VPNs and local network conflicts using SmartSDR for iOS and SoftEther.

  • 3
  • Praise
  • Updated 2 years ago
I was asked by someone to help them set up a VPN to use SmartSDR. Eventually I got it working to the point where it would connect on some wifi networks but not others. It was working perfectly on my iPhone, iPad, PC and mac but not on his when he connected to certain wifi. The VPN would connect without a problem but the SmartSDR for iOS would connect briefly then kick you back saying it is not connected. 

Eventually we found out that because his home network subnet (where the radio is) was 192.168.1.0/24 it would conflict with the local wifi network. What we did was changed the network at his home to 192.168.73.0/24. So far, so good.

It all makes sense because by default SoftEther VPNs are dual homed, meaning you are on two networks at once, with your internet traffic going directly through wifi/cellular and the local  traffic for the radio going through the VPN. If both the local and VPN networks are the same, traffic doesn't know where to go sometimes. 

I'd like to say thanks to Rob K2RWF who posted the solution sometime back and Dave WO2X who suggested it. 

Something to keep in mind. 

73
Ria
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2246 Posts
  • 871 Reply Likes

Posted 2 years ago

  • 3
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 3875 Posts
  • 1181 Reply Likes
I dealt with that at my station, too.  To those who have never done VPN before (like me) it doesn't make sense, but that is the way it seems to be.  If the home and remote computers are set for the same subnet, then expect problems.  That is why, like you, I made my home and office subnets to oddball, and different, iP Subnets.  Indeed, thanks to those networking gurus who steered me the right direction.

Ken - NM9P
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 3875 Posts
  • 1181 Reply Likes
ONLY 10MBps?  I would LOVE to have uplink that fast!  (I'm stuck with 756KBps or so).  ...   But then my brother has 300 UP/300 DN  MBps and would think that 10 MBps is SLOW!  it's all a matter of perspective, I guess!
Photo of Jim Gilliam

Jim Gilliam

  • 825 Posts
  • 168 Reply Likes

I am completely confused by the above dialogue. When I am remoting and using Softether, when I connect to the remote location, my remoting device is given an I/p designation of one of  the available I/P addresses of my router. For example my Linksys router assigns I/P address from 192.168.1.100 to .254. When I connect I am assigned an address that falls within that range. Also the subnet addresses of my remoting WiFi have the same range because I am using the same kind or router. When I access the remote location using Verizon LTE, I am still assigned an I/P address of the LAN which I am connecting. The above dialogue makes no sense to me.

Jim, K6QE

Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 3875 Posts
  • 1181 Reply Likes
Apparently some routers with their own VPN routines in them get confused when the local and remote ends of the VPN connection both are in the same subnet, they don't seem to be able to figure out WHICH 192.168.2.xxx to send the packets to....

It doesn't seem to make sense, but it is what many folks have experienced.  Perhaps SmartEther doesn't experience this.  But I have had it happen with OpenVPN on my ASUS router.  
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2246 Posts
  • 871 Reply Likes
Jim, what VPN software are you using?
Photo of Dave Bottom

Dave Bottom

  • 1 Post
  • 0 Reply Likes
The reason you want different a subnet for your local router and the one you are remotely connecting to is that they each have a different gateway (the way out).

If the private networks are in the same address range then your network traffic gets confused and doesn't know which way is out (out to the Internet).  The Gateway for your Home router is your local ISP's assigned IP address.  The Gateway for the remote router is their ISP's assigned IP address for the remote site.  The packets are pretty dumb.  They need directions how to get out.

If you assign a private network to your home router that is not common, then you have a very remote chance of having this confusion.  You have three sets of IP address ranges that don't exist on the Internet, specifically for assigning to your private networks.  

Private networks can use IP addresses anywhere in the following ranges:
  • 192.168.0.0 - 192.168.255.255 (65,536 IP addresses)
  • 172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
  • 10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)
Many of the garden variety home routers attached to, or part of, your cable or DSL modem use a private network in the 192.168.0.0 - 192.168.255.255 range as the default private network, including many public WiFi networks.  With so many doing so it is wise to avoid that range.  

Businesses often use the 10.0.0.0 - 10.255.255.255 range because it has so many addresses available.  

This makes private networks in the 172.16.0.0 - 172.31.255.255 range interesting to use as your home private network(s).

There are some excellent tutorials on general networking you can goggle.

Hopefully you have access to change settings on your router.  Some cable providers are taking this option away - Both Charter and Comcast have taken this away for new installs, so you have to get your own router and have them make your modem/router just a modem and connect your router/WiFi box to it so you do have access.  

This may actually be a blessing as some, like Comcast, are using your WiFi router to do double duty as a public access point!

Your ISP will provide you with the IP's for Gateway, Netmask and Broadcast so you can setup your router.  Here is a handy tool to help your define these for your private networks.

http://jodies.de/ipcalc

Dave WI6R