You are here

More than 1 tunnel server node

10 posts / 0 new
Last post
w8erw's picture
More than 1 tunnel server node

I've not seen this spoken to.  However, is it possible to have more than one node operating as a tunnel server on the same internet connection.  It would seem not in that the tunnel server node uses port 5525 exclusively.  A possible reason to do so would be the desire to switch existing tunnel connections to a new node, perhaps to a 64Mb node from a 32Mb node while maintaining existing connectivity.  Both new and old tunnel serving nodes would need to be fed from the same home router to do so.  My logic says not under normal circumstances without provision for additional port forwarding (5525, 5526), a different port for each tunnel serving node.  Any thoughts?   Thanks, Jim W8ERW

nc8q's picture
Migrating a tunnel server.

Hi, Jim:

Key words/phrases: possible, while maintaining existing, home router, normal.

Good question. I think it is kind of possible.
It is possible to have a firewall/router port-forward based on inbound IP address.
It seems that a new-node's tunnel server 'Network' port can be modified to 172.31.X.Y to match the existing old-node tunnel server.
However, you specified 'home router'.
So, I assume 'no' as it may not be not 'normal' for a 'home router' to port-forward based on both port and inbound IP address.

I am unsure that if a node's tunnel server's 'Network' modified address is retained over a reboot or sysupgrade.
If a tftp factory-bin upload occured, the owner would need to reprogram the modified tunnel 'Network' address.
Maybe not 'normal'.

I think that there is a maximum of ten (10) tunnels allowed, so which is easier:

 copying the tunnel client's node names and modifying the new-node's tunnel 'Network' address,
 which maintains 'existing connectivity'.
  copying the tunnel client's node names and
  getting up to ten neighbor tunnel clients to edit their node's tunnel configuration,
  which momentarily breaks 'maintaining existing connectivity'.

HTH, Chuck

w8erw's picture
Home Router

The router is a Linksys WRT1900 which should have the capability.  The other issue involved is addressing the clients remotely which likely would not be possible.  Maintaining the tunnel connection while doing the necessary editing could be a problem.  Once the connection was lost, if the reconfiguration was not yet complete, remote admin would cease.  I can see this being a table top exercise until it can be proven to work.

WU2S's picture
Multiple tunnel servers

Yes, it is possible to have more than 1 tunnel server on your internet connection.
It requires using another port number, say 5526, for the second server, and another hostname for your second dynamic DNS gateway on DDNS or NoIP.
It also requires that you manually edit both your tunnel server configuration file and the client's tunnel configuration to use this new port number. 
I am doing this with 2 tunnel servers as an extended experiment. 
As always, tunnels are not recommended for production emergency communications networks.

w8erw's picture
Second Hostname

I assumed a second DNS host name would be required which I do have.  The gnarly part would be in editing the configuration files and if that could be done remotely with the clients.  Good to know it is possible.

w8erw's picture

I agree, the proper sustainable RF links are ideal.  In the interim, tunnels help demonstrate capability and sell the concept.  It's all a learning process and much like building your own equipment, working with the AREDN network and realizing success is fascinating and creative.  Often making something work when it wasn't supposed to is as much fun as using it once you have made it work.  Isn't that what we do...   

K6AH's picture
Randy's use of the phrase... 

Randy's use of the phrase... "production emergency communications networks" means one that is ready to serve the needs of hams supporting disaster-services organizations.  When tunnels form links within that network they give the impression the network is more comprehensive than it actually is.  It also results in a false sense of readiness.

There's nothing wrong with using tunnels... just be careful how you present/sell the network and let everyone know that these links (and the nodes they connect in) likely will not be running during a disaster.


w8erw's picture

Andre, I much agree.  My earlier reference to making things work that were not supposed to was directed more at the way we Hams approach a problem and not so much as using tunnels when we understand they will likely fail under the stress of a disaster situation.  In general I believe our current situation where cellular has replaced much if not nearly all of the wired telephone network, we have opted for convenience over reliability.  Cell phones really suck and the promises that were made early have never been realized. It's gotten better and likely that will continue but as in most anything else, there is a time and place.  The reality of the situation is always important to remember.

nc8q's picture
switch existing tunnel connections to a new node

Hi, Jim:

To migrate a tunnel to a new node could be done by editing the new node's tunnel network ('Tunnel Server Network')
to the same network range as the old tunnel,
copy the old client none names to the new node matching 'Client', 'Pwd', and 'Net',
then edit your router to port forward to the new nodes LAN IP address.
If the old-tunnel and new-tunnel used static IP addresses, then there would be no need
to re-configure the router. Just edit each tunnel's address (/admin: WAN: DHCP, static, disabled).
I think this would be a seamless migration.

On a NS-M5-XW, with 'Keep Settings' selected,
I edited the tunnel server network to and did a sysupgrade.
The edited network base address was retained.

HTH, Chuck

w8erw's picture
Tunnel connections migrating to a new server node


This is the process that I had envisioned although I had no idea if it were possible to do so.  Aside from editing the port and other parameters in order to establish effectively two servers which seems to be a lot more difficult, this is a more simple approach.


Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer