<< Click to Display Table of Contents >> Navigation:  RSS Connections > Remote Connections

Internet Access to your Raspberry Pi

 

Port Forwarding

 

The following instructions apply to a Netgear R8500 Router. The steps for your router will be different.

 

Netgear routers do port forwarding by assigning port numbers to a "service" that is associated with the application you want to run.

 

To open the ports for RSS:

 

1.Type the router's address in an Internet browser's address bar. (By default the router's address is 192.168.0.1 or 192.168.1.1). The Setup Wizard appears

2.Enter the router's username and password

3.Under Advanced, click Advanced Setup, then Port Forwarding on the left menu bar (varies slightly by Router)

         A Port Forwarding Screen appears

4.Click Add Custom Service. The Custom Services window opens

5.Enter RSS for the service name

6.Select TCP in the Service Type drop-down

7.Enter 7488 in the External Starting Port box

8.Enter 7488 in the External Ending Port box

9.Remove the check for Use the same port range for Internal Port

10. Enter 80 in Internal Starting Port

11. Enter 80 in Internal Ending Port

12. Enter the LAN IP for RSS in the Internal IP address

13. Click Apply

14. To add Port Forwarding for Mumble, click Add Custom Service and follow the same steps

15. Use Mumble for the name. TCP/UDP for the type and 64638 in the External Port boxes

16. Enter 64738 in the Internal Port boxes

17. Enter the LAN IP for RSS in the Internal IP address

18. Click Apply

19.To add remote VNC viewer access to open RSS Desktop, click Add Custom Service and follow the same steps

20.Use VNC for the name. TCP for the type and 5900 in the External Port boxes

21.Enter 5900 in the Internal Port boxes

22.Enter the LAN IP for RSS in the Internal IP address

23.Click apply

24.To add access to the RigPi Video Camera, click Add Custom Service and follow the same steps

25.Use VideoCamera for the name. TCP for the type and 8081 in the External Port boxes

26.Enter 8081 in the Internal Port boxes

27.Enter the LAN IP for RSS in the Internal IP Address

28.Click Apply

29. Click Logout to exit from router settings

 

With RSS running, open canyouseeme.org with your browser and confirm that ports 5900, 7488, 8081 and 64638 are open.

 

To connect to RSS using a browser when away from home, enter the WAN IP (from SETTINGS>System) followed by a colon and 7488:

 

97.222.46.198:7488

 

The WAN IP above is fictitious, use your own. Now you can log in and control your radio from anywhere Internet access is available.

 

To connect Mumble on your remote client, open the Edit window for the rigpi server connection and change the port to 64638.

 

 

Important Port Forwarding Note

 

Some Internet Service Providers supply a Modem that contains a single-port router. If you use an external router with such a device, port forwarding will not work without extra settings. Here is an article on the web that explains the 2-router problem. If port forwarding doesn't appear to work for you, please read this a

Click to Go to PortForwarding.com

 

Note: Port Forward is an excellent resource for help if you run into trouble with port forwarding. They also sell programs to aid with the process. Most port forwarding issues can be solved without the need for other programs.

 

ZeroTier

 

ZeroTier is a software-defined networking (SDN) solution that allows you to create and manage virtual private networks (VPNs) easily. It enables devices across the internet to communicate securely as if they were on the same local network. By using ZeroTier you do not need to set up Port Forwarding through your router. ZeroTier is installed on RigPPi.

 

Here’s a more detailed overview of what ZeroTier is and its key features:

 

•Key Features of ZeroTier

 

1.Peer-to-Peer Networking: ZeroTier creates direct peer-to-peer connections between devices, reducing latency and improving performance compared to traditional VPN solutions that route all traffic through a central server.

 

2.Cross-Platform Support: ZeroTier runs on a wide range of operating systems, including Windows, macOS, Linux, iOS, Android, and various embedded systems like Raspberry Pi.

 

3.Ease of Use: Setting up a ZeroTier network is straightforward. You can create and join networks with just a few commands or clicks, and management is done through a web-based interface called ZeroTier Central.

 

4.Security: ZeroTier uses end-to-end encryption to secure all data transmitted between devices on the network. This ensures privacy and security, even over untrusted networks like the internet.

 

5.Flexibility: You can configure ZeroTier networks to behave like traditional LANs, with support for custom IP addressing, multicast, and broadcast traffic. This makes it suitable for a wide range of use cases, from simple remote access to complex network topologies.

 

6.Scalability: ZeroTier networks can scale from small personal networks to large enterprise deployments. The system is designed to handle a large number of nodes with minimal configuration effort.

 

7.Open Source: The core of ZeroTier is open source, which means you can review the code, contribute to its development, and even deploy your own ZeroTier controllers if desired.

 

•How ZeroTier Works

 

1.Network Creation: You create a network in the ZeroTier Central web interface. This network gets a unique network ID.

 

2.Joining a Network: Devices (nodes) join the network using the ZeroTier client software and the network ID. Once a node joins, it appears in the ZeroTier Central interface.

 

3.Authorization: Each new node must be authorized in the ZeroTier Central interface before it can fully participate in the network. This step ensures that only approved devices can connect.

 

4.Communication: Once authorized, nodes establish direct peer-to-peer connections with each other, and all traffic between them is encrypted.

 

5.Management: Network settings, such as IP address assignments, access rules, and routing policies, are managed through ZeroTier Central.

