For those who doesn't want to re-setup a new network: 3:20 "Deleting" a device actually means "banning" it from the network. You have to unban it first before you can add it back again. Unbanning a device is as easy as inviting the device from the control panel before the device joins. The problem is getting the network ID of the device, no other way but to ask the device owner.
@@HB9BLA if you mean how it works behind the scenes, I have no idea. But if you mean how to "unban" a device, there should be a "Members Help" under the device list.
Zerotier: I have learnt about a new thing today. Awesome, thank you sir 👍 Now I can look at replacing my wireguard+linode method to access my home network.
There is only one thing I would be worried about in this nice setup: you need to rely on a single cloud software supplier. So many bad experiences. So I decided for myself to refuse the use of such services as long as there are no alternatives in case the original supplier stops its services.
I agree. Depending on a single source always creates a risk. In this case, I can live with it because it is cheap. I could have gone with the Teltonika RMS solution. But this is costs as much as we pay for our cheap cellular subscription. AFAIK Tailscale is a Zerotier competitor with a similar service. And looking at the ease this principle works, I think, we will see more of them appearing in the future.
@@HB9BLA If keeping the risk in mind is good enough for you and you can deal with downtimes, it is OK, surely. I just remember those customers buying hardware but cloud operated products, which got rendered useless once the cloud service was disabled permanently.
Interesting ! Really beautifull antennas. My experience with these kinds of routers is to use SIM cards from different providers. Especially if you're connected to only one radiotower. A while ago I used Pepwave, Viprinet, Goodmill etc... all performed best with the SIM's of different providers.
Good to know. The router has two SIM slots. So, if we encounter problems, we might add a second operator. For the moment, we first have to get solar energy...
Thank you for this right in time video - I was searching for a remote solution to control Meshtastic-Nodes (reboot, firmware-update,...) with an attached Raspberry Pi Zero with UMTS-USB-Modem connected. With Zerotier and your great explanation, I was up and running in less than one hour with this task. Great! 73, OE2DHH
Reminded me of my old days as sys and network admin. Changed the crappy 1mbit dsl connections with pfsense boxes and built in 4g Modems to at least have 4-40mbit of internet speeds. Finally the remote gas stattions could connect to the headqarter with decent speed and vpn to exchange sensor data and bills in real time :)
Yea, things got easier now. Still, this problem was bigger than I thought. Maybe with IP V6 these problems will be gone. If I am still alive when it will be fully rolled-out...
Nicely done. Excellent overview and walkthrough. I also have a Flex radio working w/ Starlink & ZeroTeir, since around Spring 2022 at a remote site. Glad to see your setup on 4G is also working via ZeroTier.
Karl I am trying to get this exacct setup to work. How did you do it? I can see Smartlink remotely with SmartSDR on IOS with ZeroTier VPN but it will not connect. The port shows -1
I have a flex station remote in bulgaria, many times very poor connection, considered starlink, but thought not possible. I hooe yr gsm costs are not very high, remote operation with low noise is wonderful, I will add I enjoy yr other YT channel and have learned much from your videos, 73 Andreas
Educational video as always. Would seem that ZeroTier should also work for Starlink considering Starlink's use of CGNAT too. Insofar as the hardware price, looks like the cellular approach might be a bit less expensive than Starlink. So I'm wondering about the ongoing cellular costs and comparative performance between Starlink and cellular. Starlink monthly charge in Switzerland appears to be around $99 USD.
I did not consider Starlink because I thought it is rather expensive. The other possibility could have been a 5.8MHz link because I know somebody in the line of sight. But with 4G we are not dependent on anybody. For the moment, we pay 30 CHF per month for the SIM card.
I see it differently. Here are my thoughts: In the case of Teltonika, my name/RUclips presence was my part. So I consider it as a barter deal ;-) Zerotier uses the "Freemium" policy (free to try and pay if you use it for business), which is a new marketing strategy used for products without or with very little cost of goods sold. Marketing is a cost that is part of the sales price and is paid by the "real" customers. So it is possible that I get something for free because I am part of the wastage. Freemium is used because it can be more efficient (and cheaper) than advertising in a newspaper, for example.
They provide a hosted controller and convenient UI which you have to pay for if you have a large enough network. If you want to host things yourself, you can have an arbitrarily sized network and pay them nothing (but with some added complexity and the need to pay for whatever hosting setup you are using.) Lewis' comment only applies if the services you are using *can't* be paid for. Plenty of services have free and paid tiers and the paid tiers cover the cost of supplying the free ones, without needing to sell customer data to advertisers.
I did not know Cloudflare, so it is good to know, thank you. After reading their homepage it seems that they provide their own network. Zerotier seem to have no network. Their service only provides the information to all nodes on how to connect each-other. During operation, the nodes have a "normal" internet connection.
Hey Andreas. I am using the same principle but with Tailscale instead of Zerotier to access my QO-100 station that runs on a RPi from remote. Works like a charm. 73 de ON8HZ
I seem to have a problem with my ZeroTier. It has high-latency at times (terrible for VoIP applications, and my ICOM 9700 remote use). This is not a problem with the broadband, but something with the ZT system. I use Mikrotik ZT and Windows ZT clients. I cannot figure out the problem - even with the suggested port being forwarded.
