SSDR 2.0 WAN Connectivity - Home Network Prep and Considerations

  • 3
  • Question
  • Updated 4 years ago
  • (Edited)

At the time of this writing, SmartSDR 1.4 has not been released (full Local Area Network (LAN) full client support).  Sometime next year, SmartSDR 2.0 will be release and will include Wide Area Network or WAN full client support (accessing your Flex 6000 from the Internet).

I know there are many unknowns as development of both 1.4/2.0  is ongoing.  With that being said, an understanding of how and what type of networking support/architecture is going to be required to make WAN connectivity work.  If this has not been decided, the development team could not move forward.

To set the stage for my questions....most of us have a single, routable IP address issued to our home router via our ISP's DHCP servers.  Our home routers maintain that single, dynamic IP address and allows all of our home connected devices to communicate with the internet through that single IP.  This is accomplished via common network protocol called Network Address Translation or NAT.  All of the devices on the internal network are assigned non-routable IP addresses, usually in the 192.168.1.xxx range.  In this network typography, UDP traffic is not broadcast to the internet from the internal home network (thank God).  Therefore, the current UDP broadcasts FRS currently employs to provide radio discovery to the SmartSDR client will not work for WAN based clients.  A different method will need to be (has been?) developed.

What scheme then will be used to allow discovery of our Flex 6000 radios which sits behind a network infrastructure such as this?   Will the radio be required to be exposed to the internet via sitting in the router's DMZ?  Will a specific range of TCP/IP ports be required to be opened? 

A method FRS might chose to use is to have the 6000 radio make and maintain periodic contact with a "FRS" server.  This server would then maintain the current IP address of each of our 6000 radios.  Under this scheme, the client would automatically first make connection to the FRS server which would then supply the current IP address of our radio to the WAN Client. The client would then make a direct connection to the radio for the remainder of the session.  This scheme is similar to how the Splashtop Remote Desktop product functions.  The Splashtop Streamer is loaded on all the host PC's you might want to connect to remotely.  Streamer maintain periodic contact with the Splashtop corporate server.  When you start the Splashtop remote client, it first connects to the Splashtop corporate servers. After the user authenticates, the user is provided a list of their own home computers. When the user selects from the list, the remote client is provided the IP address of the host and then a connection is made directly to the host computer.

FRS might alternatively employ a fully disassociated, fully distributed scheme.  Under this method, the amateur radio operator would likely be obligated to always know the current IP address assigned to their router from their ISP or make use of some sort of Dynamic DNS service.


My questions are borne from wanting to know if we will need to have any specific infrastructure in place, ready and available to accommodate SSDR WAN support.  I'm not looking for FRS to disclose any trade secrets.  I'm only hoping for information on general architectural direction which the development team is obviously already operating from.  This information will allow all of us to be ready immediately when WAN support is released next year.

Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
  • Hopeful

Posted 4 years ago

  • 3
Photo of Nick - W2NER

Nick - W2NER

  • 92 Posts
  • 23 Reply Likes
I'm not going to answer for Flex but in the way other remote applications work I'm reasonably sure you will need to use port forwarding on your router.  That's the direction I would go if I were flex and as a IT architect it would be the best and most straight forward direction to head.  Now they could use SSL as well but that's another entire configuration thing to address.  In my opinion the network exposure and security is up to the end user to configure.
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
Hi Nick!  Port forwarding is great once that you know and make the connection to the router which your radio is connected to.  From an internet client perspective how do I find my radio?  How is the radio discovery portion going to work?  

That is what this post is about.
Photo of Jim Gilliam

Jim Gilliam

  • 462 Posts
  • 71 Reply Likes

More than likely in the set up for WAN, you will be asked to enter your I/P address or DNS name and the port number you have programmed into your router.

Photo of Nick - W2NER

Nick - W2NER

  • 92 Posts
  • 23 Reply Likes
Well, auto discovery would depend on DNS which in this case would depend on your ISP provider.  Most people do not register anything with a public DNS server so, that's something that is up to the user.  The thin client that Flex is going to use I'm sure will depend on the few things.  One being if you had a dns entry on the internet and if not, it would do a direct connection to your public IP number and forwarded from there via the router configuration. 

If you have a DNS entry on the internet, that is were you would configure your pointer with the port information on your router.  I have a few things setup like this as I do use the public DNS via a service I purchase.  There are a few out there you can use for about $30 a year.
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
That's fine until your ISP's DHCP server gives your router a new IP address.  Unless you are paying for a static IP address you are likely going to be issued one of many dynamic IP addresses with a life of maybe 24-72 hours (depending on the ISP's DHCP settings).

