OpenVPN for remote access

I love operating digital modes remotely. Whether away from home or sitting in my living room beside a cosy fire, I just need my laptop in front of me to see what’s happening on the bands and work a few stations.

Two key considerations when setting up remote access are:

  • Ensuring hackers can’t get into my network through ports exposed to the Internet (and they WILL try).
  • Ensuring that routers/firewalls in hotel/coffee shop/airport WiFi don’t block the ports I’m using for remote access.

Both of these objectives can be achieved by using a VPN. A well designed and configured VPN will keep attackers out, and as all the remote control traffic is routed through the VPN tunnel, it will be protected from interception and not be affected by any filtering present in the bearer network.

I use OpenVPN as it is a free and well respected solution, with a VPN Server configured on the laptop connected to the radio, and  a Client configuration on my main laptop.

Guidance on how to set up OpenVPN can be found here: https://openvpn.net/community-resources/how-to/ so I won’t repeat it. As advised, use UDP as that gives better performance.

I change the port used by the VPN from the default to 443, as pretty much all networks allow this through. There is a small risk that traffic may be blocked by more sophisticated networks which spot that its not actually HTTPS: traffic, but I have not had a problem yet.

You should use the server option to disable compression, as that is a small security risk.

Also enable tls-auth as that provides some excellent extra protection, and put tls-version-min 1.2 in the server configuration.

As all software has reported vulnerabilities from time to time, you should always make sure you run the current version.

As you are connecting direct from the remote computer to the internal one, connection speed and latency should be as good as you can get.

To connect the laptop to the radio, I use the G4ZLP CAT interface and the Mini Pro SC souncard interface, which both work well.

Some radio control software has built in remote access functionality, but I would be cautious about exposing it directly to the Internet. This has been designed as radio software, not security software, so is more likely to have security weaknesses than OpenVPN.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: