About VK5ZM

Another Ham who was bitten by the Fox Hunting Bug in the early 90's. Participated in numerous National DF championships and likes nothing more than the challenge of finding *any* hidden radio transmitter. Loves to build all of his own equipment, QSO's on homebrew gear is much more exciting than black-box operation. Has been involved in HAB experiments since 2010. Goal is to fill his Toyota Hilux so full of DF gear that he has to buy a Landcruiser.... Approximately half way there.

The K3 that would “sometimes” not Transmit

There is nothing more frustrating than an intermittent fault that only presents itself at a contest or when you’re working rare DX. My Elecraft K3 has been doing just this on and off for the past three years and it’s been slowly driving me crazy.

My K3 had developed a nasty fault where it would refuse to make any RF when in transmit. You could hear the radio getting itself setup trying to transmit but no RF would appear at the output. The photo below is not my best effort it was however made very early in the morning with a mobile phone, but you should get the gist from the display;

What you see above is 0 Watts being reported, no SWR display with the TX LED lit. It certainly wont make any QSO’s like that.

So this wasn’t the first time I’d seen a fault similar to this. A year ago the LPA module failed after copping a static discharge in the antenna port from a dipole in a dry wind storm. With the help of Elecraft support this turned out to be nothing more than a small signal MOSFET that had failed on the LPA and was easily fixed. Well so I thought.

At the last OCDX contest in October 2018 the radio faulted again right at the start of the contest. So the station was quickly reconfigured and the radio removed from service. However once I returned home and turned the radio on, it powered up and transmitted as if nothing had happened. Damn this fault is now intermittent…

All that was left was to keep testing and wait for the radio to fail and catch it in the act. So after much angst I just couldn’t seem to make it fault with anything I could identify as a pattern. I’d do something and it would fault, power cycle it and it would work again; there was no consistency,. So I used every trick I’ve learnt to make radios fault, like;

  • pulling, pushing, prodding and re-seating every cable to see if there was a broken connection, more nothing.
  • pulling, cleaning and re-seating every board from the main board to dislodge oxide buildup, more nothing.
  • tighten and check all screws, long shot… more nothing
  • using a hot air-gun and freezer spray to see if something had become temperature dependant, nothing.
  • Double checking the wiring & build

So this afternoon the radio decided to fault and carry on faulting. Now was the time to get the covers off. Once done I noticed that the LED on the top of the KSYN3A would sometimes not light. Power cycle the radio and the LED would come back on, then power cycle it a few more times and it would stay off. The great part was when the LED was off the radio made no RF. Ah Ha, there is no such thing as a coincidence ! I’d finally caught this fault in the act.

The KSYN3A is responsible for generating the Local Oscillators (LO) for transmit and receive, no LO and there can be no RF. Right that’s starting to make sense.

So now I could narrow down on the fault. From everything I had observed I had a suspicion that there was a problem with the output of the KREF3 board, either not providing the KSYN3A synthesiser with a signal or one that was out of spec. It was certainly a good place to start..

However before going much further I needed to check that the cabling between these modules was right.

I should also point out that my radio also has the K144XV 2m Transverter fitted, which is just to the right in the image above. It also has a reference locking kit. Hmmm, this immediately raised yet another red flag. Reading the K144XV reference locking kit manual I found the following wiring diagram;

However this is not how I found my radio was configured. It instead had the K144XV REF_IN connected to J1 on KREF3 and J2 connected to the KSYN3A J83. Huh ?

Now looking carefully this wiring diagram I noticed it had KSYN3 not KSYN3A, so perhaps things are different if you use the new Synthesiser. Well here’s the wiring diagram;

Ah Ha ! It seems that when I installed the KSYN3A upgrade I didn’t wire the K144XV module correctly. What I had done is connect the K144XV reference to J1 on KREF3 not J1 on KSYN3A. Damn !

The worst part is this wiring mistake appeared “to work” but it had instead introduced an intermittent fault where the reference output is loaded by the K144XV to the point the signal was marginal and the KSYN3A faulted.

So I have moved the cables to the right locations now and so far over the past 4 hours the radio has not faulted. Only time will tell if I have this intermittent fault nailed. I guess going to another contest will be the acid test. Oh wait there’s one of them on right now, so it’s time to fire this radio up for the John Moyle Memorial Field Day (JMMFD) and see what happens.

GPSd and the HP un2420

At a recent radio club technical night we ran through the setup of ntpd and GPSd for time syncing laptops. This is important when running modes like FT8 and JT65 where transmissions are synchronised to the nearest second, or for satellite tracking.

Picture of HP2420 Modem

During the tech night we used a external USB GPS, however my laptop has a HP un2420 broadband modem inside that includes a built in GPS. So after the tech night I decided to see if I could get GPSd to work with this module.

In a previous post I found that you could send a string to the last of three USB serial ports that this module creates [ttyUSB0-2], that would then activate the GPS functions within the module you can read this here (click).

So to use this module we need GPSd to send a “\$GPS_START” string to the GPS before it tries to use it. It also needs to send a “\$GPS_STOP” string to the GPS when GPSd stops.

It turns out GPSd has internal mechanisms to do this via a device-hook that you can find in the man page, however there aren’t many examples of “how” to do this on the internet.

