Has anybody tried Remote via VPN?

  • 2
  • Question
  • Updated 1 year ago
  • Answered
  • (Edited)
Hi,

as in picture:



I do not remember ever having read anything on the forum about it.
But I could be wrong....

73 Beppe
ik3vig
Photo of Beppe IK3VIG

Beppe IK3VIG

  • 56 Posts
  • 15 Reply Likes

Posted 4 years ago

  • 2
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
Yes - but you must have a VPN which operates in BRIDGED mode otherwise the UDP packet broadcast by the radio won't be seen by SmartSDR and you won't be able to connect to the radio.

With a bridged VPN, it works fine assuming you have adequate bandwidth.

Stu K6TU
Photo of Fred GLENN

Fred GLENN

  • 52 Posts
  • 6 Reply Likes
My son and I were able to convert the UDP multicast packets to unicast using a virtual linux machine running on the host computer. Those packets can be sent over the Internet. Doing the opposite at the client end to convert back to UDP, we were able to connect reliably without using VPN. 

3 yellow bars and a 70mS ping working well, even on CW between Chicago and Charlotte.

We're going to try and install a simple Linux plug on each end (~$14) to do this without a computer running other than the host. 

I wonder if anyone else has used this approach?

Fred, K9SO
(Edited)
Photo of Beppe IK3VIG

Beppe IK3VIG

  • 56 Posts
  • 15 Reply Likes
Hi Stu.

the big problem is DAX !
It requires up to 250 KB when ON (for remote listen)

Normallly with two slices open the BW is close to 100 KB at any SPAN, using a confortable 15 FPS.

73 Beppe
ik3vig
Photo of Beppe IK3VIG

Beppe IK3VIG

  • 56 Posts
  • 15 Reply Likes
This a picture of BW monitor:

With DAX ON the BW pump UP to 250kB, without DAX the BW is +- 50kB
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 8607 Posts
  • 3230 Reply Likes
Beppe - DAX is NOT intended to be used for remote access but for operating digital modes. It is intended to be used on a local LAN where 250k of bandwidth is not an issue or should be a concern. Optimized audio data streams are slated for a future version of SmartSDR.
Photo of George Molnar, KF2T

George Molnar, KF2T, Elmer

  • 1504 Posts
  • 532 Reply Likes
But, Tim, we're "experimenters!" It is a fun exercise. Or at least I hope so - after crashing the rig running DAX via Skype from 450 miles away. Fingers crossed I didn't wind up doing something stupid...
Photo of George Molnar, KF2T

George Molnar, KF2T, Elmer

  • 1504 Posts
  • 532 Reply Likes
Follow up - the problem turned out to be power supply related, not a SSDR or DAX problem. I had been doing some cable changes before heading out and wasn't connected well enough! That'll learn me good ;-)
Photo of Steve - N5AC

Steve - N5AC, VP Engineering

  • 1003 Posts
  • 965 Reply Likes
DAX is not bandwidth optimized -- we are using VITA-49 in processing efficient mode and frankly sending stereo audio when mono will do. The DAX client is designed to be run locally with the radio and not for remote audio. We will be working on a remote audio solution later and we will be doing things in a much more bandwidth-efficient mode. We will likely cut the bandwidth in half on a DAX channel soon. I'm not sure that we will go to VITA-49 link efficient mode which will cut another 25% off the bandwidth because it increases CPU and DAX is really a LAN solution. We could also reduce the dynamic range from 24-bits to 16 or so and again cut the bandwidth by 33%. So it wouldn't be much work to go from 64 bits per sample to 16 for an overall bandwidth reduction of 75%. This would take a DAX channel from 1.536Mbps to 0.384Mbps. We're looking for user feedback on whether this is important or not.

Also, I want to point out there are a couple of WAN timing issues that must be dealt with also (for full remote operation). There is jitter and latency. Today DAX requires fairly consistent packet rates that you will get on a LAN. That is the packets are evenly spaced. If the traffic becomes bursty, this results in jitter when you receive packets. The standard mechanism for combatting this is to buffer. This is one of the reasons why YouTube buffers for a while before showing you the video you want to see: it gets enough material locally so that when t starts playing it can grab a frame at the rate that it wants while the network side is stuffing in packets at an odd pace... first 10 then none then 5 then 15, etc.

