SDR TRX + VPN = Awesome! I added a rpi3 to my home network, moved it into the DMZ, set up some firewall rules and installed Wireguard on the pi. With the SDR software on the laptop I can now dial into my home network and establish a connection with the Hermes Lite. Just had my first remote SDR QRP QSO with F4IXL/P and am pretty impressed how nicely it worked.
@DL6MHC So, the firewall rules take care of sending packets on VPN network to the network where HL2 resides?
I had a similar setup but using "tinc" vpn. I didn't quite figure out the iptables rules, so I wrote a Go program to pipe packets from/to VPN address on Pi2 to HL2 ip/port and configured Quisk to use a static ip address (the vpn address where the Go program listens). Worked great.
@vu3rdd You don't need firewall rules to forward the packets between the networks; that's what enabling packet forwarding in the kernel does (and if you have a working VPN before using something like SDR TRX over it you've already done this, unless you're using bridging or *spit* NAT *spit* instead of routing). You do need the firewall to accept the packets coming in and going out on both networks, but again if you have a working VPN then you've already taken care of this. @DL6MHC
@ND3JR @vu3rdd since the VPN server is in the DMZ and the HL2 resides in the internal network, I need one forward rule that allows UDP traffic from the VPN subnet to port 1024 of the HL2 in the internal network. In order to make the VPN server internet accessible, I needed a dst-nat rule that exposes the WireGuard port on the WAN interface. I did the same for 443/tcp since I have openwebrx running on the rpi, too. It might be wiser to also move the HL2 to the DMZ, have to think about that.
Mastodon.Radio is a community space for the Amateur (Ham) Radio community. Come join us and talk radio, technology, and more!