John's Vademecum

Try to learn something about everything, and everything about something -Thomas Huxley “Darwin's bulldog” (1824-1895)

User Tools

Site Tools

You are here: My digital Commonplace Book » Public Area » 03 : Radio » Older Topics » svxlink hotspot
Trace: svxlink hotspot
public:radio:dormant:svx

Table of Contents

Older Topics

svxlink hotspot

Hardware

PlatformRaspberry Pi
SoftwareSVXLink
InterfaceCM108 soundcard
RadioIC-2E

Background

Remote/portable personal node.

Similar setup to MB7AZE but without the connection to Echolink and monitoring fewer TalkGroups. I use TG 8 as a testing ground to keep my traffic off the rest of the system.

UPDATEJohn Pumford-Green 03/06/22 17:57

Making it into a mobile hotspot/echolink node/SVXreflector/parrot….

Svx Mobile

Networking

Usual method of deployment is to use a small MiFi 4G router as an access point to let the Raspberry Pi reach the internet. When this MiFi router is in use the node is on an inaccessible network and I can't reach it to make changes or shut it down.

The answer is SSH Tunnels

I use a “Remote SSH Tunnel” to get access to it from my home LAN.

The idea is that the remote node makes an outgoing SSH connection, to a machine on my LAN. I have an open port in the router forwarded to an internal machine for SSH access when I'm away from home. This is straightforward, and the remote Pi can easily create a SSH session on to my PC in the shack.

ssh -p xxxxx my.external.host.name

Along with this incoming SSH connection from the remote node is also a request to set up a “Remote Tunnel” which makes the internal Shack PC set up a listening SSH port. After this is done, any connection to this new listening port will be sent backwards to the remote node, tunnelling within the existing SSH connection.

This tunnel will now accept incoming connections from machines inside my LAN and forward them to the remote node. I can now effectively SSH to the remote SVXLink node as if it were on my LAN in the shack.

The magic is all done in SSH, but to make it more robust I use a package called autossh which is a wrapper around SSH that monitors for loss of the tunnel connection and initiates a new connection automatically if it should fail for any reason.

Here is the script that fires it all off:

tunnel.sh 

#!/bin/bash
 
autossh -M 20000 -N -T gm4slv_tunnel

Simple enough, but effective.

The gm4slv_tunnel is connection defined in .ssh/config as: 

Host gm4slv_tunnel
	HostName gm4slv.plus.com
	User gm4slv
	Port xxxxx
	RemoteForward 4446 localhost:22
	RemoteForward 8080 192.168.0.1:80

This sets up a remote tunnel, listening on port 4446 of my shack PC that will be forwarded back up the SSH connection to the SVXLink Raspberry Pi. It also sets up a listening port 8080 which gives me http access to the 4G MiFi router at the remote site in case I want to shut it down or reboot it or whatever. I just browse to http://my_shack_pc:8080 and I'm actually logged into the MiFi router. Magic!

etc/ssh/sshd_conf needs to have Gateway Ports yes to allow the Shack PC to accept connections to its new remote listening ports (4446 for SSH and 8080 for HTTP) from other LAN machines, otherwise these ports would only be accessible to the Shack PC itself (on “localhost:4446” or “localhost:8080”)

To allow an unattended/automatic login from the remote Raspberry Pi to the Shack PC it's necessary to set up public_key authentication and to have a passphrase-less key on the Raspberry Pi.

Generate a public/private key pair on the Raspberry Pi with ssh-keygen and don't enter a passphrase before saving it in .ssh/id_rsa and .ssh/id_rsa.pub. Then transfer a copy of .ssh/id_rsa.pub from the Raspberry Pi to the Shack PC and put it in the authorized_keys2 file:

(on Raspberry Pi):

$ scp .ssh/id_rsa.pub user@shack_pc:

enter password etc. to do the initial scp transfer

(on Shack PC)

$ cat id_rsa.pub » .ssh/authorized_keys2

then any further SSH or SCP sessions from the Rasperry Pi to the Shack PC should occur without any need for passwords.

The Pi is now set up for automatic SSH Remote Tunnel - as long as the script is run at boot time:

Crontab is used to fire off the tunnel and start SVXLink @reboot 

@reboot sleep 60 && sudo -u gm4slv /home/gm4slv/tunnel.sh 2>&1
@reboot sleep 30 && sudo -u gm4slv /home/gm4slv/svx_ref.sh >/dev/null 2>&1

To check the Tunnel is up you look at netstat -ntl on the Shack PC: 

gm4slv@laptop:~ $ sudo netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      854/sshd: /usr/sbin
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      167630/cupsd
tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN      761/inetd
tcp        0      0 0.0.0.0:17500           0.0.0.0:*               LISTEN      62324/dropbox
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      1134/smbd
tcp        0      0 0.0.0.0:4446            0.0.0.0:*               LISTEN      2537/sshd: gm4slv
tcp        0      0 127.0.0.1:17600         0.0.0.0:*               LISTEN      62324/dropbox
tcp        0      0 0.0.0.0:20000           0.0.0.0:*               LISTEN      2537/sshd: gm4slv
tcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN      647/rsyslogd
tcp        0      0 127.0.0.1:17603         0.0.0.0:*               LISTEN      62324/dropbox
tcp        0      0 127.0.0.1:2947          0.0.0.0:*               LISTEN      1/init
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      1134/smbd
tcp        0      0 0.0.0.0:27659           0.0.0.0:*               LISTEN      854/sshd: /usr/sbin
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/init
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      2537/sshd: gm4slv

SSH is listening on ports 4446, 20000 and 8080 which proves it's up and running.

Port 20000 (and 20001) is used by autossh to handle its “is the tunnel still up” packets.

From the Shack PC I can ssh localhost -p 4446 and reach the remove Pi, hostname svx 

gm4slv@laptop:~ $ ssh localhost -p 4446
Linux svx 5.15.32-v7+ #1538 SMP Thu Mar 31 19:38:48 BST 2022 armv7l
 
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
 
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed May  4 14:28:06 2022 from 127.0.0.1
gm4slv@svx:~ $ who
gm4slv   pts/0        2022-05-04 14:35 (127.0.0.1)
gm4slv@svx:~ $ whoami
gm4slv
gm4slv@svx:~ $ ls
backup         greeting.wav   id_rsa.pub    id_svx.pub  node_info.json      svxlink          svxlink.log        svxlink-sounds-en_US-heather      svx_ref.sh
backup.tar     hosts          id_sdr.pub    log1.log    ReflectorLogic.tcl  svxlink.conf     svxlink_noel.conf  svxlink-sounds-en_US-heather.tar  tunnel.sh
git_backup.sh  id_laptop.pub  id_shack.pub  Logic.tcl   svx_el.sh           svxlink_el.conf  svxlink_ref.conf   svx_noel.sh
gm4slv@svx:~ $

John Pumford-Green Wed May 4 11:25:01 2022

Page Updated : 06/03/25 06:49 GMT

, , , ,
public/radio/dormant/svx.txt · Last modified: 06/03/25 06:49 GMT by 127.0.0.1