I am no specialist in this matter. But ZT uses encryption and this needs "power" in the routers. So I would have a look at CPU load on the routers during the transmission. I also did not thorough testing. So I might run into such problems later on. What I liked with ZT is that they use a direct connection for the data traffic. So no ZT server is involved in the traffic transport, they only enable the initial connection.
@@HB9BLA thanks for suggestion Andreas. I thought this as well. Others have reported this too. I will take a closer look. I have many various Mikrotik routers at my disposal, only a few support ZT unfortunately (ARM).
There are many different network configurations that are actively hostile to peer-to-peer connection. ZT will jump through whatever hoops it needs to in order to get data from one end to another, but it's simply impossible to get local network performance if it needs to actively relay all the data through it's own servers. Look at the "Router Configuration Tips" section of the ZT knowledge base for further information about what sorts of things can cause this to happen.
@@JamesChurchill Good tip. Thank you! I checked with "zerotier-cli peers" and got a "DIRECT" as an answer as well as "zerotier-cli info -j" tcpFallbackActive: false" . So I assume it should be a direct connection between the shack and the remote station. I added these commands to my documentation.
ZT is only slow if no direct connection can be established, indeed. If not possible, it relays via ZT servers, which slows the transfers down to a crawl. The best option is to change things on the network level to enable direct connection (if possible). If that is not possible, self hosting a controller on a VServer at a server hoster with e.g. 1 Gbit up/down would be the next best thing, as then this server is used as relay, then even the relay should be fast enough, but still with higher latency than direct.
Great toys! Question: is the cellular bandwidth in a single area so wide (are several bands used) that you needed a log periodic or would a yagi have done the job?
When we started, we did not know which frequency will be best. So I purchased the most flexible antenna (actually, it covers up to 3.5GHz which is a new 5G band currently not used in Switzerland). We had enough space to mount it ;-)
IIRC Mikrotik 7.x partially supports zerotier so you could use that (and not use it on every single device you connect to the network), and in case of wireguard, you could use if only the clients use CGNAT. The server should either have a public IP address or normal NAT and port forwarding... But ZT is probably easier to configure
I wonder if IPv6 would also be a solution for this project? Cellular providers seem to mostly provide IPv6 addresses which are all globally routable. I am not sure if the cellular providers will just block all incomming connections though.
I would hope it will work with IP V6 because it does no more need CGNAT. But I am not sure if this is standard already for them. In my lab, so far, I do not use it.
@@HB9BLA Yes I know that Ham Radio is per Law not encrypted …… but also you must also keep control of your station and the VPN runs on commercial link. So it ist not Illegal and also (indirect?) needed by law to ensure that the station is not abused . By the way, in some special cases where Ham Operators must use a secure VPN over HAM Radio link to reach and control a station like in satellites, this encryption is specially permitted.
You should move to tail acale better than zero tier and uses wire Gard easy to setup and supports more than 100 mbps plus if you have a Nass you can use it as a router back to all devices if you want
Strange that I use Wireguard all the time on cellular without any issues. I have wireguard VPN server built into my router/firewall at home and am homed to multiple service providers here in the states. This allows full connectivity to my home network and the ability to access all of my VLANs remotely.
I easily can access my home network from my Smartphone using Wireguard. The setup here is different. I need to connect the "Smartphone" (remote station behind CGNAT) from my home network. In addition, I need layer 2 transport. But I am happy if Wireguard works in your case.
For those who don't want to pay for another data plan (they're pretty expensive in the US), could an alternative be to use encrypted LoRa for control and an amateur band for data transfer? Basically a private repeater.
LoRa is very, very low speed (made for sensor data). On the ISM bands no devices is allowed to transmit more than 1% of time. and on the HAM bands, encryption is not allowed.
@@HB9BLA The control data would be stuff like changing frequency and switching between receive and transmit modes, so not much bandwidth, but we do want it encrypted to prevent unauthorized use. The fast data link using an amateur band would not be encrypted.
Tips: -Dont use the built in Modem of the RTU, theyr realy slow, its just lte cat 4 from 2014, so realy old. i use multiple netgear m1(by now they old to, but theyr at least lte cat 16 and do over 1gb/s down, in theory) - the rtu has gpio pins, use them to restart equipment if its no longer responding
I do not know if CAT16 would help in our situation where the towers are the limitation. External antennas were more important. I will have a look into the GPIOs to switch the station off.
You can probably run wiregaurd in some "reverse" tunnel setup, with home IP static instead of remote station/cellular being static, but you probably tried. Or use your own cloud VPS as a central hub instead of zerotier in some other setup. ZeroTier is easy though; I wouldn't call-it/present-it-as a new concept though given past products like hamachi tried to achieve same user experience.
Frankly, I think that Zerotier and alike are the next VPNs. They are an improvement over Wireguard etc. for users like me because they are much easier to handle and finally, more secure (because of my lack of knowledge).
@@HB9BLA Indeed, usability is a significant factor in security (user adoption of security protocols and correct usage of security primitives), so fair enough on that. The best security is ultimately what any given user can actually put to use. So fair. I still think there's power in deploying things at other levels of abstraction, and many networking products are starting to directly integrate Wireguard in a fairly easy to use manner. Mikrotik routers are getting wireguard built-in. I do think there's room for products/tools that fill different user-space needs. Cheers!
@HB9BLA Wireless Uda-Yagi has all elements of similar length. Provides really good gain over a single band. Log periodic is a ultra- wide band antenna. The elements get smaller towards the tip. It's like a line of 3element yagi antennas. Going back to front it's Reflector, Driven and Director. The driven element is naturally the resonant element for the given frequency. Gain of a LogP is fairly low and stable over a huge bandwidth.
