VPN Fixed Ip on SmartSDR where?

  • 1
  • Question
  • Updated 10 months ago
  • Answered
I am not shure but not possiblem to Fix Flexradio IP on VPN operartion only on Maetsro can possible Fix a static IP of Flex for VPN operation....
Photo of Frank, IZ7AUH/AK1CQ

Frank, IZ7AUH/AK1CQ

  • 179 Posts
  • 6 Reply Likes

Posted 3 years ago

  • 1
Photo of Mack McCormick

Mack McCormick, Elmer

  • 523 Posts
  • 179 Reply Likes
Please look at section 30.5 of the software manual for detail on how to establish a static IP address.

Mack
W4AX
Alpha Tester
Photo of Larry - W8LLL

Larry - W8LLL

  • 532 Posts
  • 116 Reply Likes
Not sure why you cannot modify it, i am sure someone else will resppnd.
Photo of Eric - KE5DTO

Eric - KE5DTO, Official Rep

  • 916 Posts
  • 344 Reply Likes
Make sure that you first connect to the radio.  Once you are connected, the controls should be enabled.
Photo of Frank, IZ7AUH/AK1CQ

Frank, IZ7AUH/AK1CQ

  • 179 Posts
  • 6 Reply Likes
from PC at office is connect to my VPN LAN2LAN but SmartSDR can't see my Flex at home and not possib le to modify on static ip. I don't understant if possible use SmartSDR by VPN
Photo of Frank, IZ7AUH/AK1CQ

Frank, IZ7AUH/AK1CQ

  • 179 Posts
  • 6 Reply Likes
Eric what is the point of this? when one tries to connect the Flex over a VPN as IP fix can flex without it being seen, in SmartSDR IOS this is possible without problems, in fact I use it slla my office VPN was hoping to find the same function in the Windows version but it has not been done that is the question!
Photo of David H Hickman

David H Hickman

  • 48 Posts
  • 4 Reply Likes
The windoze client does not support static ip addressing. It can only set a static ip address. Thus you have to use a full ethernet frame VPN for it to work like an OPENVPN Tap or softether VPN.

1. What is your vpn server?
2. Is it configured for Bridge (tap) or routed ( tun) mode?

If you are considering run softether there are alternatives that will work if you plan on running a bridge on the remote end to connect your laptop to. There are other cascade methods that work but get complex really fast.

If you are comfortable with running vmware or other virtualization software, it is trivial to set up a vpn server on your network, expose it, and then install a second vm on your laptop to run the bridge software. works like a charm and isolates the vpn software from your production system.
Photo of Eric - KE5DTO

Eric - KE5DTO, Official Rep

  • 916 Posts
  • 344 Reply Likes
I think there may be some confusion here.  So I want to make sure several things are clear:

1. Both SmartSDR for Windows and SmartSDR for Maestro both support setting the *Radio* on a Static IP.  With modern networking, we would recommend using something like a Static DHCP Reservation in your router instead of this, but the feature is implemented as a result of popular demand for those that may need it.
2. For now, both SmartSDR for Windows and SmartSDR for Maestro require access to the broadcast Discovery packets in order to connect to a radio.  This restriction is imposed purposefully as there is currently no authentication provided in the API.
3. This restriction will be addressed when our WAN Remote feature is released in SmartSDR v2.0.
4. A VPN connection can be used today to access the radio remotely, but the VPN must be setup to pass broadcast traffic to address the issue above in #2.  There have been several write ups here in the community that address how to setup such a VPN.
Photo of Frank, HB9FXQ

Frank, HB9FXQ

  • 62 Posts
  • 37 Reply Likes
Eric, 

Any Idea, when I can stop deploying https://github.com/krippendorf/flex6k-discovery-util-go on my VPN Routers? I mean, it works with multisite routed VPNs, but do we really have to wait for 2.0 to get rid of that broadcast thing? Routed VPNs are not good with relaying UDP broadcast ;-) Bridges are not good for security reasons. 
Photo of Eric - KE5DTO

Eric - KE5DTO, Official Rep

  • 916 Posts
  • 344 Reply Likes
Yes.  See #2 above.
Photo of Frank, HB9FXQ

Frank, HB9FXQ

  • 62 Posts
  • 37 Reply Likes
My suggestion would be to only the permit user to enter RFC 1597 private IPs in SmartSDR and you'll prevent unsecure port-forward WAN solutions. Before recommending users to realize bridged VPNs. Bridged VPNs have so many disadvantages - Good luck with IPv6 in that situations. Anyway, I don't want UDP broadcast traveling across my VPNs. 
 
Still not sure if it's worth to restrict direct IP access for non-IOs users. In my eyes FRS isn't responsible for network security. It's up to the network owner to maintain a secure setup. We're talking about multi-radio multi-site VPN in my case, not about a dummy plastic router with the radio on a DMZ port :-) You can warn OMs to not put the radio out into the wild. Still I'd prefer my secure VPN with strong encryption and auth mechanisms, compared to a built-in FRS security solution. That'll a) be closed-source (I bet) and b) will you lock down radios when you discover zero-day exploits etc?  
Currently we share radios across OMs and I'll never bridge our home networks together just to realize broadcast domains etc.... People using the IOs app simply address the radio directly, can't understand how you can promote that app on the on side and technically restrict it for richClient users... that's somehow in consequent.  

Using openVpn/Pfsense with my flex6k-discovery-util-go utility, on  APU2 64bit routers with hardware accelerated crypto (https://www.pcengines.ch/newshop.php?c=4) deployed on all sites.
(Edited)
Photo of George Molnar, KF2T

George Molnar, KF2T, Elmer

  • 1680 Posts
  • 616 Reply Likes
FWIW, MacOS Server has a fine VPN function that works very well. No router modifications (other than setting DHCP reservations and port maps). Run it on a Mac Mini in your world and life is quite easy.
Photo of Nick RN3KK

Nick RN3KK

  • 11 Posts
  • 0 Reply Likes
Not need run two application on different raspberry. SmartSdr need only broadcast from radio device. If you know IP and other param you flex-6xxx , you need only one program on PC with SmartSdr.
https://www.youtube.com/watch?v=xmvIX-27EhQ&feature=youtu.be
https://github.com/rn3kk/Flex-6xxxDeviceEmuliator
(Edited)