The Internet Radio Linking Project

1
The Internet Radio Linking Project
I.R.L.P

• Presented by VE7LTDIRLP System Designer
• Las Vegas, April 16 2005

2
Topics of DiscussionPresentation No. 1

• Introduction
• History of Internet Linked Repeaters
• How IRLP Started
• Comparison of the Amateur Radio Voice-Over-IP
  Systems
• What Does the Future Hold?

3
The Internet Radio Linking Project

• Part 1

4
Introduction

• The aim of the Internet Radio Linking Project
  (IRLP) is to provide a simple and easy system to
  link amateur radio systems together using the
  Internet as the communications backbone.
• Similar linking options exist, but they use
  expensive leased telephone lines or satellite
  equipment. It is not the goal of this project to
  compete, but to work along with other networks to
  improve the technology and improve radio linking
  for all involved parties. The people who benefit
  most from the IRLP are its users.
• The software and hardware requirements are
  minimal, and the cost to set up a node is low.
  This brings the opportunity for smaller more
  remote locations, or small clubs, to experience
  national linking without the large capital cost
  of a satellite node or leased line.

5
History of Internet Linking

• Back in December of 1996, I was flipping through
  the many magazines at the University of British
  Columbia amateur radio club. I came across the
  December 1996 issue of the QST Amateur Radio
  magazine that had the words "Link your repeater
  to the Internet" written on it. I had a quick
  read through the issue and found a well written
  article by James Millner, WB2REM entitled 'A New
  "Band" for Your Radio'. At first glance, I was
  hooked. What more could I ask for? It was a
  combination of the two hobbies that I love the
  most.
• My first connection used VocalTec's Iphone. The
  original article by WB2REM used Iphone to send
  the voice over the internet. I did have some
  problems with the software, mainly in the fact
  that Iphone is not very stable nor is it
  controllable. After running Iphone for close to 6
  months on active connections to Vernon BC and St.
  John NB, I decided that the stability and control
  were key. That is when I started getting into
  using LINUX as an operating system and Speak
  Freely as a client/server.

6
History of Internet Linking (contd)

• Speak Freely is a voice over IP client/server
  package that transmits live audio (i.e. speech)
  over the internet with surprising clarity and
  quality. This program basically allows any two
  parties anywhere on the internet to have a voice
  conversation with each other in real time. My
  objective, and the objective was to use this
  program to link to radio equipment so that voice
  connections can be made without the operator
  being tied to a computer. This will allow hams
  from all around the world to talk to one another
  without relying on radio conditions.
• Many amateurs have raised a very important
  question regarding this kind of system What if
  non-ham users start connecting to ham repeaters?
  With all the experienced "hackers" out there, I
  can not say that this system is totally
  bullet-proof. I have designed safeguards into my
  software to reject calls from "non-hams".

7
History of Internet Linking (contd)

• The main hurdle I had to overcome was the
  interface between the computer and the radio.
  From my experience with VOX circuits under
  Iphone, I decided that I HAD to find an alternate
  way to start sending audio and to key the radio
  when audio came in (from the internet side).
  Since the source code for Iphone was not
  available, I had to look for an alternative. I
  was told about Speak Freely by a friend of mine,
  and I decided to give it a try.
• I played around with modifying the source code
  for several weeks and finally came up with some
  code that worked. The software starts the link
  radio transmitting once packets have been
  received over the internet and unkeys once they
  stop coming in. The software starts sending audio
  once a signal is received and continues to send
  it until the signal is removed. This logic
  control is performed using the parallel port of
  the computer and all the computer chips are on a
  separate interface controller board.

8
History - Conclusion

• The whole system is DTMF controllable. The
  control codes lie imbedded in a separate program
  that reads the DTMF tones from the decoder chip
  (located on the interface controller board) and
  activates various parts of the software. DTMF
  codes are used to enable/disable linking,
  open/close links and set identifiers. Every site
  will have the ability to connect direct to any
  other site(s), either using direct connections or
  reflector sites.
• So in a period of 8 months, I switched from a
  piece of software and hardware that someone else
  built, to my own creation which solved all the
  previous problems I was experiencing! Ever since
  the IRLP started, I have never again looked to
  Iphone or Windows for an option in the IRLP
  system.

