smartsdr ios problems with VPN and audio

  • 4
  • Question
  • Updated 3 years ago
  • Answered
Before I spend 50 bucks. I want to know that this works. So far I cant get the VPN to see my server. I have viewed the videos and websites over and over again with no luck. Cant seem to connect on Iphone/Ipad.

Also, The demo audio is atrocious. Is it supposed to be that way? It is all choppy and distorted on both devices. as if it is experiencing packet loss. but this shouldnt be if it is simulated as a demo.

Why is this program any better than  a VNC and Skype which are both free?

Not to be a buzz kill but I've been trying this since yesterday and wasting a lot of time trying to get this working when I already have a method that works just fine.

Thoughts? Suggestions?
Photo of Howard Koenig

Howard Koenig

  • 58 Posts
  • 6 Reply Likes
  • Frustrated

Posted 3 years ago

  • 4
Photo of K6OZY

K6OZY, Elmer

  • 542 Posts
  • 212 Reply Likes
I'm sorry you're having problems with L2TP on your IOS device, but you won't get any help from Flex on that.  VPN is unsupported by Flex.   They currently will only support a LAN configuration.   

This app is much MUCH better because it's the full client at your fingertips rather than redirection of another computer.  

If you can't get your VPN connected, and you have no need for it on your LAN, you should likely pass for now until 2.0 comes out.
Photo of Howard Koenig

Howard Koenig

  • 58 Posts
  • 6 Reply Likes
I connect to the computer running the flex software directly and its like being home. I've been doing this for 4 years now using a VNC program and Skype without a hitch. I thought maybe this would be a better way to go. Looked interesting.
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3763 Posts
  • 1621 Reply Likes
Yes it is a better way because it's a native app for the iPad/iPhone.

But then I do not have a Windows tablet
Photo of Cal Spreitzer

Cal Spreitzer

  • 449 Posts
  • 113 Reply Likes
Howard

If you will be using a iPad or IPhone remotely via the built-in iOS L2TP client you will need to setup additional port forwarding rules on your router. Those forwarded ports are:

 UDP 1701, UDP 500 and UDP 4500

I had the same issue because I forgot to do the port forwarding.  Once I setup port forwarding everything started working fine! 

Cal/N3CAL
(Edited)
Photo of Howard Koenig

Howard Koenig

  • 58 Posts
  • 6 Reply Likes
All those ports are open already... Sigh....
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 199 Reply Likes
Howard, opened is one thing.  Did you forward them through the firewall to your SmartEther server?

I just tested it and it worked wonderfully.  

These are my ports on my Router running DDWRT.   The first column is a name (anything works).  The 2nd is the Port From, 3rd is the Protocol, 4th is the target IP address inside your network (where Softether is running) and the forth matches the 2nd.

Mike va3mw


Photo of Howard Koenig

Howard Koenig

  • 58 Posts
  • 6 Reply Likes
I have constant vpn access on my windows tablet.
it works intermittently on my iphone.
and not at all on the ipad....   both ios devices have the same settings.
Photo of Tim VE6SH

Tim VE6SH

  • 295 Posts
  • 42 Reply Likes
I note in the manual the program calls for an iPad "3". Has anyone tried the program on a iPad Air ( not 2) or do I have to use this as an excuse to upgrade ?
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3780 Posts
  • 1636 Reply Likes
Ipad 3 came BEFORE the Air. Should work OK]]

But you really wanted to see it on the iPad Pro
Photo of George Molnar, KF2T

George Molnar, KF2T, Elmer

  • 1678 Posts
  • 614 Reply Likes
iPad Air and iPad Pro here, plus iPhone 6. All work very well, with good audio (much better than the demo quality). The Pro is noticeably smoother, Sam you might imagine. Bandwidth is selectable - and it helps a great deal on slower connections. Haven't tried via VPN yet, but am not too worried about that.
Photo of Cal Spreitzer

Cal Spreitzer

  • 449 Posts
  • 113 Reply Likes
iPad Mini Air 4 here.  Works good with VPN over 4G.   (Radio Side has Softether running on a Windows 10 Machine)

Cal/N3CAL
(Edited)
Photo of Larry - W8LLL

Larry - W8LLL

  • 532 Posts
  • 116 Reply Likes
I am running it on an IPAD 3 and it runs pretty good on wifi once you turn the bandwidth down, the audio smooth's right out. My 3G cellular/vpn connection is choppy.
(Edited)
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3780 Posts
  • 1636 Reply Likes

I ran the Alpha versions over 4G Cellular from France in June via VPN to La Jolla, CA and I got superb audio reports .

I have run the production version over 4G Cellular from my iPhone in my car again with good reports..


However - to qualify this... my Internet is 300Mb/s/30Mb/s in La Jolla...

YMMV

Photo of Ken - NM9P

Ken - NM9P

  • 4239 Posts
  • 1351 Reply Likes
I am running it effectively on both iPad Air and iPhone 6 using PPTP through my ASUS RT-AC66U Router and its built-in VPN app.  

I am also using SmartSDR for Windows at my office using the OpenVPN server on the router and a OpenVPN Client on my office computer.  

My main performance limitation is the lousy Uplink speed at the house (about 760 Kbps) which requires me to throttle my display FPS back to about 6 (I usually use 15 in the shack) and turn the waterfall down to between 4 and 9, depending upon what day it is and who else is using the internet at home...