Excellent post and work you have done, sir. This is the most helpful video ever, for me. I have been trying and have been failing the same project as yours for over a year and the stumbling point for me is always the same, the layer 2 bridging. I am attempting Zero Tier and a Flexradio over cellular with cgnat. When I went through your links, the google document stops at end of page 4. You last words are “You can”. I can imagine your next words are “ setup layer 2 bridging by doing this….” Am I right? How do I get the rest of the document? Thanks
I have a doubt, your video shows how to connect to a home network through a public IP. I have this scenario, where I am inside a private network in a different location, and I want to connect to my router which has a public IP which is placed at a different network, and want to route all my traffic through that public IP of the router, How can i achieve that in zerotier?
I do not know your exact setup and also am not able to do remote consulting :-( If you setup Zerotier on all the devices you want to connect to a Zerotier network, you quickly will be able to determine which ones connect. You see it in your dashboard.
I can’t speak to cellular latency but I do have experience with wireless ISP latency (terrestrial microwave ). All modes work perfectly including CW. Latency is not an issue with cw because the characters are sent over the internet using utf8, not dots and dashes. Your side tone is generated at the client end, so there is no latency at all with side tone. I have a Flexradio 6600 remote base.
@@markedwards3284 I think you use the solution I mentioned. If you would transfer morse as "voice" across the network, you would hear the latency. Do you use Winkeyer?
I do not think that this is possible because of power and memory constraints. They use encryption. I will connect the ESPs on the network behind the router. You can also transfer the ESP data to HA and read the values from there if you do not want to connect the whole network.
Great video and I like the way you identify problems and push through to get a working solution. How secure is Zerotier compared to, say, Cloudflare Zero Trust ? Does it have 2FA for added security and how strong is the encryption ?
As an optimist i am totally unsuitable to answer security questions ;-) But, since this service is made for corporations, I assume, that somebody there checked it out.
Can i use zereotier to connect to my plex server to users directly? My ISP uses CGNAT and i'm unable to establish a direct connection to my plex server. I have a handful of people i allow access to my plex server and its limited to 2Mbps because of the plex relay. I know it's not related to HAM radio. I dont want to pay my ISP more money for a non CGNAT IP address just for plex.
I am looking for about your product place lace me a message. When I post this , I am looking for more on this , know the plan build one this in small apt . Want in place . All all details and all playing how details in all planes and how did you set this up and got it to work
and with 5G high frequency bands, there problem will be even bigger: it will require station every few hundred meters. Probably operators will only install them in CBDs
Here they started to convert 4G "antennas". So the frequencies stay the same. So I assume we would also be capable to use 5G when it is ready (and we can afford a 5G modem). They seem to be quite pricy at the moment.
Nah. I prefer to be 100% in control of my VPN software and solutions. No need to mention the 2 or 3 fully open source solutions that don't require to open an account with "some" organization. The one from Japan is my favorite overall.
A couple of comments Andreas; I think the antennas should be in an X arrangement not + for best performance. When choosing a cellular network operator it’s best to go with the ‘main’ operator or at least their own MVNO sub-brands as non-operator MVNO brands may be de-prioritised in one or more ways. (MNO - Mobile Network Operator & MVNO - Mobile Virtual Network Operator) It’s worth checking what CA or Carrier Aggregation bands the Teltonika modem supports and monitoring the available towers then locking to the best one. MikroTik products allow this & I guess Teltonika do too. Thanks for an interesting video - again!
@stevenma: Thanks for your comments. What angle do you propose between the antennas? I thought they use 90 degrees. Also the mounting of the antenna manufacturer suggests this angle. We tried to monitor the different towers during our tests. But the results, even on the same tower, were very fluctuating. We for sure will continue with the tests. It also seems that the Flex Radio is less "bandwidth-hungry" than I feared. We have fluid waterfalls on all 4 slices in two locations in parallel.
@@HB9BLA Yes, 90 degrees between the antennas but angled at 45 degrees so that when looking at the rear of the antennas, if they were on one boom, you would see an X not a + arrangement. Spacing between the two antennas can also be experimented with too. As LTE, in each band per operator, are SFNs (Single Freq Networks) 'seeing' multiple towers / cells can be problematic. It can be worth pointing off to the side of a required tower to minimise interference from the unwanted tower. MikroTik Router OS allows you see the signal parameters for each tower that the modem can see; (in order of importance: RSRP, SINR, RSRQ & RSSI). You can then lock on to each tower, test its performance; speed & latency, then lock on to the most favourable one. Having said all of the above, if you are achieving the required modest bandwidth requirements then that is fine. The 4G (LTE) table on this page can be useful (it doesn't say it in the table but RSRQ can never be better then -3dB): wiki.teltonika-networks.com/view/Mobile_Signal_Strength_Recommendations FYI My long backstory is radio, telecoms, IT, amateur radio etc. and the above is what I've self-taught since adopting 4G as our primary home Internet connectivity >3yrs ago. As such I'm happy to be corrected to learn more about how LTE technology works.
