Tag Archives: Networking

Ohio Section Journal – The Technical Coordinator – March 2019 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. cAUZRdnMNrU?start=2051Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at:

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

Do you have your Network Radio? I do, well, maybe. Not the way most people define Network Radios. In the last number of years, outside Voice over IP (VoIP) services have found their way into ham radio. Services cAUZRdnMNrU?start=2051utilize mobile data connections like 3G, 4G, and WiFi to connect users over the Internet. The app turns a cell phone or tablet into a HT-like device, complete with PTT button. “Network Radios” has been used to define these types of transceiver and channels available on those transceivers.

Probably 4-5 years ago, and still used today, a number of hams were all abuzz about this service called Zello. Another service called IRN (International Radio Network) is built on TeamSpeak. TeamSpeak is most frequently used as an audio chat service for players in multiplayer video games. Both of these services were probably adopted by ham-radio operators because of the similarities. Use a speaker, microphone, and can carry on round-table style chats. One person talks and the rest receive. These are called “channels” – similar in ham lingo to a reflector, conference, or talk group.

The term “Network Radios” is making the rounds because devices are being sold that integrate with VoIP services and are made to look like an HT or mobile radio. Most run the Android operating system meaning they come with the Google Play store. Having the Play store means any app can be installed, such as other VoIP apps like the EchoLink app or Repeater Book repeater directory.

RFinder was the first to design and sell Network Radios. They took a cellphone and attached a dual-band VHF/UHF transmitter capable of analog or DMR. Make phone calls or phone-calls. A similar tablet version is also available. Their devices are integrated with and promote the RFinder application (digital version of the ARRL repeater directory). Running the application and using the GPS makes it easy to locate near-by repeaters. Clicking a repeater would program the radio for use with the selected repeater, including offsets and sub-audible tones. Press PTT and you’re on the air!

A store with the completely original name, Network-Radios, is selling a whole range of Network Radios including the RFinder devices. The HT Network Radios have, what looks like, an antenna but few lists the capability of transmitting in the ham bands. None of the mobile Network Radios have any kind of RF connector.

This brings up the question: is this ham radio? My definition: if a legal identification is required, it is ham radio. More-or-less, I’m looking for Internet-linked endpoints to be connected to some kind of RF transmitting device in the ham bands that follows Part 97. I would like to have all linked end points transmitting in the ham bands, but I’ll take what I can get. My reasoning: our bands continue to be under attack by commercial entities that would pay big money for our frequencies and EVERYONE always complains our repeaters and frequencies are underutilized. Actually using our bands shows whoever is out there listening (FCC, commercial interests, people scanning the bands, potential hams, …) that ham frequencies are being utilized and we’re doing stuff with our bands. Call me crazy!

I’m not opposed to hams using these Network Radio services to find a better tool. Some Network Radio channels are even linked to repeater systems. That’s OK if private channels are properly controlled, seems like a lot of extra management. However, the overarching use of these services is mobile-device to mobile-device using non-ham bands. That is not at all ham radio. One argument is that some people need a place to let loose a little more than would be allowed on a regular repeater. Whatever.

I heard, from hams, in recent Emcomm situations how great it was that Zello was being used by the public to phone in needed rescues. Other channels were created for family members looking for relatives to make sure they were OK. Great use of technology. If average people can be mobilized at a moment’s notice with boats and rescue gear through a phone app, are hams still relevant? Anyone else see the irony?

The argument is always made: “the cell network can, and will, go down.” The exact opposite argument is being made promoting Network Radios as seen at the beginning of this blog post (some language NSFW, that is “not safe for work”) on the Network-Radios site: “I get 99,99999% of cell signal no matter where I am. I wonder if you can reach a VHF or UHF repeater for 10% of the time of your travelling with a typical 4 Watt handheld with its rubber duck antenna. And if GSM is not available, I could use a global wifi hotspot.” We’re doomed. Too soon?

New Podcast

The ARRL is sponsoring a new podcast that launched March 7. “So Now What?” is geared toward those who have obtained their license and need mentoring on the next steps to get the most out of the hobby. “Topics to be discussed in the first several episodes include getting started, operating modes available to Technician licensees, VEC and licensing issues, sunspots and propagation, mobile operating, contesting, Amateur Radio in pop culture, and perceptions of Technician license holders.” I’m sure there will be ideas for new and old hams alike. Subscribe to this new podcast and get the most out of ham radio!