The device hook file is nothing more than a simple bash script that is called by GPSd as it starts or stops the GPSd service. It will call this bash script using two parameters, the first is the name of the device, the second is the action required i.e.”activated” or “deactivated”. So all we need is a basic script, there are probably more elegant ways to write this script than what I’ve used, but it works for me.

So using your favourite editor create the file below with the following contents;

/etc/gpsd/device-hook

#!/bin/bash
#
#device hook script to start and stop HP2420 internal GPS
#
if [ "$1" = "/dev/ttyUSB2" ] && [ "$2" = "ACTIVATE" ];
then
echo "\$GPS_START" > "/dev/ttyUSB2"
sleep 5
else
if [ "$1" = "/dev/ttyUSB2" ] && [ "$2" = "DEACTIVATE" ];
then
echo "\$GPS_STOP" > "/dev/ttyUSB2"
fi
fi

This script simply matches the USB serial device the HP un2420 creates with the word ACTIVATE and fires the magic string into the USB serial device and will return 0 to GPSd. The same happens when GPSd wishes to stop the GPS device. These internal GPS devices do not like starting then immediately stopping, it can bork the device to the point it requires the laptop to be rebooted. So to prevent this a short sleep delay has been added just after we activate the GPS. I could have equally added it after or before the STOP command, but this might not be a good idea as laptops have a tendency to hibernate and we would like the GPS to stop.

Now that we have our script we need to make sure it’s executable by GPSd. I found that if you start GPSd and don’t let it daemonise for debugging, it will tell you which user and group that it starts with, we just need to make our permissions match;

$ sudo gpsd -N -D3 -F /var/run/gpsd.sock /dev/ttyUSB2
gpsd:INFO: launching (Version 3.17)
gpsd:INFO: listening on port gpsd
gpsd:INFO: stashing device /dev/ttyUSB2 at slot 0
gpsd:INFO: running with effective group ID 20
gpsd:INFO: running with effective user ID 122

gpsd:INFO: startup at 2019-03-07T23:52:07.000Z (1552002727)

I’ve highlighted the two lines we’re looking for. We can go and match these ID numbers to the specific user and group in the /etc directory. If you press Ctrl-C then GPSd will stop. Looking at the ID’s on my laptop this was user ‘gpsd’ and group ‘dialout’, YMMV.

So now we can set the right owner and permissions for our device-hook file;

$ sudo chown root:dialout /etc/gpsd/device-hook
$ sudo chmod 750 /etc/gpsd/device-hook
$ ls
legend@HP-ProBook:/etc/gpsd$ ls -al
total 20
drwxr-xr-x   2 root root     4096 Mar  8 09:54 .
drwxr-xr-x 130 root root    12288 Mar  8 00:06 ..
-rwxr-x---   1 root dialout   280 Mar  8 09:54 device-hook

Basically owner is left as root and we’ve given read and execute permissions to group dialout. This will allow GPSd to read the file and only sudo users able to edit it.

So using the same command line as before start GPSd in a window. Now in a second window launch a client like cgps. In the GPSd window we should see something like this;

legend@HP-ProBook:$ sudo gpsd -N -D3 -F /var/run/gpsd.sock /dev/ttyUSB2
gpsd:INFO: launching (Version 3.17)
gpsd:INFO: listening on port gpsd
gpsd:INFO: stashing device /dev/ttyUSB2 at slot 0
gpsd:INFO: running with effective group ID 20
gpsd:INFO: running with effective user ID 122
gpsd:INFO: startup at 2019-03-07T23:52:07.000Z (1552002727)
gpsd:CLIENT: => client(0): {"class":"VERSION","release":"3.17","rev":"3.17","proto_major":3,"proto_minor":12}\x0d\x0a
gpsd:CLIENT: <= client(0): ?WATCH={"enable":true,"json":true};\x0a
gpsd:INFO: running /etc/gpsd/device-hook /dev/ttyUSB2 ACTIVATE
gpsd:INFO: /etc/gpsd/device-hook returned 0

gpsd:INFO: SER: opening GPS data source type 3 at '/dev/ttyUSB2'
gpsd:INFO: SER: speed 9600, 8N1
gpsd:INFO: attempting USB device enumeration.
gpsd:INFO: 8087:0020 (bus 2, device 2)
gpsd:INFO: 1d6b:0002 (bus 2, device 1)
gpsd:INFO: 05c8:0403 (bus 1, device 4)
gpsd:INFO: 03f0:251d (bus 1, device 8)
gpsd:INFO: 8087:0020 (bus 1, device 2)
gpsd:INFO: 1d6b:0002 (bus 1, device 1)
gpsd:INFO: vendor/product match with 091e:0003 not found
gpsd:INFO: SER: speed 9600, 8O1
gpsd:INFO: SER: speed 9600, 8N1
gpsd:INFO: SER: speed 9600, 8N1
gpsd:INFO: SER: speed 9600, 8N1
gpsd:INFO: gpsd_activate(2): activated GPS (fd 8)

< BIG SNIP>

^Cgpsd:WARN: received terminating signal 2.
gpsd:INFO: closing GPS=/dev/ttyUSB2 (8)
gpsd:INFO: running /etc/gpsd/device-hook /dev/ttyUSB2 DEACTIVATE
gpsd:INFO: /etc/gpsd/device-hook returned 0

gpsd:WARN: exiting.