Hi yes x is correct. I am a long time network engineer in Australia and all modern panel antennas use 45 degree elements. Omni antennas are still vertical only but are pretty rare these days. Getting this polarisation right helps in most situations but not all. If you have direct line of sight or near direct then do this. If you are in a heavily shadowed path you *may* get polarisation rotation from the reflection you are working off. In this instance you may get improvement from rotating somewhat but it’s a lot of effort for no guaranteed gain. As an operator I love people putting up LP yagis as it allows me to move them between bands and know the expected path loss on the new band. In Australia we often only run low band (below 1 GHz) in really remote areas. A low band only yagi will have significantly higher gain them an LP yagi but risk dropouts if your modem is allocated to an upper band if that exists on the site. Nice solution and thanks for all the tips over all your videos.
@@stevenm45 Thank you for your info. I do not know how the operators polarize their antenna here in Switzerland. Our signal after 10m of coax (!) is -51dBm. So I do not worry about the signal strength too much. I bought the antenna mount with the antenna, so I hope, they did some tests before they decided on the dimensions... I will check the other values when I am back at the location. For the moment, we only have electricity from fuel generators.
@@joelong9260 I agree with the gain of conventional yagis. But here, I did not know which band will be selected, and I also wanted the coverage for 3.5GHz (if it will be installed one day). As written in the last post, our signal showed -51dBm. So it seems to be rather good. Anyway, it is always good to know that I have knowledgeable people on my channels ;-)
Mal sehen ob die Upload rate fällt, wenn das Laub am Baum hängt. Es ist übrigens nicht so schwer die Stadt aus der Karte herauszubekommen ;-) Wenn euer setup nicht funktioniert, dann holt ihr euch einfach eine Sim aus Deutschland, vermutlich eh günstiger und der Empfang wird besser sein. Router wird übrigens Ruuter ausgesprochen, keine Ahnung warum jeder Rauter sagt...klingt vermutlich schlauer, ist aber falsch. Genauso wie die Betonung bei buchhalterisch auf dem U liegt und nicht auf dem E....klingt halt irgendwie schlauer, wenn man das e lang zieht...ist aber falsch. ;-)
Ja, wir könnten es auch mit deutschen Masten versuchen. Ob die allerdings Richtung Süden strahlen, ist eher unwahrscheinlich... Das Signal mit -51dBm kann noch 20dB Dämpfung vertragen ;-)
Now you have to explain how can be so sure that cloud supplier would not look into my files or even copying them, or to provide the to third parties? Why you are so relaxed, and comforted in times when we know for sure that government and companies spy on us?
Good For Quality Life To Live 2 Meters From Another Family ? NO IL PASS Bro :) I Rather Live 40 Meters Away From The Next House With My Own Property Where I Can Set Up Anything i want, ANYTHING !
@@HB9BLA High population density is detrimental to quality of life in just about every measurable way. There is study after study showing that the desire to live in high population density areas and high levels of neuroticism go hand in hand. The less neurotic you are, the more you despise cities in general.
![Noob To Max With DRAGON REWORK In Blox Fruits [FULL MOVIE]](http://i.ytimg.com/vi/LnBMOinoOvA/mqdefault.jpg)
Wait... I know this voice! Very happy to stumble onto your second channel today.
Yes, I agree. A remote station is the wiser of the two solutions 😁
Welcome aboard!
For those who doesn't want to re-setup a new network:
3:20 "Deleting" a device actually means "banning" it from the network. You have to unban it first before you can add it back again.
Unbanning a device is as easy as inviting the device from the control panel before the device joins. The problem is getting the network ID of the device, no other way but to ask the device owner.
It looked exactly like "banned", not only deleted ;-) How does "urbaning" work?
@@HB9BLA if you mean how it works behind the scenes, I have no idea. But if you mean how to "unban" a device, there should be a "Members Help" under the device list.
You just manually add the node id in the controller UI.
Zerotier: I have learnt about a new thing today.
Awesome, thank you sir 👍
Now I can look at replacing my wireguard+linode method to access my home network.
That should be possible. I do it all the time.
There is only one thing I would be worried about in this nice setup: you need to rely on a single cloud software supplier. So many bad experiences. So I decided for myself to refuse the use of such services as long as there are no alternatives in case the original supplier stops its services.
Good reaction
Tailscale is an alternative. And it might be possible to set both up at the same time for redundancy
I agree. Depending on a single source always creates a risk. In this case, I can live with it because it is cheap. I could have gone with the Teltonika RMS solution. But this is costs as much as we pay for our cheap cellular subscription.
AFAIK Tailscale is a Zerotier competitor with a similar service. And looking at the ease this principle works, I think, we will see more of them appearing in the future.
@@HB9BLA If keeping the risk in mind is good enough for you and you can deal with downtimes, it is OK, surely. I just remember those customers buying hardware but cloud operated products, which got rendered useless once the cloud service was disabled permanently.
@@supernumex ah, ok. thanks
It took some effort to figure out how to actually get zerotier working, but I agree it's better! Nice find. Thank you so much.
You're welcome!
Thanks for such an informative as well as useful video. Great to see our RUTX14 in action!
Interesting ! Really beautifull antennas. My experience with these kinds of routers is to use SIM cards from different providers.
Especially if you're connected to only one radiotower. A while ago I used Pepwave, Viprinet, Goodmill etc... all performed best with the SIM's of different providers.
Good to know. The router has two SIM slots. So, if we encounter problems, we might add a second operator. For the moment, we first have to get solar energy...
Andreas, you are so funny! Your wife must have chuckled too.
