Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Remote control of EESDR2 or EESDR3 connected by STARLINK

Remote control of EESDR2 or EESDR3 connected by STARLINK 15 Dec 2021 01:02 #1

I am in the progress of setting up a remote station near Perth, Western Australia. As it is country internet options are limited hence I have connected with Starlink. The service works well with a ping time of 50ms ish and speeds of 300mbps down and 40mbps up. However, they use CGNAT (Carrier Grade Network Address Translation). This means that you don't have a live IP on the internet and share the same IP with other users. It's the same as NAT but at the ISP level.

I have been playing with both ERS EESDR3 and EESDR2 and have so far not been able to make it connect or see the server software while connected via Starlink. I have even tried an IP tunnel utility ngrok.com to open up specific ports to the outside internet that works well, however, does not seem to solve the issues

I wonder if anyone has managed to get this to work while connected using Starlink or an ISP that uses CGNAT?

I guess the next approach would be to use VPN to connect my home LAN in the city to the remote LAN at the radio.

Any advice or experiences are gladly received! :D

73
Andrew
VK6IA
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 15 Dec 2021 08:36 #2

  • davegte
  • davegte's Avatar
  • OFFLINE
  • Posts: 21
  • Thank you received: 3
I use a point to point app called NeoRouter for just that purpose.Free for non commercial use.
Set up a VPN using a server running on your own machine - either dedicated or the same PC as one of the clients.
Overcomes my CGNAT issue on a remote SDR receiver I use over 4G.
Dave GW4GTE
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 15 Dec 2021 09:27 #3

  • VK6NX
  • VK6NX's Avatar
  • OFFLINE
  • Posts: 296
  • Thank you received: 138
Hi Andrew

I have just returned from the sea after intensive testing of Starlink from the boat. We have tried to achieve two things: 1. find out maximum distance from registered address, where dishy still can operate reasonably within its registered sat hexagon; and 2. Check out remote operations, specifically assuming CGNAT config.

In overall - both tasks resulted "fail" :( for my purposes.

Remote operations with current CGNAT + IPv4 configuration possible, but with too many caveats. Tested on pfsence and Ubi Unify SGR.
Main problem with "hosting behind Starlink" with their current setup, that you have to trigger connection "out" from the LAN behind Starlink. Hence we have tried to use "backup interface" of pfsence and Ubi FW to trigger "out" connection on certain conditions. The sub-problem - when established connection goes down on any reason, you have to wait until next trigger timeout or event. Even though, both routers have to be heavily modified to provide such event. We have also tried to use customised TCI-based trigger, which supposed to provide an event, however this have failed.

There are few options still possible, but ... An overall - IMHO the setup to override limitations with CGNAT + IPv4 looks very complex and still does not provide guaranteed operations.
I believe we have to wait until Starlink will enable IPv6 (however this really depends not on Starlink only, as IPv6 currently have known and still unsolved caveats, hence it should be a combination of solved IPv6 issues + Starlink to enable IPv6 then).

Main problem source, if you wish to know: CGNAT initially has been designed as an workaround to enable IPv4 carrier operations. It is an interim solution, up until all IPv6 is fully operational. Edge devices, which can support CGNAT and provide capability for extended configuration - are currently limited too. Those two mentioned above are most proven.

There is some hope that we will be able to override limitation by using Faucet (and I am currently talking to Faucet dev team to find out if they will be interested to perform some adjustments), however, setup with Faucet appears to be complex as well.

Mean time, I have found Starlink perfect for home (and F#$%@#ck NBN) :)
Last Edit: 15 Dec 2021 09:34 by VK6NX.
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 20 Jan 2022 21:01 #4

Have you looked at ZeroTier?
73 John G4IRN
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 21 Jan 2022 08:08 #5

  • VK6NX
  • VK6NX's Avatar
  • OFFLINE
  • Posts: 296
  • Thank you received: 138
Purpose, John?

I do not see how VPN-based solution can override current CGNAT limitations.

It rather will add extra packetisation delay due to VPN overhead. Which means it will trigger extra-delay on all UDP traffic, resulted in extended audio and video jitter.
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 23 Jan 2022 07:48 #6

  • sunnysouth
  • sunnysouth's Avatar
SpaceX using smart, application layer firewalls which inspect traffic, looking for specific data signatures, pretty normal these days. However it can slow down or even block some of your traffic. I would first test outbound VPN connection with different ports and both UDP and TCP. One of the almost successful pick is port 443 UDP (or TCP) outbound. Expert Electronic guys are Russians, they are experts in networks security and vpn-s too, as almost every Western sites are blocked there :D they could maybe add a possibility to connect to Cloud from the SDR software with openvpn or ipsec tunnel too.
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 06 Feb 2022 12:14 #7

  • spacex
  • spacex's Avatar
For the Starlink users, there is the ulitmate solution for remote access your system from the Internet.
No need any 3rd party solftware or any web or cloud based workaround.
The direct point to point solution is already available and it is called IPv6.
IPv6 does not require any port forwarding simply because there is no NAT (Network Address Translation).
The security is gived by the firewall, you simple allow access from the outside to your SDR server on a particular port.
Those who wants to know how to do it, i give few step quide.:
- get an EdgeRouter X it is pretty cheap about 40USD
- remove your Starlink router and plug the EdgeRouter directly to the Starlink PoE adapter.
- Configure Starlink with normal IPv4 and test if all good.
- run the following additional configuration for setting up IPv6 docs.google.com/document/d/1xPoIfmuCcL4hNiXmVGtmUkwFTEU-1nJ93j01tWPFplc/edit
- setup a rule that allow the needed access via IPv6
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 07 Feb 2022 07:21 #8

  • VK6NX
  • VK6NX's Avatar
  • OFFLINE
  • Posts: 296
  • Thank you received: 138
spacex wrote:
- run the following additional configuration for setting up IPv6 docs.google.com/document/d/1xPoIfmuCcL4hNiXmVGtmUkwFTEU-1nJ93j01tWPFplc/edit

Great, thanks.

