Content by: Michael Walker VA3MW
If you are looking at this, you may be in a situation where the internet connection provided by your ISP is something called Carrier Grade NAT (CGNAT). StarLink is a CGNAT ISP.
Carrier-grade NAT (CGN or CGNAT), also known as large-scale NAT (LSN), is a type of Network address translation (NAT) for use in IPv4 network design. With CGNAT, end sites, in particular residential networks, are configured with private network addresses that are translated to public IPv4 addresses by middlebox network address translator devices embedded in the network operator's network, permitting the sharing of small pools of public addresses among many end sites. This shifts the NAT function and configuration thereof from the customer premises to the Internet service provider network (though "conventional" NAT on the customer premises will often be used additionally).
Carrier-grade NAT is often used for mitigating IPv4 address exhaustion.[1]
CGNAT techniques were first used in 2000 to accommodate the immediate need for large numbers of IPv4 addresses in General Packet Radio Service (GPRS) deployments of mobile networks. Estimated CGNAT deployments increased from 1200 in 2014 to 3400 in 2016, with 28.85% of the studied deployments appearing to be in mobile operator networks.[3]
In the FlexRadio world, CGNAT is incompatible with SmartLink.
In order to get around this limitation, both the radio (server) and the user (client) must make their initial connections outbound to a common server in the cloud—think of it like both parties “phoning” the same number. As I’ll demonstrate, this approach does work, but it comes with some significant trade-offs.
One option for this is SmartEther VPN’s VPNAzure feature. To enable it, you’ll need to run a VPN server on the same network (subnet) as your radio. This can be set up easily on a Raspberry Pi— even a Pi 3 has more than enough processing power. Alternatively, you can host it on a local PC.
The diagram below illustrates the setup: the radio (server) is shown on the left, while the user (client) is on the right. Both connect outward to the common cloud server.
Directions on solutions can be found on the SoftEther website: https://www.softether.org/4-docs/2-howto/6.VPN_Server_Behind_NAT_or_Firewall/2.VPN_Azure.
The really high-level basic steps are:
- Install and configure a SoftEther VPN Server on the Radio network https://www.softether.org/4-docs/2-howto/1.VPN_for_On-premise/2.Remote_Access_VPN_to_LAN
- Configure it for using the VPN Asure Cloud (you can have normal VPN stuff too) https://www.softether.org/4-docs/2-howto/2.VPN_for_Cloud/3.Cloud_to_LAN_Bridge_VPN
- Install SoftEther VPN Client on your Laptop https://www.softether.org/4-docs/2-howto/1.VPN_for_On-premise/2.Remote_Access_VPN_to_LAN#Step_4._Set_up_VPN_Client_on_Each_Member's_PC
With all that completed, you can give it a try.
- Make sure the VPN server is running
- Start the VPN client on your PC from a 'remote' location, even paired to a cell phone, to test and make sure it connects.
- Start SmartSDR, and you should be able to see your radio. Go ahead and try to connect.
I had to mask out some of my target IP addresses, but you see that SmartSDR can actually see both of my remote radios. This shows me that the Layer 2 UDP broadcast packets made it over the VPN and that my remote PC is now on the same subnet.
The Downside
- It can be complicated to set up if you do not have any networking knowledge. It doesn't take much to learn, so you can do it by asking questions of those who know it already. Give it a try; you can't really break anything if it doesn't work.
- Latency - when I tested it, the audio on SSB was running over 300-400ms behind reality
- SmartSDR may crash at times if the latency goes LONG. When we use SmartLink, it has different software to handle longer latency connections, responsible for longer response times. Over a VPN like this, SmartSDR does not think it is on a long-haul routed network.
If you got this far, good for you. If you are motivated enough, you may wish to give this a try.
Is this the only way? No, but I think it is one of the easier ways with limited customization. Network-savvy hams will have many ways to achieve this sort of solution.
If Networks are new to you, you can now see why FlexRadio created SmartLink and why it is so simple to use today. We do all the heavy lifting for you.
NOTE: This article was provided as an alternative to using SmartLink for remote access. This configuration is not officially supported by FlexRadio.