

    73,
    Doug K4DSP

  • Mike-VA3MW
    Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin
    edited March 2018
    I'm not the best at this, and I hack away until it works.  Ham radio style :).    

    Maybe the vpn is not relaying layer 2 packets across the vpn.  Just a thought.  That is where I would look next.  Look for something that says Layer 3 or L3 limitations.

    Mike

  • Jim Gilliam
    Jim Gilliam Member ✭✭
    edited March 2018

    The Asus line supports TAP on OpenVPN that puts the client on the same subnet as the Flex radio. I have Asus routers (RT-AC88U) at both the server and client site. I get better throughput than on Smartlink.


    Jim, K6QE

  • Doug Hall
    Doug Hall Member ✭✭
    edited March 2018
    Thanks, Jim. OpenVPN is an option on the Edgerouter. That's something to investigate.

    I, too, find that I get a better remote experience if I use VPN. Lower latency, and the added benefit of being able to operate my antenna switch, rotator, and amplifier, all of which are LAN-connected.

    73,
    Doug K4DSP

  • Mark G Thomas
    Mark G Thomas Member ✭✭
    edited March 2018
    The IOS (iPhone/iPad) client works great over non-broadcast-forwarding (separate subnet) VPN and LAN configurations. But, Maestro and SmartSDR deliberately do not support connecting to a radio in another subnet (by specified IP address), unless you provide a mechanism to forward or fake the radio broadcast discovery packets to trick SmartSDR into figuring out the base radio IP address. I do this with a pair of raspberry PIs, but it makes for an extremely clunky remote portable end, which is counterproductive being as one of the main obvious benefits of SmartSDR and Maestro is portability! SmartLink is an alternative, but for those of us who are already using VPNs or multi-subnet LANs in our environment, SmartLink is not always desirable or even a functional alternative.

    Myself and others here bring this up from time to time because we feel this is an unnecessary and downright frustrating limitation to an otherwise spectacular product. It is a thorn in my side. See further discussion here:  https://community.flexradio.com/flexradio/topics/radios-in-other-subnets-why-cant-smartsdr-for-windows-maestro-be-used-without-auto-discovery

    -Mark Thomas KC3DRE


  • Doug Hall
    Doug Hall Member ✭✭
    edited March 2018
    Thanks for the input, Mark. I share your frustration over not being able to connect to the radio by IP. Flex cites security reasons. I'm not a network security expert, so I don't feel qualified to challenge their reasons, but I would like the opportunity to take responsibility for the security side of things as I do with my other equipment. The IP address could be specified on the command line (along with a passphrase perhaps) and this would make SmartSDR work with more VPN implementations.

    In the Edgerouter I make the DHCP server assign a fixed IP address to the Flex based on its MAC address. So I know the IP address, but the Edgerouter VPN doesn't pass the broadcast discovery traffic, and the radio never shows up as available.

    SmartLink is OK for what it is, but to fully remote my station I need to be able to switch between 4 antennas, rotate my beam, and turn the amplifier on and off at a minimum. Sometimes I remote into my hamshack PC for stuff like RTTY. All this is stuff I can do easily on my LAN, and by extension, over a VPN tunnel. So for me VPN is a given, and if I'm going to do that I really don't need SmartLink.

    Softether works well, and that's what I'll continue to use unless I can figure out how to make the Edgerouter VPN work. I was just trying to simplify things.
    73,
    Doug K4DSP

  • Mark G Thomas
    Mark G Thomas Member ✭✭
    edited March 2018
    Operating a VPN server and client for remote access to radios and other devices at the shack is a different setup than using third party VPN providers to access Internet content anonymously, although both share the same underlying technical mechanism.

    Ordinarily, it is a beneficial feature of VPN software not to pass broadcast traffic, but in the case of flex radio base discovery, it is necessary for SmartSDR and Maestro use, since they do not have the option of designating the base radio IP address to connect to. The IOS iPhone/iPad software does have this useful option, which is in fact necessary for most IOS built-in VPN options.

    -Mark Thomas KC3DRE

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.