VPN network issue

hello again
Well, I’ve been with the Icoms idle for a season.
I am now setting up an IC7300 to operate remotely from the family home. I have a lot of QRM over the summer in my Shack. The town is filled with tourists, and until they leave…

Well, the fact is that I have installed a computer with Windows 10 connected by USB to the radio. And I want to access it remotely.
I can’t work with NAT and open ports because I have a 4g router that only gives me CGNAT, that is, I don’t have a public IP.
I have installed a vpn on Windows and another on my home PC and I can communicate perfectly and ping between the two computers by the IP of the vpn. RDP works perfectly.

I’ve looked at the firewalls and disabled it to try, but no luck.
I have noticed that in the log of the remote computer (server) the port 50001 of the IP that is assigned to the router is activated 192.168.8.122, but it does not (or does not say so) with the IP of the vpn 172.22.94.130.
How can I change this?

LOG on server:
2024-08-17 17:29:47.843 INF udp.server: Starting udp server
2024-08-17 17:29:47.843 INF audio: Audio Input device “Default Input Device”
2024-08-17 17:29:47.843 INF audio: Audio Output device “Remote audio”
2024-08-17 17:29:47.905 INF udp.server: My IP Address: “192.168.8.122”
2024-08-17 17:29:47.905 INF udp.server: Server Binding Control to: 50001
2024-08-17 17:29:47.905 INF udp.server: Server Binding CIV to: 50002
2024-08-17 17:29:47.905 INF udp.server: Server Binding Audio to: 50003

ipconfig server:

VPN virtual Ethernet Adapter [xxxxxxxxxxxxxx]:

I add specific DNS for the connection. . :
Link: local IPv6 address. . . : fe80::bf13:63cb:d61:77be%11
IPv4 address. . . . . . . . . . . . . . : 172.22.94.130
Subnet mask. . . . . . . . . . . . : 255.255.0.0
Default gateway. . . . . : 25,255,255,254

Wi-Fi wireless LAN adapter:

I add specific DNS for the connection. . :

IPv4 address. . . . . . . . . . . . . . : 192.168.8.122
Subnet mask. . . . . . . . . . . . : 255.255.255.0
Default gateway. . . . . : 192.168.8.1

Wfview will only bind to the first available network interface, you can make your VPN interface the primary by giving it the lowest Metric:

  1. Open the Network and Sharing Center > Change Adapter Settings.
  2. Right click the connection whose priority you wish to modify then click Properties.
  3. Scroll down and click Internet Protocol Version 4 (TCP/IPv4), then click Properties.
  4. In the bottom of the properties window, click Advanced.
  5. On the bottom of the Advanced Settings window, uncheck the box next to Automatic Metric.
  6. In the Interface Metric text box, enter the priority number for this connection.
  • Note: The lower the number, the higher the priority the connection will have. Enter any number that is 2 or greater, depending on your preference for this connection.

The ability to configure which network interface to bind the server to will likely be added in a future version.

Phil

Hi Phil,
thanks for the quick response.
What you’re telling me won’t make the remote pc not find the gw it needs?
If I give priority to the vpn over the main network, I won’t have access to the internet, right? and I’ll be disconnected… The VPN network doesn’t connect to the internet.

Not if the VPN interface doesn’t have a default gateway.

and I ask…
couldn’t it be that the server opens all possible networks at once?
I think that in linux it is done by ip 0.0.0.0 and it listens to all adapters.

I have to see how the vpn system I have installed configures it…

There was a technical reason why I did it like that, only binding to the first interface (but I can’t remember what it was now…)

Well, I put the remote server in windows so that if I had a problem it would be easier to solve, but I already regret it.
At home I have everything in linux and I have always been able to fix things easily.
It may be the next day that I go there, put a linux and out problems.

I remember why it is now, it is a peculiarity of binding UDP sockets, if you don’t bind to a specific address, you cannot guarantee that port will be used for outbound traffic. TCP handles this much more gracefully as it is stateful.

If you are interested, this blog details the difficulty in binding UDP servers to wildcard addresses:

https://blog.cloudflare.com/everything-you-ever-wanted-to-know-about-udp-sockets-but-were-afraid-to-ask-part-1

1 Like

Hello!

I’m coming to this late but I’ve a 9709 and a 7300 (via usb and raspberry pi) both available externally. I to have cgnat on my fiber.

I use a vpn service called witeguard (a vpn in linux).

In a nutshell I have an external vps. That has a world accessible ip address. I use ports 50001-3 to my 7300 and 50011-3 to my 9700. The data is packaged by the vpn and routed to wireguard on the pi that pings out to the vps to establish the vpn tunnel.

Tl;Dr it just works!

When I have a moment I’ll write it up for you.

Hello, thank you meeko.
I’m looking into how I can do that. The thing is that I only have one remote computer, and it’s Windows.
There I have a 4g router with cgnat, but it is a simple router, with few features. I put a vpn on it with zerotier which so far has worked great for all the applications I’ve needed.
Of course everything is tcp. UDP is a bit more strange.
Well… I don’t know how I can remotely do something without breaking the connection, and staying in the dark.

Now I looked at the wfview I have here, at the shack, with linux and the log:
2024-08-18 00:45:51.010 INF udp.server: Starting udp server
2024-08-18 00:45:51.010 INF audio: Audio Input device “default”
2024-08-18 00:45:51.010 INF audio: Audio Output device “default”
2024-08-18 00:45:51.011 INF udp.server: My IP Address: “0.0.0.0”

It’s that I remembered having made it work remotely with the same vpn system some time ago from the shack and with linux. Here is the difference.

Maybe it will be as easy as generating a virtualbox with a linux and trying to connect the USB port to the virtualbox. That is as long as I don’t put a real Linux on it.

I found the key was to have a device “in the cloud” as it were. Something world addressable.

Have you considered renting a very cheap bare bones vps? I pay about $5/month for OVH to provide me with a vps with 4 ip addresses (various projects). They put ubuntu 24.04lts on and I did the rest with was basically wireguard (vpn) and iptables (firewall)

The magic was done with the local raspberry pi which first spoke to the vps to advertise itself the established encrypted handshaking and the rest is data tunneled need over the vpn and sorted by iptables.

I am replicating for the local radio club who are also using a 5g router (no wired Internet access possible at the shack)

Sketch attached. Hope it makes sense!

I can provide the iptables insteuctions as examples if needed. It works, it’s not tidy code but it does the job!

Jordi: send me an email directly to meekoblue AT Hotmail DOT co DOT uk

And I’ll sned you enable files

Hello again,
well, I’ve done the test of generating a virtual machine with linux, and there I’ve put wfview connected directly to the VPN.
The result is that it works well. Since in Linux the UDP listening port is on IP 0.0.0.0 and works on all network interfaces, I can reach it without problems from another computer in the vpn network. I use this vpn for udp connections regularly for a project I have with raspberry pi, and it has never given me problems in this kind of connections. Specifically, I connect several Rpi with PIstar software to link analog repeaters via vpn.
So I understand that the problem is Windows itself. And how it manages network interfaces.

For me, the solution is simple. I change the OS of the PC I have connected to the Icom, and problem solved.

Anyway, if I could choose on which network the UDP service is activated in the software, it could also work in windows.

Thanks for your help.
EB3AM

1 Like