Topics

Remote access - I want to connect ubitx to Raspberry PI and remote in #remoteaccess

Mark m1bxd
 

Hi,

I would like to set up a permanent QTH and probably just work 30m for QRSS and WSPR

Has anyone created a setup like this where I can remotely control my setup over the internet?

Cheers Mark

Don - KM4UDX
 

Mark -- I have about the same setup running wspr 24/7 when I'm not otherwise using the rig.  It would be cool to be able to remote into Ubuntu (my Linux flavor on an atomicPi) with some sort of Remote Desktop utility, and control WSJTX or even fldigi and use the rig remotely, but I haven't figured that out. 

Don
km4udx

Doug W
 

VNC and port forwarding will do what you want. 
--
www.bitxmap.com

Don - KM4UDX
 

Doug — I've never used VNC/Port Forward omg. For the currently clueless, what would be best next steps?

Evan Hand
 

I would start with a search for VNC on Raspberry PI.  The Raspian software comes with the VNC server installed, it just needs to be enabled.

You will also need the viewer (used to be client for us old dogs) to load on to  your "remote" device (assume laptop).  Here again I would look on the internet for the download, one is through RealVNC.com

Here is the Raspberry Pi Org link:
https://www.raspberrypi.org/documentation/remote-access/vnc/

I would make sure that it works inside your network first, before then setting up your router to forward the VNC port so that you can connect from anywhere on the Net.

Here is the Realvnc link for Windows (though there is a link for the other OSes as well):
https://www.realvnc.com/en/connect/download/viewer/windows/

If you are not sure on port forwarding, I again would look up instructions for you router on the internet.  That tends to be somewhat specific, so cannot provide a link for your router.

When you do open your network to the internet, be SURE you have strong passwords configured in the VNC software, Router Admin, and the Raspberry Pi.

Above are things to do until Don can get back to you with more specific advise as I have not connected to my uBitx, though have done the VNC on Raspberry Pi.

FWIW and YMMV
73
Evan
AC9TU

Doug W
 

Evan beat me to it and I completely agree with his advise to get VNC setup on your network first then setup the port forwarding.  Just so I can feel like I am doing something useful here's an andriod client app https://play.google.com/store/apps/details?id=com.realvnc.viewer.android
--
www.bitxmap.com

Jens Kaemmerer
 


I am running my uBitx v5 24/7 - connected to a Raspberry PI 3 as an FT8 'monitor'. I can access
it from anywhere on any device (laptop, iPhone, iPad) with VNC and OpenVPN. A big advantage
of this setup is that the radio is always 'ready for action' - even if I have only a few minutes time
to transmit (FT8 or FT4 or FS8).

As others have mentioned, the Raspberry PI comes pre-installed with VNC.

OpenVPN can easily be installed with:

http://www.pivpn.io/

OpenVPN allows to access the Raspberry PI VNC server with the same IP address / portnumber
used in your in your local network (without VPN connection). OpenVPN client applications are
available for all major platforms.

Of course, once you have established the OpenVPN connection, you can access any other
part of your home network (fileserver, printer, etc.) as well - not just VNC running on the
Raspberry PI.

I do not not recommend to directly enable a port to connect to the Raspberry PI VNC server,
instead enable a port to connect to the OpenVPN server.

-jens (KM6ZJV)

kj5wi@...
 

teamviewer host
Teamviewer host on the pi from above link will allow remote connection without opening anything. When the webpage opens, scroll down and watch for the pi logo on the right side.  The Sun City Georgetown uses Teamviewer for remote access to their club station radios.

Frank(kj5wi) 

Tom, wb6b
 

Hi,

Audio streaming seems to be a missing element in trying to remote control your shack. 

Has anyone tried these for a web browser/server based remote controller solution? (These are just a few things I found with a Google search for html RTC services).

https://www.html5rocks.com/en/tutorials/webrtc/basics/
https://webrtc.org
https://github.com/muaz-khan/RTCMultiConnection

Are there other DYI solutions. The team builder link looks good for a hosted (paid ?) solution, though.

Tom, wb6b

Roman
 

There's an article in the Oct 2018 QST about a ubitx-based "appliance" interfacing with, get this, not a raspberry pi, but an Asus Tinkerboard - the creator, Chuck Kelly, found that a pi 3 does not have enough processor power to decode FT8 in a timely manner.

