How you can access your Radio over the Internet (WAN) TODAY

  • 14
  • Praise
  • Updated 2 years ago
Here is a simple and inexpensive solution to get WAN access over the Internet to your Flex-6000 series radio TODAY.

The following solution allows you secure (authenticated and encrypted) access to your Radio that is located behind your Internet access device (cable/DSL/fiber modem) and it's firewall. No dedicated hardware is required, and the solution allows access from Mac, Linux, iOS and Windows - all at the same time if you must!

This solution is NEITHER supported or endorsed by FlexRadio.  DO NOT CALL THEM FOR SUPPORT, INSTALLATION PROBLEMS or anything else.  You undertake the use of this solution at your own risk and accept that you are your own technical support for this form of operation.

The solution is to use the SoftEther VPN (virtual private network) from the University of Tokyo, Japan.  You can download this open source, excellent and free software from:

http://www.softether.org/

The simplest deployment of this solution is to run the VPN Server on a PC at your home.  Most PCs have more than enough horse power to run the VPN server and transport SmartSDR traffic without breaking into a sweat.  Although beyond the scope of this post, its very easy to configure the server to run on a Raspberry Pi (version B or 2 preferred).

You do need to configure your Internet access device to allow transit through it's firewall function - this is covered in detail (ports, protocols etc) on the SoftEther.org web site. If you are unfamiliar with configuring the firewall function, you will have to consult either your ISP or the documentation for specific information.

The SoftEther VPN server also interacts with a (free) dynamic DNS service that is built into the server and provides you with a named access to the VPN server which will track any IP address changes of your Internet access device.  The server has its own GUI interface when running on Windows and can be set up in a couple of minutes.  Again the SoftEther.org web site has extensive "how to" with screen shots to help you.

On the client side (your laptop running Windows and SmartSDR), install the SoftEther VPN client.  SoftEther.org provides a GUI based client that is very simple to install as well as a VPN server management GUI that lets you configure the VPN Server remotely.

When configuring a connection back to the server, specify connection to TCP port 5555 - this is the default SoftEther TCP port for its TCP/SSL VPN connection.  Using this particular protocol enables automatic compression and automatic (under the covers) recovery of lost or out of order packets from the Radio.

So how does it work?

The SoftEther VPN provides remote access to your home LAN that looks like a virtual Ethernet cable:

http://www.softether.org/4-docs/2-howto/1.VPN_for_On-premise/2.Remote_Access_VPN_to_LAN

This allows the broadcast traffic from your home network to travel over the Internet to the VPN connection on your laptop. This allows SmartSDR to "see" the radio and seamlessly connect to it for operation over the Internet.

Automatic compression and the TCP protocol help optimize the connection and reduce the bandwidth required between the radio and your laptop.

How much bandwidth is required over the Internet?

Running remote audio and a modest (1024x768) window for SmartSDR will consume approximately 1 Megabit per second when displaying 1 panafall display at 24 frames per second for the pan adaptor update and 12 waterfall lines a second.

A larger screen display will consume proportionally more bandwidth and scales with the width of the display - smaller means less bandwidth, bigger means more.

You can reduce the amount of bandwidth consumed by reducing the frame rate of the pan adaptor updates and reducing the number of lines per second on the waterfall.  The further left you drag the sliders on the display controls for SmartSDR, the less bandwidth will be consumed.

You will be surprised how few frames per second will still give you a usable display.

Running DAX is NOT RECOMMENDED and will likely saturate your available uplink bandwidth unless you have a very good Internet connection.  Each DAX channel consumes 1.5 Megabits/second so YOU HAVE BEEN WARNED!

Remember that if you are connected to the Internet via your cell phone, wireless hot spot, tablet etc, YOU ARE PAYING FOR BANDWIDTH CONSUMED and the traffic you receive counts towards the bandwidth cap on your account.  1 MBps is about 450 MBytes an hour.

How good an Internet link do I need at home?

To really use your radio effectively over the Internet, you will need an Internet link at home that provides at least 3 Megabits per second of UPLINK traffic with good reliability.  Reliability means that the 3 MBps is available at any time of the day/night and without significant packet loss.

The majority of Internet services today are heavily ASYMMETRIC - you get significantly more DOWNLINK bandwidth than UPLINK.  This is because most Internet customers consume more content (streaming videos, music, web browsing etc) than they generate.

You can measure your Internet access speed by using one of the speed tests.  This one:

http://www.speedtest.net/index.php

is heavily used by ISPs to show their customers how good (or not so good!) their connections may be and help set expectations about the quality of the experience you will get (or not!).

