Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Using Openvpn with Flexradio/Smartlink/ and SmartSDR on DD-WRT router

KP4TR
KP4TR Member ✭✭
edited February 2020 in New Ideas
A recent convert to the Flexradio 6300 SDR, I spent a few hours yesterday trying to solve a problem that initially stumped me, then I had to kick myself for not seeing it quicker.

I have spent many years working with "voice over IP" systems helping friends get their systems working behind firewalls, and also setting up "remote stations" using Remoterig solution.

Many issues involve port forwarding, public IP assignment, and ISP port blocking. In Puerto Rico, a local cable company has decided to use "shared IP" assignment, essentially killing many existing VOIP systems like Echolink, Allstar and IRLP. I have been able to help a few friends work around this by setting them up with a VPN provider using OpenVPN, and DD_WRT router OS on Netgear routers.

But I got hit by the same disease many ISP has done to friends without realizing it myself. After succesfully setting up Softether at home, then setting up Smartlink, I kind of assumed all was working.  But ISP (Frontier Fios) suddenly is blocking all my ports. Softether stopped responding, and Smartlink failed test on my Maestro. I guess they took notice of all my recent activity.

So I had no choice than to setup a spare Netgear R6300V2 router (use and cheap on Ebay) with DD-WRT with openVPN client. This router, with the installed firmware, supports Softether. But with ports being blocked, L2TP port is of no use and Smartlink ports aren't either.

So I setup a new openVPN account with my favorite VPN provider (StrongVPN), setup router as an openVPN client, and now I have a static IP with all ports open going to the router and all is working well again. Smartlink responds, and I can use my Flex on my iphone again.

So my VPN solution was:

1. Install DD-WRT on a Netgear R6300V2 (tested and works)
2. Open a VPN account as a "router Account". I use StrongVPN
3. Use their DD-WRT installer (a shell script) and run on the router itself.
4. Once script sets up OpenVPN client on router, it reboots itself
5. The router will then connect to OpenVPN account at startup
6. Set a static IP to Flexradio based on MAC address within DHCP range
6. Assuming Flexradio IP assigned IP is 192.168.1.100, setup a firewall rule on router as follows: 
#Flexradio SmartLink ports via OpenVPN tunnel  iptables -I FORWARD -i tun1 -p udp -d 192.168.1.100 --dport 4993 -j ACCEPT   iptables -I FORWARD -i tun1 -p tcp -d 192.168.1.100 --dport 4994 -j ACCEPT   iptables -t nat -I PREROUTING -i tun1 -p udp --dport 4993 -j DNAT --to 192.168.1.100  iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 4994 -j DNAT --to 192.168.1.100     
Save firewall rule, reboot, and use this router to connect Maestro and Flexradio.

To use remotely, you can use the fixed IP the VPN company gives you, or use DynDNS or NO-IP to setup a DDNS. This can be done in DD-WRT as well.

So now I took my own medicine and now have my radios back in action.

Hope this helps.
  

Comments

  • Mark Erbaugh
    Mark Erbaugh Member ✭✭
    edited February 2020
    Would this help in my situation? My ISP uses a wireless link from a hotspot on a tower to a dish at my location. At the tower location, my router is assigned an address in the 198.168 range and I have no control over the router. I couldn’t get SoftEther working because I assume no ports are visiable on the public side of the router at the tower.
  • KP4TR
    KP4TR Member ✭✭
    edited February 2020
    You probably have a private IP assigned, so yes it would. This solution opens up a connection to an account that provides a public IP.

    I chose this solution because the cost is minimal ($70 /year).


  • Mark Erbaugh
    Mark Erbaugh Member ✭✭
    edited March 2018
    Thanks, I’ll have to try it.
  • Wim
    Wim Member ✭✭
    edited March 2018
    FYI the Netgear R7000 supports Open VPN and Dynamic DNS out of the box, so very plug and play
  • KP4TR
    KP4TR Member ✭✭
    edited March 2018
    In my case I dont want to put my entire household behind a VPN on an expensive router. Only my Flexradio and my VOIP stuff. So using a used secondary router works for me. I have even used the Netgear WNR2000 with openvpn and DD-WRT.which sell for like $10 used and works ok. Plus there is a version of DD-WRT that actually has Softether server and bridge included and works very well.
  • Wim
    Wim Member ✭✭
    edited March 2018
    The whole house won't be behind the VPN, that's not how it works, but the VPN server is build into the router so you can VPN into your network from anywhere on the internet, when your household PC's go out to the internet they don'tt go through the VPN ...

    And you can pick up these routers for hundred bucks on the fleabay 
  • KP4TR
    KP4TR Member ✭✭
    edited March 2018
    If your ISP blocks your VPN port, or you’re placed behind a private NAT or shared IP, how can you run a VPN server at home and connect from outside?
  • Wim
    Wim Member ✭✭
    edited March 2018
    Well, that's not typical I would say what you're asking. But have you tried using smartSDR 2.0 in that case ?
  • KP4TR
    KP4TR Member ✭✭
    edited December 2019
    I have, and it stopped working when ISP blocked my incoming ports. Thats the reason for my initial post.
  • Ted  VE3TRQ
    Ted VE3TRQ Member ✭✭✭
    edited March 2018
    A side benefit of using a VPN provider with public IP and all ports available is the ability to run IRLP, EchoLink, etc. With more double NATing and IPv6, the VPN providers just make life easier. I use LiquidVPN - relatively expensive and provide an IP address that forwards all ports (effectively in a DMZ).
  • Wim
    Wim Member ✭✭
    edited March 2018
    Like Ted says you might have to resort to using a public VPN provider, though I wonder if your ISP has 'the right' to block ports. Perhaps give them a call and tell them you're not running servers but just using your radio remotely from time to time, perhaps they will open up your ports again. Or switch ISP !
  • KP4TR
    KP4TR Member ✭✭
    edited March 2018
    Really? Did you read my first post? ISP have policies which include prohibiting from running services like email, web servers etc. If I need to run ‘services’, they will tell you to switch to a more expensive business account, which blocks nothing.
  • KP4TR
    KP4TR Member ✭✭
    edited March 2018
    I agree and is exactly what Im doing.
  • Mark Erbaugh
    Mark Erbaugh Member ✭✭
    edited February 2020
    I will assume that the ISP has the right to block ports in an effort to charge more for non-typical or typically business type internet usage. In Ohio, it is a felony to use wireless internet access without the owner’s permission. My internet is wireless, so would I be committing a felony if I used a VPN to get around a limitation from the ISP?
  • KP4TR
    KP4TR Member ✭✭
    edited February 2020
    I think the Ohio law sounds more like to avoid access to residential unsecured wireless routers from your neighbors without their permission. But if its your account and your wireless router you should be ok.
  • Mark Erbaugh
    Mark Erbaugh Member ✭✭
    edited March 2018
    The issue is that my internet access wireless. The ISP has an access point on a tower and I have a dish pointed at it, so it’s not my router.
  • KP4TR
    KP4TR Member ✭✭
    edited March 2018
    If youre paying for the service it should not be an issue. Youre the customer.

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.