Seems like if you are going to do audio streaming and maybe FT8, a Tinkerboard would probably be called for or possibly the new pi 4, which seems to have similar specs to the Tinkerboard. Beware though, the pi 4 has the micro hdmi outputs so adapters are required. I don't have any experience with either, although I've used a pi 3 for WSPR with good success.

73
Roman, K7TXL

Don - KM4UDX
 

i used TeamView for free with personal use. I took a bit to get both computers trusted and set up...one with Ubuntu/AtomicPi and the other Win10/oldlaptop. But...it works. Here is a screen cap from my win10 laptop controlling the AtomicPi with ubuntu controlling my V4 uBITX running WSJTX and completing a JT8 QSO.

I am thrilled!!! I have remote control for both good and evil...hahaah (actually not evil as I don't really know what that would amount to, hahah).

After this success, I switched to Fldigi and that works as well sending the keyboard via the link to Fldigi text input window. However. If the uBITX audio output level is set too low from the last time I physically adjusted the speaker volume, then I have no way to change/increase the uBITX output level to make Fldigi happy.  I'll pay with setting the uBITX output on the high side, and then try to lower the level on the software side of some application.

Now I see the real advantage to complete visualization of the transceiver (.e.g. Flex). if I had all of the uBITX functions on the screen, then the volume controls would be screen sliders allowing me to adjust it all from remote control. 

So question...is there a way to adjust the uBITX volume levels in software through some interface?  

The other challenge is not seeing the RF output levels. At the rig, I run the uBITX RF output through a old fashioned power meter to keep the lid on power levels. It would be nice to see the rig output on the screen somehow. I know I can adjust the drive level remotely, I don't really know the impact that is having on RF power output levels...

But, to the question of basic remote control, assuming your physical rig i/o levels are set in the range, then TeamViewer will allow remote control of your computer apps and rig. Seems to work fine. 

If there is a reboot, I don't yet know about having TV boot automatically so you can always get remote into it. I'm sure that is doable.

Christopher Miller
 

I am working on a masters of cyber security, I just wanted to speak up about the potential security issues. I like team viewer because by default it generates random passwords. This obviously won’t work here, so it’s important to make a password or passphrase at least 14 characters long. I also wouldn’t store personal or sensitive information on the pc. You are opening a door for hackers to use your station etc.

Chris KF4FTR

Tom, wb6b
 

On Sun, Jul 7, 2019 at 06:23 PM, Christopher Miller wrote:
You are opening a door for hackers to use your station etc.
Yes, that is a good reason to use a dedicated PC, Linux machine or Raspberry Pi type machine to be the computer running your station. And put the least amount of software applications as you can on the machine. Certainly don't use that machine to do your banking or store your Bitcoin wallet :)

If your computer controlling the station can accept incoming connections from the internet (You can connect to it and log in for your remote computer directly) you need to try to keep your computer up to date with security patches, as well as choose software where the developers currently maintain the software and keep up with what is going on in the security/exploit arena. For open source projects you can generally check how recently the last code commits were and if bug reports regarding security issues have been addressed. 

If you connect to your computer running the station through a third party website, and the station and remote access computers only make outbound connections, the security issues can be less. However, it that case you are somewhat at the mercy of whether the third party site was designed by true technical experts or just business people seeing a market to build a business around and not understanding (aware or care about) the nuances of what they are having built for them.

-- Tangent warning -- Of course you can go overboard. Not every little exploit discovered is a real threat. Risk has to be weighed with the possible damage. I worked for a company when they went into the first phase of evaluating/addressing security aspects of their internet service (good!) they went into full blown paranoia and the security people reacted to every exploit they read about on security sites without reason. Had a new set of servers provisioned for a project and just about the only way they would sign off the systems, was if only the operating system without the custom software that made our business a business, was installed on the machines. And, no, our custom software was not faulty from a security perspective. Reason on both sides prevailed eventually.  -- End of tangent --

Tom, wb6b

kj5wi@...
 