If your Internet UPLINK speed is less than 3 MBps, DONT WASTE YOUR TIME USING THIS SOLUTION - YOU WILL BE VERY FRUSTRATED AND DISAPPOINTED.

How well does this work anyway?

With a good uplink available from the home network here in the San Francisco Bay Area, I have run SmartSDR remotely and made QSO's from all over the United States - even using LTE on my iPad hot spot from rural locations where there was no other Internet access available to me.

If the SpeedTest link above shows that I have reasonable latency (< 100 ms) and decent bandwidth (> 3 MBps) back to a test server in the Bay Area, my SmartSDR experience even at 24 fps is like sitting on the network at home.

Put bluntly, HOTEL networks on Wifi generally SUCK.  Even paying for "premium" WiFi access in most hotels is a waste of money and a bad joke.  Hotels are now stuck with their customers expecting FREE access and so provide as slow/bad service as they can get away with...

In general, if you are in a large metropolitan area and your home is similarly situated in another metropolitan area (and you pay for "above average" Internet connectivity from home), you will have a very positive experience.

From my work office which is in the same metro area, I get amazing connectivity and can make QSO's with ease (until the boss catches me... oh wait, the boss is ME ;-).

Internationally, you mileage WILL vary and will depend on the quality of the place you are staying and the Internet infrastructure between you and the home country.  You may have to resort to turning the frame rate on the pan adaptor to ZERO and operating with just remote audio (this and the meters will require about 100 KBps FWIW).

Is remote operation legal?

If you are in the United States and operate under an FCC license, remote operation is 100% legit BUT you must set the Flex-6000 Transmit timeout (on the Transmit tab of the SmartSDR setup) to comply with FCC Part 97 section 97.213 (b):
(b) Provisions are incorporated to limit transmission by the station to a period of no more than 3 minutes in the event of malfunction in the control link. 
If you are licensed by a regulatory authority other than the FCC, you must consult your own regulations to determine whether remote operation is permissible.

But SmartSDR release 2.0 will make this solution obsolete?


Most likely - yes!  But many of the same restrictions regarding UPLINK bandwidth and the quality of Internet connectivity will remain as constraints.

The compression in the SoftEther VPN client on Windows removes much of the redundant overhead present in the data streams from the radio today but a good quality panafall display is moving a LOT of data.

I don't speak for FlexRadio and I have high regard for the engineering team.  It's likely than when they begin work on release 2.0, they will come up with new and innovative ways of representing data and further reducing the amount of bandwidth required for remote operation.


In the meantime, for those itching to use SmartSDR over the WAN today, here's a viable solution assuming you have the uplink bandwidth.

73 and enjoy!
Stu K6TU
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes

Posted 4 years ago

  • 14
Photo of Ken ve7kwa

Ken ve7kwa

  • 101 Posts
  • 32 Reply Likes
Clear & concise.... Well done Stu !
Photo of Justin Smith

Justin Smith

  • 18 Posts
  • 1 Reply Like
Hi Stu:
Thank you for providing such a practical and detailed guide to help free us to work our FlexRadio 6000 radios while away on business or vacation, provided we have adequate bandwidth and packet integrity. I will be setting up WAN access using your method this afternoon, thanks to the clarity of your directions.  (Even though, with far less effort, I could just use the Internet directly to do most of what I would be using WAN access to my 6500 to accomplish, and gain additional features not possible with amateur radio - but where is the novelty or sense of adventure with direct use of the Internet compared to WAN access to a 6000?  One has to be a ham to appreciate this challenge.)
Photo of Doug K0DV

Doug K0DV

  • 134 Posts
  • 16 Reply Likes
Stu, quite a tutorial.  Thanks for the information.  How to you handle the audio?
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
Enable the remote audio on SmartSDR and use the audio devices on your computer (laptop) - speakers and mic.

Stu K6TU
Photo of Jim Gilliam

Jim Gilliam

  • 868 Posts
  • 188 Reply Likes

I have a question regarding the client computer: Once the client is set up on a portable, can you access the VPN on the same LAN in order to check that everything is working before trying it over a WAN?

Jim, K6QE

Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
Good question - I haven't tried that configuration as it wouldn't verify that the firewall configuration is correct.  I connected back into my VPN from my iPad - you can configure the iPad to use L2TP/IPSEC (which you will have to configure on the VPN server - see the SoftEther.org instructions) and then connect back to your VPN server over 4G.

Its helpful to have a second network connection like this so you can check out that you have the firewall configuration set correctly.

Stu K6TU
Photo of Jim Gilliam

Jim Gilliam

  • 868 Posts
  • 188 Reply Likes

I have DYNDNS and I frequently check my remoting capabilities by using the DNS name from my LAN. I assume I should be able to do the same thing with the VPN server. I'll give it a try and make a fool of myself. However, the more mistakes I make the more I learn.