If I could upgrade to 1.5 Mbps upload, I would have no gripes.

It did take me a while to program around the ATT Uverse Motorola router to get to do Passthrough/Bridging to my ASUS router.  Once I solved that, it has been pretty smooth sailing - even using the iPhone and SSDR-ios in the car with the car's built-in handsfree.  It was fun dong HF "remote mobile" for three hours on the way back from Dayton!  The sound from my car's stereo speakers was awesome!
Photo of Ken - NM9P

Ken - NM9P

  • 4239 Posts
  • 1351 Reply Likes
Howard, what are you using on the radio end of your network to provide a L2TP VPN connection? There are many who have had excellent luck with SoftEther.net.

I myself have used a PPTP VPN included onmy ASUS router with my iOS devices. It isn't as secure as L2TP, but works.

I have also used OpenVPN on my ASUS router to VPN with my Windows laptop from the office.
Photo of Reggie

Reggie

  • 94 Posts
  • 8 Reply Likes

Ken,

 

I am trying to setup the PPTP VPN on an ASUS router and IPad.  Did you have to do any port forwarding on the router for the SmartSDR IOS to work,  and where did you get the L2TP Secure Key that is required as part of the configuration on the IPad?

Reggie

Photo of Howard Koenig

Howard Koenig

  • 58 Posts
  • 6 Reply Likes
Ken, Ive been using soft ether for years but with windows on both ends. Never had an issue.
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3778 Posts
  • 1636 Reply Likes

best guess is that you have a port set wrong or a firewall issue

Or perhaps u do not have L2TP protocol enabled in SoftEther.

The iPad/VPN  should easily connect to the VPN via L2TP

Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3778 Posts
  • 1636 Reply Likes
You set ur own Secret Key in SoftEther and in the iPhone client

Use something simple like VPN
Photo of Ken - NM9P

Ken - NM9P

  • 4239 Posts
  • 1351 Reply Likes
Here is a thread that discusses, among other things, my journey to get my ASUS router working with my ATT Uverse Motorola DSL modem/router. The last post is the final update/solution.

https://community.flexradio.com/flexr...

Hope it helps,

Ken - NM9P
Photo of Howard Koenig

Howard Koenig

  • 58 Posts
  • 6 Reply Likes
If someone is showcasing an app that costs 50 dollars, wouldn't you think they would make sure that the audio quality (for demo purposes) would be good? Something isn't making sense. 
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 198 Reply Likes
Yes, I guess.  But this is a 1 person show, not Microsoft with any entire media team.  I would cut him some slack.

Mike va3mw
Photo of Howard Koenig

Howard Koenig

  • 58 Posts
  • 6 Reply Likes
Not really Mike.. He seems to have Flex radio in a partnership (as stated on this official website. This reflects on Flex radio directly.
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 198 Reply Likes
I guess--and I understand what you mean.  I forgot that I know the history of the product and that it is a single ham who wrote it as I was asked to beta test some time back (I'm not btw, I didn't have time).

Still, it is ham radio and not there are a large number of garage industries in ham radio.  I just bought it and it works fine on my remote base.  And, I only have a 1mb/s upload at the RF end.  

If you are having connectivity issues, you may have to look outside the product to resolve.  We can't expect vendors to be responsible for products external to their operations.  If we did, then a software developer would say my product only works with Joe's routers, Fred's switches on so and so's ISP.  

This makes it tough on everyone as there is no standard in this world, only guidelines.

73, Mike 
Photo of Howard Koenig

Howard Koenig

  • 58 Posts
  • 6 Reply Likes
I guess... well... odds are I may buy it and give it a try.. I can always get a refund if I can't get it to work properly..
Im gonna put this stuff away and go enjoy the pool!

73
Photo of k0eoo

k0eoo

  • 621 Posts
  • 87 Reply Likes
So far TX audio quality using my iPhone 6S+ w/earbud/mic on my LAN has been excellent. on both SSB and AM.... RX audio is also excellent...

Didn't realize it would be a challenge to get a VPN to work well with iPhone/iPad to radio...  I guess there's always something, LOL....
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 539 Posts
  • 213 Reply Likes
Howard, the IOS app is designed to work on a Local Area Network such as your home. It does a great job, and I have had a lot of enjoyment under this type of use. When I'm in the living room, bedroom, or kitchen, I can connect to my flex and it is an amazing experience. Well worth the $50.

I've had some success using it over the WAN using both SoftEther and OSX Server VPN (Both L2TP). Ive yet to get the waterfall to work when doing this. It doesn't matter if I'm usin a Maestro, SmartSDR for Windows or IOS, the waterfall just doesn't play through my VPN configuration. Everything else works like a champ including the Panadapter. That the waterfall doesn't work for me is not Flex Radio's or Marcus. We are trying to trick the software to be used in an environment for which it was not designed. This will be native in upcoming releases of SmartSDR for Windows and IOS. Until then I still search for the "special sauce" that gives me the full native experience via VPN connection.

If anyone has any ideas, I'm all ears.