Networking Basics

I made a career move over a year ago from programming into a networking position and quite enjoy it. Pascal – VA2PV, has a quality Youtube channel where he frequently does product reviews, how-to videos, and shares his experiences with things like PL-259 installation and re-cabling his shack. Video and audio quality are excellent with many videos available in 4K (great opportunity to experience a 4K stream). He released a video on the basics of IP networking. It won’t go in depth to the level of things I do at work, but if you ever wanted to know how devices on your home network can communicate with devices on the Internet, what is DHCP & DNS, then his video is required viewing.

FreeDV QSO Party

A group in Australia has announced the first ever FreeDV QSO party starting on April 27th 0300z to April 28th 0300z 2019. FreeDV is an open source digital voice mode, commonly referred to as Codec 2. I’ve played around with this mode before and was impressed by the resulting audio quality in such a narrow bandwidth. I hope this will create some FreeDV activity on the bands. It does require two sound cards (or sound devices) to operate. If you have an internal soundcard and a SignaLink, you’re set. The internal soundcard records and plays voice audio while the SignaLink (or other) transmits and receives digital modulation to and from your radio. Look for you on the bands using FreeDV!

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – June 2018 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://arrl-ohio.org/news/2018/OSJ-Jun-18.pdf

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

The Wood County Amateur Radio Club (which I’m a member) has a Fusion digital net on Thursday nights. Longtime club member Phil – W8PSK, posed the question: can I operate a Wires-X node mobile from my RV?

A little background about Wires-X setups. Wires-X is part of Yaesu’s System Fusion and is a closed Internet linking system. Only Yaesu hardware is allowed. Other digital devices like the OpenSpot, DVMega, and Pi-Star are not permitted. The obvious answer, if it were a viable choice, would be to use a digital hotspot but Yaesu doesn’t allow them. Wires-X hardware requirements include: a Yaesu FTM-100D or FTM-400XD radio or Fusion repeater, Yaesu HRI-200 interface between the radio and PC, a Windows 7 or 10 PC (yes, it must be Windows machine), and an Internet connection with a global IP address. A common example of a global IP address is one provided to you by your DSL, Cable, or Fiber provider. This IP is accessible from anywhere on the Internet and (generally) unrestricted. Lastly, another radio is required to use the Wires-X node locally.

Having setup my own Wires-X node in addition to LEARA’s repeater node, my first assumption was Phil would be able to connect out from his node in the RV to any other Wires-X node, but no other node could connect to him. This theory was based on the need to open or “port forward” 7 ports from the Internet to the PC running the Wires-X software. Port forwarding is a computer networking method used to allow data to bypass a firewall which would normally block that communication. Those that run websites from their network or have access to IP cameras while away from home will have these port forwards configured in their router.

Phil planned on using his smartphone as the Internet connection to the PC. Modern Smartphones have the ability to use the cellular network to serve an Internet connection to other devices like a laptop or Raspberry Pi via Wi-Fi connection. This is labeled something like “Mobile Hotspot” or “Personal Hotspot” in the phone. Standard disclaimer: check with your provider first in case there is an extra charge for this service or bandwidth cap. Bandwidth is standard for a Voice over Internet system at about 60kpbs/connection or about 30 MB/hour/connection with constant TX/RX. Port forwarding is never allowed on consumer cell plans. The unknown was can the Wires-X software connect without the port forwarding outlined in the configuration.

I tested my theory to see if the Wires-X software functioned by modifying a known working Wires-X configuration. I closed (temporarily disabled) the forwarded ports on my network. This meant communication over those ports would now be blocked, similar to that of a cellular connection. Then restarted the Wires-X software and hoped for the best. Was my theory correct? Drumroll please… the answer was: no. Wah waaaah. Not having the required ports forwarded to the PC did not allow the software to receive data from the Wires-X network. That result almost killed any hope of Phil using Wires-X mobile in his RV.

Phil was determined and we looked further into different solutions. VPNs were an option because they can often bypass network restrictions. However, a small number of VPN providers allowed forwarding ports as part of their service. Reviews weren’t positive and VPNs tend to easily fail with unstable data connections as one might have while mobile. Not something to be messing around with while driving. It introduced another point-of-failure in this setup. Hilariously enough, there were applications that touted the ability to ‘open ports on your phone.’ These wouldn’t work because it might open ports on the phone, almost assuredly the provider was blocking any ports upstream to the phone. Verizon offers a business account which allows port forwards but there is a one-time setup cost of $500 plus the service. Yeah, no. I suggested asking in the Yahoo group. John – N9UPC, Fusion representative for Yaesu, reinforced the conclusion I came to: operating mobile wasn’t possible because wireless providers don’t provide a global IP. Though Phil posted his question in late April, oddly enough John did not give any indication to an announcement at Dayton. One solution that looked promising used AMPRNet which is block of Internet routable IP addresses for ham radio operators. It could give us the global IP address we needed. After finding out more, someone else’s data center was being used and we weren’t sure Phil would have permission to use it as well.