Jim, K6QE

Photo of Jim Gilliam

Jim Gilliam

  • 868 Posts
  • 188 Reply Likes

Also regarding the firewall settings: I the "same old game" of setting port forwarding of the router to 5555 and assigning a static I/P address to the serving computer?


Jim, K6QE

Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
Yes - it is usually easiest to to assign a static IP address to the VPN server on the INSIDE network - that way you can set the firewall forwarding rules to point to that device and not worry about the address changing when the computer reboots.

The DynDNS built into the VPN server will take care of the EXTERNAL (WAN) address changing.

Stu K6TU
Photo of Jim Gilliam

Jim Gilliam

  • 868 Posts
  • 188 Reply Likes

Yes, the DNS server built into the server is a really nice touch. Thank you, Stu.


Jim, K6QE

Photo of Steve W6SDM

Steve W6SDM

  • 622 Posts
  • 280 Reply Likes
Stu,

You made a complex subject seem relatively simple.  Thanks for that.
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
Javier,

The waterfall rate AND the pan frame rate both affect the amount of data needed between the radio and the client.  If you slide them full left, it pretty much stops all updates.

At that point you will have two sources of data - the remote audio (assuming its enabled ;-) and the various metering updates.  The metering updates alone consume about 30 KBps - remote audio is set to require 70 Kbps - so you should be able to get down to a no-display diet of around 100 Kbps.

Anything on top of this is additional LAN broadcast traffic that is traversing the link...

I didn't mention this (to avoid additional complexity) in the original post.

SoftEther also supports an amazing selection of filters/access lists - does my networking bones good - ahhhhhh...

The simplest approach is to add MAC level filters that restricts traffic to and from the different devices.  An access list entry is required for each source & destination MAC address - for example;

Accept: MAC address from radio
Accept: MAC address to radio
Accept: MAC address to VPN MAC address from client
Accept: MAC address to VPN MAC to client
Accept: MAC address to broadcast FROM client
Drop: Everything else

Some debugging may be necessary on this list - its compiled from memory! :-)

I'm not sure that the MAC filters are worth the effort.  I have a pretty large home network including some 30+ devices (a couple of file servers, a number of WiFi access points, PCs, MACs, home entertainment devices, VOIP devices, UPS, Ethernet Serial servers, LAN switches...) - despite all this, the residual background "crud" is about 10 Kbps - if the link is that thin to make this a relevant difference, its likely not going to work anyway!

Hope this helps!
Stu K6TU
Photo of Javier, KC2QII

Javier, KC2QII

  • 33 Posts
  • 4 Reply Likes
Stu,

 My network is similar to yours, sans MAC, plus three Raspberry Pi GPS NTP servers.  I will have to look into a trade off or MAC access list versus load on the Raspberry Pi.  Not sure how much the load is at this time, but when the server is running, I get timeouts when attempting to telnet into the Pi.

Javier
(Edited)
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
Interesting - are you saturating your uplink?  Running on a Pi2B+ over clocked at 1 GHz, I can saturate my 10 MBps uplink - takes a number of pan adaptors, slices and DAX all running together to do this BTW.

At that point, the load on the Pi is about 125% CPU - the SoftEther server is multi-threaded and so core friendly.  This is running compression and encryption BTW so the CPU load on the Pi is as bad as it gets - its not just data movement.

This is also using the same physical interface for input and output - SoftEther recommends using a separate physical interface for in from out.

I haven't checked the SoftEther code but most Ethernet chips have a number of MAC address filters implemented on chip; most Linux drivers allow access to these so its possible that SoftEther maps the access filters to the hardware.  In which case they are gratis.  I didn't notice any CPU load difference when I added the MAC level filters to my configuration.

Even with the 10 MBps saturated, I was still able to SSH into the Pi...

Stu K6TU
Photo of Javier, KC2QII

Javier, KC2QII

  • 33 Posts
  • 4 Reply Likes
Stu

  It is not an up link saturation issue, at least, that I can see by looking at my home network router WAN interface.  My service provided uplink has been a consistent 5 Mbps, and I barely peaked above 2 Mbps with a single slice, max refresh, DAX and remote audio running. I will have to check again, at home to make sure, but I read somewhere that the server runs with a higher than normal priority on the Pi.

Javier
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
Yes - the server runs at NICE+20 if I remember correctly.  Somewhere in its vpncmd command line utility, I think there is an override of this...