1. I was trying to setup the above config approx 2 months ago with Ubi FW and it was unsuccessful. The only IP I was getting was IPv4. Perhaps something has changed within last 2 month and I should give it another try.
2. ESDR2/3 at this stage does not support configurable IPv6 addresses
3. The above setup (once working) will require either IPv6/IPv4 stack within the user LAN, or moving whole LAN to IPv6
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 07 Feb 2022 08:48 #9

  • spacex
  • spacex's Avatar
Please give it a try as it is working perfectly. Very important to configure firewall properly as here we dont have NAT.
Only allow access where you want. Once you setup the EdgeRouter with IPv6 then all you LAN devices will work with IPv6 too. For example Raspberry Pis.
For test from the outside world you can use a raspberry pi as target LAN device. Once both inbound and outbound work you can setup the same for the actual target computer in your LAN. UI forum and reddit forums are great source of advice or help on IPv6 and Starlink and Edgerouter
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 07 Feb 2022 09:05 #10

  • VK6NX
  • VK6NX's Avatar
  • OFFLINE
  • Posts: 296
  • Thank you received: 138
What I mean - at this stage I do not have EdgeRouter. All my test were performed with Ubiquiti UniFi Security Gateway.

(Unless there is something obvious I am missing), from IPv6 DHCP perspective USG and EndgeRouter should work very close; just need to replace above EdgeRouter config with like-to-like Uni-SG config. I will try it again during upcoming weekend..
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 07 Feb 2022 09:10 #11

  • spacex
  • spacex's Avatar
i am aware that UDM Pro and Edgerouter users successfully using IPv6 on Starlink, I run it on EdgeRouter. The config i shared is for EdgeRouter.
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 07 Feb 2022 09:40 #12

  • VK6NX
  • VK6NX's Avatar
  • OFFLINE
  • Posts: 296
  • Thank you received: 138
Yeah, the only problem we have here in AU, that all stores run out of EdgeRouter X stock for already 6 months, and their real lead-time currently is 3-4 months.
That is the reason why I am testing with what I've got.

Anyway, I have already re-engineered the config you shared for USG and I will definitely check if it works. I had looked at the logs I've got when tested it 2 months ago with USG, the debug shows "unable to access ipv6 pool" with immediate failover to ipv4. May be this is USG feature set problem...
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 07 Feb 2022 09:50 #13

  • spacex
  • spacex's Avatar
I see, as for EdgeRouter X you will probably need enable hardware offloading too, in order to cope with high data rate of Starlink. help.ui.com/hc/en-us/articles/115006567467-EdgeRouter-Hardware-Offloading

Good luck !
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 09 Feb 2022 02:01 #14

  • VK6NX
  • VK6NX's Avatar
  • OFFLINE
  • Posts: 296
  • Thank you received: 138
I have looked at potential network topology while using IPv6 on outbound interface in EdgeOS and here are the findings.

Main thing is that current ESDR2/3 & SS models have IPv4 config only. Hence, the translation from IPv4 (SunSDR) to IPv6 (outbound interface on Starlink) is required.

Common implementation option is to use NAT64 GW, and here we come to some limitations.

EdgeOS based Ubi devices appears to be not fully compatible. Unless I am missing something, it seems (according to all Docs I have found at Ubi) that EdgeOS does not support native NAT64. There is some info on forums that it does support static IPv6, however I cannot find any official guides/info.

pfSence is the next feasible option., however it has some caveats. HW to run assuming Starlink bandwidth has to be about $400+; and, obviously, pfSence requires above "sound knowledge" in NAT64 space. pfSence, actually, not bad option as it can run dual WAN config with combination of NAT / NAT64 on different ports..

Cisco/Juniper EOS models. Those (example 29xx-series of Cisco) has native NAT64 support. However, the caveat is only one NAT version can run on those at the time. Hence, no dual WAN option in most scenarios. Obviously, cisco/junOS experience required.

I have pfSence and Cisco, hence in a next few weeks I might be experimenting with the configs.
The administrator has disabled public write access.

Remote control of EESDR2 or EESDR3 connected by STARLINK 09 Feb 2022 05:51 #15

  • spacex
  • spacex's Avatar
NAT64 is for translation from IPv4 to IPv6 and vice versa. Why do you need such on your home router when you can have IPv6 connectivity on usually all end user devices. IPv6 supported by most vendors for many years even if almost hardly ever used.

Starlink IPv6 is dynamic one, it keeps changes, so you need to script it to follow the change, update the end device dynamic IPv6 address and also the firewall rule. Later it could be static IPv6 but for now its dynamic.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.102 seconds