By inserting a buffer, though, you add a lot of latency. For listening, this is fine. If you are just listening you really don't care that the program material is delayed by 100ms or a full second or more. But if you are trying to respond to the other end (transmit) then you want as low latency as you can get. Optimizing the network traffic, latency and jitter is the bulk of the work that must be done for full remote operation.

So we know that folks will play with VPNs in the mean time and we are interested in the results you achieve. But we know that in most cases these kinds of issues will prevent most operation from succeeding for the time being. The FLEX-6000 is designed with remote in mind and SmartSDR is optimized for remote operation. I know you guys are about to die waiting on it and so are we!
Photo of Asher - K0AU

Asher - K0AU

  • 167 Posts
  • 19 Reply Likes
Awesome choice!  Thanks.
Photo of Bob Fuller

Bob Fuller

  • 3 Posts
  • 1 Reply Like
Hi Steve,

I should have been clearer in my advocacy for the ILBC coded. I am hoping for the inclusion of several codecs, selectable by the user on the fly.

I have found that environment is a big factor in my choice of codec. One for an LTE link, a different one for DSL and still another for 2G.

Often low latency is the dominate factor in choosing a codec but I will trade low latency and a bit of voice quality to be able to use my remote station via a 2G data link versus sitting around the camp site doing nothing but reading QST for the third time.

Thanks, Bob, W7KWS
Photo of Steve - N5AC

Steve - N5AC, VP Engineering

  • 1003 Posts
  • 965 Reply Likes
Any time we spend integrating and testing with multiple codecs is time we could spend on other things if the codec we have is already good enough.  So, I'm naturally resistant to doing this, but I'm open minded.  Do you have any material (scholarly articles, etc) that would help make a case for doing this?

We will be doing testing with varying latency, dropout, packet shuffling configurations in the lab using a network mangler and then later over real links that have substandard performance so we will definitely be testing in the types of environments you are concerned about.
Photo of Bob Fuller

Bob Fuller

  • 3 Posts
  • 1 Reply Like

Steve,

I retired from engineering in 1998 so my academic experience is way behind the curve. The bulk of my data experience came in the late 1970s working on cellular development with Bell Labs. Even at that we weren't concerned with voice coding just command & control over a multipath channel with 30 dB fades, often below the noise level.

Your endeavor is probably much more difficult than mine was as you ultimately will want to please my goals of low bit rate remote control and some other customers desire to listen to music remotely from an HF broadcaster.

My suggestion is to proceed with a good choice or two but allow your customers to plug in other, optional codecs that suit their needs.

I did a quick Internet search and there are many articles on the subject.  More than I can study and make an informed suggestion. I have included a link below to one article that discusses some of the issues within the context of the AMR codec group which I believe that AT&T has standardized on for their mobile codec.  Of course, landline Internet is less rigorous than are mobile data links.

My recent experience is empirical doing amateur radio using several media over the last few years. Some links were slow some choppy others exhibited both and were useless.  Other links are perfect.  I've paid for some codecs and found others installed in various VOIP soft phones or hardware. I've found some are great in one context and then useless in another. This must be why most of the SIP VOIP implementations offer a large user selection of codecs. This way they can ultimately please the largest number of customers.

Sincerely,

Bob, W7KWS

http://telcodocs.p1sec.com/3GPP%20Rel-10/3G%20and%20beyond%20:%20GSM%20(R99%20and%20later)/22_series...
Photo of ka7gzr

ka7gzr

  • 208 Posts
  • 35 Reply Likes

Steve,

My experience with high latency for Rx only introduces another issue. That is when tuning across the band all audio and video has a delay on it and it makes it difficult to zero in on a signal. I have gotten better at it by adopting the technique of small incremental VFO adjustment and then pausing. My experiences have been with the Icom BS-BA1 software and my IC-7850. The BS-BAI software has a "recommended" setting for the buffer size which works very nicely or you can adjust it manually. The IC-7850 has a built in server so a PC isn't required. I use it extensively on my travels.