 

Setting up ZeroTier on a Raspberry Pi is a straightforward process that allows you to create a virtual network for secure, private connections over the internet. Here’s a step-by-step guide to get you started:

 

• Prerequisites

1.A Raspberry Pi running a recent version (Bullseye) of Raspberry Pi OS

2.An internet connection

3.A ZeroTier account (you can create one for free on the ZeroTier website:

 

 https://www.zerotier.com/

 

•The ZeroTier client is already installed on RigPi 4

 

•Join a ZeroTier Network**

Replace `<network_id>` with your actual ZeroTier network ID using Terminal:

 

       sudo zerotier-cli join <network_id>

 

•Authorize the Device

Go to the ZeroTier Central (https://my.zerotier.com/) web console, log in with your ZeroTier account, and find your network. You should see your Raspberry Pi listed as a member with a unique ID. You need to authorize this device by checking the box next to its entry.

 

•Verify the Connection

  To check if your Raspberry Pi is connected to the ZeroTier network, run:

 

        sudo zerotier-cli listnetworks

 

  You should see your network listed with a status indicating it is `OK`.

 

•Additional Tips

 

Persistent Network Configuration: Ensure your ZeroTier service starts on boot by enabling the service:

 

 sudo systemctl enable zerotier-one

 

•Firewall and Security: Ensure that your Raspberry Pi’s firewall allows ZeroTier traffic. If using `ufw` (Uncomplicated Firewall), you can allow ZeroTier traffic with:

 

 sudo ufw allow 9993/udp

 

•Check ZeroTier Status: To check the status of ZeroTier service:

 

 sudo systemctl status zerotier-one

 

•Troubleshooting: If you encounter any issues, check the ZeroTier logs for clues:

 

 sudo journalctl -u zerotier-one

 

By following these steps, your Raspberry Pi should be successfully connected to your ZeroTier network, allowing you to securely access it from anywhere as if it were on a local network.

 

Remote RigPi Clients

 

RSS can be accessed from anywhere via the Internet. Access is made available through RSS and router settings. All user accounts should be password protected before you allow any access.

 

RigPi provides 4 ways for remote access.

 

1.Browser: Any browser (desktop, phone, tablet) can be used to access RigPi from a remote location. Audio is provided through a separate Mumble Clients running at the RSS station and remote locations.

2.RealVNC: This option provides access to the Raspberry Pi desktop.  You can use the desktop browser to control your radio.  

3.RigPi Hub on a Windows computer: The Hub connects to RigPi using port 30001.  With RigPi Hub you can use your favorite logging program to control RigPi.

4.Link another RigPi: Use a second RigPi at the remote location to connect to your home RigPi.

 

All connection options require port forwarding unless you are using ZeroTier. Up to six ports must be opened: 1) browser; 2) audio VoIP; 3) VNC viewer 4) Video Camera (optional); 5) RigPi Hub/Linked RigPi port; 6) Remote CW.  By using a service such as ZeroTier, it is not necessary to open any ports on your router. ZeroTier is installed on RigPi but must be configured.

 

 

Browsers, by default, connect to port 80 on a server. This access port must not be blocked by a router or firewall. Your router's advanced settings provides a way to forward connections from the outside to a specific LAN IP and port.  Firewall configuration is avaialble through the operating system settings.

 

The LAN IP for RSS can be found on the System settings page (SETTINGS>System). It will be an address like 192.168.1.20. The RSS browser, Mumble, VNC and Video Camera ports must be able to transverse your router to get to these ports, otherwise they are blocked. This is called Port Forwarding.

 

Many routers provide a way to translate an incoming port to a different port. This translation provides a slightly higher level of security than simply forwarding port 80. Set the External Starting and Ending port to something like 7488. Set the Internal Starting and Ending ports to 80. Your router will now accept an incoming connection on port 7488 and forward it to port 80 on rigpi4.local. When away from home you would instruct your browser to connect to port 7488. If your router does not provide port translation, open port 80 instead and you will connect to the default browser port, 80.

 

The default Mumble port is 64738. This port must be forwarded through your router. You can use the same translation trick as with browser connections, but you must also tell the mumble client which port to use if not the default.  Mumble data are encrypted.

 

VNC Viewer gives you access to the RSS Desktop from any device.  VNC Viewer clients are available for most operating systems and devices.  To use VNC Viewer from a remote location you must forward the port used by VNC.  The default port for VNC viewer is 5900.

 

Password Protection

 

Since RSS is now open to the Internet, add passwords to all accounts before proceeding.

 

RigPi Remote Linked Connections

 

Use the Link capabilities of RigPi to connect a second RigPi or another program such as WSJT-X to your Home RigPi.

 

Rather than using a remote computer or device to connect to (Home) RigPi, you can use a second (Remote) RigPi.  Set up Home to control your radio, rotor and keyer.  Set up Remote using the Home IP and Port in the Remote->Advanced Radio->R Port and Remote->Keyer->Port boxes. Use the Hamlib Home->Advanced Settings->Manuf and Net rigctl in Model.  For Rotor, use Hamlib for Home->Rotor->Manuf and Net rotctl Rotor in Remote.  

 

if Remote is using the same LAN as Remote, the Home IP  is found in Home->System Settings->LAN IP 1.  If connecting from another location, use Home->System Settings->WAN IP.  Use Home->System Settings->Rigctl Port for the Remote port.  Use the same IP and Port + 1 in Rotor Settings.

 

If Remote is at another location, you must forward the port you are using at home.  For example, if you are using Account 1, the radio control port is 4532.  Port 4532 must be forwarded through your Home router.  If you want to use audio, the Mumble port must be forwarded, as well as the VNC port if desired.  It is not necessary to forward port 80 in your Home router if you are using a Remote RigPi using port 4532.

 

Same Network

 

 

Separate Networks

 

 

 

*Port Forwarding in your Router is required for WAN <port>

 

For further trouble-shooting help, see here.