Yes. And she was happy with my decision. Less hassle for her because she is already used to me ;-)
Thank you for this right in time video - I was searching for a remote solution to control Meshtastic-Nodes (reboot, firmware-update,...) with an attached Raspberry Pi Zero with UMTS-USB-Modem connected. With Zerotier and your great explanation, I was up and running in less than one hour with this task. Great! 73, OE2DHH
Cool! I am glad it saved you some time. So I feel, my wasted time was a bit of investment ;-)
@@HB9BLA Your wasted time is the saved time of your audience multiplied by them! Thanks a lot!
Reminded me of my old days as sys and network admin. Changed the crappy 1mbit dsl connections with pfsense boxes and built in 4g Modems to at least have 4-40mbit of internet speeds. Finally the remote gas stattions could connect to the headqarter with decent speed and vpn to exchange sensor data and bills in real time :)
Yea, things got easier now. Still, this problem was bigger than I thought. Maybe with IP V6 these problems will be gone. If I am still alive when it will be fully rolled-out...
Nicely done. Excellent overview and walkthrough. I also have a Flex radio working w/ Starlink & ZeroTeir, since around Spring 2022 at a remote site. Glad to see your setup on 4G is also working via ZeroTier.
So far I never thought about Starlink because I always thought it is too expensive for me ;-) But it is an interesting alternative.
Karl I am trying to get this exacct setup to work. How did you do it? I can see Smartlink remotely with SmartSDR on IOS with ZeroTier VPN but it will not connect. The port shows -1
@@dougw1620 Does it work with your PC?
I have a flex station remote in bulgaria, many times very poor connection, considered starlink, but thought not possible. I hooe yr gsm costs are not very high, remote operation with low noise is wonderful, I will add I enjoy yr other YT channel and have learned much from your videos, 73 Andreas
Educational video as always. Would seem that ZeroTier should also work for Starlink considering Starlink's use of CGNAT too. Insofar as the hardware price, looks like the cellular approach might be a bit less expensive than Starlink. So I'm wondering about the ongoing cellular costs and comparative performance between Starlink and cellular. Starlink monthly charge in Switzerland appears to be around $99 USD.
I did not consider Starlink because I thought it is rather expensive.
The other possibility could have been a 5.8MHz link because I know somebody in the line of sight. But with 4G we are not dependent on anybody.
For the moment, we pay 30 CHF per month for the SIM card.
Remember, if you are not paying for it, you're not the customer; you're the product being sold, per Andrew Lewis (and others).
I see it differently. Here are my thoughts:
In the case of Teltonika, my name/RUclips presence was my part. So I consider it as a barter deal ;-)
Zerotier uses the "Freemium" policy (free to try and pay if you use it for business), which is a new marketing strategy used for products without or with very little cost of goods sold. Marketing is a cost that is part of the sales price and is paid by the "real" customers. So it is possible that I get something for free because I am part of the wastage. Freemium is used because it can be more efficient (and cheaper) than advertising in a newspaper, for example.
Actually you're the product even if you are paying.
They provide a hosted controller and convenient UI which you have to pay for if you have a large enough network. If you want to host things yourself, you can have an arbitrarily sized network and pay them nothing (but with some added complexity and the need to pay for whatever hosting setup you are using.)
Lewis' comment only applies if the services you are using *can't* be paid for. Plenty of services have free and paid tiers and the paid tiers cover the cost of supplying the free ones, without needing to sell customer data to advertisers.
I use a Cloudflare tunnel for a similar setup. I'm not sure how well it works with mobile though as I haven't test that.
I did not know Cloudflare, so it is good to know, thank you. After reading their homepage it seems that they provide their own network. Zerotier seem to have no network. Their service only provides the information to all nodes on how to connect each-other. During operation, the nodes have a "normal" internet connection.
Hey Andreas. I am using the same principle but with Tailscale instead of Zerotier to access my QO-100 station that runs on a RPi from remote. Works like a charm. 73 de ON8HZ
Tailscale seems to use the same approach. Goods to know we have an alternative…
I seem to have a problem with my ZeroTier. It has high-latency at times (terrible for VoIP applications, and my ICOM 9700 remote use). This is not a problem with the broadband, but something with the ZT system. I use Mikrotik ZT and Windows ZT clients. I cannot figure out the problem - even with the suggested port being forwarded.
I am no specialist in this matter. But ZT uses encryption and this needs "power" in the routers. So I would have a look at CPU load on the routers during the transmission. I also did not thorough testing. So I might run into such problems later on.
What I liked with ZT is that they use a direct connection for the data traffic. So no ZT server is involved in the traffic transport, they only enable the initial connection.
@@HB9BLA thanks for suggestion Andreas. I thought this as well. Others have reported this too. I will take a closer look. I have many various Mikrotik routers at my disposal, only a few support ZT unfortunately (ARM).
There are many different network configurations that are actively hostile to peer-to-peer connection. ZT will jump through whatever hoops it needs to in order to get data from one end to another, but it's simply impossible to get local network performance if it needs to actively relay all the data through it's own servers. Look at the "Router Configuration Tips" section of the ZT knowledge base for further information about what sorts of things can cause this to happen.
@@JamesChurchill Good tip. Thank you! I checked with "zerotier-cli peers" and got a "DIRECT" as an answer as well as "zerotier-cli info -j" tcpFallbackActive: false" . So I assume it should be a direct connection between the shack and the remote station. I added these commands to my documentation.