I can't wait to try it with my Maestro/6700 when the software is ready!

By the way, nice presentation @ Sea-Pac- I really enjoyed it! 

Jim

ka7gzr






(Edited)
Photo of George Molnar, KF2T

George Molnar, KF2T, Elmer

  • 1508 Posts
  • 532 Reply Likes
Anyone gone the VPN route and have success stories to share? A bridged VPN from home LAN to the world is sounding really good with 1.4 coming soon. Any service provider recommendations, or other advice?
Photo of Peter K1PGV

Peter K1PGV, Elmer

  • 540 Posts
  • 310 Reply Likes
Steve asked for feedback regarding the desireability of decreasing the bandwidth that DAX uses. I vote an emphatic NO. DAX is meant for LANs and the only bandwidth li,mutation on a LAN is 1Gbs. Keep the full fidelity of audio on DAX.

What would be nice is to be able to put one slice on the left channel and another slice on the right channel... But that's not really THAT much of an advantage over just running two instances of the digimode program.

Peter
K1PGV
Photo of Bjørn Ove Kristiansen

Bjørn Ove Kristiansen

  • 8 Posts
  • 1 Reply Like
I for one have to say I disagree on this. Granted, I am new to using Flex, so perhaps I haven't quite gotten the grasp of all the features and possibilities of the radio and software yet, but it is my understanding that for proper and hassle-free use of data modes, you would want to utilize DAX. If that is the case, rhen DAX should be available for use on lower bandwidth connections as well to cater for those of us (myself included) who just do not have the option (physically) to run Flex on a local connection.

Bjorn
LB5TG
Photo of George Molnar, KF2T

George Molnar, KF2T, Elmer

  • 1501 Posts
  • 532 Reply Likes
The only way I'd say "yes" is if DAX encoding can be improved without a loss of fidelity. For those with limited bandwidth in their LAN, using only one DAX channel (deselect unused channels) should not be a problem. If it is, the LAN does need improvement.
Photo of SteveM

SteveM

  • 234 Posts
  • 39 Reply Likes

It seems to me the solution is a simple one - no need to vote. DAX defaults to maximum fidelity, then automatically downshifts the bitrate to the capability of the link. This would be good enough, but to be perfect, it would also shift back up based on a longer time constant.

A nice feature would be to add a meter showing the current state of the DAX connection.

Photo of Jay / NO5J

Jay / NO5J

  • 1364 Posts
  • 196 Reply Likes
Thought just popped in, I might keep it.

Maybe it could be possible to have both DAX and DXAX.
DXAX could use whatever codec wins the, (optimal for streaming low latency audio) over a bog standard internet connection race.

Think bigger it's only software!

Just design DXAX with the capability of switching out the codec, should something superior come along. DXAX might even make a good 3rd party/home brew/science project.

Think about it, then make it happen!

73, Jay - NO5J 
(Edited)
Photo of Mike - W8MM

Mike - W8MM

  • 166 Posts
  • 37 Reply Likes
I'd like to refresh this discussion to see if I can make a VPN work for SmartSDR and K6TU's iPad Remote.  I can use PC LAN-Remote and Stu's iPad Remote on my home LAN with great ease and enjoyment.  It's just terrific.  I'd like to build on that so I can operate from the field or my office, as well.  And, I'm getting bored waiting for V2.0 of SSDR ;~}

Well, it seems harder than it first looked: 

My Panasonic IP telephone supplier and my Cincinnati Bell Fioptics internet provider, after much backing and forthing, settled on a Draytek Vigor3900 router to make my gigabit internet and VOIP SIP trunks work together correctly.  I am therefore permanently attached to this "Multi-WAN Security Appliance" and need to see what I can do with it for Flex-6XXX remote VPN service.