The two lines we need to find I’ve highlighted above. Basically we want to see GPSd execute our script with a return value of 0 (success). I’ve snipped a sizeable amount of information out of the above window to make it more readable. You should also see where I’ve hit Ctrl-C which generates a warning to cgps that GPSd has shutdown, which is neat !

Ok so now we have GPSd starting and stopping the GPS device in my laptop correctly. However this is not the end of the story, laptops are able to be suspended so we need to take care of this as well. So using your favourite editor create/edit the following file;

/etc/pm/sleep.d/96_gpsd

#!/bin/bash
#
# what we want done with our GPS in the laptop
case "$1" in
hibernate)
#stop GPSd
systemctl stop gpsd.socket
systemctl stop gpsd
;;
suspend)
#stop GPSd
systemctl stop gpsd.socket
systemctl stop gpsd
;;
restart)
#restart GPSd
systemctl restart gpsd
;;
esac

Thankfully as soon as we tell GPSd to stop it calls /etc/gpsd/device-hook and DEACTIVATES the GPS module for us. Now we also need to set the permissions correctly;

legend@HP-ProBook:/etc/pm/sleep.d$ chmod 755 96_gpsd
legend@HP-ProBook:/etc/pm/sleep.d$ ls -al
total 20
drwxr-xr-x 2 root root 4096 Mar  8 11:09 .
drwxr-xr-x 3 root root 4096 Apr 27  2018 ..
-rwxr-xr-x 1 root root  273 Mar  8 11:09 96_gpsd

Testing of this script is as simple as calling it with the correct first parameter. Testing that our distros are calling this file is a little harder and may be the subject of yet another post. I’m thinking that I need to measure if there is a performance difference with the GPS running while hibernated or not, this sounds easy but will take many hours. Still pondering.

There we go, the internal GPS within the un2420 should now be available, it would be worth rebooting your machine to make sure everything is working well.

MoonSked and Ubuntu 18.04LTS

Recently I was indoctrinated into the world of 6m EME when a few club members and I decided to give it a try on something of a whim. With a bit of encouragement from Lance W7GJ we raided and cherry picked our way through a few fellow club members shacks and sheds and pieced together a “small” portable 6m EME station. You can read about the activation on our club website once it’s published (click). The picture below speaks volumes;

The moon at moon set (4am) with our 6m EME station – photo by Scott VK5TST

While looking at various Apps and trying to work out how this EME thing works, I discovered MoonSked written by David GM4JJJ.

At first glance it appeared to be a cross platform application that would help me plan and understand how this EME thing works without wasting too many late nights outside. What I liked most is I could run it on both Windows or Linux. My main computer in the shack still runs Windows (for reasons), however for laptop(s) and servers I prefer various flavours of Linux. So the installation of MoonSked on my main shack computer was straight forward, however things rapidly fell apart when I tried the same on my Laptop that runs Ubuntu 18.04LTS. I downloaded the zip file, placed it in my home directory and then tried to run it, sigh it didn’t work.

After a quick check of the website I noticed the last version of Ubuntu that MoonSked was built to run on was 9.10 (karmic koala) which went end of life years ago (2013). Being a binary distribution means recompiling and linking this against 64-bit libraries was not an option, sigh; we had to do this the old fashioned hard way.

So having grown up using Linux for more years than I’d care to admit I had a fair idea that this would be the classic “shared library dependency problem”. I wasn’t to be disappointed and even learnt a little about how the new linux multiarch (well new to me) system worked.

So the crux of the problem was MoonSked was compiled against 32-bit binary libraries and my Ubuntu 18.04LTS distro is entirely 64-bit. It is little wonder that MoonSked couldn’t run. So the place to start with any dependency problem is the infamous ‘ldd utility’. Let’s poke inside MoonSked and see what libraries are under the hood;

legend@HP-ShackBook:~/MoonSked$ ldd MoonSked
linux-gate.so.1 (0xf7f48000)
libgtk-x11-2.0.so.0 => not found
libgdk-x11-2.0.so.0 => not found
libgmodule-2.0.so.0 => not found
libglib-2.0.so.0 => not found
libgthread-2.0.so.0 => not found
libgobject-2.0.so.0 => not found
libgdk_pixbuf-2.0.so.0 => not found
libpango-1.0.so.0 => not found
libpangocairo-1.0.so.0 => not found
libpangoft2-1.0.so.0 => not found

libpthread.so.0 => /lib32/libpthread.so.0 (0xf7f07000)
libdl.so.2 => /lib32/libdl.so.2 (0xf7f02000)
libXi.so.6 => not found
libXext.so.6 => not found
libX11.so.6 => not found

libstdc++.so.6 => /usr/lib32/libstdc++.so.6 (0xf7d7c000)
libm.so.6 => /lib32/libm.so.6 (0xf7cb1000)
libgcc_s.so.1 => /usr/lib32/libgcc_s.so.1 (0xf7c93000)
libc.so.6 => /lib32/libc.so.6 (0xf7aba000)
/lib/ld-linux.so.2 (0xf7f4a000)
libcairo.so.2 => not found

Ok so there are a few libraries missing and thankfully I can see some of the lib32 libraries are being found. What is not immediately apparent is that 32-bit libraries can be installed separately and sit alongside the very same 64-bit libraries. The multiarch features of the latest linux kernel and GNU tools is what confuses MoonSked trying to find it’s libraries. So to get MoonSked we need to solve the shared library dependencies separately. So watch the following carefully.