ZT is only slow if no direct connection can be established, indeed. If not possible, it relays via ZT servers, which slows the transfers down to a crawl. The best option is to change things on the network level to enable direct connection (if possible). If that is not possible, self hosting a controller on a VServer at a server hoster with e.g. 1 Gbit up/down would be the next best thing, as then this server is used as relay, then even the relay should be fast enough, but still with higher latency than direct.
Great toys! Question: is the cellular bandwidth in a single area so wide (are several bands used) that you needed a log periodic or would a yagi have done the job?
When we started, we did not know which frequency will be best. So I purchased the most flexible antenna (actually, it covers up to 3.5GHz which is a new 5G band currently not used in Switzerland). We had enough space to mount it ;-)
IIRC Mikrotik 7.x partially supports zerotier so you could use that (and not use it on every single device you connect to the network), and in case of wireguard, you could use if only the clients use CGNAT. The server should either have a public IP address or normal NAT and port forwarding... But ZT is probably easier to configure
Indeed, ZT is extremely easy to configure for network noobs like me! Without the Flex Radio, of course. This one was hard ;-)
I wonder if IPv6 would also be a solution for this project? Cellular providers seem to mostly provide IPv6 addresses which are all globally routable. I am not sure if the cellular providers will just block all incomming connections though.
I would hope it will work with IP V6 because it does no more need CGNAT. But I am not sure if this is standard already for them. In my lab, so far, I do not use it.
Hm …… What about the VPN Key in Zerotier …… are they stored in the central computer of the Service to be accesebel by the Spys & Co ?
I do not know and I also do not care. HAM radio traffic anyway is not encrypted. So everybody is free to watch what I see ;-)
@@HB9BLA Yes I know that Ham Radio is per Law not encrypted …… but also you must also keep control of your station and the VPN runs on commercial link. So it ist not Illegal and also (indirect?) needed by law to ensure that the station is not abused . By the way, in some special cases where Ham Operators must use a secure VPN over HAM Radio link to reach and control a station like in satellites, this encryption is specially permitted.
You should move to tail acale better than zero tier and uses wire Gard easy to setup and supports more than 100 mbps plus if you have a Nass you can use it as a router back to all devices if you want
Are you sure that it would do this particular job?
Strange that I use Wireguard all the time on cellular without any issues. I have wireguard VPN server built into my router/firewall at home and am homed to multiple service providers here in the states. This allows full connectivity to my home network and the ability to access all of my VLANs remotely.
I easily can access my home network from my Smartphone using Wireguard. The setup here is different. I need to connect the "Smartphone" (remote station behind CGNAT) from my home network. In addition, I need layer 2 transport.
But I am happy if Wireguard works in your case.
Great project! Thanks for share!
Thanks for watching!
For those who don't want to pay for another data plan (they're pretty expensive in the US), could an alternative be to use encrypted LoRa for control and an amateur band for data transfer? Basically a private repeater.
LoRa is very, very low speed (made for sensor data). On the ISM bands no devices is allowed to transmit more than 1% of time. and on the HAM bands, encryption is not allowed.
@@HB9BLA The control data would be stuff like changing frequency and switching between receive and transmit modes, so not much bandwidth, but we do want it encrypted to prevent unauthorized use. The fast data link using an amateur band would not be encrypted.
Very interesting but this modem RUTX14 is very expensive.
What about cheaper LTE modem like the Netgear LM1200 ?
I Do not know if the netgear works. AFAIK there are cheaper RUTX that use the same operating system. Probably the better way to go…
Tips:
-Dont use the built in Modem of the RTU, theyr realy slow, its just lte cat 4 from 2014, so realy old. i use multiple netgear m1(by now they old to, but theyr at least lte cat 16 and do over 1gb/s down, in theory)
- the rtu has gpio pins, use them to restart equipment if its no longer responding
I do not know if CAT16 would help in our situation where the towers are the limitation. External antennas were more important.
I will have a look into the GPIOs to switch the station off.
wireguard does not need any account - it is all free and internal and you can run it on a phone easily
I agree. But unfortunately, it is more complicated to setup and did not do the job in this case.
You can probably run wiregaurd in some "reverse" tunnel setup, with home IP static instead of remote station/cellular being static, but you probably tried. Or use your own cloud VPS as a central hub instead of zerotier in some other setup. ZeroTier is easy though; I wouldn't call-it/present-it-as a new concept though given past products like hamachi tried to achieve same user experience.
Frankly, I think that Zerotier and alike are the next VPNs. They are an improvement over Wireguard etc. for users like me because they are much easier to handle and finally, more secure (because of my lack of knowledge).
@@HB9BLA Indeed, usability is a significant factor in security (user adoption of security protocols and correct usage of security primitives), so fair enough on that. The best security is ultimately what any given user can actually put to use. So fair. I still think there's power in deploying things at other levels of abstraction, and many networking products are starting to directly integrate Wireguard in a fairly easy to use manner. Mikrotik routers are getting wireguard built-in. I do think there's room for products/tools that fill different user-space needs. Cheers!
Zerotier and Tailscale are really powerful. 👌 if I can be a little pedantic and say those antennas are Yagi nor Log periodic don't block me.
How do you call them? I am eager to learn ;-)
@HB9BLA Wireless Uda-Yagi has all elements of similar length. Provides really good gain over a single band. Log periodic is a ultra- wide band antenna. The elements get smaller towards the tip. It's like a line of 3element yagi antennas. Going back to front it's Reflector, Driven and Director. The driven element is naturally the resonant element for the given frequency. Gain of a LogP is fairly low and stable over a huge bandwidth.