I tried a very nice free Draytek iOS app called "Smart VPN" on my iPhone 6 and my iPad Pro.  I set up the Vigor3900 per the FAQ http://www.draytek.com/en/faq/faq-vpn/vpn.ssl-vpn/how-to-use-smartvpn-ios-app-and-establish-ssl-vpn-to-vigor3900/  to use the SmartVPN app and it constructed a nice SSL VPN that works just fine to get inside my LAN.  I can get the right answer to "What's My IP" when connected through the VPN (I have a fixed IP at home) and also administer the Draytek using its 192.168.xxx.xxx LAN-side address. I'm definitely connected to my LAN.

But, it doesn't play nice with finding radios with which to connect K6TU's Remote

The problem, of course, is that I am a complete VPN newbie and can't figure out how to configure the VPN connection for bridge mode or its functional equivalent.  I've perused the User's Guide http://www.draytek.com.tw/ftp/Vigor3900/Manual/DrayTek_UG_Vigor3900_V2.1.pdf and looked at every thread on this site that mentions VPN without finding anything promising.

Would someone of you knowledgable IT guys like to coach me through to a VPN solution?  

For fun or profit, ... your choice.

Mike - W8MM
Photo of Mike - W8MM

Mike - W8MM

  • 166 Posts
  • 37 Reply Likes
Stu,

Thanks so much for the insight on what Apple allows for bridged support.  Sounds like L2TP is a must have for what I want to do.  I was originally going to configure Soft Ether for L2TP/IPSEC, but I couldn't figure out the setup with my router.

In the threads and videos talking about Soft Ether VPN configuration, it mentions "opening" port 5555.  The Draytek has "port redirection", is that usable?

Here's the firmware/documentation page with the Manual (V2.1) link: http://www.draytek.com/en/download/firmware/vigor3900/

I have no resistance to a best-practice solution (like Soft Ether),if I can figure out how to provision it!
Photo of Mike - W8MM

Mike - W8MM

  • 166 Posts
  • 37 Reply Likes
Stu,

One more question:  Since I could only find "bridge mode" as "bridge VLAN" options, would that work, or do I need to get Soft Ether going, instead?
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
The link for the manual won't open in either Safari or Chrome on the Mac - it just takes me to their home page.

Sorry.
Stu
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
ok - I found the manual via Google.  I can't tell for sure but I don't believe the VPN server in the Vigor will work with iOS.

The box does support port forwarding - look under the NAT section where it says port redirect.  

The simplest solution would be to port forward the required ports to a computer on the same subnet as the radio and run Soft Ether VPN Server on that.

Stu K6TU
Photo of Mike - W8MM

Mike - W8MM

  • 166 Posts
  • 37 Reply Likes
Stu,

Perfect!  I can do that.  Thanks so much for your help!
Photo of Steve K9ZW

Steve K9ZW, Elmer

  • 1207 Posts
  • 634 Reply Likes
Photo of Mike - W8MM

Mike - W8MM

  • 166 Posts
  • 37 Reply Likes
Thanks Steve,

I've already watched them to no avail.

I thought about using SoftEther on a radio-close PC, but couldn't figure out how to "open port 5555" on my particular router.
(Edited)
Photo of K1UO - Larry

K1UO - Larry

  • 703 Posts
  • 117 Reply Likes

Mike,  I am using the built in VPN on my ASUS routers at the remote and here at Home.  Nothing else to do  radio works fine.  I do need to use CWX for cw and my digital mode (RTTY)  works fine.  Not an SSB op so have not tried that mode .  Was waiting for Maestro for that.

 I use about 9 Meg up with everything opened up at the remote end and of course see the same 9Meg down here at the Control end so until WAN is implemented by Flex you do need good Bandwidth.  I can throttle back the Waterfall and get away with around 3 M uplink for the radio at the Remote end but I would think that would be minimum.

I am fortunate to have FTTH on both ends of my VPN link.