Stu K6TU
Photo of spopiela

spopiela

  • 81 Posts
  • 10 Reply Likes
This a great tutorial thread. . After reading it, I was emboldened. I was able to set up and run remote WAN operation with a 6300 this past weekend and enjoyed it immensely. My new NETGEAR router at home base is fairly new and has "Open VPN" built in . So I activated it and downloaded all the info for the laptop that I was to use remotely. It was very easy for me ( a non IT person) . The docs did say that that the router would not do VPN with Apple devices which is a limitation but I can live with it. My home and remote location both have good internet speed up and download (40 MPPS down and 10 MMPs up) and the latest Intel and Windows software computers . Obviously the Internet speeds get better or worse over the course of the day at both locations. Having a router with VPN built in made it very easy. I can easily connect in and see my home network, network attached Storage and connect and use my Flex 6300. Flex has created a great product and I'm just excited about what 's coming!!!

Stan
N1THL
Photo of Jim Gilliam

Jim Gilliam

  • 861 Posts
  • 184 Reply Likes

Is OpenVPN compatible or useable with Ios devices as the iPhone, etc.? Thank you for the valuable info.


Jim, K6QE

Photo of Jim Gilliam

Jim Gilliam

  • 861 Posts
  • 184 Reply Likes

It would seem that having OpenVPN available on a router would solve all the problems of remoting the Flex 6000 radios. Since the software is available for LAN operation why go any further? I just tried OpenVPN and five minutes later I was connected directly to my LAN and using my 6500. Everything is just like I am sitting on my patio. I am using the Linksys WRT1900AC and it takes 30 seconds to have a server up and running. The obvious advantage is that you don't need a server computer as the router is your server.


Jim, K6QE

(Edited)
Photo of Jim Gilliam

Jim Gilliam

  • 861 Posts
  • 184 Reply Likes
I wonder if all equipment is turned off on a LAN except for the Flex radio, how anyone could hack the system using OpenVPN?
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3593 Posts
  • 1446 Reply Likes
The radio is connected to a. Computer. Then it can be hacked
Photo of Walt - KZ1F

Walt - KZ1F

  • 3040 Posts
  • 643 Reply Likes
The ability for someone outside your LAN to hack you is a function of what ports are open and where they terminate. There are (or were) many ports open on Windows due to how WIndows works that have been historically exploited to hack into Windows. With other OSs, i.e. Linux, it is easier to completely close all exploitable ports, if there is no door or window, nobody can break in...so to speak. Further, there are route-able and non-route-able IP classes. The reason most internal corporate and certainly home networks are on the 192 class A address range is that is non-route-able. Standardly this equates to a non-routeable class C domain such as 192.168.0 or 192.168.1. Someone outside your LAN can not directly reach out and touch hardware with IP address in that range.  You can, however, do router magic to enable packets addressed to your router, having a routable address, i.e. 172.x.x.x, to port forward traffic to a device with an, otherwise, non-routeable IP address. So long as the radio is invisible and untouchable to anything outside of your LAN and you've stopped all daemon processes on your computer, no email, no browser, no autoupdating, no SSHD, no FTPD, etc. then there is no termination point for a hacker to exploit.

There are people, white (and grey)  hat hackers, that make a living trying to find vectors into a network that others could exploit. Further, one of the more prominent use cases for virtual machines is to have them be the termination of any port forwarding such that even if the VM was hacked via an open vector, the hacker would be quarantined in the VM, unable to access any other resource. This is often done to segregate HTTPD daemons as well as mail servers.
Photo of spopiela

spopiela

  • 81 Posts
  • 10 Reply Likes
My router is a Netgear R7000 (AC1900) which has the OpenVPN loaded in the router firmware. It was easy to set up and run my 6300 remotely. This version will not operate with IOS devices. Other versions might?

Stan
N1THL
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3593 Posts
  • 1446 Reply Likes
NO
Photo of Don Richardson

Don Richardson

  • 14 Posts
  • 1 Reply Like
Hi Stan,
I too have setup the VPN server running in my NetGear router and setup a VPN connection between the house in NH and a remote PC in Maine.  I can keep a constant connection to the radio now that I made sure the IP address scheme is different at both ends.

My problem now is that the Pan Adapter do not show correctly and there is no waterfall showing.  The top of the Pan Adapter looks like an oscilloscope and does not show the frequency range correctly.  And of course, no waterfall.

I am running Smart SDR 1.9.13.  Did you have any of these issues, or anyone else out there have an tips or tricks that may help.