We start by double checking that we are in fact running a full 64-bit system;

legend@HP-ShackBook:~/MoonSked$ uname -m
x86_64
legend@HP-ShackBook:~/MoonSked$ dpkg --print-architecture
amd64

Excellent the kernel is 64-bit and we are using the 64-bit package repository that should be linked against 64-bit libraries. Now we check the following;

expert@HP-ShackBook:~/MoonSked$ dpkg --print-foreign-architectures
i386

Ah Ha ! This is excellent as it means that we can install the 32-bit libraries with the dpkg/apt tools without having to configure dpkg. If you find that i386 isn’t defined as a foreign architecture you’ll need to use dpkg to enable it. There are plenty of websites on the net that can assist here (YMMV), Ubuntu 18.04LTS comes pre-configured for 32-bit and 64-bit multiarch out of the box.

So now we can simply use apt-get to install the dependencies. I simply use a process of elimination to work out what is missing. First I’d use apt-cache and the name of the shared lib to search for library names or resort to the internet, then I’d use apt-get to install it and then re-run ldd again to see the result. The following line works well when the output from ‘ldd’ gets more than a page or two;

$ ldd MoonSked | grep "not found"

This will basically print out any library dependency that was not found to the display. Slowly but surely you work your way through to the end of your list, making notes as you go for your blog (*grin*). Rather than document all of the above steps I’ll just give you the short list;

sudo apt-get install libc6:i386 libpango-1.0:i386 libcairo2:i386 libpangocairo-1.0:i386 libgtk2.0-0:i386 libcanberra-gtk-module:i386 libatk-adaptor:i386 gtk2-engines-murrine:i386 libdlm3:i386

Now the observant will notice at the end of each package is a colon and i386. This tells apt/dpkg to install the 32-bit library and not the default 64-bit package. Depending on what apps you have on your linux machine already some of these packages may already be installed and up to date. If you do find this is the case then simply drop the name off the list above and keep trying.

As I wrote at the very beginning of this post, these are the steps that worked for me on my Ubuntu 18.04LTS installation. I’m hoping that the process used to seek and destroy the missing dependencies makes sense it’s certainly not the only way to do it, works for me YMMV.

At least now I can fire up MoonSked on Ubuntu 18.04LTS and continue my 6m EME experiments. Thanks again to David GM4JJJ for writing MoonSked !

PCB Cleaning for Beginners

I’ve been doing a lot of PCB assembly of late both re-flowing SMD in a toaster oven and a heap of hand soldering.  One thing that bugs me is cleaning up the various rosin’s, flux and solder paste without making a bigger mess.

My usual clean up method is to use IPA and cotton buds, however the IPA has a nasty habit of dissolving the flux/rosin/paste and redistributing it across the surface of the PCB making a slightly tacky mess worse than when I started.   Dang it !   I then resort to using cotton make up removal pads (stolen from the medicine cupboard) and with a blotting technique try to pick up as much of the mess as I can with copious amounts of IPA.  There simply has to be a better/cheaper/simpler way !

So after speaking to a few production Engineers at work I was pointed towards various brands of PCB wash and the suggestion was made to use an ultrasonic cleaner.   A bit of poking around the internet suggested that a good ultrasonic cleaner could be had for less than A$200 and PCB wash should be A$15 to A$20 per litre.

Thankfully my local Jaycar had both locally available which makes supply and  warranty much easier.  I also like supporting my local shops where I can.

The ultrasonic unit I purchased can be found here (click), part number YH5412.  It has a total transducer power of 160W and a tank that can hold up to 2.1L of liquid.  This unit is manufactured in China and if you look carefully you’ll see the same OEM unit on various sites all for about the same price.   This is certainly big enough to hold quite large PCB’s up around 250mm x 150mm and has an inbuilt heater as a bonus.

The PCB wash was yet another story.  This stuff is far cheaper in large quantities but I just wanted a little bit to see how we go.  So I found Jaycar also sold 1L bottles from Chemtools which you can find here (click), part number NA1070.  This stuff is biodegradable which means it should be ok to go down the sink, however I’ve got some 5L bottles I can decant the used liquid into and dispose of at the local EPA as required.  All of the technical stuff can be found on the Chemtools website here (click).  It’s worth reading the TDS and SDS sheets of this stuff and making sure you take the necessary precautions.

So to clean some PCBA’s !

I filled the machine to it’s minimum level (~700ml) and turned on the heater.  Within 10 minutes the fluid was warm (not hot) so I turned off the heater and loaded a number of small PCB’s into the fluid, being careful not to overlap the boards.  The TDS for this PCB wash says the fluid can be heated to  +40 degrees Celsius but is designed to work between 20-30 degrees Celsius.  So I just used it warm, not hot.   I ran the unit for 180 seconds (one of the presets) with the lid on. The ultrasonic cleaner certainly made the right noises and there were lots of little bubbles ripping into the contaminants.  I really like the lid on this unit as a warm liquid evaporates and with the lid on there was certainly condensation under the lid keeping everything in.

