[arm-allstar] OpenVPN & Hamvoip

David dvd at dalfonso.us
Tue Sep 8 23:24:04 EDT 2020 

Rob,

Thanks for an interesting solution to a common problem.  You mentioned 
using your win10 computer to SSH to your difficult to reach node.  I 
presume you used an openVPN client on the win10 to also connect to the 
openVPN server.  Did that require further configuration of the server to 
allow client-to-client connection? If so, do you have a reference for 
the steps do that?

Dave k6dvd

On 9/7/2020 6:22 AM, "Rob Seaman via ARM-allstar" wrote:
> Hi All,
>
> After some experimenting, I managed to get one of my Allstar nodes, located a few hundred miles away on a LTE cellular modem, working with OpenVPN.
>
> The node is unreachable by conventional internet means because of CGNAT, so I've been using a reverse SSH tunnel fairly successfully need to connect to it remotely, except for the time my local node had a corrupted SD card and crashed.
>
> I thought I'd share my experience here in case anyone was wanting to try the same.
>
> I started with setting up my own OpenVPN server on a small VPS with a local provider in my city. VPS specs are 1GB RAM, 20GB storage & 1TB data transfer.
>
> I followed these guides:
>
> https://computingforgeeks.com/easy-way-to-install-and-configure-openvpn-server-on-ubuntu/
>
> https://www.cyberciti.biz/faq/ubuntu-18-04-lts-set-up-openvpn-server-in-5-minutes/
>
> https://www.cyberciti.biz/faq/howto-setup-openvpn-server-on-ubuntu-linux-14-04-or-16-04-lts/
>
> https://whattheserver.com/openvpn-server-with-port-forwarding<https://whattheserver.com/openvpn-server-with-port-forwarding/>/
>
> Moving next to your remote Allstar node to connect into the VPN
>
> 1.  Generate .ovpn/.conf profile on your VPS server. I use the callsign of the node or node number
> 2.  Copy .ovpn profile to node (/etc/openvpn) and rename to .conf.
> 3.  Add "--pull-filter ignore redirect-gateway" to .conf profile on node if you wish to not forward Allstar traffic via VPN.
> 4.  Update OpenVPN package on node, as the included version didn't work with my server version.  Use pacman -S hamvoip-openvpn
> 5.  Test OpenVPN connection.  openvpn <profile-name>.conf  (eg:  openvpn vk6ld.conf)
> 6.  Change /usr/local/etc/allstar.env file to VPN enabled
> 7.  Change /usr/local/etc/rc.allstar file - from client.conf to <callsign or node number>.conf
> 8.  Reboot node and VPN connection should come up.  You should see the VPN tunnel is alive with command ifconfig or at the top of the Admin Menu window.
>
> I also setup an OpenVPN profile on my Win10 computer and can now SSH to the node, as well as use Supermon on the node.
>
> There may be steps I missed, but I managed to repeat the exercise on a second node from my own notes and it worked again second time around.
>
> Hope this helps.
>
> Cheers,
>
> Rob...
> VK6LD
>
>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org

More information about the ARM-allstar mailing list