Topics

IRLP VPN via 4G Mobile Broadband - My Experience ... so far

Peter VK3PYE
 

Hi everyone.
 
I own node # 6574 which is built on a Raspberry Pi 3 and it's portable. My QTH is Melbourne, Australia.
 
So far the IRLP_VPN system has been excellent. I am very pleased with the performance and audio quality. I am running the node with the IRLP_VPN via a 4G Mobile Broadband Router for the Internet Connection. Currently, Optus is my ISP.
 
Some notes on my IRLP_VPN usage via 4G Mobile Broadband :
 
As my node is not connected to any repeater system, I have had the habit of turning it off at night. For the past 20 months or so this has been OK. The node always went back online in the morning, with few exceptions. Previously the Internet was feed to it via a 4G Telstra Business Account to get a Public IP address. But now it is feed via my 4G Optus Mobile Broadband Account which does not allow a Public IP address.

IRLP_VPN to the rescue!
 
My observations using the 4G Mobile Broadband Router ...
 
The main issue is with the 4G Mobile Broadband Router, as it does not route the Internet stream evenly to all devices, just like a "normal" router would. This device feeds my computer, my node and any other devices that requires Internet access in our home. I do have acceptable down and up load speeds, so that is not the issue.
 
My work-around to this is to boot up the node first in the morning, wait for a few mins (go have my coffee) then boot up the computer. That way the node will go online via the VPN first without any trouble.
 
If I forget, and the node fails to pick up the VPN, then I can just either wait a while, or reboot the node via DTMF, and all is good-to-go.
 
The other time that the 4G Mobile Broadband will slow the node is during computer web usage and downloads. So, I just limit that usage during a QSO on the node.
 
So, all-in-all, an excellent service for those, like me, that do not use an ISP that dishes out public IPs.
 
Thanks again to the IRLP Team for the VPN service!
 
Why did the 4G Telstra Business Account never had this issue? Because it only ever feed the IRLP node, nothing else. Way too expensive to use for usual Internet usage.
 
73, de Peter VK3PYE, node # 6574

k9dc
 

Thank you for this review Peter. I am glad to know it is working well for you. Between Chicago and Sydney we have issued well over 100 configurations, and have heard from very few folks having any trouble with it.

IRLP VPN information is available at https://irlp.groups.io/g/IRLP/files/IRLP%20VPN%20Service

One observation I will offer is, IRLP VPN is much more reliable with modern installations of Linux. The configuration files we hand out work fine on all versions of Debian Linux we have used for IRLP. Including as far back as Debian 6 (Squeeze). But the older versions do not reliably recover from a network interruption.

Within the last couple of days our hosting provider experienced an outage in the Sydney datacenter, which caused a reboot of the machine our services live on. I suspect services were down for less than a minute. All the Debian 9 (Stretch) and 10 (Buster) clients recovered automatically. The older Debian 6 and 7 installations did not come back until they were rebooted locally.

My point is if you are relying on IRLP VPN for service to your node and running Debian 6, 7, or 8 (Jessie), you might want to consider upgrading to at least Debian 9 (Stretch). Debian 9 includes OpenVPN version 2.4, which includes a number of improvements affecting reliability and recovery of tunnels.

Unfortunately, I believe all the Nano-nodes from Micro-Node International are running Debian 7 (Squeeze). I have one on my bench that presumably has their latest software onboard (1.030), and it is running Debian 7 (Wheezy). Even though it is connected using my symmetrical gigabit service, it never recovers if there is any WAN interruption. OTOH, a node in my car, on much older hardware, and a pretty flaky cellular connection, but running Debian 9, recovers every time. I do not know if there is an upgrade path for the Nano-Nodes or not. If someone here knows, please let us all know.

-k9dc

On Oct 23, 2019, at 00:58, Peter VK3PYE <pete_jbk@...> wrote:

Hi everyone.

I own node # 6574 which is built on a Raspberry Pi 3 and it's portable. My QTH is Melbourne, Australia.

So far the IRLP_VPN system has been excellent. I am very pleased with the performance and audio quality. I am running the node with the IRLP_VPN via a 4G Mobile Broadband Router for the Internet Connection. Currently, Optus is my ISP.

Nosey Nick VA3NNW
 

k9dc wrote:
Unfortunately, I believe all the Nano-nodes from Micro-Node International are running Debian 7 (Squeeze).
Debian 6 Squeeze support stopped on 19 July 2014 , with limited "long
term support" extended to 29 February 2016

I have one on my bench that presumably has their latest software onboard (1.030), and it is running Debian 7 (Wheezy).
Debian 7 Wheezy lost support on 26 April 2016... or again limited
support until 31 May 2018. Nearly a year and a half ago, and there's
been several major headline security issues since then. Staying on
either of those is shockingly negligent, especially for a machine that
has open inbound ports from the internet.