Once the countdown timer expired it was into one bowl of distilled water and then rinsed again in a second smaller bowl of distilled water.  I had a spare pair of plastic tongs I could use to move the PCB’s between tanks without using fingers.  The idea of the two baths is to get the bulk of the PCB wash off in the first bowl and then the last dregs off in the latter.   It helps to change the water in the first bowl often, since it takes the bulk of the PCB wash off in the first instance.

Then it was into the drying cupboard at 50 degrees Celsius for 40 minutes to evaporate the last of the water off the board.  My drying cupboard is a 20L toaster oven that I used to use for reflow soldering, nothing high tech but it will idle along at 50 degrees nicely unlike other ovens I’ve tried.   I’ve seen videos online where others have used a paint stripper gun to blow hot air across the boards, YMMV.

So the result ?  I’m impressed.  Quite simply impressed with how clean the boards have come out of this very simple process.   They are now clean and you’d be hard pressed to tell that they didn’t come from a professional board loader.  Inspecting the results under the microscope I see there is very little residue on the boards, both the flux and rosin from the hand soldering processes have been completely removed.  There is no trace of any solder paste balls either.  They are clean as a whistle.

I will have to work out a way to take photo graphs down my microscope to show the results, my feeble attempts at trying to take a macro shot with my phone failed dismally.

Now I have to hurry up with the Whizoo controller and my smaller 9L toaster oven conversion.  Must remember to blog that too.

Mikrotik OpenVPN Configuration

There is heaps of information about configuring a Mikrotik Router as an OpenVPN server on the net.  The following simply documents what I found when I tried to follow in their footsteps.

The first reference I found was Medo’s instructions on how to configure the VPN, I used this to create the certificates, configure the server and get close to a working solution.

However my configuration was a little different in that the remote device I was connecting too (RB411 over 3G) did not have a FQDN only a fixed IP.  So for the ca-template and server-template I used the Fixed IP (xx.xx.xx.xx) for the common name, for the client-template I used the name of the router (RouterName).

/certificate
add name=ca-template common-name=xx.xx.xx.xx days-valid=3650 key-size=4096 key-usage=crl-sign,key-cert-sign
add name=server-template common-name=xx.xx.xx.xx days-valid=3650 key-size=4096 key-usage=digital-signature,key-encipherment,tls-server
add name=client-template common-name=RouterName days-valid=3650 key-size=4096 key-usage=tls-client

I’ve changed both the IP and RouterName to protect the innocent, I’m sure any readers will figure out where to insert their own configuration.

I also found that if you did not change the common name of the client-template certificate then the signing process of Medo’s post would fail with a weird error message.

/certificate
sign ca-template name=ca-certificate
sign server-template name=server-certificate ca=ca-certificate
sign client-template name=client-certificate ca=ca-certificate

Now getting the certs off the remote router was also “interesting”.  This wasn’t something that I’d really done before.   So after a bit of googling and some trial and error I ended up using the pscp utility that is part of the PuTTY package.  You can find the relevant certificates using the /file command.

C:\Program Files (x86)\PuTTY>pscp -r -P 22 user@xx.xx.xx.xx:/* \temp
user@xx.xx.xx.xx's password:
ca-certificate.crt        | 1 kB | 1.8 kB/s | ETA: 00:00:00 | 100%
server-certificate.crt    | 1 kB |   1.8 kB/s | ETA: 00:00:00 | 100%
client-certificate.key    | 4 kB |   1.8 kB/s | ETA: 00:00:00 | 100%

Once I had the certs on my local machine I could continue to follow Medo’s blog.

Now I didn’t want the VPN users to end up in a different IP address space, so I changed my VPN DHCP pool range to be just under the usual Ethernet pool and then set the VPN local address to be the next address under the VPN pool.  Here’s a quick overview;

VPN local_address:  xx.xx.xx.64
VPN dhcp_pool:      xx.xx.xx.65-xx.xx.xx.75
ethernet dhcp_pool: xx.xx.xx.100-xx.xx.xx.200

So I ended up modifying the following commands;

/ip pool
add name="vpn-pool" ranges=xx.xx.xx.65-xx.xx.xx.75

/ppp
profile add name="vpn-profile" use-encryption=yes local-address=xx.xx.xx.64 dns-server=xx.xx.xx.64 remote-address=vpn-pool
secret add name=user profile=vpn-profile password=p4ssw0rd

/interface ovpn-server server
set default-profile=vpn-profile certificate=server-certificate require-client-certificate=yes auth=sha1 cipher=aes256 enabled=yes

Now before anyone says anything you need to change the name and password to suit your own VPN user, at the very least make sure you use a good password.  You’ll notice I dropped the AES-128 and AES-192 ciphers in preference to the 256bit option.   More on this later.

This is where I ran into trouble that took me a while to resolve.

I had installed OpenVPN GUI 2.4.5 which simply refused to connect, it throws TLS errors that are odd.  It turns out that as of OpenVPN 2.3.11 there was a change made that makes it incompatible with older Mikrotik routers, you can read all about it here and there is more information here.

This post also talks about being able to use the tls-cipher parameter to force the client to relax it’s checking of certificates, however I wasn’t able to make this work.  It appears that the latest version of RouterOS have fixed this issue, but that has to wait until I’m next at the console of this particular router to upgrade it.