I am almost there!!!
Photo of spopiela

spopiela

  • 81 Posts
  • 10 Reply Likes
Don,
I have since updated to the 6500 radio and the latest IOS. I have not run remote using the R7000, since Noember of 2016. It was from New Bedford, MA to Bedford, NH. My home R7000 can connect via VPN to either my IPAD or a Windows laptop when I am remote. This allows use of the IPAD or Windows laptop for Smart SDR hamming. . I was using my IPAD with the SmartSDR IOS installed last November. I typically update my SmartSDR to the latest version as soon as it comes out and also the IOS version. It was a flawless connection and I had none of the issues that you described. I had a good Internet connection based on speed testing.

The IOS version allows one to reduce bandwith needs while using the radio but the penalty is usually in voice quality or other visual impact that is yours to accept or not. This is a nice feature. I suspect that the Internet connection is causing your problem. Try an experimant, whereby you connect with a quality connection from a selected remote location and see if you can get through with all visual features on.
Keep trying!
Stan
N1THL
Photo of Don Richardson

Don Richardson

  • 14 Posts
  • 1 Reply Like
Hi Stan,
Thanks for the complete steps for doing this.  I did do all of these steps as you suggested but in the end it was the connection speed at the radio Client end.  My Dad's internet speed tested at around 2.5mb and based on past comments it was said that you need a minimum of 3.  So, we are having Dad upgrade to a faster internet speed and things should smooth out and work great.

Thanks for the info and jumping in there.  I will report on our findings.
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4025 Posts
  • 1248 Reply Likes
I have been able to get performance with SSDR-IOS by turning off the Waterfall and turning the Display FPS down to about 6-7.

My shack uplink is only about 756 Kb Upload.  Which is on the edge of marginal.  
It works until my son decides to start watching something on YouTube or streaming Netflix on his X-Box!  Then I am out of luck.

But you CAN get an acceptable connection via VPN.  But the critical bandwidth figure is the Radio-end UPLOAD.  The download speed is almost irrelevant at the Shack, because it is usually very much higher than the upload speed..
Photo of Jim Gilliam

Jim Gilliam

  • 868 Posts
  • 188 Reply Likes
Apple has an app for OpenVPN for the iPad and iPhone. However, I have yet to try it with my Linksys WRT1900AC.
(Edited)
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3593 Posts
  • 1446 Reply Likes
It only works with Cisco routers
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3593 Posts
  • 1446 Reply Likes
OpenVPN usually does not work with iOS devices UNLESS your VPN device is one of the expensive CISCO routers. If u check the documentation on Netgear, Lynksys and other inexpensive routers you will see fine print exclusions for iOS.

Hence Softether is the preferred solution
Photo of Larry Benoit

Larry Benoit

  • 65 Posts
  • 15 Reply Likes

While I can't confirm that OpenVPN IOS versions work with current Asus routers (RT-N66U, RT-AC68U/P, RT-AC87U), they appear to be officially supported by Asus.  The Asus OpenVPN setup form on the RT-AC68P router includes separate links for OpenVPN for Mac OSX and iPad/iPhone IOS client software (OpenVPN Connect) and the Asus website includes an FAQ for setting up OpenVPN Connect for iPhone: http://www.asus.com/support/FAQ/1004471/

I don't have an Apple device to test compatibility, but someone on the forum might be willing to try OpenVPN Connect for IOS and report the results.

Parenthetically, I can report that OpenVPN Connect for Android requires the TUN interface and does not support the TAP interface.   Asus supports both, but not simultaneously. While that may be OK for ordinary VPN functions, it won't support SmartSDR (if it ever becomes available for Android), because TAP is apparently required for Ethernet bridging and/or other capabilities not supported by TUN.   

73,

Larry KB1VFU

Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
The reason I specified using SoftEther (and not OpenVPN itself) is that SmartSDR needs to see the broadcast packets from the radio discovery protocol.  These are sent as UDP broadcasts on the local subnet broadcast address.

To see these local broadcast packets the VPN must work in bridged mode (referred to as TAP in OpenVPN).

Although there are third party OpenVPN clients for iOS, they only support TUN mode (level 3 VPN, not level 2) because Apple does not allow third party apps to bridge traffic for security reasons.

The Apple native VPN client supports a number of different VPN modes including L2TP, PPTP and IPSec.  The IPSEC approach is the Cisco supported VPN and to my knowledge is only available on Cisco products.  PPTP is for Windows - 'nuff said and then there is L2TP.

L2TP is supported by the SoftEther VPN server and can be used simultaneously with all other supported modes.  So you can connect your Windows laptop using the SoftEther VPN client which has many features above and beyond the crap stock VPN support in the OS (like using simultaneous TCP sessions to maximize throughput, encryption, standard compression etc) AND then connect your iPad so you can still control the radio with K6TU Control.

