Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

v2 phone home optional?

Martin AA6E
Martin AA6E Member ✭✭✭
edited June 2020 in SmartSDR for Windows
Bear with me for a little worst-case thinking.  (Worst cases are sadly too common these days. Sorry, Texas.)

Apparently the Flex 6000 with v2 software always phones home to Flex.  It must advertise "I am radio <ID>, and I'm at IP <IP addr>."  That's at a minimum.  FRS tells us this is encrypted, but we don't know what information is exchanged or how often.

There seems to be no way to disable this "beacon" transmission, short of disconnecting or firewalling your radio network from your ISP, but it has no value to you if you are not intending to operate WAN remote.  Network hawks would say this is a privacy and security gap.

Question: Should the radio setup panel include an enable/disable option for remote communications? (at least WAN remote?)

Similar remarks apply to the LAN beacon and connection process, which trusts that everybody (everything) on your home LAN is friendly and responsible.  But that's for another day.

73 Martin AA6E

Answers

  • Jim Gilliam
    Jim Gilliam Member ✭✭
    edited November 2019

    Also curious if the WAN connection between the client and the radio is peer to peer after the connection is established or does all data always go through the server during the connection session?


    Jim, K6QE

  • Ria
    Ria Member ✭✭✭
    edited August 2017
    It is peer to peer. No way Flex is paying to proxy that much data. 
  • Brent Parker
    Brent Parker Member ✭✭
    edited November 2019

    I believe all traffic is peer to peer, after the connections, but I'd like that confirmed. (OK, Ria confirmed that while I way typing!)

    If it is, it would be good to have the ability to just enter a static ip (or a ddns lookup) to go direct without the necessity to contact the FRS servers to establish the connection. Most of the time that would be over the internet "pipe". However it would also be good to go over a private mesh network, that doesn't have internet.

    We've deploying AREDN mesh broadband in our community and it would be great to run that traffic over the mesh, without the internet. We would need the ability to inter a fixed IP from the client to the server, which is easily done.

    Real case, we have HF at our Red Cross, and not a the EOC. However we have AREDN mesh in both and it would be great to have HF capabilities at the EOC from the Red Cross, in the eventuality of a storm.

    This would be a significant EmComm strategy.

  • Jim Gilliam
    Jim Gilliam Member ✭✭
    edited August 2017
    Thank you. that should answer Martin's question.
  • Tim - W4TME
    Tim - W4TME Administrator, FlexRadio Employee admin
    edited August 2017
    The communication to the SmartLink server is encrypted.  When the radio boots up, it registers with the SmartLink server and a keepalive (small packet) is sent every 30 seconds there after.

    If you do not want your radio connected to the SmartLink server, do not associate it with a SmartLink account.
  • Ria
    Ria Member ✭✭✭
    edited August 2017
    Peer to peer is in fact confirmed, as they've said. I've been using SmartLink since early Alpha and it has always worked this way. 

    Regarding your 2nd question, you can also expose your radio over the WAN but it won't have any authentication. You can connect using SmartSDR for iOS directly to the IP. So it is possible. Right now though, SSDR for Windows and Maestro relies on discovery.

    I would say use a VPN but with AREDN you run into encryption issues. I am not sure SmartLink would pass muster either as the radio commands are sent via TLS since it is going over the public Internet. 
  • Jim Gilliam
    Jim Gilliam Member ✭✭
    edited August 2017
    You are accomplishing the same thing using a VPN. Version 2 does not hamper your ability to do that.
  • Jim Gilliam
    Jim Gilliam Member ✭✭
    edited June 2020

    Speaking of radio registration, I have found when ever I reboot my router, the registration is lost and I have to recycle the radio to talk to the server. It would be nice if the radio "knew" there was a router reboot, it could automatically re-register.

    Jim, K6QE

  • Ria
    Ria Member ✭✭✭
    edited August 2017
    I have never seen that. Does your external IP change every time you reboot? 
  • Tim - W4TME
    Tim - W4TME Administrator, FlexRadio Employee admin
    edited August 2017
    I have not seen that either.  Unless your uPnP tables are in memory, then you will have to reboot the radio for it to reopen the ports.
  • Jim Gilliam
    Jim Gilliam Member ✭✭
    edited August 2017

    No, the external IP stays at 66.215.90.175. This concerns me in that if a power outage should occur at a remote site, one might have to perform a local reboot. I will play with this and see if I can see the problem. I didn't notice it until the other day when we had a power outage and I had to re-register the radio. I am using an Asus router and, perhaps, that has something to do with it. Thanks for the feedback Tim and Ria.