So after uninstalling the latest OpenVPN 2.4.5 GUI and installing an older version OpenVPN 2.3.10, I was able to connect to my RB411 with v3.2.2 firmware with the following config;

client
dev tun
proto tcp-client
remote xx.xx.xx.xx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
verb 3
remote-cert-tls server
auth SHA1
auth-user-pass
redirect-gateway def1
ca "C:\\Program Files\\OpenVPN\\config\\ca-server.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\client.key"

As you may notice I use Windows for my main machine, so Mac and Linux users will have to do a little more googling on how to specify the paths in this file.   Now the cipher matches the tweak I made to the ovpn-server within the mikrotik router limiting the choice to AES-256 bit.

The proof is in the pudding, after copying all of the certs and config into the approriate directory I could get the VPN client to connect to my remote Mikrotik RB411 router over the VPN.  Many thanks to Medo for blogging his adventures with RouterOS and I hope the suggestions I’ve made above are useful to some.

APRS iGate – Part 3 AX25 Config

Now that the Raspberry Pi is configured we can get back to the radio part again, so lets start with configuring the TNC.

Configure AX25 axports file

Before we can start any ax25 configuration we need to define the call signs and ports in the axports file;

$ sudo nano /etc/ax25/axports

edit the last line to look like this;

# /etc/ax25/axports
#
# The format of this file is:
# name callsign speed paclen window description
#
1 VK5ZM-5 19200 236 2 145.175MHz (1200 bps)

Don’t worry about all the speed, paclen and window values just yet, copy what you see below.  These values are as described in the TNC-Pi user manual.

Configure Kissattach

Now before the ax25 tools can use a TNC it has to be attached to the kernel.  We’ll do this using a utility called kissattach.  This utility will create the necessary ax0 networking interface, we’ll assume our TNC will use the Serial Port ttyAMA0.  Lets test that kissattach will start;

$ sudo kissattach /dev/ttyAMA0 1 10.1.1.1

One note make sure that the IP address passed to the ax0 port is not part of your LAN, it needs to be different !  If you want to be old school you can always throw this into the 44.xx.xx.xx IP address range that was reserved for Amateur use, you can find more details here.

If you dont see any error messages type the following command;

$ ifconfig

look for the following lines;

 ax0: flags=67<UP,BROADCAST,RUNNING> mtu 236
 inet 10.1.1.1 netmask 255.0.0.0 broadcast 10.255.255.255
 ax25 VK5ZM-5 txqueuelen 10 (AMPR AX.25)
 RX packets 0 bytes 0 (0.0 B)
 RX errors 0 dropped 0 overruns 0 frame 0
 TX packets 0 bytes 0 (0.0 B)
 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

All going well we now have a working ax25 interfaces and most of the TNC configured.

Now we need to make sure kissattach is started after a reboot, so open the following file;

 $ sudo nano /etc/rc.local

We need to add the following lines somewhere near the bottom, I found that the maintainers of raspbian-stretch print the IP address to the console when the machine boots, so I added the following after this;

# starting ax0 interface using kissattach
if [ -x /usr/sbin/kissattach ]; then
  echo "Starting Kissattach: Binding port ax0"
  /usr/sbin/kissattach /dev/ttyAMA0 1 10.1.1.1
fi

You can test this by rebooting and then checking if the service was restarted, but we’ll need to edit this file again before the end of this post so hang tight for a minute !

AXListen

One of the more tricky aspects of configuring ax25 on linux is we must deal with is non-root access to the ax0 interface that we’ve just created.  On any Linux system you normally must have be root or use sudo to access any network interface.

So what we do is the same trick that admins do with the command ping and set the SUID permission bit on the axlisten file.  By setting this permission bit it will allow non-root users to execute this command as if they were root, without being granted any further root privileges.

$ sudo chmod 4755 /usr/bin/axlisten

now we can test it;

$ls -al /usr/biin/ax*
-rwxr-xr-x 1 root root 50836 Sep 20 2015 axcall
-rwxr-xr-x 1 root root 17516 Sep 15 2015 axgetput
-rwsr-xr-x 1 root root 43064 Sep 20 2015 axlisten

Depending on your shell you may find that the text “axlisten” is coloured with a red background.  If you look carefully at the user permission bits (highlighted above in bold) you should see that instead of an X for execute it has changed to an S for SUID.

Unless you have your TNC connected to a radio and channel traffic there is not much point in testing just yet, however if you do simply run;

$ axlisten -c

It can take time but you should see packets being decoded, the yellow LED on the tncpi will also light when a packet is decoded.

One thing I’ve noted (a of Feb 2018) is that axlisten has not been compiled with ncurses support in the latest Raspbian-stretch packages which means there is no colour support.  You will occasionally see “Could not initialize color support” (sic), wihch is annoying since raspbian-jessie works perfectly.  Hopefully the maintainers will fix this oversight at some point.  We can always compile ax25-tools from scratch, Charles K4GBB has an excellent tutorial and script here for those wishing to try this themselves.

Configure Mheard

The mheard daemon monitors the AX25 channels and records call signs that it hears along with some basic stats.   This can be handy for debugging RF issues and just generally gauging how well your node is working.  It’s much the same as the mheard function found in many packet TNC’s in the day.