How are you going to know what your home router's current IP address is when it subject to constant change?
Photo of Nick - W2NER

Nick - W2NER

  • 92 Posts
  • 23 Reply Likes
Most DNS providers give you a client that monitors your routers IP address and will automatically change the DNS entry if changes.  Most ISP providers do not change your assigned IP and if it does most times its only on a reboot of the router.
Photo of Jim Gilliam

Jim Gilliam

  • 462 Posts
  • 71 Reply Likes

One way I get around this is to have a remote client computer on Teamviewer that I can turn on remotely. Once I turn on the computer, I can query my I/P address at that time. DNS service is really the way to go if there are frequent I/P address changes with your ISP.

Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
Thus requiring a secondary piece of non-FRS software to be able to connect to your radio.  Right now I do that same thing via Splashtop Remote.  However, we should not be required to rely on a secondary piece of non-related software to connect.   The FRS folks are very sharp.  I know they have thought of this.
Photo of Nick - W2NER

Nick - W2NER

  • 92 Posts
  • 23 Reply Likes
spend the $30 a year for a DNS provider and be done with it..  Simple as that..
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
And that Nick, is what I'm wanting FRS to disclose that we will be required to do or if they are going to handle it in a different fashion.
Photo of Nick - W2NER

Nick - W2NER

  • 92 Posts
  • 23 Reply Likes
There's nothing to expose, as I stated earlier this is internet exposure and security which is not FRS's responsibility, its yours.   They are using IP protocol and security is not on their plate to cure.  Just like any company, you purchase Window 2008 or Apple server or anything else.  They give you the protocol to work with and the rest is up to you.

Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
Hi Nick, I'm not worried about TCP/IP security issues.  I fully understand but don't completely agree with your statement about security...however this portion of your reply is really tangential to my query.  

I'm trying to understand how the radio discovery process will be handled and if that is going to require the knowledge of the current IP address assigned to the home router or if the SmartSDR radio discovery process will be handled differently. 
(Edited)
Photo of Jim Gilliam

Jim Gilliam

  • 462 Posts
  • 71 Reply Likes

I will also drink to W2NER's appraisal.


Jim, K6QE

Photo of Jim Gilliam

Jim Gilliam

  • 462 Posts
  • 71 Reply Likes

Putting a secondary piece of equipment at the remoted Flex site is a good point. I use Cisco Internet cameras that can also connect to a DNS service to take care of IP address changes. Perhaps Flex will consider this option.


JIm

Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3703 Posts
  • 1552 Reply Likes
It's actually pretty easy to check your remote computer's IP. I do it all the time

Just install a remote control app on ur remote. Log onto it...run www.network-tools.com which will give u ur external IP

On The Other Hand. Most ISP's rarely change ur IP.
Photo of W4YXU

W4YXU

  • 75 Posts
  • 6 Reply Likes
I wish!  Here in my USA/Alabama location I find that ATT seems to change my IP address about once a day but always when I do a reset on the router.  It really doesn't cause me any problem but if I give them $20/month (Last time I noticed it!) I can have a static IP.

Jim
W4YXU
Photo of Jim Gilliam

Jim Gilliam

  • 462 Posts
  • 71 Reply Likes

Look into DDNS service that monitors your I/P provider and continually updates your I/P address. Using a DDNS service you use a name instead of a actual I/P address. Anytime you want to "talk" to your radio, the name goes to the DNS server and reconciles it to an actual I/P address. You can find free DNS services or one much cheaper than paying for a static I/P address.


Jim, K6QE



Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3703 Posts
  • 1552 Reply Likes
I suggest you read Tim's Official Response before you go and invest in fixed IP or Dynamic DNS
Photo of Jim Gilliam

Jim Gilliam

  • 462 Posts
  • 71 Reply Likes
Good point! However, I live in skepticism until I "have it in my hand."
Photo of DrTeeth

DrTeeth

  • 1687 Posts
  • 389 Reply Likes
Many ISPs in the UK offer static ISPs for free.
Photo of Richard Clafton W4/G7EIX

Richard Clafton W4/G7EIX, Elmer

  • 455 Posts
  • 117 Reply Likes

I wrote myself a little utility that monitors my external IP and send's me an email if it changed.   For instances when I like to be able to connect to my home PC without using a third party client. 

It's been running for over 2 years and its only changed once - and that was when I unplugged the Router a couple of months ago to re-do the shack.
    
And a quick google shows that somebody else wrote one for the general public...

http://sourceforge.net/projects/ipmonitor/

(Edited)
Photo of Jim Gilliam

Jim Gilliam

  • 462 Posts
  • 71 Reply Likes
What about a Flex that is stand-alone at some remote site and it is the only piece of equipment? I would think firmware would have to be incorporated in the Flex itself that could talk to a DNS service.
Photo of L.Kubis

L.Kubis

  • 84 Posts
  • 20 Reply Likes

I'd go farther, spend the money on a Static IP address, it'll save you a lot of grief!

