Date   

Re: MMDVM User Authentication

Steve N4IRS
 

I think OpenBridge is fine for server to server but it requires BM admin intervention. Not suited for most of what we want to do.

Steve

On 7/6/2018 11:14 AM, Cort N0MJS via Groups.Io wrote:
To Matthew’s point, I won’t modify HBP. It’s bad enough that BM, MMDVM and DMR+ can’t stay on the same page, I won’t be the 4th dialect :)

But agree that a better way would be nice!


On Jul 6, 2018, at 8:59 AM, Matthew 2E0SIP <groups.io@...> wrote:

Cort - I think to make this work reliably as you would need a 1:1 mapping between Radio IDs and Passwords, and potentially limit the clients that can connect using those credentials. That way if someone shares their credentials they would then get kicked from the server.

It would be quite nice if authentication on the MMDVM protocol was improved (I quite like BM's OpenBridge implementation) but that's a discussion for another day and would also some collaboration with G4KLX etc

That said, Rod - Have you considered controlling access using a VPN ? Something like https://www.zerotier.com/ would work very well for this application



Re: MMDVM User Authentication

Peter M0NWI
 

Rod,


I thought I'd offered a response about using sub_acl.py last Sunday, did that not suit your needs, to allow/deny bridging for given radio ID's?


If you really want to lock it down, and I know it's a bit of work, but you could stand a master up for each client with a unique password, define specific bridge rules between these masters, and switch on sub_ACL so only those who have both the correct radio Id, correct talk group and correct password for the master instance will get in?


73,

Peter




From: main@DVSwitch.groups.io <main@DVSwitch.groups.io> on behalf of Rod - KC7AAD <kc7aad@...>
Sent: 06 July 2018 14:12
To: main@DVSwitch.groups.io
Subject: Re: [DVSwitch] MMDVM User Authentication
 
Anyone?? Ideas? Thoughts?


Re: MMDVM User Authentication

Cort N0MJS <n0mjs@...>
 

To Matthew’s point, I won’t modify HBP. It’s bad enough that BM, MMDVM and DMR+ can’t stay on the same page, I won’t be the 4th dialect :)

But agree that a better way would be nice!


On Jul 6, 2018, at 8:59 AM, Matthew 2E0SIP <groups.io@...> wrote:

Cort - I think to make this work reliably as you would need a 1:1 mapping between Radio IDs and Passwords, and potentially limit the clients that can connect using those credentials. That way if someone shares their credentials they would then get kicked from the server.

It would be quite nice if authentication on the MMDVM protocol was improved (I quite like BM's OpenBridge implementation) but that's a discussion for another day and would also some collaboration with G4KLX etc

That said, Rod - Have you considered controlling access using a VPN ? Something like https://www.zerotier.com/ would work very well for this application


Re: MMDVM User Authentication

Matthew 2E0SIP
 

Cort - I think to make this work reliably as you would need a 1:1 mapping between Radio IDs and Passwords, and potentially limit the clients that can connect using those credentials. That way if someone shares their credentials they would then get kicked from the server.

It would be quite nice if authentication on the MMDVM protocol was improved (I quite like BM's OpenBridge implementation) but that's a discussion for another day and would also some collaboration with G4KLX etc

That said, Rod - Have you considered controlling access using a VPN ? Something like https://www.zerotier.com/ would work very well for this application


Re: MMDVM User Authentication

Cort N0MJS <n0mjs@...>
 

First off, in your original post you said: "Is there a way to have an "authorized user" list in the MMDVM Server?”

I don’t know what an “MMDVM Server” is because I didn’t write any programs called that. I *think* what you want is a black/white list option for allowing clients to connect to hblink.py when it’s configured as a master. Is this what you’re asking for? I know you’re probably cussing me right now for being pedantic, but believe me, after 5 years on this project, I’ve learned we have to be accurate and explicit. If it is what you’re asking, here are my thoughts:

1) HBlink wasn’t written to be a hotspot aggregator, though I realize it’s become that to a number of users.
2) This sounds like a solution b/c systems operators are not adequately controlling their end-users – I know, it’s really hard to control some people.

So how would we go about doing this? IP address isn’t good because too many NAT addresses change too often. It would almost have to be by the radio ID of the client connecting. But if you have users tossing about the password, would they not do the same with the radio ID of their hotspot? The only reasonable way I can think of is by radio ID.