@@scienteer3562 I thought I called them log-per because it looks as you describe and has a range of 690 to 3800 MHz.
Excellent post and work you have done, sir. This is the most helpful video ever, for me. I have been trying and have been failing the same project as yours for over a year and the stumbling point for me is always the same, the layer 2 bridging. I am attempting Zero Tier and a Flexradio over cellular with cgnat. When I went through your links, the google document stops at end of page 4. You last words are “You can”. I can imagine your next words are “ setup layer 2 bridging by doing this….” Am I right? How do I get the rest of the document? Thanks
The next words are: "Now you should see the upload speed. You can reverse the direction to see the download speed"
Layer 2 is done before
I have a doubt, your video shows how to connect to a home network through a public IP. I have this scenario, where I am inside a private network in a different location, and I want to connect to my router which has a public IP which is placed at a different network, and want to route all my traffic through that public IP of the router, How can i achieve that in zerotier?
I do not know your exact setup and also am not able to do remote consulting :-(
If you setup Zerotier on all the devices you want to connect to a Zerotier network, you quickly will be able to determine which ones connect. You see it in your dashboard.
What kind of latency do you see with such a setup through cellular? Is it good enough to do CW remotely?
A remote station and CW needs different solutions with a remote keyer. It most probably will not work like in your shack.
I can’t speak to cellular latency but I do have experience with wireless ISP latency (terrestrial microwave ). All modes work perfectly including CW. Latency is not an issue with cw because the characters are sent over the internet using utf8, not dots and dashes. Your side tone is generated at the client end, so there is no latency at all with side tone. I have a Flexradio 6600 remote base.
@@markedwards3284 I think you use the solution I mentioned. If you would transfer morse as "voice" across the network, you would hear the latency.
Do you use Winkeyer?
How difficult is it to add support for this service directly into an Espressif device?
I do not think that this is possible because of power and memory constraints. They use encryption. I will connect the ESPs on the network behind the router. You can also transfer the ESP data to HA and read the values from there if you do not want to connect the whole network.
Great video and I like the way you identify problems and push through to get a working solution. How secure is Zerotier compared to, say, Cloudflare Zero Trust ? Does it have 2FA for added security and how strong is the encryption ?
As an optimist i am totally unsuitable to answer security questions ;-)
But, since this service is made for corporations, I assume, that somebody there checked it out.
u can delete a client from the console and re-add them by adding them manually by adding there id from the console webpage :D
Thank you for the info!
Can i use zereotier to connect to my plex server to users directly? My ISP uses CGNAT and i'm unable to establish a direct connection to my plex server. I have a handful of people i allow access to my plex server and its limited to 2Mbps because of the plex relay. I know it's not related to HAM radio. I dont want to pay my ISP more money for a non CGNAT IP address just for plex.
You have to try. There is a high chance that it will work. Maybe you watch the Zerotier video on my main channel?
@@HB9BLA ill have to check it out. What's your main channel called?
@@techmaster170 Andreas Spiess
I have fun with his german accent!
Any VPN would work, if you auto-initiate connection from remote site.
Maybe. I also have no public IP address. Anyway, Zerotier does that for me and I did not have to program...
I am looking for about your product place lace me a message. When I post this , I am looking for more on this , know the plan build one this in small apt .
Want in place .
All all details and all playing how details in all planes and how did you set this up and got it to work
I do not understand :-(
Very inspiring,,,,,,,👍
Thank you!
Off-Topic: Would you be able to share the source of your beautiful wallpapers, Andreas? ;-)
What kind of wallpaper do you refer to?
@@HB9BLA on your PCs, looks like abstract digital art in a glas style. If you happen to remember where you got them ;)
@@WebmediArt I have no idea, as I never change these wallpapers. I assume it is somehow standard in Windows of the version I use.
and with 5G high frequency bands, there problem will be even bigger: it will require station every few hundred meters. Probably operators will only install them in CBDs
Here they started to convert 4G "antennas". So the frequencies stay the same. So I assume we would also be capable to use 5G when it is ready (and we can afford a 5G modem). They seem to be quite pricy at the moment.
Nah. I prefer to be 100% in control of my VPN software and solutions. No need to mention the 2 or 3 fully open source solutions that don't require to open an account with "some" organization.
The one from Japan is my favorite overall.
Zerotier is open source, and you can self-host the "central component" if you wish. For me, Wireguard and OpenVPN did not do the job.
A couple of comments Andreas;
I think the antennas should be in an X arrangement not + for best performance.
When choosing a cellular network operator it’s best to go with the ‘main’ operator or at least their own MVNO sub-brands as non-operator MVNO brands may be de-prioritised in one or more ways.
(MNO - Mobile Network Operator & MVNO - Mobile Virtual Network Operator)
It’s worth checking what CA or Carrier Aggregation bands the Teltonika modem supports and monitoring the available towers then locking to the best one. MikroTik products allow this & I guess Teltonika do too.
Thanks for an interesting video - again!
@stevenma: Thanks for your comments. What angle do you propose between the antennas? I thought they use 90 degrees. Also the mounting of the antenna manufacturer suggests this angle.
We tried to monitor the different towers during our tests. But the results, even on the same tower, were very fluctuating. We for sure will continue with the tests.