As to the audio quality, th demo is of a prerecorded QSO which has been saved within the applet. High quality audio takes a lot of memory., artificially bloating the size of the App. The demo is to give you a taste of the experience. There is nothing nefarious going on. It was a smart decision on Marcus's part to tchoose a smaller applet size at the cost of lower quality audio recording on the demo.
Photo of Larry - W8LLL

Larry - W8LLL

  • 531 Posts
  • 115 Reply Likes
I would think its either a required port not forwarded or a firewall rule needs to be set for the waterfall data to pass through. When I get stumped with something like this the first thing I do is temporarily set the router to pass everything through (DMZ). If that still don't work temporarily turn any software/antivirus off. This will at least rule those out.
(Edited)
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3763 Posts
  • 1621 Reply Likes
It is NOT intended to showcase SSDR. It is only a simple video to show how the app looks. More dynamically than screen shots. The demo audio likely will be rerecorded sometime in the future but realistically it's irrelevant to the actual operation of the app.

Why don't you see if you can find someone wth a 6000 near you that you can actually see a real radio in action.
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3763 Posts
  • 1621 Reply Likes
You sound like ur in the UK. If so, there are dealers that can demo the 6000. Or post ur area location. U might be surprised to find someone nearby
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3763 Posts
  • 1621 Reply Likes

I think we are flying thru London on Dec 1st.. if you can get down to London I can give u a live demo...

Or you can always meet me in Paris.... I am there most of September and December

Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 539 Posts
  • 213 Reply Likes
I have put my SoftEther server in the DMZ.  The results are same whether in the DMZ or just Port Forwarding engaged for L2TP.   The waterfall on all clients (SmartSDR for Windows, IOS, Maestro, and DogparkSDR) produce the banding as seen below in the IOS screenshot.


(Edited)
Photo of Ken - NM9P

Ken - NM9P

  • 4239 Posts
  • 1351 Reply Likes
Jay,  The Waterfall and DAX are the two biggest users of bandwidth on the Flex.  I have seen the data rate go from about 300 kbps up to over 4 Mbps just by moving the waterfall from zero to full and starting a couple of streaming DAX audio channels.

When I run remote via my VPN, I begin by turning DAX off(in the remote computer/ios SDR client menu) and I slow the waterfall down to Zero.  If I still need to economize on bandwidth, I slow the Display FPS setting down below 15 -- sometimes I have had to go as low as 5 before my audio quit jumping about.
Once my connection stabilizes, I can then begin increasing FPS or Waterfall as tolerated by my home's slow "highspeed" connection.

You might begin troubleshooting there.  You may be getting banding because of low-bandwidth-induced dropouts.  Your remote performance is gong to be limited by the home stations UPLOAD speed, which in many (if not most) US carriers is severely limited vs their download speed.  (I am envious of people like Howard-KY6LA in San Diego, and my brother, Jim, in the New Albany/Louisville area who both have 300 Mbps UP and Down!)  Here I sit with 3 Mbps Down and 765 Kbps Up....boo hiss!)

Beyond that, I won't be very helpful with Softethernet and L2TP.  I haven't done much with that since I got my ASUS router running.
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 539 Posts
  • 213 Reply Likes
Ken...I'll probably make you jealous too then.  I've got Google Fiber and have 1GB up and down.   You wouldn't think so by the troubles I'm seeing.  I've got to be doing something wrong.  In house I'm getting WiFi of about 200-300 MBPS.  When wired it is very close to the 1GBPS according to Ookla.   With all of that being said, I should have plenty of bandwidth to handle the requirements of SmartSDR.  Again...I've got to be doing something wrong.
(Edited)
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3784 Posts
  • 1637 Reply Likes

Bottom Line
It's only $50 + Spots and Bandmap = $59.99

Try it.. if you do not like it

How to get a refund using iTunes

http://www.imore.com/how-to-get-refund-itunes-app-store

I suspect that you will like it enough to want to keep it..

Photo of Tim VE6SH

Tim VE6SH

  • 295 Posts
  • 42 Reply Likes
Well I paid ($69.95 up here) and the app will not connect to the Flex. When I try to connect I gat "Searching error" in the pop up box. Tried scanning and connecting directly to the fixed IP address of the Flex. Still no luck. I can connect just fine using the K6TU Remote app (and with the Maestro) so it does not seem to be a network issue.

Tim VE6SH
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3780 Posts
  • 1636 Reply Likes
Tim

Can you ping the flex ip from ur iPad?

Are you on the same ip subnet
(Edited)
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 199 Reply Likes
Tim, I can Teamviewer into your network if you like and help out.  Make sure on your Wifi router that you have client security turned off.  There are a few tuning tools that prevent 1 client from seeing another client.  This may be your issue.  

Wifi vendors do this to limit the amount of traffic being sent out on the Wifi network.  Not all traffic is echo'd from the hardwire network to the Wifi network.

Mike va3mw
Photo of Mark Thomas

Mark Thomas

  • 52 Posts
  • 16 Reply Likes
If not on the same subnet, such as when using iOS VPN or other situations, it is necessary to enter the current IP of the Flex6k radio, and turn on "Fixed IP" and turn on the "Scan instead of discovery" options on the Settings menu. This works great for me, both via WiFi at home and while away from home using iOS VPN.
Photo of Mark Thomas

Mark Thomas

  • 52 Posts
  • 16 Reply Likes
PS: I strongly wish that SmartSDR for Windows (and Maestro) had the fixed IP option that this iPhone/iPad application has already. This BASIC FEATURE makes operation on diverse subnets possible. This would save us from jumping through hoops fiddling with non-standard broadcast-passing VPN solutions. Yes, I know internal VPN support is likely coming with 2.x, but why not add this simple IP setting for those of us who can benefit from it?
(Edited)
Photo of Tim VE6SH

Tim VE6SH

  • 295 Posts
  • 42 Reply Likes
Thanks for all the tips and the offers of help (Marcus also emailed me). Let me work with it today and see how far I get.