Adding the “feature” would not be complicated. I could kick it out in the next few days. My concern is whether or not it would adequately address the issue, or just push it off into yet another issue. Because there’s one thing I will not do, which is keep chasing solutions for problems that only exist because bad actors are passing around login credentials on one system out there.

I’d like more than one person to say “this would be really beneficial to me”, and all of you who say that to tell me that if the users just find another way to be bad, you won’t be back for another technical solution to an administrative problem – because using technology to continually solve an administrative (human) problem usually creates collateral damage and diminishing returns.

I’d like to see 5 YES votes before I proceed. I can make a poll for the group, but would rather just see some replies to this with one word “YES” or “NO”.

0x49 DE N0MJS


On Jul 6, 2018, at 8:12 AM, Rod - KC7AAD <kc7aad@...> wrote:

Anyone?? Ideas? Thoughts?

--
Cort Buffington
H: +1-785-813-1501
M: +1-785-865-7206






Re: MMDVM User Authentication

Rod - KC7AAD
 

Anyone?? Ideas? Thoughts?


Re: DMR <-> P25

Steve N4IRS
 

Jerry,
You are on the right track building from the outside in. P25 to DMR requires transcoding. That is your next step. P25 to DMR looks like this:

P25Reflector <-> P25Gateway <-> MMDVM_Bridge <-> Analog_Bridge_1 <-> Analog_Bridge_2 <-> MMDVM_Bridge <-> BrandMeister

The 2 copies of Analog_Bridge are connected "back to back" to transcode P25 to DMR.   Analog_bridge_1 is configured for IMBE (P25) and Analog_Bridge_2 is configured for AMBE (DMR).

[USRP] Analog_Bridge_1                  [USRP] Analog_Bridge_2
address = 127.0.0.1                     address = 127.0.0.1
txPort = 32001                          txPort = 34001
rxPort = 34001                          rxPort = 32001
aslAudio = AUDIO_UNITY                  aslAudio = AUDIO_UNITY
agcGain = -20                           agcGain = -20
dmrAudio = AUDIO_UNITY                  dmrAudio = AUDIO_UNITY
dmrGain = 0.35                          dmrGain = 0.35

Above is the [USRP] stanza from each copy of Analog_Bridge. Notice the "crossover" of the TX and RX ports.

In the above diagram, You only need 1 copy of MMDVM_Bridge. P25 points to Analog_Bridge_1 and DMR points to Analog_Bridge_2

Hope this helps,

73, Steve N4IRS

On 07/06/2018 06:03 AM, va3czk@... wrote:
Good morning,
I'm just getting my head wrapped around this and trying to set up P25<-->DMR and here is what I have done so far.
- P25 Gateway up and running and conectend to the reflector
- MMDVM_Bridge P25.ini modified with my and BM credentials, both P25 and DMR enabled.
When both running I can see traffic from both sides flowing to MMDVM_Bridge in the log file.
 
What else is missing to make this combo work.

73' Jerry va3czk
 


DMR <-> P25

va3czk@...
 

Good morning,
I'm just getting my head wrapped around this and trying to set up P25<-->DMR and here is what I have done so far.
- P25 Gateway up and running and conectend to the reflector
- MMDVM_Bridge P25.ini modified with my and BM credentials, both P25 and DMR enabled.
When both running I can see traffic from both sides flowing to MMDVM_Bridge in the log file.
 
What else is missing to make this combo work.

73' Jerry va3czk
 


Re: Trying to set up Parrot

KB5PBM
 

Its now working .. Thank you. 


Re: Trying to set up Parrot

Cort N0MJS <n0mjs@...>
 

exact same error? If so, can you just zip up your hblink directory and send it?

On Jul 5, 2018, at 12:02 PM, KB5PBM <rob297@...> wrote:

Deleted and cloned master and still seeing same results. 

--
Cort Buffington
H: +1-785-813-1501
M: +1-785-865-7206






Re: Trying to set up Parrot

KB5PBM
 

Deleted and cloned master and still seeing same results. 


Re: Trying to set up Parrot

Cort N0MJS <n0mjs@...>
 

crickets…. is it ok now?

On Jul 3, 2018, at 9:52 PM, Cort N0MJS via Groups.Io <n0mjs@...> wrote:

All apps fixed in the master branch…. no promises I didn’t miss something. Been up since way early, and there’s a kitten crawling all over me while I’m working tonight.

