<-[[.:]] ====== svxlink hotspot====== ===== Hardware ===== |Platform|Raspberry Pi| |Software|SVXLink| |Interface|CM108 soundcard| |Radio|IC-2E| ===== Background ===== Remote/portable //personal// node. Similar setup to [[aze|MB7AZE]] but without the connection to ''Echolink'' and monitoring fewer TalkGroups. I use TG 8 as a testing ground to keep my traffic off the rest of the system. **UPDATE** --- //John Pumford-Green 03/06/22 17:57// Making it into a mobile hotspot/echolink node/SVXreflector/parrot.... [[svx_mobile]] ===== Networking ===== Usual method of deployment is to use a small //MiFi 4G router// as an access point to let the Raspberry Pi reach the internet. When this MiFi router is in use the node is on an inaccessible network and I can't reach it to make changes or shut it down. ==== The answer is SSH Tunnels ==== I use a "Remote SSH Tunnel" to get access to it from my home LAN. The idea is that the remote node makes an outgoing SSH connection, to a machine on my LAN. I have an open port in the router forwarded to an internal machine for SSH access when I'm away from home. This is straightforward, and the remote Pi can //easily// create a SSH session on to my PC in the shack. ''ssh -p xxxxx my.external.host.name'' Along with this //incoming// SSH connection from the remote node is also a request to set up a //"Remote Tunnel"// which makes the internal Shack PC set up a //listening SSH port//. After this is done, any connection to this new listening port will be sent //backwards// to the __remote node__, **//tunnelling within//** the existing SSH connection. This //tunnel// will now accept incoming connections from machines //inside// my LAN and __forward them to the remote node__. I can now effectively SSH to the remote SVXLink node as if it were on my LAN in the shack. The magic is all done in SSH, but to make it more robust I use a package called ''autossh'' which is a wrapper around ''SSH'' that monitors for loss of the tunnel connection and initiates a new connection automatically if it should fail for any reason. Here is the script that fires it all off: ''tunnel.sh''


#!/bin/bash

autossh -M 20000 -N -T gm4slv_tunnel

Simple enough, but effective. The ''gm4slv_tunnel'' is connection defined in ''.ssh/config'' as:


Host gm4slv_tunnel
	HostName gm4slv.plus.com
	User gm4slv
	Port xxxxx
	RemoteForward 4446 localhost:22
	RemoteForward 8080 192.168.0.1:80

This sets up a remote tunnel, listening on port 4446 of my shack PC that will be forwarded back up the SSH connection to the SVXLink Raspberry Pi. It also sets up a listening port 8080 which gives me ''http'' access to the 4G MiFi router at the remote site in case I want to shut it down or reboot it or whatever. I just browse to ''http://my_shack_pc:8080'' and I'm actually logged into the MiFi router. Magic! ''etc/ssh/sshd_conf'' needs to have ''Gateway Ports yes'' to allow the Shack PC to accept connections to its new //remote listening// ports (4446 for SSH and 8080 for HTTP) from other LAN machines, __otherwise these ports would only be accessible to the Shack PC itself__ (on "localhost:4446" or "localhost:8080") To allow an unattended/automatic login //from// the remote Raspberry Pi //to// the Shack PC it's necessary to set up public_key authentication and to have a //passphrase-less// key on the Raspberry Pi. Generate a public/private key pair on the Raspberry Pi with ''ssh-keygen'' and don't enter a //passphrase// before saving it in ''.ssh/id_rsa'' and ''.ssh/id_rsa.pub''. Then transfer a copy of ''.ssh/id_rsa.pub'' //from// the Raspberry Pi //to// the Shack PC and put it in the ''authorized_keys2'' file: (on Raspberry Pi): ''$ scp .ssh/id_rsa.pub user@shack_pc:'' enter password etc. to do the initial ''scp'' transfer (on Shack PC) ''$ cat id_rsa.pub >> .ssh/authorized_keys2'' then any further SSH or SCP sessions //from// the Rasperry Pi //to// the Shack PC //should// occur without any need for passwords. The Pi is now set up for automatic SSH Remote Tunnel - as long as the script is run at boot time: Crontab is used to fire off the tunnel //and// start SVXLink @reboot


@reboot sleep 60 && sudo -u gm4slv /home/gm4slv/tunnel.sh 2>&1
@reboot sleep 30 && sudo -u gm4slv /home/gm4slv/svx_ref.sh >/dev/null 2>&1

To check the Tunnel is up you look at ''netstat -ntl'' on the Shack PC:


gm4slv@laptop:~ $ sudo netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      854/sshd: /usr/sbin
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      167630/cupsd
tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN      761/inetd
tcp        0      0 0.0.0.0:17500           0.0.0.0:*               LISTEN      62324/dropbox
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      1134/smbd
tcp        0      0 0.0.0.0:4446            0.0.0.0:*               LISTEN      2537/sshd: gm4slv
tcp        0      0 127.0.0.1:17600         0.0.0.0:*               LISTEN      62324/dropbox
tcp        0      0 0.0.0.0:20000           0.0.0.0:*               LISTEN      2537/sshd: gm4slv
tcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN      647/rsyslogd
tcp        0      0 127.0.0.1:17603         0.0.0.0:*               LISTEN      62324/dropbox
tcp        0      0 127.0.0.1:2947          0.0.0.0:*               LISTEN      1/init
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      1134/smbd
tcp        0      0 0.0.0.0:27659           0.0.0.0:*               LISTEN      854/sshd: /usr/sbin
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/init
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      2537/sshd: gm4slv

SSH is listening on ports ''4446, 20000 and 8080'' which proves it's up and running. Port 20000 (and 20001) is used by ''autossh'' to handle its "is the tunnel still up" packets. From the Shack PC I can ''ssh localhost -p 4446'' and reach the remove Pi, hostname ''svx''


gm4slv@laptop:~ $ ssh localhost -p 4446
Linux svx 5.15.32-v7+ #1538 SMP Thu Mar 31 19:38:48 BST 2022 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed May  4 14:28:06 2022 from 127.0.0.1
gm4slv@svx:~ $ who
gm4slv   pts/0        2022-05-04 14:35 (127.0.0.1)
gm4slv@svx:~ $ whoami
gm4slv
gm4slv@svx:~ $ ls
backup         greeting.wav   id_rsa.pub    id_svx.pub  node_info.json      svxlink          svxlink.log        svxlink-sounds-en_US-heather      svx_ref.sh
backup.tar     hosts          id_sdr.pub    log1.log    ReflectorLogic.tcl  svxlink.conf     svxlink_noel.conf  svxlink-sounds-en_US-heather.tar  tunnel.sh
git_backup.sh  id_laptop.pub  id_shack.pub  Logic.tcl   svx_el.sh           svxlink_el.conf  svxlink_ref.conf   svx_noel.sh
gm4slv@svx:~ $

//[[gm4slv@gm4slv.plus.com|John Pumford-Green]] Wed May 4 11:25:01 2022// Page Updated : ~~LASTMOD~~ {{tag>radio pi svxlink linux ssh}}