    Jim, K6QE

  • Ken - NM9P
    Ken - NM9P Member ✭✭✭
    edited August 2017
    I wonder if you do not have a reserved IP address set up for your rig.  If not, then the reboot of the router might be giving a different IP address to the rig itself, when then would require the rig to reconnect?  This would also mess up manual port forwarding, since the forwarding address would have changed....

    I am a believer in assigning reserved IP addresses to as many devices as I can on my home system..... it also makes it easier to find my son't Kindle and laptop whenever I need to ground him from the internet for a period of time!
  • Jim Gilliam
    Jim Gilliam Member ✭✭
    edited August 2017

    I'll try reserving an I/P address for the Flex. I have been meaning to do that for a while and never got around to it. Thank you for the suggestion, Ken.


    Jim, K6QE

  • Jim Gilliam
    Jim Gilliam Member ✭✭
    edited August 2017

    Ken....that worked! When I reboot the router, the radio immediately sees the Smartlink server. Thanks again.


    Jim, k6QE

  • Ken - NM9P
    Ken - NM9P Member ✭✭✭
    edited August 2017
    That has become task #1 for any new internet-connected equipment at my house.  Unfortunately some older routers make it very hard, if not impossible, to set up reserved IP's.  And some of them only allow ten of them!  I'm probably up to 30 at home.

    Especially any equipment that I need to "find" on the LAN or WAS - printers, NAS Drives, TV's, DVR's DVD players, X-Box, any computer running linking software like Smartlink, Echolink, etc. all get a reserved IP address so that I don't have to go hunt them down when something goes wrong....

    Task #2 is to document my Reserved IP list!
    It is almost as important as documenting my SmartCAT port assignments!

    Ken - NM9P
  • Jim Gilliam
    Jim Gilliam Member ✭✭
    edited August 2017

    Martin...if you are still reading this, I am sorry if your original question got hijacked. It frequently happens one subject opens the gate for another subject. No intention was made to be a "star" on your problem. I hope you have been helped with the answers, however.

    Jim, K6QE

  • Ted  VE3TRQ
    Ted VE3TRQ Member ✭✭✭
    edited August 2017
    This may be beyond many to implement, but if you own a router that supports the open router software "dd-wrt" or "tomato", not only can you set as many (up to 100) reserved IP addresses (associated to device MAC addresses) as you wish, you can also assign them names and have them available by name by running a name server (dnsmasq) on the same open router firmware. On top of that, DynDNS is directly supported. Tomato allows all to be configured through its GUI. Google is your friend. Ted VE3TRQ
  • Ria
    Ria Member ✭✭✭
    edited August 2017
    I have seen this a few times. Thanks Ken! 

    Yes, it is always good to do a static IP assignment. Usually from your router is sufficient (static DHCP or DHCP reservation it is called usually). 

    Ria
  • Marc Lalonde
    Marc Lalonde Member ✭✭
    edited August 2017
    "v2 software always phones home to Flex"

    that may good thing if your radio got stolen , Flex got the IP ,and then authority may find location of your radio  ....

    this a really good feature for remote station ;-)

    it may nice to add feature that if radio is stolen it black listed and "bricked"
  • Martin AA6E
    Martin AA6E Member ✭✭✭
    edited January 2020
    @Jim Gillian - Thanks for your concern.  Hijacking is part of (internet) life.

    My original question/suggestion was simple:  Add some security granularity by letting the user disable remote pinging the Flex authentication/introduction servers when WAN remote is not desired.

    This is a big complaint people have about Windows 10 - the "telemetry" you can't disable.

    The security model for Flex remote, based on auth0.com, seems to be well thought out, but the question is only when, not if, it will be hacked.  Having some ability for the user to explicitly lock down their radio to specific SSDR clients (local or remote) by IP or some other tag (geo?) should help.

    73 Martin AA6E

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.