Teamviewer host on the pi is free for personnel use.   From a Win. 10 system, voice is available.  Linux not tried. 
On Ubuntu Studio, I work remotely from an iPad Air connecting with Teamviewer first, then NoMachine. With NoMachine nrunning, swipe up from bottom of page to get Teamviewer back up also. I have used this with Audacity to split out & process  recorded clogging music for several years .  Some adjustment with Ubuntu Studio's volume control may be needed. 
Win 10 users will find this setup works there also.
Aldo works with VLC Music player as audio source. Should work as well to hear the units or any other audio. 

Frank(kj5wi) 

Christopher Miller
 

Quite a few hackers are hams by the way. Kevin Mitnik operated on 2 Meters while he was doing what made him famous. Don’t underestimate what can and will happen. My former boss walked in on a guy who had exploited a vulnerability in VNC and was working to transfer every dollar out of the company bank account because he saved his password. 

If the group is discussing this an appropriate discussion of security needs to happen /before/ a technical discussion involving opening ports. The person who doesn’t know how to get their router to do that probably doesn’t realize what it means from a security prospective.

Chris

Tom, wb6b
 

I'm in theory I'm a fan of managed solutions that only involve outgoing connections to a reflector server. That way the average user does not have to get involved with opening ports through their router/firewall. I also recommend that people put there computers behind a NAT firewall. Almost everyone using a WiFi router is doing that.

Another approach is to run your remote controlled radios or whatever through a battle tested VPN server, like OpenVPN. That provides a whole extra layer of authentication through certificates, (and even two factor authentication) by a well known and proven VPN system. Clients are available for Windows, Mac and Linux. You can run the server as a preconfigured Raspberry Pi distribution to lessen the chance of incorrectly building the VPN server.  

The problem with managed solutions is on so many occasions, we find out the companies providing these have failed security 101 with the most glaring errors at the most fundamental levels. We have seen this with cloud file backup companies and with secure network services with communication/email/social apps. And even cloud server performance and security management/monitoring applications. Things like passwords stored in the clear in a database. Non-salted passwords. Inadequate log-in credentials checking and session management on APIs, like being able to feed guesses on record ID's or user ID's right into an API connected to the internet and have the request go through unchallenged and actually retrieve data based on the guesses of what may be a valid record. No request throttling. Or just try enough to get lucky on some percentage of hits that return records. Not to mention the older hacks of stealing cookies and such. 

But we can't be frozen in fear afraid to build anything because of the unseen forces of hackers. For the most part they are using scripts to automate their search for the easiest to exploit weaknesses. That includes things like your perviously mentioned WiFi router (or security cameras if not installed inside your NAT firewall) having an unfixed known exploit or even worse one of the 100 or so default passwords the hacker scrips check for, left there courtesy of the manufacture. 

In most cases if your router is hacked, they are still not so interested in your internet activity (most is through SSL nowadays and they can't read it) as having an army of bots to send spam or do denial of service attacks on bigger more interesting targets. If they think you are worth the trouble, they may launch an attack on your home computers from your compromised WiFi router, if it provides enough resources for that to be done.

If you run servers on the internet you know how there is a constant flow of traffic from hacker scripts working through a list of attacks. The vast majority of servers are surviving this onslaught. Directly, or even better, with an exploit aware proxy firewall. 

So if you are already surfing the web, the level of danger you are exposed to is in line with a *competently* designed and managed third party remote access service. The problem is identifying if the service is well implemented or maybe had some troubles in the past but have actually learned from their mistakes. But, I'd not recommend making your home computer with all your important information exposed to being remotely controlled, at least not just left that way continuously. As the computer doing the remote controlling OK.  

Tom, wb6b

James Lynes
 

Don:

You could add an I2C pot and mod the code to adjust it remotely. 

James

Don - KM4UDX
 

Thanks to all for the security notes. Your collective commentary is thoughtful and on target.

My general environment is kept up to-date with Security/OS stuff.  And the remote accessed AtomicPi is dedicated for uBITX only operation. 

It seems a bit intimidating if you’ve never implemented any of the organic remote access and port management tools in Linux/Ubuntu. And there is the real concern that doing so could introduce unknown vulnerabilities (in the hands of a newbie like me),  So there is a trade in the security space. 

Nevertheless, I now have a much better understanding of the security concerns from managed solutions. 

Thank you all all again very very much. 

P.S. I tell my wife (all the time) that the folks I meet in the amateur radio ecosystem are wicked smart. With one exception. Hahha.

Thanks again.   

Don
km4udx