To get mheard running we simply edit the rc.local file again;

$ sudo nano /etc/rc.local

Then add the following lines at the bottom of the file after where we start kissattach (see above);

# starting mheard daemon
if [ -x /usr/sbin/mheardd ]; then
  echo "Starting Mheard Daemon"
  /usr/sbin/mheardd
fi

Now is probably a good time to test that we will survive a reboot;

$ sudo reboot

Once the Pi has restarted use the following commands to see what happened;

$ ps -aux | grep mheard
root 2049 0.0 0.0 1908 120 ? S Feb17 0:00 mheardd
$ ps -aux | grep kiss
root 413 0.0 0.0 1908 108 ? S Feb17 0:00 /usr/sbin/kissattach /dev/ttyAMA0 1 10.1.1.1

The mheard command needs to monitor the AX25 channels for a little while before it starts recording information, here’s an example of it working.

$ mheard
Callsign Port Packets Last Heard
VK5ZM-7 1 11 Sun Feb 18 09:52:04

If the output remains blank then using axlisten make sure you’re hearing traffic and that the receive LED (yellow) is being illuminated as traffic is heard.   This needs to be working before mheard will start to do something.

Now we can get onto alignment of the radio and some further testing in the next instalment.

APRS iGate – Part 2 Pi Config

Bringing up a Raspberry Pi (rPi) is not difficult for anyone with some basic linux admin skills.  If you haven’t looked at the hardware I’m using you can read this back here in part 1.  The instructions below are the basics of what I’ve done for my rPi, yours will likely be different YMMV.

Prepare Raspbian

I downloaded the latest “lite” version of Raspbian from here at the time of writing that was Raspbian Stretch.  For an iGate you don’t really need all the graphics and bling, the command line is easy to use.

Once downloaded I extracted and wrote the image to an 8Gb SDCard using win32diskimager.   From there the card went in to the Pi and then let it boot with a screen and keyboard attached.   Watch carefully and make sure that the OS expands the image to fill your entire SDCard.

I’d suggest plugging the Pi into your network using the Ethernet adaptor to start with, this is somewhat easier to deal with than setting up the WiFi.

Update, Upgrade and Configure

Once the Pi has booted log in using the default pi user name and password, you can find this on the rPi website.  Once you’re logged in run the following commands;

#sudo apt-get update
#sudo apt-get update

Answer yes to any questions regarding increased disk usage.   This will bring your Pi up to date with all of the latest changes.  Now we’re ready to configure the Pi hardware, execute the following command;

#sudo raspi-config

This will bring up a ncurses menu in which you can configure your Pi.  I’d suggest the following changes are made;

  • Configure your WiFi in the network options menu
  • Configure your localisation options (locale, timezone and keyboard layout)
  • Configure the Interfaces
    • Enable SSH
    • Enable i2c
    • Enable Serial

Once you have finished then exit the raspi-config tool and reboot your Pi

Change the Default User

Personally I don’t use the Pi user account and prefer to create my own user.   I usually run the following commands;

#sudo adduser myuser

Where myuser is your preferred user name.  Follow the questions and when faced with the password don’t be tempted to make it an easy one, especially if you intend to allow external ssh.   If you fear loosing the password then look at Lastpass, there are others but I like Lastpass.

Now still using the pi user open the following file;

#sudo nano /etc/group

Working your way down the file every time you see a line that contains pi add your new users name.  This will then grant your new user the same privileges as the default pi user.  It’s really important you update this one;

sudo:x:27:pi,myuser

Again change “myuser” to your preferred user name and before anyone tries to hack my systems this isn’t the user name I use either (Duh!).   Once you’ve worked your way to the end of this file then save your changes, again google will help you here.

It’s time to test your new account, make sure that you can login and execute sudo commands before you go any further.

Open the following file in your favourite editor;

#sudo nano /etc/shadow

Did I mention I like nano ?  Now look for the line starting with pi, it will be long compared to the others in this file, between the first and second colon replace the text with an asterisk.  Pay careful attention while deleting that you don’t go too far !   It should end up looking something like this;

pi:*:17499:0:99999:7:::

The text between the first and second colon is a hash of the user password, replacing it with the asterisk disables this user from logging in from the console or ssh without deleting the user.  It means you can use the command;

#sudo su pi

to switch to the pi user should you ever need to in the future.

 

Firewall

Personally I don’t like running my Pi’s without some form of firewall.   Right now the firewall is not configured this will be done after the AX25 tools have been installed.  It is up to the reader if they decide to enable the firewall before allowing remote logins to the Pi.

WiFi & Bluetooth

The rPi-3 comes with WiFi and Bluetooth enabled.  I was pleasantly surprised to see both interfaces in the boot up sequence appear and be configured.   The Bluetooth interface does not present any security risks and it should be safe to leave this enabled.

I prefer to connect my rPi’s to Ethernet interfaces in preference to using WiFi.  I’d also like at some point to work out how to get the rPi to perhaps be a WiFi access point, meaning I can log into the machine locally.  That will certainly be a blog entry at some point in the future.  For the time being I’ve simply left the interface un-configured.  Both the Bluetooth and WiFi can be disabled by adding the lines shown to config.txt file in the boot directory;

#sudo nano /etc/config.txt

>> Add these lines to the bottom of config.txt <<
dtoverlay=pi3-disable-bt
dtoverlay=pi3-disable-wifi

Finished ?