Tim VE6SH
Photo of Tim VE6SH

Tim VE6SH

  • 295 Posts
  • 42 Reply Likes
Fixed! I followed Mark's suggestion and turned on "fixed IP" and "scan instead of discovery" and it immediately found the Flex. Thank you all for your assistance. Now I have a ready excuse to update my somewhat aging iPad Air (first gen)!

Tim VE6SH
Photo of Lee Maisel

Lee Maisel

  • 100 Posts
  • 13 Reply Likes
I went through all this, and turned on fixed IP ad scan instead, and was finally able to connect through VPN, HOWEVER   NO AUDIO and nothing on the waterfall!
Photo of Scott N8UMW

Scott N8UMW

  • 155 Posts
  • 47 Reply Likes
I've noticed that some VPN software will not allow certain types of devices to connect to the internet for security reasons. Some software has the option of allowing these devices access at a lower security setting and some don't. I have VPN as part of my Usenet subscription as well as express VPN as a stand alone service. Both of those allow the flex to be seen on the network. Freedom VPN that i tried several months back did not have that option at that time. I used to use team viewer and Skype with success. Currently, I can get audio both ways using just parallels access by itself and so i quit using the other two. This works on my galaxy note 3, iPad 2 mini, and my iPhone 6s plus. I have not tried this with VPN setup on the router. Just on all of my individual computers and devices. Please note that when using a VPN service, you absolutely will get slower internet speeds add a result of hopping through several different servers around the world. Choose one that is closest to you and/or has the lowest latency with the greatest throughput. Just my two cents. Cheers.
Photo of Phil m0vse

Phil m0vse

  • 208 Posts
  • 38 Reply Likes
The VPN that people are using is a point-to-point VPN back to their home network, not a 3rd party VPN service (the two things are completely different). Most people are using SoftEther which can run on many devices, I am using a Raspberry Pi running SoftEther as my VPN server and this works perfectly.
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 199 Reply Likes
I just tested mine on the train between Toronto and Monteal. Listening to 40m on the train poor wifi was acceptable. Very cool

Mike va3mw
Photo of Ken - NM9P

Ken - NM9P

  • 4239 Posts
  • 1351 Reply Likes
Michael, how did you get such a nice screenshot from you iPad?  I haven't learned how to do that, yet.
Photo of Phil m0vse

Phil m0vse

  • 208 Posts
  • 38 Reply Likes
Press the power button and the home button simultaneously and it takes a screenshot. IOS10 will also include the ability to take "video screenshots" which will be good!
Photo of Ken - NM9P

Ken - NM9P

  • 4239 Posts
  • 1351 Reply Likes
Great!  Thanks.
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3784 Posts
  • 1637 Reply Likes

I tested the Alpha Version during several days in early June over 3G/4G sitting in the basement ladies shoe department in Galeries Lafayette in Paris.. I made over 100 remote Q's. using my iPhone and a MIFI Box on Orange 4G/3G.  I used the Apple Ear Buds albeit at the time we had issues with the loudness of the mike that was corrected in the production release. 

I guarantee I would have gone insane long ago if I could not remote from shoe stores waiting for the XYL to try on every pair of shoes in the store...

I highly recommend this to Husbands who are dragged along by XYL on shopping trips...It's a life saver...

...and there is no possible correct answer to the question

 "Do these shoes make my feet look fat"

Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3784 Posts
  • 1637 Reply Likes

Neat Features:

There are a couple of Neat Extra Features that Marcus has added to the App ($4.99 each)


1. Band Plan  this is a graphic on screen band plan to make sure you do not transmit out of band

2. DX-Cluster  - I really love having spots show up on the display...

this is a must have if you plan to work DX from your iPhone or iPad.. it just makes life so easy to see the DX in front of you or by looking on the Spots lists.and clicking on a spot brings you to the correct frequency..

I just worked Vannutu yesterday while babysitting a grandkid... saw him on my iPhone display and BAM he was in the log... Now if he would only LOTW

Photo of Howard Koenig

Howard Koenig

  • 58 Posts
  • 6 Reply Likes
After researching the web, it appears that IOS 9 has an issue with VPN and a lot of people are having connectivity problems. It has been fixed with IOS 10.

Perhaps this is why I am having difficulties.

I just upgraded and am running IOS 10 on my IPHONE which I now have VPN working properly...   hmmmm the plot thickens.
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 198 Reply Likes
Interesting. I'm running 9.3.2 connecting to Softether via L2TP and no issues at all. I have an upgrade to 9.3.3 waiting. Where are you finding IOS 10 as it isn't available for us mortals for another month?

Mike
(Edited)
Photo of K6OZY

K6OZY, Elmer

  • 542 Posts
  • 212 Reply Likes
I'm running 9.3.3 without issues. His device may have had some other issue. Erase would be drastic where iOS 10 may not have fixed it, but the OS install purged the issue. iOS 10 beta is available if you want to pay the $100 Dev fee.
(Edited)
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3743 Posts
  • 1606 Reply Likes

interestink?

Not sure what the difference is but I am iOS 9.3.3 and no issues...

Wonder what changed and good to hear that you finally got the VPN working now how about SSDRiOS?

Photo of Bob Wright, N7ZO

Bob Wright, N7ZO

  • 279 Posts
  • 76 Reply Likes
I am running iOS 9.3.3 here on an iPhone 6 and an iPad Air 2 and have no problems using VPN with the new SSDR-iOS software.  The server at home is running SoftEther with LT2P enabled and with UDP ports 500 and 4500 enabled on the router.  (Also ESP and AH protocols are enabled on an ActionTec FIOS router).  The VPN settings on the iOS devices are the built-in L2TP settings.

SSDR-iOS is performing beautifully on both the local LAN and Verizon LTE (4G).

73, Bob, N7ZO
Photo of Bob Wright, N7ZO

Bob Wright, N7ZO

  • 279 Posts
  • 76 Reply Likes
I just upgraded to iOS 9.3.4.  SSDR-iOS performance is good, same as noted above.
Photo of K6OZY

K6OZY, Elmer

  • 542 Posts
  • 212 Reply Likes
I wanted to post a follow up on this thread.   I have a local friend who had this exact issue.   We could connect just fine with his PC, my iPad, etc, but his iPad just wouldn't connect.  This is the exact same issue Howard had.   We fixed it by first deleting the VPN entries, then going to "General -> Reset -> Reset Network Settings".

The device rebooted, reconnected it to the Wifi, setup the VPN again, and worked fine.  I hope this helps someone else who may have this issue.
Photo of Howard Koenig

Howard Koenig

  • 58 Posts
  • 6 Reply Likes
Thank you so much K6OZY..

That did it.. All working now.

Wow several days of frustration and that's all it took...   IOS smartsdr is running and working well...   will see how it does from 35,000 feet tomorrow on the way to New York

73 and good night everyone.
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3763 Posts
  • 1621 Reply Likes
Been there done that flying to Dayton Hamvention in May on Southwest. Suggest you use a Bluetooth headset or Apple ear buds to cut down on background noise. I really helps kill boredom of flying.
Photo of Howard Koenig

Howard Koenig

  • 58 Posts
  • 6 Reply Likes
I've got a pair of Bose noise-canceling headphones.. Ahhhhhhhhh.... makes the trip most enjoyable!
Photo of Paul Christensen, W9AC

Paul Christensen, W9AC, Elmer

  • 323 Posts
  • 138 Reply Likes

After spending two days trying to provision Softether and SSDR-ios with my iPhone/iPad settings, I finally have a VPN path between those devices and my Flex 6700.  So that others do not have to go through this level of pain, I have some suggestions, that hopefully will be of some value:

1) I don't want this to sound mean-spirited, but many folks, including K6OZY have been directing us to the K6OZY videos to set up SSDR-ios with Softether VPN software.  Chris has done a fine job with the presentation of the 2-part videos, but it must be understood that the videos were intended as a tutorial for remoting Maestro over a VPN, using a Raspberry Pi device.  When using Softether with SSDR-ios, the Part 1 video is not relevant until approx. 22 minutes into it.  Also, the video directs us to install only Softether Manager for Windows and not the Softether Server -- because again, the video is intended for VPN use between Maestro and a Raspberry Pi.  Bottom line, you need to install Softether Server with Manager.  Please folks, if you're going to direct users to a tutorial -- no matter how helpful your intention, at least explain the caveats stated herein.  When you know this stuff and point others to a tutorial that is filled with irrelevant, confusing gaps, it's easy to assume others can fill in the gaps -- but the gaps are big in this case.  End of sermon;

2) It may be best to first configure router ports before attempting to download and install the Softether VPN software.  If you cannot figure out how to provision a router, there's no need to aimlessly start clicking away at the Softether configuration menus to try and get a working VPN path;  

3) Another part seriously missing in these discussions is the ios VPN setup meanings.  A couple parameters need clarification, I think:

(a) TYPE: Use L2TP as others have correctly instructed;

(b) SERVER.  This is the target address set up in Softether.  Mine is w9ac.softether.net and further discussed in paragraph 4(a) below.  

(c) ACCOUNT: This one had me going in circles and again, not explained by other users here.  To be clear, ACCOUNT is the USER Name as set up in the SoftEther installation process.  it is NOT the Softether HUB NAME.  While folks have pointed to other on-line ios VPN tutorials, they are absolutely useless because they're generic and do not convey the association between ios VPN and Softether; 

(d) PASSWORD is the USER Name password set up in Softether.  It is not the Softether Administartor password or any other password field used in Softether;

(e) SECRET had me going in circles again.  But the fine print in the Softether L2TP menu does clearly explain this is the term that is used when the word "Secret" is asked in the ios client.   Mine is set up with the default "VPN," but I honestly thought this was a "secret reminder" for the PASSWORD above.  OMG, why call the damn thing "secret" next to password in the ios VPN setup menu?  Just my opinion, but the ios VPN configuration menu should have a small "what is this?" (i)nformation button next to these terms;

4) Within Softether, the Destination VPN Server Host Name is the global IP address, it is not an IP on your LAN network address (e.g., 192.168.1.x).  Mine is set to the dynamically changing Comcast DNS address.  Supposedly, this will track as the ISP periodically changes the IP.   As a test, I did try using my NO-IP DNS manager account and that worked too since NO-IP tracks my ISP's IP.  We'll see how this goes but a DNS manager like NO-IP should not be needed and the reason for the xxx.softether.net addressing to manage this.