Even 8 Jessie ran out of security patches on 17 June 2018. You need to
be on AT LEAST 9 Stretch (good until "sometime" 2020) but realistically
10 Buster (good until 2022) by now.

Nick

--
"Nosey" Nick Waterman, VA3NNW/G7RZQ, K2 #5209.
use Std::Disclaimer; sig@...
If we aren't supposed to eat animals, why are they made of meat?

Ramon Gandia
 

I would like to state that the IRLP load is a very small subset of debian. For instance, it does not include any windowing whatsoever,
and a lot of programs are stripped from it. Why would you want Libre
office or Firefox or Chrome? Printer support? Etc.

Having said that, I am not sure what Micronode does.

I think a stripped down version of debian, even Debian 6, behind
a firewall is probably as safe as a bloated Debian 10.

More concerning is that over the years there are minor changes that
accumulate. Thus sometimes scripts and binaries will break upon
"updates" or the newer IRLP will not run on an older Debian.

If you have a old IRLP that works, I would not imagine that any
updating is needed.

--
/|\
Ramon Gandia AL7X ... 7254
Nome, Alaska USA

On 10/23/19 5:13 PM, Nosey Nick VA3NNW wrote:
k9dc wrote:
Unfortunately, I believe all the Nano-nodes from Micro-Node International are running Debian 7 (Squeeze).
Debian 6 Squeeze support stopped on 19 July 2014 , with limited "long
term support" extended to 29 February 2016

I have one on my bench that presumably has their latest software onboard (1.030), and it is running Debian 7 (Wheezy).
Debian 7 Wheezy lost support on 26 April 2016... or again limited
support until 31 May 2018. Nearly a year and a half ago, and there's
been several major headline security issues since then. Staying on
either of those is shockingly negligent, especially for a machine that
has open inbound ports from the internet.
Even 8 Jessie ran out of security patches on 17 June 2018. You need to
be on AT LEAST 9 Stretch (good until "sometime" 2020) but realistically
10 Buster (good until 2022) by now.
Nick

k9dc
 

The point of *my* post was that the version of OpenVPN (2.4) that comes with Debian 9 is much better than earlier versions of Debian. Normally I would agree with you with regard to upgrades. But if you need OpenVPN for your node to work, Debian 9 (or 10) will be much better.

-k9dc

On Oct 23, 2019, at 22:11, Ramon Gandia <rfg8yg@...> wrote:

I think a stripped down version of debian, even Debian 6, behind
a firewall is probably as safe as a bloated Debian 10.

KM6MMO
 

Just a quick thought about 4G connections...

Use of a secondary router in Access Point mode could sold allot of instability within the DHCP settings on the 4G device.

I have found this to provide rock solid connection to my VPN for my Pi Node 3059.
Even when throttled at 129kbs

Thanks Pete for the node 
Thanks David Cameron for putting together such an enjoyable way to practice HAM radio.
73 for now and good luck
Erik , KM6MMO 

Peter VK3PYE
 

On Thu, Oct 24, 2019 at 02:31 PM, KM6MMO wrote:
Use of a secondary router in Access Point mode
Thanks for that tip Erik. I already own one of those, so I will test it out.

73 de Peter VK3PYE

Peter VK3PYE
 

On Wed, Oct 23, 2019 at 09:47 PM, k9dc wrote:
One observation I will offer ...
Thanks for the feedback David K9DC.

I am still on Jessie Lite with my Pi node. I Suppose that I should "dive-in-at-the-deep-end" and install the latest version. If I do, it will be on a new SD-Card. That way if I mess it up I will still have a functioning Jessie Lite.

73 de Peter VK3PYE

John
 

Some routers have a guest access point which has access to the Net, but not to your network. It might also have WPS etc.
Is this what Erik is referring to?

John @ 6163

On 24/10/2019 3:29 pm, Peter VK3PYE wrote:
On Thu, Oct 24, 2019 at 02:31 PM, KM6MMO wrote:
Use of a secondary router in Access Point mode
Thanks for that tip Erik. I already own one of those, so I will test it out.
73 de Peter VK3PYE

Peter VK3PYE
 

On Thu, Oct 24, 2019 at 07:53 PM, John wrote:
Is this what Erik is referring to?
Hi John.

I believe Erik was referring to a WiFi Range Extender, as they are routers too. I have the NETGEAR WN2500RP which has dual band WiFi and 4 Ethernet ports.

73 de Peter VK3PYE