Sensing no way to get around the port forward restriction, an announcement came during the Fusion forum at Dayton that (we hope) will solve Phil’s problem. Yaesu is going to release an update in the coming months that will allow the FT2DR, FTM-100D, as well as the FTM-400XD to operate as a portable node. With additional cables, these radios would connect directly to a computer for Wires-X operation without the need of an HRI-200. This was created specifically for mobile setups and users who don’t have the ability to forward the necessary ports (like in a hotel). Ding, ding, ding, we have a winner!

A couple caveats: purchase of an HRI-200 is still required. To use the portable node, you still need to register on the Wires-X system which requires a serial number from an HRI-200. The portable setup will not have ‘all of the features’ of the traditional setup such as hosting a Room (round table-type node) or messaging. Purchase of two cables is required to make the necessary connections: an SCU-19 USB and CT-44 audio cable. It wasn’t clear if both are needed for the 100/400 radios. There are no plans “at this time” to integrate any other Fusion radio other than the three listed above.

It would have been nice to have a heads-up about this new option before we spent time researching a solution. I think this will solve Phil’s problem and get him mobile with Wires-X. Announcement from the Fusion form, Dayton Hamvention 2018.

Speaking of digital hotspots, my favorite has been discontinued: the openSPOT. Saw it disappeared form dealer sites just after Dayton. June 8th it was removed from the SharkRF website with an announcement that a new product was going to be introduced soon. What could it be??! If you need a digital hotspot device today, I really like the ZUMSpot with the Pi-Star software. I picked up one with a case at Dayton. More info in future articles.

The next big ham holiday, Field Day, is right around the corner. Get out and join your club or find a club to join if you’re not a member of one. It’s a great time to bring friends and get them excited about ham radio. Hams that come out get bitten by the bug to expand their station or learn a new mode. Check the Field Day Locator for operations taking place near you. Sending 10 messages over RF from your site gets you 100 points – including Winlink messages. I love to receive messages about your setup, stations operating, or social activities taking place. These can be sent via the National Traffic System (NTS) or Winlink – K8JTK at Winlink.org – to my station. Winlink post about Field Day points.

With July around the corner, two of my favorite events will be kicking-off soon. The 13 Colonies Special Event is coming up July 1 – 7, along with the RAC Canada Day Contest on July 1st only.

Thanks for reading and 73… de Jeff – K8JTK

Bridge a Remote Site Network with OpenVPN Access Server

Having access to your devices over the Internet is a requirement for any admin deploying a project. Instead of running to a remote site to administer devices (making changes, applying updates and patches), it’s easier to connect remotely and make changes. Remote access poses many issues and concerns.

Security

First and foremost is security. You always, always, ALWAYS want devices connected to the Internet behind a router with a built-in firewall (NAT router). A firewall filters traffic between two networks (your ISP and home for example) and will block attempts to connect to your internal (private) network.

Device manufacturers take security for granted. Little testing and auditing takes place because the analysis is expensive for throw-away devices. This is noted in many stories including Bug Exposes IP Cameras, Baby Monitors where simply clicking “OK” on the login dialog allowed access to the Internet connected video camera. It is trivial to find these devices on the Internet because of Shodan. Shodan is dubbed the “Internet of Things Search Engine.” If you’re not familiar, think of it as the Google for devices connected directly to the internet. These could be: web servers, printers, cameras, industrial machines, bitcoin mining… Putting devices behind a firewall minimizes the risk because anything trying to peer into the network would be blocked by the firewall.

This holds true for networks you don’t control (granted access on someone else’s network). Put your stuff behind a router/firewall so they can’t see your devices and you can’t be exploited by devices on the other network.

Port Forwarding is a popular technique to only allow traffic on a specific port to a device you specify in your firewall (router). This provides little security as it still allows a potentially vulnerable service to accept incoming connections from the Internet.