On Jul 3, 2018, at 3:35 PM, rob297@... wrote:

[Edited Message Follows]

I am unable startup parrot.py.  New at this and have conference bridge already running.  Trying to run this in another directory seperate from main bridge.  Error below..  I know I am missing something but cant find it.  Please help.

INFO ID ALIAS MAPPER: 'peer_ids.csv' is current, not downloaded
INFO ID ALIAS MAPPER: 'subscriber_ids.csv' is current, not downloaded
INFO ID ALIAS MAPPER: peer_ids dictionary is available
INFO ID ALIAS MAPPER: subscriber_ids dictionary is available
INFO HBlink 'hb_parrot.py' (c) 2016 N0MJS & the K0USY Group - SYSTEM STARTING...
Traceback (most recent call last):
  File "hb_parrot.py", line 226, in <module>
    systems[system] = parrot(system, CONFIG, logger)
  File "hb_parrot.py", line 59, in __init__
    HBSYSTEM.__init__(self, _name, _config, _logger)
TypeError: __init__() takes exactly 5 arguments (4 given)


hblink.cfg

[Master]
MODE: MASTER
ENABLED: True
REPEAT: True
EXPORT_AMBE: False  
IP: 127.0.0.1
PORT: 54010
PASSPHRASE: Passw0rd
GROUP_HANGTIME: 5

[Parrot]
MODE: CLIENT
ENABLED: True
LOOSE: False
EXPORT_AMBE: False
IP:
PORT: 54025
MASTER_IP: 127.0.0.1
MASTER_PORT: 54010
PASSPHRASE: Passw0rd
CALLSIGN: XXXXXX
RADIO_ID: 314882403
RX_FREQ: 449000000
TX_FREQ: 444000000
TX_POWER: 25
COLORCODE: 1
SLOTS: 1
LATITUDE: 38.0000
LONGITUDE: -095.0000
HEIGHT: 75  
LOCATION: Houston,TX
DESCRIPTION: TARMA  
URL: www.rob297.com
SOFTWARE_ID: 20170620
PACKAGE_ID: MMDVM_HBlink
GROUP_HANGTIME: 5
OPTIONS:

--
Cort Buffington
H: +1-785-813-1501
M: +1-785-865-7206






--
Cort Buffington
H: +1-785-813-1501
M: +1-785-865-7206






Re: WiFi disabled in startup image

Steve N4IRS
 

Larry,
as root, run raspi-config select Localisation Options, then select Change Wi-fi Country.

73, Steve N4IRS

On 07/03/2018 09:30 PM, mothesmith@... wrote:
Today was the day to start the configuration process for bringing up a node to transit to and from DMR.  Regardless of which Raspberry PI I used, and after multiple SD card imaging I could not get the system to perform an update or upgrade using the wireless network. The initial image does as expected when the PI is connected directly to the router. After ruling out hardware issues. I concluded that the startup image simply could not connect wirelessly.  It was at this point that I discovered a statement in the boot process to the effect that 'WiFi is disabled unless a county code is present.'  So, am I on the right track? Does this statement mean anything at all? Does the system only reliably function when attached directly to the router? If not, what suggestions might there be for getting the system to function wirelessly?

Thank you,
Larry Moyer, K5IMO


WiFi disabled in startup image

mothesmith@...
 

Today was the day to start the configuration process for bringing up a node to transit to and from DMR.  Regardless of which Raspberry PI I used, and after multiple SD card imaging I could not get the system to perform an update or upgrade using the wireless network. The initial image does as expected when the PI is connected directly to the router. After ruling out hardware issues. I concluded that the startup image simply could not connect wirelessly.  It was at this point that I discovered a statement in the boot process to the effect that 'WiFi is disabled unless a county code is present.'  So, am I on the right track? Does this statement mean anything at all? Does the system only reliably function when attached directly to the router? If not, what suggestions might there be for getting the system to function wirelessly?

Thank you,
Larry Moyer, K5IMO


Re: Trying to set up Parrot

Cort N0MJS <n0mjs@...>
 

All apps fixed in the master branch…. no promises I didn’t miss something. Been up since way early, and there’s a kitten crawling all over me while I’m working tonight.

On Jul 3, 2018, at 3:35 PM, rob297@... wrote:

[Edited Message Follows]

I am unable startup parrot.py.  New at this and have conference bridge already running.  Trying to run this in another directory seperate from main bridge.  Error below..  I know I am missing something but cant find it.  Please help.