I've been using one on my Omni07 Remote since 2007 and haven't had a problem.

BTW the Omni required dedicating 6 consecutive ports in the modem at the radio end. The IP address and the port number were programmed into the control software, which in my case is one by N4PY, a very user friendly program.

I notice that Remoterig provide a free DNS server for their users.

Cheers!

Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9178 Posts
  • 3525 Reply Likes
Official Response
First off, we have a lot of ideas how to establish secure session initiation over the Internet, but one has not been picked over the other.  We are not going to speculate on how it may work until we start actively working on it.  The complete focus of the engineering/software development team is on v1.4 getting released ASAP and then on to v1.5.  Like the old sports cliche, we play one game at a time and do not look ahead to a future opponent.

What I can share with you is we have a few feature objectives defined and those are that WAN remote will be seamless to setup and operate.  It must be secure.  And if at all possible, and we think it will be, it should not require any modifications to your network firewall/routers, require third-party software or services, such as dynamic DNS.

And by all means, feel free to discuss this among yourselves.  The ideas are interesting.
(Edited)
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
Perfect!  That is the answer that I was hoping for.  Again, I know there is a lot of mud being thrown on the wall and its unknown what is going to stick.   I'm sure there are assumptions that your development team is working towards.

Thanks for the response!
Photo of Nick - W2NER

Nick - W2NER

  • 92 Posts
  • 23 Reply Likes
That's great news Tim!  I would not have expected FRS to put that much into the communication between the thin client and the Flex radio.  I give BIG credit to you and the entire staff of FRS for engineering all the options and functions of this radio.  Bravo!!
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
Nick, such is the caliber of Flex Radio Systems.  I on the other hand, would not have expected anything less.

I join in your praise of the FRS development team.
(Edited)
Photo of SteveM

SteveM

  • 264 Posts
  • 41 Reply Likes

Hmm, Tim's response confirms they will not be using port forwarding. Perhaps they will use a TCP hole punching algorithm. Personally, I hope there is no FRS server in the mix even if it is only for session initiation. There are too many reasons that method can break-down and leave us completely cut off.

Photo of Nick - W2NER

Nick - W2NER

  • 92 Posts
  • 23 Reply Likes
Personally I would rather do port forwarding myself but that's me.
Photo of Jim Gilliam

Jim Gilliam

  • 462 Posts
  • 71 Reply Likes
Amen, port forwarding, DNS, and password requirement. Maybe multiple passwords with degrees of usage. Like listen only, transmit and receive, admin.
Photo of AE0MW

AE0MW

  • 104 Posts
  • 28 Reply Likes
I agree, I do not want any 3rd party (including FRS) brokering the connection. Port forwarding may be slightly more difficult for end users to setup, but for me it's worth it.

A DDNS account is easy to come by and most modern home routers support several options in that department.
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
The final solution could allow for both simplified sign on where the IP address is brokered by the FRS servers (meaning that the radio would provide its IP address periodically), and it could also be designed to allow the user to bypass this brokered connection system and allow the operator to enter directly the IP address of the radio or the router it sits behind.

This type of design provides both ease of use for normal operations and also redundancy should the FRS servers become unavailable for whatever reason (or if the user just wants to connect directly for their own reasons).
(Edited)
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
Steve, I'm not sure how you came to the conclusion that that port forwarding couldn't or wouldn't be used by FRS based off of what Tim said.  There is nothing from what I read that would lead me to that same conclusion.
Photo of SteveM

SteveM

  • 264 Posts
  • 41 Reply Likes
"it should not require any modifications to your network firewall/routers"
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
Steve, look up "dynamic port forwarding" which is supported by most modern routers.
Photo of Bill -VA3WTB

Bill -VA3WTB

  • 3634 Posts
  • 875 Reply Likes
Guys, Flex has made some wonderful radios and well thought out, either way I think they will have the same level of standards with this. And remember they need to make this so anyone can get this working. Most of the users would not be experts in any of this, so plug and play.
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
I'm with you Bill, they haven't disappointed so far.  You are also spot on about needing to build it not only for the technically advanced but also for the "casual operator". 
Photo of SteveM

SteveM

  • 264 Posts
  • 41 Reply Likes

"Steve, look up "dynamic port forwarding" which is supported by most modern routers."

Most of the auto-forwarding firewall protocols (DPF, UpnP, etc.) are turned off by default or non-existent on older routers. They too seem to fall outside Tim's comment.

Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
Well Steve, we're just going to have to wait and see how it plays out.  From where I sit, nothing concerned me in Tim's response.  As a matter of fact, I was highly encouraged.
(Edited)
Photo of SteveM

SteveM

  • 264 Posts
  • 41 Reply Likes

Jay,

I'm not really "concerned" myself. I just made the comment that it seems the port-forwarding option is not the solution. The only problem I have with a man-in-the-middle solution is that when the middle-man is gone (and this will certainly happen), the feature is gone.

Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
Hi Steve.  This is why if FRS goes down the route of a Brokered connection that I would assume (as stated above) they would have a secondary non-brokered connection ability as well. In this case, I don't care if there is a "Man in the Middle".

If the radio becomes obsolete in 15 years, that once in a while a routing path on the internet gets screwed up, or (God forbid) Flex Radio goes out of business, the secondary means of accessing the radio via specific IP gives you the redundancy necessary to continue on.   FRS, as they always have, should continue to make their radio easy to access and highly usable, even by the casual, technically unsophisticated radio operator.  To not do so would limit the radio's marketability....and that's bad for all of us.
Photo of SteveM

SteveM

  • 264 Posts
  • 41 Reply Likes
I agree with everything you said, Jay.
Photo of AA0KM

AA0KM

  • 356 Posts
  • 65 Reply Likes

Jay N0FB you have a great idea and others as well. FRS man in the middle and also a way of choice using DNS/IP locating direct. But in thinking the cost of the man in the middle/Servers around the world? Who pay`s for those servers? Also could the Flex radio have built in communications firmware to auto make/send to DNS`s payed by the user or not to tell what dns/ip the connected Radio/ Router is needing for remote connection?

Maybe Flex could negotiate cheap DNS for us? Built into the firmware of the radio?

In my earlier days i had a piece of software running in the background on my running PC for server before routers had this capability. But still had to do port forwarding and such so not sure how there going to get around that and be secure. But what do I know. Not a lot. Streaming can be secure. So anyways to make it simple for us it is going to be interesting so see the outcome. He said talk amongst ourselves there is my nickels worth. Inflation its not 2cents anymore.

73 jeff



(Edited)
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
11 months ago, I made a suggestion to FRS and the community about group and/or personal permissions/restrictions which could be set by the radio's administrator.   The suggestion to the group can be found here:

https://community.flexradio.com/flexradio/topics/user_privileges_log_on

This coincides with what Jim Gilliam posted above:  "Maybe multiple passwords with degrees of usage. Like listen only, transmit and receive, admin."
Photo of Dan -- KC4GO

Dan -- KC4GO

  • 339 Posts
  • 69 Reply Likes
My first post, New 6500 owner --- came today --- still in the box :) Will be busy in the morning.

I use port forwarding from No-IP have been for several years.
Small cost but has not let me down. Have several services through it and as long as the port numbers are unique I can direct the traffic to the local system where it's used.
If No-IP goes away there are several others that I can go to. I don't think FRS should get
in the port forwarding business. As a different solution most internet service provider offer a fixed IP for a small fee.
Photo of DrTeeth

DrTeeth

  • 1687 Posts
  • 389 Reply Likes
Hi Dan and welcome.

What you are talking about is not port forwarding but a dynamic DNS service. Port forwarding allows remote computers to connect to a particular computer/service within a private network. No-IP just lets you connect to your network (not a particular PC) remotely if the IP changes.

Merry Christmas and enjoy your new toy, hi hi.
(Edited)
Photo of Steve Walker

Steve Walker

  • 71 Posts
  • 10 Reply Likes
A couple of comments from a net-worker.

I see some people looking at "dynamic port forwarding" which sounds great in principle but is not something the average user would be looking to set up to remote access a device internal to a network. To older people they'll remember using SOCKS or SSH to get around restrictive firewall policies - not something for the faint-hearted to begin to debug...

However UPnP support should be the the way forward it has been around a while and has been proven to be stable and of course seamless for most people to use - the FLEX announces its presence on the network and broadcasts to a UPnP aware router its requirements and capabilities - no difference to an XBOX or PS4 or even a FLEX.

One of the advantages of v2 on UPnP is that "MediaServer" is a standard support for a remote controlled network media device ... now what could that sound like? Hmmm!

One small downside is that not many if any UPnP devices have authentication - however from what FRS have said they handle authentication in SSDR. Which of course gets around the lack of "user authentication" that UPnP has.

You'd want the router to act as a true IGD that allows the FLEX to advertise to the IGD that would allow remote connections inbound, you'd only need to know your IP or (DDNS) and you'd be able to point the local SSDR to the remote FLEX.

As a bonus once the FLEX was switched off the UPnP port would be closed off and no longer a "risk" to remote access probing unlike DPF or a manual static rule which would always be present and as risk to exploitation.

Of course there are many emerging technologies like NAT-PMP and the such, and come v2.0 there might be even more options for FRS to explore..

Just my 2p.

Steve
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 535 Posts
  • 212 Reply Likes
Excellent post Steve.