For those who are hell bent on using OpenVPN, I suggest you start a separate topic here on the community and describe the configuration in detail there.  That will be helpful to folks who want an OpenVPN solution.

It is very easy to run the SoftEther server on a Raspberry Pi 2 and that is my preferred solution.  Its a small, low power solution and if the Pi gets compromised (hacked), I can simply re-format the microSD card and I'm done.  I don't keep any data on the Pi that I care about and so it serves as a sandbox in which to run the VPN Server.

I also don't care for vendor implementations of VPN servers when this isn't the primary purpose of the device.  I have a file server that supports many different VPN server modes - I wouldn't turn on its VPN server functionality for any amount of money.  The file server is high performance, reliable, robust and fairly priced.  Its VPN server solution is a piece of CRAP and has more security holes in it than a block of swiss cheese.

Personal choice is a wonderful thing.

When it comes to network security (a topic BTW of which I have some modest background - check out my bio), I am paranoid and un-trusting.

Also personal choice! :-)

I figured that for most hams (especially those not network security wonks) the SoftEther VPN server was about as close to plug and play as one could get.

Stu K6TU
Photo of K6OZY

K6OZY, Elmer

  • 532 Posts
  • 197 Reply Likes
OpenVPN does pipe broadcast traffic if you use a TAP interface, but I agree that SoftEther is a nice wrapper for a variety of VPN protocols, including OpenVPN, with a good interface for new users.   I do prefer running the VPN server on an appliance, like my pfSense router, but SoftEther is a good quick fix for most.
Photo of Larry Benoit

Larry Benoit

  • 65 Posts
  • 15 Reply Likes
Thanks for confirming that OpenVPN for IOS does not support the TAP interface. As I mentioned, that is also the case for OpenVPN for Android, which means that neither current version will support SmartSDR (should a version ever be coded for either OS).  The constraints imposed by Apple don't apply to Android, so hopefully a future version will support TAP.

Setup for OpenVPN on the Asus RT-N66U was posted here in May:
https://community.flexradio.com/flexradio/topics/openvpn-with-asus-rt-n66u-router

I can report that the same basic setup applies to the Asus RT-AC68P.  It takes only a minutes to configure.  A fellow ham has been using OpenVPN with an Asus RT-N66U router for weeks with excellent results (operates a 6700 and 6300).

73,
Larry KB1VFU
Photo of W5UN_Dave

W5UN_Dave

  • 315 Posts
  • 30 Reply Likes
As a total novice to VPN I have a question: is openVPN thru put faster than Softether VPN? I do have the SoftEther VPN configured and running. It only took me a few hours. I "messed" with openVPN for a month, and never did get it to work. I am just not knowledgeable enough, even after reading everything I could find about it on the internet. I am out here on the ranch, and there is no fiber optics within seven miles. My only choice for 'reasonable' internet is Wi-Fi. I have the Verizon home fusion which is acceptable, and am testing Sprint Wi-Fi whose upload speed is atrocious. Data limitations are the order of the day. I need a mentor for these things, hi.
Photo of Walt - KZ1F

Walt - KZ1F

  • 3040 Posts
  • 643 Reply Likes
Dave, VPN, regardless of who wrote it, will not cure bad upload speeds. As Stu said earlier, if you can't get 3MBs upload there is not much hope for remote goodness. I frankly, am not convinced compression will buy you much, if anything. The packets we're talking about are small and non text, if you gain 10%, that is negligible and remote audio is already compressed. Have you talked with Verizon and Sprint and gotten suggestions from them?

Actually Dave, something just occurred to me. You need not worry about the upload speed to your ISP, rather, the upload speed to your router. Just for grins and chuckles I tested my Nexus 9 tablet. 22Mbs down, 2.23Mbs up. Far below what Stu suggested. But that was round trip from CT to NY not my family room to my radio. I have a linux environment, servers and laptop alike. I used iPerf to measure the speed from my laptop, 5G to my desktop. I set iperf to be upd and upload 4Mbs packets. there was zero loss at 3Mbs and a total of 3400 packets. At 8Mbs (1MB/s there was 0 packet loss with 6800 packets although one was received out of order.