It also seems that the Flex Radio is less "bandwidth-hungry" than I feared. We have fluid waterfalls on all 4 slices in two locations in parallel.
@@HB9BLA Yes, 90 degrees between the antennas but angled at 45 degrees so that when looking at the rear of the antennas, if they were on one boom, you would see an X not a + arrangement. Spacing between the two antennas can also be experimented with too. As LTE, in each band per operator, are SFNs (Single Freq Networks) 'seeing' multiple towers / cells can be problematic. It can be worth pointing off to the side of a required tower to minimise interference from the unwanted tower. MikroTik Router OS allows you see the signal parameters for each tower that the modem can see; (in order of importance: RSRP, SINR, RSRQ & RSSI). You can then lock on to each tower, test its performance; speed & latency, then lock on to the most favourable one. Having said all of the above, if you are achieving the required modest bandwidth requirements then that is fine. The 4G (LTE) table on this page can be useful (it doesn't say it in the table but RSRQ can never be better then -3dB): wiki.teltonika-networks.com/view/Mobile_Signal_Strength_Recommendations
FYI My long backstory is radio, telecoms, IT, amateur radio etc. and the above is what I've self-taught since adopting 4G as our primary home Internet connectivity >3yrs ago. As such I'm happy to be corrected to learn more about how LTE technology works.
Hi yes x is correct. I am a long time network engineer in Australia and all modern panel antennas use 45 degree elements. Omni antennas are still vertical only but are pretty rare these days. Getting this polarisation right helps in most situations but not all. If you have direct line of sight or near direct then do this. If you are in a heavily shadowed path you *may* get polarisation rotation from the reflection you are working off. In this instance you may get improvement from rotating somewhat but it’s a lot of effort for no guaranteed gain. As an operator I love people putting up LP yagis as it allows me to move them between bands and know the expected path loss on the new band. In Australia we often only run low band (below 1 GHz) in really remote areas. A low band only yagi will have significantly higher gain them an LP yagi but risk dropouts if your modem is allocated to an upper band if that exists on the site. Nice solution and thanks for all the tips over all your videos.
@@stevenm45 Thank you for your info. I do not know how the operators polarize their antenna here in Switzerland. Our signal after 10m of coax (!) is -51dBm. So I do not worry about the signal strength too much. I bought the antenna mount with the antenna, so I hope, they did some tests before they decided on the dimensions...
I will check the other values when I am back at the location. For the moment, we only have electricity from fuel generators.
@@joelong9260 I agree with the gain of conventional yagis. But here, I did not know which band will be selected, and I also wanted the coverage for 3.5GHz (if it will be installed one day). As written in the last post, our signal showed -51dBm. So it seems to be rather good.
Anyway, it is always good to know that I have knowledgeable people on my channels ;-)
This means only one device needs the software on it
No. Both sides need a client.
Mal sehen ob die Upload rate fällt, wenn das Laub am Baum hängt. Es ist übrigens nicht so schwer die Stadt aus der Karte herauszubekommen ;-) Wenn euer setup nicht funktioniert, dann holt ihr euch einfach eine Sim aus Deutschland, vermutlich eh günstiger und der Empfang wird besser sein. Router wird übrigens Ruuter ausgesprochen, keine Ahnung warum jeder Rauter sagt...klingt vermutlich schlauer, ist aber falsch. Genauso wie die Betonung bei buchhalterisch auf dem U liegt und nicht auf dem E....klingt halt irgendwie schlauer, wenn man das e lang zieht...ist aber falsch. ;-)
Ja, wir könnten es auch mit deutschen Masten versuchen. Ob die allerdings Richtung Süden strahlen, ist eher unwahrscheinlich...
Das Signal mit -51dBm kann noch 20dB Dämpfung vertragen ;-)
Now you have to explain how can be so sure that cloud supplier would not look into my files or even copying them, or to provide the to third parties? Why you are so relaxed, and comforted in times when we know for sure that government and companies spy on us?
This is why his code is open source…
@@HB9BLA oh, nice answer. Now I'm convinced to use it. And bunch of guys, also. Thank you for honesty
You sound a bit like the Swiss dude or Brainiac75
We all sound similar.
Yeah but that is a hell of an antenna dood……..
The other antennas around the location are much bigger ;-)
Ahh.. Such much simpler than OpenVPN.
Indeed!
Incorrect!
Living THAT close, on top of each other DOES NOT lead to a "good life"!
So we have a different opinion, I think.
slow as slow can be though....
??
@@HB9BLA Tier Zero is painfully slow...
@@do0zer1976 Why should it? It is peer-to-peer. At least, in my use case, I did not experience a difference.
Yeah, no hassle at all...
:-)
Good For Quality Life To Live 2 Meters From Another Family ? NO IL PASS Bro :) I Rather Live 40 Meters Away From The Next House With My Own Property Where I Can Set Up Anything i want, ANYTHING !
I understand
DOOD!
:-)
The first ten seconds of this video are, by far, one of the absolute worst takes I've heard in my life.
I Do not understand. Can you explain, please?
@@HB9BLA High population density is detrimental to quality of life in just about every measurable way.
There is study after study showing that the desire to live in high population density areas and high levels of neuroticism go hand in hand. The less neurotic you are, the more you despise cities in general.
Wait till you hear about ztncui (self-hosted zerotier)
This project seems not to be very active :-(