Anyway the basic installation and configuration of the Pi is now complete.  Next we can concentrate on configuring the AX25 and iGate software, which I’ll continue in Part 3.

APRS iGate – Part 1 Hardware

In late 2012 I built my first receive only APRS iGate from a Raspberry Pi (rPi) and a Argent Data Tracker T2-301.   This has faithfully sat in a corner of my garage forwarding APRS packets to the internet all this time.  Drawing just shy of 1 watt in power, it doesn’t add any significant costs the household power bill.   I’ve been surprised just how reliable this setup has been and from time to time I even remember to login and check for security updates.

Since I built that first machine there’s been some nice developments in the world of rPi’s and AX25, so I thought I’d share the details of my latest APRS iGate project.

While searching for rPi power supplies I came across the BitScope Blade Uno which can power and hold a Model-B rPi and a HAT.   I was pondering one of these when it hit me that if you take this board, add a rPi and a Coastal ChipWorks TNCPi then I’d have a rather nice hardware platform on which to build a new APRS iGate  Even better is I can stuff it in a small 19″ rack mount case instead of sitting it on a shelf in the garage !.

So I just had to order the bits and wait the for the shipping.  Below is the hardware assembled, total cost just shy of A$150

I ordered the TNCPi as a kit and soldered it together in an hour or so, John W2FS’s kit is easy to build and the instructions are great.   I’ve also decided to use a Raspberry Pi 3 which includes on-board WiFi and Bluetooth.   With the hardware assembled then all we’ve got to do is configure it, which I’ll continue in Part 2.

Hilux Wiring

As part of the final push to get my Hilux past her impending Road Worthy I spent quite a bit of time dealing with the electrical’s.   I hate working on automotive wiring at the best of times so to make my job easier I remove the centre console and seats to give me room to manoeuvre.

After pulling out the seats I found there was a heap of dirt and muck that had collected under the floor mat, along with evidence of a water leak from the front windscreen in both foot wells.   While I was under the floor mat I also took the opportunity to remove unused wiring from different radio experiments, that had accumulated over the years.  Cleaning up the floor pan certainly took a while.

Once the floor pan was clean I was able to tackle the last of the wiring jobs;

  • Get the high beam indicator lamp in the instrument cluster working
  • Get the washer bottle pump working again
  • Replace the second hand combination switch on the steering wheel (again), turns out it had a fault I’d not spotted previously when flashing the high beams with the headlights OFF

Now as you’d expect pulling an old car apart will quickly result in broken plastic clips.  I was a little surprised when the cowling that covers the steering wheel column came part in my hands, it had gone brittle.  Thankfully a suitable replacement it was reasonably priced at the local wrecker.  While I was at the wrecker I also took the opportunity to pick up all those little plastic cover pieces that you loose over the years.

So after the wiring was done it was time to reassemble the interior and put this old girl back together.

Hilux Turbo Blanket

Since rebuilding my old Toyota Hilux engine last year and fitting a turbo I’ve never been happy with the heat shield that was supplied in the kit.

This shield would attach to two studs on the brake booster assembly and hang their keeping the heat from the turbo away from the master brake cylinder.  However the weight and orientation of this bracket did not give me confidence that it would survive under the bonnet on a rough road.  To put it blunt there wasn’t enough mechanical support.  If it were to fail it would potentially cause damage to the braking system which is counter intuitive.

So instead I went looking for a better solution.   After a bit of research I found suppliers for “Turbo Blankets”.  These blankets are made from fire proof materials and are designed to wrap around the turbo exhaust turbine and keep the heat within the turbo and out of the engine compartment.  It relies on the exhaust gases taking the heat out of the engine bay and into the exhaust.   So one was duly ordered from an online supplier which arrived promptly.

Fitting a turbo blanket is fiddly, you will feel like you need three hands.  The two springs that wrap around the exhaust manifold and pipe seem to have a mind of their own.  Perseverance and a little Zen may be required.

So after a few scun knuckles and small injuries I managed to get the turbo blanket fitted.

It’s worth spending a little time making the edges neat, the better the fit the better the heat shielding.  What I like about this arrangement is the weight of the blanket is off the brake booster assembly.

The turbo blanket came with a warning that it should be replaced if removed.  Inside are silica based materials that fuse together when heated.  So moving or breaking these materials by removing will see it’s effectiveness reduced.  So I’ve ordered a spare that will sit in my cupboard if I need to do any work on this in the future.

So the question is how well does it work?  Well getting the turbo hot in a diesel hilux requires hills and load.  I’m lucky to have a long steep grade not too far from my home where I can make the turbo work hard for some time.  So starting at the bottom of the hill we simply pushed the old girl to full boost and held her there until the EGT hit max (550degC), then I could try to pull over and make a measurement.

Now the trick is the EGT cools down really, really fast from this temp so you’ve got to be quick.   When I lept out of the cab having stopped in a parking bay with my phone in hand the EGT was already down to 450 degC and the car had been driven for 20 mins in normal traffic beforehand.

I’d think you agree that the brake booster is not in any danger of being overheated by the exhaust turbine.  So now I’ve just got to wait for some hot weather to arrive and see if I can borrow a Flir temp camera and make some better measurements.  Cant’ wait to see how this goes.