(a) Under Dynamic DNS Settings, this is where you set the xxx.softether.net address.  This must match the SERVER name in ios VPN.  Give it time to propagate.  I had to wait over 10 minutes.

(b) Under the Local Bridge menu setting, my Intel Gigabit Ethernet adapter had to be opened for VLAN, even though it works fine for VNC and TeamViewer, and several other remoting programs.  I had to use the VLAN Transparency Setup Tool on the same menu page to open up the Intel Ethernet port;

(c) Under the IPsec/L2TP menu, this is where you will enable it with a check bot next to "Enable L2TP Server Function (L2TP over IPsec).  Upon doing so, the IPsec Pre-Share Key box opens and this is where you put the same name as the ios VPN SECRET name.  Again, mine is set to VPN as discussed in 3(b) above;

Another user here had to reset his ios Network Settings.  I had to do the same.  Re-entered the ios VPN information, and thank God, finally established a VPN connection.  Once connected. there were zero issues with SSDR-ios finding my Flex 6700.

Those are my issues.  No doubt others will have their own.  For Flex to make 2.0 work among its users, they will need to create a dedicated wizard with a means of streamlining the VPN set-up process to circumvent these configuration issues. Otherwise, they will be faced with a nightmare.

Paul, W9AC



 

Photo of K6OZY

K6OZY, Elmer

  • 542 Posts
  • 212 Reply Likes
Part 1 is for setting up a SoftEther server on a Raspberry Pi for use with any client, not Maestro only.   At the end of the video I test it using a Windows 10 client.

Also, You only need the manager component on Windows if the Server is running on the Pi.

Plus when 2.0 comes out, we won't be using VPN so this will all be moot.
(Edited)
Photo of Mark Thomas

Mark Thomas

  • 52 Posts
  • 16 Reply Likes
I'd like to further comment that there are many VPN options compatible with iOS (Iphone/iPad) devices. Softether is one of them, however many consumer and commercial firewalls/routers already provide a built-in compatible VPN that your iPhone or iPad can remotely connect to, no additional software needed. When using a VPN built into your router/firewall, you typically do not need to open additional ports or even run a PC, because the router takes care of this for you.

The Maestro and SmartSDR-Windows VPN situation is more complicated than using an iPhone or iPad native VPN, because the software lacks the configuration option to specify a fixed radio IP address, so requires a broadcast-passing VPN. Most VPNs do not pass broadcast traffic. I keep asking about this, because I believe this basic option would vastly simplify use and support. 

Mark, KC3DRE
Photo of K6OZY

K6OZY, Elmer

  • 542 Posts
  • 212 Reply Likes
This limitation is purposely implemented by Flex to make this hard.  They don't want us simply port forwarding stuff through the firewall to get our radios to work on the internet.  By forcing this requirement, it requires us to use a VPN solution to use the radio.
Photo of Mark Thomas

Mark Thomas

  • 52 Posts
  • 16 Reply Likes
Are you speaking officially for Flex, or is this more like speculation on your part?

There are numerous foolish and even dangerous things people could do with their radios. This is a licensed hobby for good reason. Restricting a client-end (SmartSDR) program so that hopefully people might be less likely to do something stupid on the server (radio) end of the network connection seems misguided, ineffective, and like a disservice to many of us who would benefit from more FLEXible networking of this otherwise totally awesome and amazing product.

In order to prevent someone from opening up their Flex radio to non-protected-by-VPN risky connections from the Internet, measures would need to be taken on the radio end of the network connection. Crippling the client doesn't protect the radio.

Mark, KC3DRE
Photo of K6OZY

K6OZY, Elmer

  • 542 Posts
  • 212 Reply Likes
Obviously I'm not able to talk officially, as I'm not an employee, but it is well known since release that SmartSDR has been purposely restricted to same-subnet operation due to no authentication on the radio.   The restriction is done on the radio.  My attempts at deciphering the block allows TCP metering data to be forwarded out of the subnet, but the VITA49 UDP stream will not exit the subnet.   Radio discovery is done via a broadcast on the subnet.  The new IOS app allows a direct connect ignoring the broadcast as a discovery technique.

I've been part of the Alpha team since the beginning and am under NDA, so my ability to openly discuss reasons, future features, or even rumors is restricted.   An FRS employee will chime in if necessary to discuss displeasure in their business decisions.
(Edited)
Photo of Mark Thomas

Mark Thomas

  • 52 Posts
  • 16 Reply Likes
Perhaps I was unclear then. I am suggesting that it would be beneficial for SmartSDR for Windows and Maestro to permit the same kind of (more flexible) direct IP connection as the new iOS app does.
Photo of K6OZY

K6OZY, Elmer

  • 542 Posts
  • 212 Reply Likes
That's what 2.0 will be.
Photo of Ken - NM9P

Ken - NM9P

  • 4239 Posts
  • 1351 Reply Likes
Not speaking for anyone by myself...And purely my own speculation without reference to any Alpha discussions that I am aware of...

My impression is that it could be structured this way for multiple, overlapping reasons:

1) It may be intended to protect the integrity of future network-interlinked multiple receiving stations that may rely upon the data produced by a myriad of geographically diverse stations.

2) Requiring VPN or other authentication would protect the rest of the user's home/business network from outside mischief.  Having unsecured peripheral hardware opened to the outside world via a non-VPN connection can potentially put everything on the Local Area Network at risk, as well as anything else to which the Local Area Network is connected via OTHER VPN's.  i.e. One small leak in an otherwise solid water system can lead to contamination of the entire water supply.

(Remember the first Gulf War?  Some sources later reported that one of the techniques used to penetrate Iraqi Air Defenses was to introduce a printer or other device to the network that had Trojan Horse software which allowed timely disruption of the air defense computer network.)

FRS may be protecting itself from liability claims from those who poke holes in their own network in order to achieve easy connectivity and suffer the consequences, but wish to blame others via expensive lawsuits....  

3) This may be a requirement for more demanding government and commercial customers that may use common elements of the software/hardware incorporated into the Flex-6000 system.

4) Requiring authentication may be designed more to protect the radio itself from harm caused by hackers (which could result in expensive repairs and the opportunity for nay-sayers to malign FRS) than to protect the amateur from having his station hijacked by unauthorized users who might make illegal transmissions.

Again....I am not an employee or agent of FRS, but there are just a few possible reasons FRS may have considered in its decisions about how "open" this piece of equipment is to the Wider Internet. 

Ken - NM9P
(Edited)
Photo of K6OZY

K6OZY, Elmer

  • 542 Posts
  • 212 Reply Likes
The direct IP connection of the IOS app does not work out of the subnet either because of the radio-side restriction. Also, the IOS app was written by an external developer so that's why there may be a bit of dissimilar features between them.
Photo of Mark Thomas

Mark Thomas

  • 52 Posts
  • 16 Reply Likes
This is not true. It is not true that the direct IP connection of the IOS app does not work outside of the subnet.

The direct connection in the IOS app DOES work very well outside of the subnet via direct WiFi as well as via IOS-supported VPNs. These VPNs typically do NOT pass broadcast packets. The purpose of the direct IP feature is so the app can discover the radio when not on the same subnet. This is applicable regardless of whether you are using VPN, by the way.

I am enjoying using my Flex radio via the iPhone app right now, using a WiFi network which is not on the same subnet as the Flex radio base. While it is common in residential situations to put your WiFi network on the same subnet as your wired LAN, it is best practice not to in larger scale or more security conscious environments.
(Edited)
Photo of K6OZY

K6OZY, Elmer

  • 542 Posts
  • 212 Reply Likes
I have tried NAT forwarding only with the IOS app (TCP/UDP 4991-4992).  I haven't tried subnet to subnet without NAT involved yet with it with the IOS app.  If that does work, that will allow more VPN choices besides SoftEther.  Many VPN servers in cheap routers use a different subnet instead of ProxyARP or bridging.   Good info.
(Edited)
Photo of Cliff - G4PZK

Cliff - G4PZK

  • 30 Posts
  • 10 Reply Likes
Even when V2.0 supports a VPN natively I would still not use the facility. It is far from ideal to punch ANY holes through the network gateway perimeter device. When ports are opened they normally route only to DMZ devices like web servers or SMTP systems. I deal with PCI-DSS credit card systems from time to time and opening ANY port usually results in the required security tests failing and subsequently PCI-DSS compliance. Over the years the credit card companies have massively tightened up their requirements for network hardening and with good reason.

It's true that for home users full commercial level security with hardened gateways may not be required but it's much better to make the router device itself act as the VPN server using L2TP/IPSEC or whatever rather than punch holes through the firewall. The next level used commercially is to use a router and a dedicated and hardened firewall device.

I'm not saying that SoftEther per se is a bad solution (quite the contrary) but having ports opened to other devices running other operating systems does multiply risk especially if the machine in question is running a general purpose OS rather than being a dedicated device. I really hope that SmartSDR will soon support the ability to specify the IP address of a Flex radio rather than using broadcast packets in order to discover any devices. I do appreciate why Flex used this method, not least to massively reduce their support burden, but I do not want to have to bridge my remote VPN connection when it should be sufficient to simply specify an IP address. Given that the Apple IOS client can do this it can't be a huge effort to modify the Windows client.

Just my 0.02 worth.
(Edited)
Photo of K6OZY

K6OZY, Elmer

  • 542 Posts
  • 212 Reply Likes
My gut feeling is that 2.0 won't use VPN, but rather encryption such as SSH and add user authentication. Auto discovery will likely be done similarly to TeamViewer. Again, these are guesses and I do not speak for FRS. This is how I'd build it.
(Edited)
Photo of Ken - NM9P

Ken - NM9P

  • 4239 Posts
  • 1351 Reply Likes
So just to speculate, as a relative VPN/SSH Networking noobie.....And not looking for anything that would violate NDA's...

If FRS or any other vender doing similar networking were to do SSH encryption with user authentication, would a user then need to do a simple port forwarding to the IP of the 6000 rig, similar to what is required to pass Echolink to a local computer?  Or would NAT punch-through routines or port forwarding already be automatic, like some media sharing and gaming applications?

Would we then have a pre-shared Key or even a key-code or config file similar to what OpenVPN requires on each client?
  
Might we even need to use either direct IP entry or a DDNS name server like I use with my ASUS router, since I do not have a static IP from my home internet provider?

These are hypothetical questions about general WAN networking more than specifics related to SSDR/WAN.  But is this the type of thing you are suggesting if they did it "the way YOU would do it?"

If so, it doesn't sound too difficult to master.  But might take a little hand-holding  for some who are more cyberphobic.....

I'm always trying to learn something more........