Choose a good router

Couple of tips for a good router:

  • You get what you pay for. Don’t opt for cheap.
  • Opt for ones that support third-party firmware like DD-WRT and Tomato or setup a dedicated computer running pfsense or Untangle. These have proven to be more secure than stock firmware in addition to offering a more complete feature set.
  • Stick with popular models as found on Amazon, Newegg, or other tech store. They’re more likely to be reliable, well updated models.
  • Look for ones that accept USB cellular modem dongles for installations that have no accessible network connection like a remote site.

Virtual Private Network

The preferred way to connect to a remote network is to use a VPN. A VPN connects to a private network securely over the Internet. It allows the user to exchange data, use services, and connect to devices as if they were directly connected to that network. An open-source project that implements VPN technologies security is OpenVPN. OpenVPN is an application that allows for secure point-to-point communication. There are many implementations of OpenVPN including using it in many third-party router firmware (mentioned above). OpenVPN Access Server is one of the many implementations and the one used for this project.

This project was inspired by Hak5 1921 – Access Internal Networks with Reverse VPN Connections. As an Amateur Radio operator into the newer computer and digital technologies, more devices are located at remote sites.

This setup consists of:

  1. A remote network behind a firewall where devices exist you want to access. This will be a Linux server on the remote network that will act as the gateway and persistently connected to the bridge. This could be a full desktop computer purposed for something else or Raspberry Pi. Also on the same network will be a Windows machine.
  2. An unsecure/unknown network, AKA the Internet.
  3. A private server that will act as the bridge between the remote network and a device you choose.
  4. A device in a separate location that will connect to the cloud server and will be able to access the remote network. I will use a Windows machine to act as a ‘home’ computer.

This setup works in nearly all cases because the only device receiving incoming connections is the bridge server in the cloud. Firewalls block incoming connections by default. Very few block connections originating inside the network out to the Internet (egress). If a device along the way filters by content, connection attempts will be blocked. Many corporate networks are doing this kind of filtering. Otherwise the traffic looks the same as secure web traffic on port 443. No port forwarding is used.

Hosting

I recommend using an infrastructure hosting provider for the bridge server. This can cost anywhere from $5-$15 per month. The device can be anywhere on the public Internet. It must accept multiple connections on different ports but only by a couple users at a time are needed. Minimal configuration is more than sufficient. Bandwidth, latency, and up-time of all points in this setup effect reliability. My personal recommendations for infrastructure hosting providers are: Rackspace and DigitalOcean.

IP addressing

All remote networks and the home user networks cannot overlap in address space. That is they need to be differently numbered. For example, typically home networks have addressing as 192.168.1.x. The remote site(s) can’t have the same numbering (192.168.1.x). It must be different. I suggest making the remote site different enough to not cause conflict with any home users’ networks. Remote sites as 192.168.25.x, 192.168.26.x, and 192.168.27.x would work fine when the home users’ networks is addressed 192.168.0.x, 192.168.1.x, 192.168.2.x, and so on (except 25-27). Similarly addressed networks create routing conflicts and the packets will not reach the correct network.

Downsides

Cost.

In addition to hosting, a downside to using OpenVPN Access Server is licensing. While OpenVPN is Open-Source Software and OpenVPN Access Server is free, the license allows for only two concurrent tunnel connections at any one time. This means the remote site counts as one connection and the home device the second. If a second person (third device) needed access to the remote network, they would get a message saying ‘Access Server has reached its concurrent connections limit.’ The first person would need to disconnect first before the second could connect otherwise current connections will begin to be booted. Additionally, connecting two or more remote sites and a home user is not possible without purchasing licenses or running an additional bridge server. Additional licenses can be purchased for “$9.60 License Fee Per Client Connection Per Year. Support & Updates included. 10 Client minimum purchase.” $96 per year.

An alternative to OpenVPN Access Server is to setup your own (roll your own) OpenVPN server which is free. I hope to do an OVPN server setup at some point in the future.

Assumptions

This guide is step-by-step in nature, meant for beginners, with brief explanations of the steps. It will help to have an understanding of Linux commands and scripting. Capitalization is important in Linux! Understanding of basic networking concepts including determining network prefixes and CIDR notation is also required.

Program versions

I used a Windows 7 64 bit PC for configuration (and Home PC). Applications and versions used in this writeup:

  • OpenVPN Access Server 2.0.24
  • Putty 0.67
  • Ubuntu 14.04 x64 (bridge and remote servers)
  • Filezilla 3.16.0