9
How IRLP Started

• The Internet Radio Linking Project was started
  back in November of 1997 as an attempt to use the
  internet to link radio systems across Canada. The
  first full time link that was established ran
  from Vancouver, BC to Saint John, NB. The link
  had many problems and was shut down in March of
  1998 due to the numerous computer crashes and
  repeater lockups it was causing, and the lack of
  user control over the system.
• I set out to design a better way to use the same
  technology to perform the same task, while
  improving usability, user control, and sound
  quality. My first breakthrough was to replace the
  existing operating system, Windows, with a more
  stable and versatile language. I chose Linux, an
  open source form of the operating system UNIX
  designed by Linus Torvolds, because of its
  superior networking characteristics, its
  reliability, and its ease of programming.

10
How IRLP Started (contd)

• I designed my own interface board to interface
  the radio to the computer. This allowed a large
  amount of delay to be removed from the system
  because two VOX circuits were no longer being
  used . I also wrote my own custom control
  software, and modified an existing voice-over-IP
  software package to accommodate the project.
• The final product was a combination of hardware
  and software that created a nearly seamless radio
  link between two remote sites on the internet.
  The product works so well that many people can
  not believe that they are talking through a link
  at all!

11
Amateur Voice Over IP Systems

• Repeaterlink (1996-1998)
• Designed to use VocalTechs Iphone software
• Used Microsoft Windows platform
• Very unstable Frequent crashes
• No security Anyone on the net could call your
  repeater
• Not controllable by radio
• Software required expensive licensing
• Used VOX circuits in both directions long
  delays and missed words

12
Amateur VoIP Systems

• IRLP (1997-present)
• Built on Speak Freely software (Linux and
  Windows)
• Based on stable Linux platform
• Very stable
• Each connection is radio to radio only no
  headsets
• Heavy security to ensure Amateur-only access
• Fully controllable by radio
• Used hardware DTMF and COS circuitry
• Scripting makes further development easy
• Still growing

13
Amateur VoIP Systems

• ILink (1999-2001)
• Written by Graeme Barnes, M0CSH
• Based loosely on Speak Freely software (Windows)
• Based on Microsoft Windows platform
• Designed to provide a system for people who
  wanted to use headsets to talk over radio (as
  IRLP would not)
• Very unstable Could not leave unattended
• Subscription based security Fairly loose
• Controllable by radio
• Used software DTMF and COS circuitry
• Simple interface to radio
• No longer in existence

14
Amateur VoIP Systems

• EQSO (1999-Present)
• Unknown what base software is (Windows)
• Based on Microsoft Windows platform
• Allows use of headset speaker/microphones
• More stable than Ilink Could leave unattended
• Fairly loose security
• I know little about system
• Mainly concentrated in the UK
• Very small growth

15
Amateur VoIP Systems

• Echolink (2000-Present)
• Written by Jonathan Taylor, K1RFD
• Uses same software base as Ilink
• Promoted as a more powerful Ilink replacement
• Many people switched from Ilink to Echolink,
  basically depleting the Ilink system
• Still growing

16
Amateur VoIP Systems

• Hamlink (2001-2002)
• Uses same software base as Ilink
• Tried to use a pay-by-subscription system
• Based in Australia
• Some great ideas and features
• Never grew past the Beta stage

17
What Does the Future Hold?

• Both IRLP and Echolink will continue to grow
• Packages such as EchoIRLP will replace a lot of
  Echolink RF nodes, to allow more flexibility and
  stability for RF links
• More use or IRLP hardware/software for simple
  linking repeater controller
• More private IRLP links/reflectors will come into
  use
• More commercial interest in this technology will
  spawn IRLP and Echolink clones.
• What do you think?

18
The Internet Radio Linking Project

• Part 2

19
The Internet Radio Linking Project
I.R.L.P

• Presented by VE7LTDIRLP System Designer
• Las Vegas, April 16 2005

20
Web Control of Your Node

• Overview
• Requirements
• Features
• Accessing Your Nodes Admin Page
• Get Your Node to Call Your PC
• Live Demonstration (Network Connection Dependent)
• How to Setup on Your Node

21
Web Control of Your Node

• Overview
• Uses Linuxs built in Apache web server and PHP.
• Allows you to run several node commands via a web
  interface.
• Can be used from any internet connection.
• Password protected using Apaches built in
  security.
• User expandable This is just a template to get
  you started!