So if your Internet Service Provider (ISP) is 200 miles away, it doesn't matter, so long as you are within WiFi distance to your router. Now, if you want to take your laptop on the road, that is entirely different, then your ISP does matter. But for around the house, out in the back yard, you should be good.
(Edited)
Photo of Walt - KZ1F

Walt - KZ1F

  • 3040 Posts
  • 643 Reply Likes
So what is interesting, and a bit disturbing, also a different thread, my laptop with the alleged shitty wifi chip did a sustained for almost 13,600 UDP packets at 8Mbs with 0 packet loss yet cannot do ssdr remote. For 2 mins sustained at 8Mbs it processed 81,603 udp packets, dropped 91 (0.11% loss) and received 2 out of order, yet it can't do SSDR remote. Perhaps it is Windows, the above was Linux. Switching over to WIndows, it can not reconnect network drives (although I can open them) and while SSDR is running and receiving the UDP packets (the panafall is doing its thing) the strength meter is 3 amber bars to 4 green back to 3 amber. Linux was solid with about 1/10 of 1 percent loss.
(Edited)
Photo of Larry - W8LLL

Larry - W8LLL

  • 405 Posts
  • 78 Reply Likes
I got softether working last night and it was very smooth with my 30 Mbps download and 3 Mbps upload which is actually just under 5Mbps when I check it. One Dax channel running in the back ground made it a little jittery. I also connected to the server using a windows vpn connection instead of the client software at  the vpnazure.net address and it is way slower for what ever reason. And while talking with some locals using my blue yeti usb microphone I was asked why I sounded so much better today, they could not tell I was remote until I told them.
(Edited)
Photo of K6OZY

K6OZY, Elmer

  • 532 Posts
  • 198 Reply Likes
I would recommend not using DAX over a VPN link because it is not compressed.   If you are metered, it will eat up bandwidth fast.   

https://community.flexradio.com/flexradio/topics/remote-digital-using-smartsdr-1-4-lan-over-vpn
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
Walt,

The compression helps significantly.  I see about 40-45% improvement because the data sent for the meters, pan adaptor and waterfall stream are NOT compressed and have a large amount of data redundancy.  Compression requires using the SoftEther VPN stream on port 5555 - this is TCP over SSL and enables compression.

The L2TP support does not provide any compression however.

Regardless of compressed or otherwise, the quality of the uplink on the Internet link is critical.

BTW, on your home WiFi, try resetting the WiFi device by a power cycle and also try the 5G side rather than 2.4G (or vice versa).  The WiFi device in my office gets itself into a mode where it drops packets - power cycling the device cures the problem for several days at a time.

Stu K6TU
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
Dave,

I empathize.  A high gain antenna will help.

Stu K6TU
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3593 Posts
  • 1446 Reply Likes
@Dave

Good luck with your experiments
Photo of Ross - K9COX

Ross - K9COX

  • 338 Posts
  • 104 Reply Likes
Why don't you just use your "Mighty Big Antenna"?
Photo of W5UN_Dave

W5UN_Dave

  • 315 Posts
  • 30 Reply Likes
Howard

Would make a suggestion on the type of external gain antenna to use? I'm open to all advice.
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3593 Posts
  • 1446 Reply Likes
I am runing portable from an International MIFI hotspot when I travel. So I am using a n 8dBi manufacturers specific external gain portable mag mount antenna which likely would not work for you. In the USA as the bands are different.

There are many gain antennas for 3g//4g USA on the market but I have no experience with them
Photo of Walt - KZ1F

Walt - KZ1F

  • 3040 Posts
  • 643 Reply Likes
If you can wait a few months I'll have a web based access to your flex, if you can hit google, you can hit your flex.
(Edited)
Photo of W3DCB

W3DCB

  • 86 Posts
  • 14 Reply Likes
That's no fun!  Gotta play...gotta play...its in the blood, :')  you know?  heee heee heee...de W3DCB  Daniel
Photo of W5UN_Dave

W5UN_Dave

  • 315 Posts
  • 30 Reply Likes
Walt, I do that now with Parallels, and it works well. Fast on my iPad, slooow on my laptop
Photo of W5UN_Dave

W5UN_Dave

  • 315 Posts
  • 30 Reply Likes
I am using Windows Remote Desktop to access the server from my client laptop. Is there a better way?
Photo of Jim Gilliam

Jim Gilliam

  • 868 Posts
  • 188 Reply Likes
I have used Teamviewer, Parallels Access, Remote Desktop, and LogMein, and I see little difference in the performance. It is just a matter of personal taste. There has been discussion about using a VPN which attaches a virtual long Ethernet cable to the serving router or computer. I haven't found it to be any more efficient than the above mentioned.
(Edited)
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
Maybe I wasn't clear enough - has been known! :-)


With the the VPN configuration I described, I run SmartSDR ON THE REMOTE LAPTOP.


The only data going over the link is that required to run SmartSDR and is usually way (and I mean WAY) less than trying to run a similar quality pan and waterfall on the computer at the home end using LogMeIn or any of those solution. When faced with huge graphic loads, these remote access programs have to move gobs of bit mapped data and that compresses poorly, consumes lots of bandwidth.


