[Elecraft] Fwd: K3/0 to K3 RemoteRig issue

[David Woolley]

[ Full bottom quote below ]

 > The sad part of this is that there is a standard solution to all of
 > this, the same one that works for Skype and BitTorrent.

BitTorrent comes from an anti-authoritarian background and does its best 
to defeat network security measures.  I think Skype was originally 
written by the same people.  To a large extent they only work on 
corporate networks if that network is not properly locked down.

 > The next time the station checks in (about half the update interval on
 > average) the server tells the station "connect to the operator's IP
 > using these port numbers."

Which in the Starbucks example quoted will either not be open or will be 
open to the laptop of a completely different customer at the coffee shop.

To accept incoming traffic through a NAT router, the router must either 
be hard configured with the ports (port forwarding) or must know enough 
about the protocol being used to infer the need to map the ports.  In 
the latter case, there will normally be a port number translation, so 
the router will not only have to set up the incoming port, but also 
translate the port number in the communication to the central server, 
which is another reason it has to be aware of the protocol.

In that sort of public environment, which is not particularly worried 
about network security, the most likely way to succeed would either 
involve a permanent TCP connection to the central server, or frequent 
polling of that server for incoming calls.  The actual call can either 
be relayed through the central server, or if one side has full control 
of their connectivity, the more restricted side can call them.

The original Skype also borrowed the better connected, signed in, client 
systems as relays for the traffic. That reduced the central servers 
costs, which have to be paid for some way (e.g. Skypout).

For a home system that has to use NAT, but does have enough control of 
its router to configure port forwarding rules, dynamic DNS, as mentioned 
in other replies, is by far the simplest solution.

Incidentally, private addresses are a work round for limited number of 
IP addresses, although they have also been used as a security measure. 
Routers don't have to use them on the internal network.  IPv6 should get 
round the limit to the number of addresses, although another reason for 
using dynamic addresses is to prevent low end product customers running 
servers, so mass market ISPs may not offer their full benefits.

-- 
David Woolley
Registered owner K2 06123

On 20/12/13 17:46, Lynn W. Taylor, WB6UUT wrote:
> I ran an internet service provider for a couple of decades.
>
> The sad part of this is that there is a standard solution to all of
> this, the same one that works for Skype and BitTorrent.
>
> The radio end needs to send a message to some central server (run by
> RemoteRig) that says "I'm on, my 'name' is N1AL" or whatever identifier
> seems reasonable.
>
> The server sees the message, gets the apparent public IP from the
> header, and records it.  The updates have to be every minute or two, but
> they can be UDP to minimize bandwidth and connections.
>
> The client (at Starbucks) sends a message to the central server saying
> "I want to operate N1AL" and the server says "connect to this IP using
> these port numbers."
>
> The next time the station checks in (about half the update interval on
> average) the server tells the station "connect to the operator's IP
> using these port numbers."
>
> Because the typical firewall opens up circuits for outgoing connections,
> the NAT firewall at Starbucks and the NAT firewall at the station both
> open the correct ports, thinking that they're connecting out, and not
> realizing they're being tricked into allowing a connection in -- it's
> okay because it has been coordinated through the central server.
>
> No static IP addresses, no messing with port forwarding, no trying to
> get your IT department to let you operate during your lunch break.
>
> There are a few missing details, but that's how most everything else works.
>
> -- Lynn
>
> On 12/20/2013 5:15 AM, bwruble at gmail.com wrote:
>> What was so bizarre in all this --- i should be able to take the K3/0
>> plus RemoteRig control box (RRC) to a local Starbucks and get on the
>> air using wifi.
>
>