INFO ID ALIAS MAPPER: 'peer_ids.csv' is current, not downloaded
INFO ID ALIAS MAPPER: 'subscriber_ids.csv' is current, not downloaded
INFO ID ALIAS MAPPER: peer_ids dictionary is available
INFO ID ALIAS MAPPER: subscriber_ids dictionary is available
INFO HBlink 'hb_parrot.py' (c) 2016 N0MJS & the K0USY Group - SYSTEM STARTING...
Traceback (most recent call last):
  File "hb_parrot.py", line 226, in <module>
    systems[system] = parrot(system, CONFIG, logger)
  File "hb_parrot.py", line 59, in __init__
    HBSYSTEM.__init__(self, _name, _config, _logger)
TypeError: __init__() takes exactly 5 arguments (4 given)


hblink.cfg

[Master]
MODE: MASTER
ENABLED: True
REPEAT: True
EXPORT_AMBE: False  
IP: 127.0.0.1
PORT: 54010
PASSPHRASE: Passw0rd
GROUP_HANGTIME: 5

[Parrot]
MODE: CLIENT
ENABLED: True
LOOSE: False
EXPORT_AMBE: False
IP:
PORT: 54025
MASTER_IP: 127.0.0.1
MASTER_PORT: 54010
PASSPHRASE: Passw0rd
CALLSIGN: XXXXXX
RADIO_ID: 314882403
RX_FREQ: 449000000
TX_FREQ: 444000000
TX_POWER: 25
COLORCODE: 1
SLOTS: 1
LATITUDE: 38.0000
LONGITUDE: -095.0000
HEIGHT: 75  
LOCATION: Houston,TX
DESCRIPTION: TARMA  
URL: www.rob297.com
SOFTWARE_ID: 20170620
PACKAGE_ID: MMDVM_HBlink
GROUP_HANGTIME: 5
OPTIONS:

--
Cort Buffington
H: +1-785-813-1501
M: +1-785-865-7206






Re: Trying to set up Parrot

Cort N0MJS <n0mjs@...>
 

Yep – when I added socket based reporting to the master branch, I forgot to update several of the sample applications… Will be fixed tomorrow.

On Jul 3, 2018, at 5:14 PM, KB5PBM <rob297@...> wrote:

[Edited Message Follows]

Removed MASTER in hblink.cfg for parrot.py config.  It will run with the PARROT client disabled.  But I still get the same error with the client enabled.  The instance of confbridge.py  I added a master PARROT listening on 54010. and added rule for talkgroup 9990 to PARROT.  Netstat shows new Master (PARROT) is listening on port 54010.  I know I am missing something simple.  Could I be missing some modules?


--
Cort Buffington
H: +1-785-813-1501
M: +1-785-865-7206






Re: Trying to set up Parrot

KB5PBM
 

Made sure I am using master branch and re sync'd.  Same results.  My confbridge.py still work great!!


Re: Trying to set up Parrot

Cort N0MJS <n0mjs@...>
 

It’s something deep. The error you had indicates an internal class is being called incorrectly. This isn’t something an end-user can affect with configuration. I checked the current master and HB_Branches and see no issues.

I’d ask to make sure you’re on the master branch and up to date with it. If you can verify that and the problem persists, I will engage you on it – but we’ll need to take if off-list. We’ll be digging deep into the code and that’ll just be noise here.

On Jul 3, 2018, at 5:14 PM, KB5PBM <rob297@...> wrote:

Removed MASTER in hblink.cfg for parrot.py config.  It will run with the PARROT client disabled.  But I still get the same error with the client enabled.  The instance of confbridge.py  I added a master PARROT listening on 54010. and added rule for talkgroup 9990 to PARROT.  Netstat shows new Master (PARROT) is listening on port 54010.  I know I am missing something simple. 


--
Cort Buffington
H: +1-785-813-1501
M: +1-785-865-7206






Re: Trying to set up Parrot

KB5PBM
 
Edited

Removed MASTER in hblink.cfg for parrot.py config.  It will run with the PARROT client disabled.  But I still get the same error with the client enabled.  The instance of confbridge.py  I added a master PARROT listening on 54010. and added rule for talkgroup 9990 to PARROT.  Netstat shows new Master (PARROT) is listening on port 54010.  I know I am missing something simple.  Could I be missing some modules?


ThumbDV on Sale

 

The ThumbDV is on sale through July for $99.95
 

7821 - 7840 of 9589