Ken - NM9P   
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9197 Posts
  • 3557 Reply Likes
I wouldn't speculate too much.  There are a dozen ways to "skin this cat" as they say.  I can tell you that the design goals are to make WAN remote as transparent as possible and for it not to require third-party software or make the user perform custom configurations on routers.
Photo of Ken - NM9P

Ken - NM9P

  • 4239 Posts
  • 1351 Reply Likes
Nice!  Especially the part about not requiring custom router configs.

My speculations, however, are mostly an exercise to sharpen my understanding of the many different nuances of networking.  

I have played around with SSH, VPN, Remote NAS Drives (such as D-Link DNS-232 and Qnap-210), Freenas on an old desktop, and have even done some other interesting things with embedded linux utilities on my NAS Drives.    But even then, I feel like a real rookie when I talk to some of you folks who do this for a living!

Looking forward to seeing what the real pro's will come up with.
Keep up the good work..

Ken - NM9P
Photo of Cliff - G4PZK

Cliff - G4PZK

  • 30 Posts
  • 10 Reply Likes

An SSH based solution would be a neater solution but still require a port to be opened of course.

<SPECULATION>

The only way you can avoid opening a port for incoming connections is for an outgoing connection to already be made like for instance if Flex (or whoever) were to act as an intermediary of some sort. Personally I shy away from those kind of scenarios or at least I never leave them active but only activate them as required (hmmm, I do use Skype!). This would give a very useful database/network of connected systems of course.

</SPECULATION>

Speculation is a pointless exercise really as Tim has been saying. They will do what they do and will naturally aim to minimise the support burden. As long as it's easy and works no user will care hugely I'm sure.

I await V2.0 from user land with interest.


Photo of K6OZY

K6OZY, Elmer

  • 542 Posts
  • 212 Reply Likes
To make it completely transparent, my method would be to use UDP hole punching + UPNP.  

The SmartSDR client machine has a TCP connection to the discovery server at Flex.  The radio has a TCP connection to the discovery server at Flex.  When you click Connect, the client tells the discovery server what it wants to do.  The discovery server gives the client the IP address of the radio.  The SmartSDR client begins firing UDP packets at the radio's public IP.  The radio is informed from the discovery server that you intend to connect and is given your client public IP.  The radio starts firing UDP packets at you.   This causes both firewalls (yours and the client) to let the traffic flow "punching holes".

This setups the UDP VITA 49 stream.  For the TCP metering, the radio could dynamically register a port on your home firewall with UPNP and convey this dynamic port to the client via the discovery server.  This TCP port would be encrypted and authenticated via SSH.
Photo of Mark Thomas

Mark Thomas

  • 52 Posts
  • 16 Reply Likes
I just wish we had the option to enter the radio IP into SmartSDR and Maestro, (like as we do with the iOS app), for those of us who already have secure firewall-based VPNs, or merely want to connect from a different subnet within our network.
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 539 Posts
  • 213 Reply Likes
Patience Grasshopper....Patience!
Photo of Lee Maisel

Lee Maisel

  • 100 Posts
  • 13 Reply Likes
i am able to connect using vpn and marcus's ios app, but NO AUDIO
Photo of Mark Thomas

Mark Thomas

  • 52 Posts
  • 16 Reply Likes
When I first connected, I thought I had no audio, but then I discovered that the default audio level is so soft as to be inaudible.
- Device Audio must be turned On, top option on left-side menu.
- Audio panel from frequency control must have Volume slider set to 90-100
- iPhone/iPad side-volume control must be set to near maximum
I believe this is probably a bug.
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 199 Reply Likes
Not a bug. It's a feature.
Photo of John W9KXQ

John W9KXQ

  • 58 Posts
  • 11 Reply Likes
I now have an iPad with the SmartSDR for iOS App installed and working.  Additionally I have followed Chris K6OZY's YouTube Video and believe that I have the SoftEther Raspberry Pi operational---Now how do I set up the VPN from my iPad to connect so that I can use the iPad outside my home network??  I have been unable to find instructions for this.

Thanks,
John
W9KXQ
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3784 Posts
  • 1637 Reply Likes
Do you have a VPN portal setup in your home

If not, search Softether on this community. Lots of detailed threads on how to set it up

Then setup a L2TP VPN on your iPad. Again search VPN and iPad. Lots of detailed threads
Photo of John W9KXQ

John W9KXQ

  • 58 Posts
  • 11 Reply Likes
Thanks Howard, I think that I have the VPN portal set up in my home, I followed Chris' instructions for the Raspberry Pi so I will search as you have suggested.  I guess I didn't know what to search on.
John
W9KXQ
Photo of KC9NRN

KC9NRN

  • 324 Posts
  • 32 Reply Likes
Ever since I got things working on the iPad Pro using my R7000 with OpenVPN I have been having a blast listening to the radio. Works every single time now.
Photo of Scott N8UMW

Scott N8UMW

  • 155 Posts
  • 47 Reply Likes
Glad to know that works. I was going to go that route at first but a couple reasons I didn't. I've read that open vpn had not been upgraded or continually supported in some time, so as many on here have done, I went with soft ether. Not sure if that is a viable option at the router level or not. I know most that support vpn do so with open vpn.. The other reason is that my R8000 is set up as an access point which disables the ability to set up vpn on the advanced menu. Is there a way around that? If I set up vpn in the normal Wi-Fi router mode first, then switch to AP mode, will it keep the vpn running?