22
Web Control of Your Node

• Requirements
• An IRLP node running Redhat 7.3 or 9, or Fedora
  Core 3.
• Other Linux versions may work, but you have to
  install PHP and Apache on your own.
• A TCP port be opened for remotely accessing the
  web server from the internet
• 15426 or 15427 may already be open to your IRLP
  box, and may be usable.
• Port 80 is default, but many ISPs do not allow
  incoming packets on port 80.

23
Web Control of Your Node

• Requirements (contd)
• Apache version 1 or 2 (installed easily via YUM)
• PHP version 4 or 5 (installed easily via YUM)

24
Web Control of Your Node

• Features
• Displays the up-to-date status of your node.
• Allows you to disable/enable your node at the
  press of a button.
• Allows you to drop the current call at the press
  of a button.
• Allows you to initiate a call from your node to
  ANY IP address (used for mobile travellers).
• Automatically detects your IP address, to make
  remote call feature easier.

25
Web Control of Your Node

• Features (contd)
• Allows you to send ANY DTMF sequence to the
  decode script.
• Allows you to display any number of lines of the
  current messages file.
• Allows you to edit the environment file,
  custom_decode file, custom_on/off files, timing
  file, and others.
• Displays the output of the last command run via
  the admin interface.

26
Web Control of Your Node

• Features (contd)
• All entries are logged into the messages file.
• Pages are all viewable from WAP devices like the
  RIM BlackBerry.
• Pages are secured using Apache's built in
  security.
• You set your own usernames and passwords.

27
Web Control of Your Node

• Accessing your Node's Admin Page
• Goto http//www.irlp.net/redirect/
• Enter in your node number and the TCP port, and
  the script will detect your IP, and direct you to
  your website.
• When prompted, enter in the username and
  password.
• All entries are logged into the messages file.

28
Web Control of Your Node

• Accessing your Node's Admin Page

29
Web Control of Your Node

• Accessing your Node's Admin Page

30
Web Control of Your Node

• Get Your Node to Call Your PC
• Initiate the call from the admin interface.
• Once the window pops up, select it and use the
  space bar to toggle PTT on and off. You can also
  use the mouse button by clicking and holding
  while you want to speak.
• When you want to stop the connection, you click
  the End Current Connection button on the admin
  interface.
• Close speak freely for windows.

31
Web Control of Your Node

• Get Your Node to Call Your PC

32
Web Control of Your Node

• Live Demonstration
• http//www.irlp.net/redirect/

33
Web Control of Your Node

• How to Setup on Your Node - May 2005
• Run the install script as root.
• /home/irlp/scripts/install_admin
• Follow the directions
• Installs yum
• Updates your system
• Updates your kernel
• Installs Apache, PHP, and dependencies
• Adds a line to your rc.irlp file
• Sets up apache user and port

34
Web Control of Your Node

• How to Setup on Your Node - May 2005 (contd)
• Patches the rc.irlp file.
• Removes old listeners on ports 15426/15427
• Add lines to start a local listener for apache to
  talk to
• Sets apache user security
• Runs htpasswd to create password files
• Sets up web directory links

35
Web Control of Your Node

• WAP DEVICES

36
Web Control of Your Node

• WAP DEVICES

37
Questions?

• What other features would you like to see?

38
The Internet Radio Linking Project

• Part 3

39
The Internet Radio Linking Project
I.R.L.P

• Presented by VE7LTDIRLP System Designer
• Las Vegas, April 16 2005

40
Topics of DiscussionPresentation No. 3

• Vulnerable Linux Packages
• Steps to Secure Your Node
• Keeping Software Up-to-date using the YUM updater
• Monitoring for Intrusions
• What to do if Compromised

41
Is Linux Secure?

• Linux is only as secure as YOU make it.
• Unlike Windows, in Linux you have full control
  over the services made available to the outside
  world.
• Knowledge of possible vulnerabilities, and
  knowing how to detect intrusion is the best
  security.
• Like Windows, Linux has many security updates.
• Unlike Windows, known Linux security holes are
  exposed and patched before hackers have a chance
  to easily exploit them.

