[arm-allstar] OpenVPN & Hamvoip
Rob Seaman
vk6ld at outlook.com.au
Mon Sep 7 09:22:58 EDT 2020
Hi All,
After some experimenting, I managed to get one of my Allstar nodes, located a few hundred miles away on a LTE cellular modem, working with OpenVPN.
The node is unreachable by conventional internet means because of CGNAT, so I've been using a reverse SSH tunnel fairly successfully need to connect to it remotely, except for the time my local node had a corrupted SD card and crashed.
I thought I'd share my experience here in case anyone was wanting to try the same.
I started with setting up my own OpenVPN server on a small VPS with a local provider in my city. VPS specs are 1GB RAM, 20GB storage & 1TB data transfer.
I followed these guides:
https://computingforgeeks.com/easy-way-to-install-and-configure-openvpn-server-on-ubuntu/
https://www.cyberciti.biz/faq/ubuntu-18-04-lts-set-up-openvpn-server-in-5-minutes/
https://www.cyberciti.biz/faq/howto-setup-openvpn-server-on-ubuntu-linux-14-04-or-16-04-lts/
https://whattheserver.com/openvpn-server-with-port-forwarding<https://whattheserver.com/openvpn-server-with-port-forwarding/>/
Moving next to your remote Allstar node to connect into the VPN
1. Generate .ovpn/.conf profile on your VPS server. I use the callsign of the node or node number
2. Copy .ovpn profile to node (/etc/openvpn) and rename to .conf.
3. Add "--pull-filter ignore redirect-gateway" to .conf profile on node if you wish to not forward Allstar traffic via VPN.
4. Update OpenVPN package on node, as the included version didn't work with my server version. Use pacman -S hamvoip-openvpn
5. Test OpenVPN connection. openvpn <profile-name>.conf (eg: openvpn vk6ld.conf)
6. Change /usr/local/etc/allstar.env file to VPN enabled
7. Change /usr/local/etc/rc.allstar file - from client.conf to <callsign or node number>.conf
8. Reboot node and VPN connection should come up. You should see the VPN tunnel is alive with command ifconfig or at the top of the Admin Menu window.
I also setup an OpenVPN profile on my Win10 computer and can now SSH to the node, as well as use Supermon on the node.
There may be steps I missed, but I managed to repeat the exercise on a second node from my own notes and it worked again second time around.
Hope this helps.
Cheers,
Rob...
VK6LD
More information about the ARM-allstar
mailing list