Regards

Larry  k1UO



Photo of Mike - W8MM

Mike - W8MM

  • 166 Posts
  • 37 Reply Likes
Larry,
Thanks for the info.  I also have FTTH at my QTH as well as the office.  300 mbps uplink should pose no problem ;~)
Photo of K1UO - Larry

K1UO - Larry

  • 703 Posts
  • 117 Reply Likes

Didn't need to do port forwarding or anything else..  Just needed to set up one of my Ethernet controlled relays on the Microbit Webswitch 1216H to the remote plug on the 6700 to turn it on/off remotely.  The SPE2K amplifier is monitored over the Moxa 5210 serial server right here at the control end.  The amp is wired to come on when the 6700 comes on and the antennas follow the 6700 via the new 4O3A antenna Genius switch.

Regards

Larry  k1UO

(Edited)
Photo of Wim

Wim

  • 80 Posts
  • 15 Reply Likes
I use the VPN build-into my Wireless Access Point, it's a Netgear R7000 and has easy VPN setup.

You just install the free OpenVPN Client on MAC or Windows and you plug in the configuration
file generated by the R7000 and that's it.

I worked my 6500 over VPN from Europe
Photo of Don Richardson

Don Richardson

  • 14 Posts
  • 1 Reply Like
When you say you do not use DAX and CAT. Does this mean you do not start them up and therefore they are not in use?
Photo of Roger Thompson AD5T

Roger Thompson AD5T

  • 8 Posts
  • 0 Reply Likes
Yes, i recall doing something to stop DAX and CAT from starting on the laptop I use for remote operation, but don't remember the details.

Roger
AD5T
Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 961 Posts
  • 199 Reply Likes

Don,


I remember seeing this issue (no waterfall) when using the SmartSDR for IOS app through a VPN. The solution was to make sure the local LAN and remote LAN were different IP schemes. 192.168.100.x for local radio side LAN and 192.168.200.x for remote LAN.

Not sure if that is your issue but maybe worth a look.

Dave wo2x

Photo of Don Richardson

Don Richardson

  • 14 Posts
  • 1 Reply Like
Thanks for this pointer,  however it did not make a difference.  I am now going to try Windows Remote instead of Team viewer to see if I can get the mic input from the remote computer into the radio.
Photo of Roger Thompson AD5T

Roger Thompson AD5T

  • 8 Posts
  • 0 Reply Likes
Don,

You may be doing a different sort of remote operation if you need Windows Remote, Skype, or some other way to transport audio.

Here are the basic steps I use to operate phone and CW (via CWX) remotely:

1. I power up the remote location Flex using a DLI Ethernet Power Controller that enables a combination of direct ac switching for the station power supply and surplus wall warts and other power supplies plus relays to switch on my tuner and connect various antennas.  This is done with a browser tab connected to the DLI web interface.

2. I then start the OpenVPN connection from my laptop client to the VPN server at the radio location.  You can use ipconfig to verify the IP address assigned to your client computer, which is the laptop in my case.

3. I start SmartSDR on my client laptop.  Default audio devices (not DAX devices) need to be set before starting the SmartSDR.  Changing audio default devices after SmartSDR is running on the client usually requires a restart of SmartSDR.

4. The input audio source needs to be set in the P/CW panel pulldown to PC.  Mouse over this pulldown to show which audio device is set.

5. Remote should be blue in the upper right of the SmartSDR screen and a mouse over of this button shows the receive audio device.

6. I use the tune button to drive an automatic antenna tuner at the radio's location and the MOX button for T/R switching.

Hope this helps and good luck.

Roger
AD5T
Photo of Mike - W8MM

Mike - W8MM

  • 166 Posts
  • 37 Reply Likes
So, ... Many kudos to Stu (K6TU) and Chris (K6OZY) for their contributions to reducing my mental haze (formerly purple) about VPNs and networking fundamentals.  I've made much progress after absorbing their teachings and forcing myself to learn a bit more than I originally imagined about the general topic of routing among the internet and private networks.  I can even tweak my own "network security appliance" with a modicum of confidence, now.

As soon as I have all the bits and pieces playing nice with each other, I will post an exposé revealing all cool things I have discovered.

Again, many, many thanks to Stu & Chris!!!!!