Remote audio runs the audio to and fro, the pan adaptor data and waterfall refresh can be adjusted for the quality of the link you have.


I have access to one 6700 that is on a 100 MBPs link into the Internet (not a typo). I have run 8 pan adapters and 8 Dax channels without a dropped packet from my work location some 30 miles from the radio using SmartSDR on my Mac at the office.


Networking is wonderful but it is the prima facia example of "you get what you pay for".


Stu K6TU
(Edited)
Photo of Jim Gilliam

Jim Gilliam

  • 868 Posts
  • 188 Reply Likes
What can I say? I use logmein on my iPhone, and I hear the audio with perfect clarity and I see the panadapter just as though I was sitting in the shack. I am using Verizon LTE/4G/3G.
Photo of W5UN_Dave

W5UN_Dave

  • 315 Posts
  • 30 Reply Likes
Stu thanks for being a mentor, along with the rest of you guys. But I DO NOT know how to use VPN once it is connected. Am I supposed to see the server desktop? Do I start SmartSDR as if it were on the local LAN? Is VPN just an extension of the LAN at home?Excuse my ignorance!
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
Dave,

With the the VPN solution I described, you connect the VPN client on your remote (as in with you remotely :-) and then run SmartSDR just like you would at home.

The radio will show up in the radio chooser display of SmartSDR and you just connect, enable remote audio and you are done.

You don't need to connect to your Remote Desktop (as in the one at home :-) unless you want to.

Think of the VPN as a very thin and long virtual Ethernet cable connected to your Cat's tail back at home. You pull on the VPN and the Cat in your shack meows... Now think of it without the cat! With apologies to Albert ;-)

Stu
K6TU PS. You have forgotten more about EME than I will ever learn. Networking is my EME - familiar and a tool to solve problems.

(Edited)
Photo of W5UN_Dave

W5UN_Dave

  • 315 Posts
  • 30 Reply Likes
Stu, thank you. That really clears things up. I'm sure more questions will follow though >:)
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
Questions are the seeds of knowledge....

:-)
Stu K6TU
Photo of W5UN_Dave

W5UN_Dave

  • 315 Posts
  • 30 Reply Likes
Wow! A new experience, I'm actually running my 6700 over VPN. This is as big a thrill as my first EME contact (well, almost).

Now I must go back and study all the data saving methods you guys talked about earlier.
Photo of W5UN_Dave

W5UN_Dave

  • 315 Posts
  • 30 Reply Likes
A window opened on my client and said I should  "connect to the vPN Server's TCP listenet port directly, instead of using NAT Traversal.  To connect to the server by using TCP, a listener port on the VPN Server must be exposed to the internet by a port forwarding setting on the NAT box".

I had early on set port forwarding on the home router to forward port 5555.  Do I need to do more with the router?
Photo of Stu Phillips - K6TU

Stu Phillips - K6TU, Elmer

  • 642 Posts
  • 256 Reply Likes
Dave,

If you email me off-community the manufacturer and model of your router, I can help you with the the configuration.

My email address is good in the predictable places.

Stu K6TU
Photo of W5UN_Dave

W5UN_Dave

  • 315 Posts
  • 30 Reply Likes
Just made my first QSO ever using 6700 over VPN, FK8DD on 20 CW.

Lousy connection to Sprint on laptop, and Verizon at the server. 6700 network: Poor. Ha, no kidding.
Photo of W5UN_Dave

W5UN_Dave

  • 315 Posts
  • 30 Reply Likes
Sprint on my laptop had a Ping of 240ms, Download of 2.03 Mbps, and Upload of 0.11 Mbps while I made this QSO. It was iffy, but I did it! This is going to work so good from my daughters' houses as they have fiber optics. Even an eighty year old man can learn new things.
Photo of Larry - W8LLL

Larry - W8LLL

  • 406 Posts
  • 78 Reply Likes
I have Complete, Smooth  Remote Station control now between Softether to run SSDR and Windows Remote Desktop Connection to control Rotator, Logbook and AMP and of course DDUTIL3 it is all possible. The DYNDNS host name configuration in Softether also comes in handy for connecting windows remote desktop. HamRadio sure has come a long way in the 20 years I have been involved.
Photo of Ali - 9K2WA

Ali - 9K2WA

  • 110 Posts
  • 23 Reply Likes
I am doing the same here as well, controlling 3 radios 3 Amps and 5 antennas using GHE & DDutil, I am now in ZL land 9342 miles away from my home station, the Internet connection at the hotel is not very good, latency is between 391-426 ms with 1.22% packets drop rate, but still I have no problems operating remote so far.


(Edited)