42
Vulnerable Packages

• The most vulnerable software is that which
  listens to ports attached to the outside
  Internet. Some of these packages include
• OpenSSH server
• VSFTPD FTP server
• Samba file server
• Sendmail mail server

43
Securing Your Linux Server

• Shut down all unused listenersntsysv
• Check to see what is listening and on what
  portsnetstat na grep LISTEN
• Uninstall any unneeded server software.
• Close all firewall ports for services you dont
  use from the internet.
• Dont use obvious root passwords, like your
  callsign, or any plain dictionary word.
• Dont remotely log into your server using
  plain-text password software like FTP or TELNET.

44
Keep Your Software Updated

• Use an updater software
• YUM from Fedora Legacy Project
• Up2date from RedHat (subscription service)
• Set it to run periodically.
• Check the Linux OS site regularly for exploit
  warnings.

45
Monitoring for Intrusion

• You can use software called tripwire to watch for
  intrusions. Tripwire sets off alarms if special
  binary files are changed on your system.
• Inspect logs regularly for signs of attempted
  forced entry.
• Use the RedHat RPM package verifierrpm Va
• Check output for certain files which indicate an
  intrusion
• /bin/login
• /bin/ps
• /bin/netstat

46
What to do if Compromised

• If your node is compromised, the best way to
  restore it is to fully rebuild it.
• Use the backup_irlp script and the online
  instructions to get your node running again.

47
Questions?
48
The Internet Radio Linking Project

• Part 4

49
The Internet Radio Linking Project
I.R.L.P

• Presented by VE7LTDIRLP System Designer
• Las Vegas, April 17 2004

50
Topics of DiscussionPresentation No. 4

• History of Reflector Software (Speak Freelys
  SFREFLECT)
• The Reflector Firewall (past and present)
• Reflector Monitor and Control System
• Upcoming Reflector Changes

51
SFREFLECT

• SFREFLECT is the Speak Freely packet replicator
  (reflector).
• First code for sfreflect was released in 1997.
• No provisions for packet collision avoidance.
• Not very useful for IRLP at first due to many
  collisions caused by the half duplex nature of
  IRLP.

52
SFREFLECT

• I added a simple gateway/time delay system into
  SFREFLECT that created a mini firewall
• Only one IP can reflect packets at any time
  (capture IP).
• Each time a packet is received from the capture
  IP, it resets. a small 100 millisecond timer. Any
  packets received on the data port from other
  IPs are discarded.
• Once the timer has elapsed, the first IP with a
  data packet becomes the capture IP.
• The new IP address is sent to the logging
  command, which logs the IP and node number of the
  capture IP.
• The system is low overhead, and works very well.

53
Reflector IPTABLES Firewall

• To protect the reflector stream from unwanted
  connections, an IPTABLES firewall is used.
• IPTABLES can be used to discard or reject packets
  based on the source IP address.
• OLD SYSTEM - PAST
• IP addresses were parsed from the hosts file and
  added to a very large firewall script.
• The script was run, and 1500 nodes were added to
  the script.
• Problem was Anytime an IP changed in the
  network, reflector had to rerun firewall script.
• Reflectors with smaller processors were being
  overloaded.
• While firewall script ran, reflector was
  exposed for a few seconds.

54
Reflector IPTABLES Firewall

• NEW SYSTEM - PRESENT
• Nodes perform a PGP authentication to the
  reflector on each call.
• Node is added to a list of connected nodes, and
  allowed through the firewall by adding ONE rule.
• SFREFLECT outputs a list of connected IP
  addresses.
• Every 15 minutes, the lists are compared, and any
  node still allowed through the firewall but not
  connected is removed from the firewall.
• Reaction time to lockouts is instant Reflector
  commands node to disconnect.
• Processor load reduced 1000 fold.

55
Reflector Monitoring and Control

• Capture IPs are monitored in real time through a
  simple TCP listener interface.
• Capture interface is password protected.
• Any channel can be actively monitored.
• Multiple connections can be made to the monitor
  port.
• Can be used from WAP devices like the BlackBerry.

56
Reflector Monitoring and Control
57
Reflector Monitoring and Control

• Control is performed through a new PHP based web
  interface.
• Allows active control of reflectors from an easy
  to use and understand interface.
• Can be used from WAP devices like the BlackBerry.
• Each channel uses a separate password Allows
  for 10 different users on each of the 10
  channels.
• Most common reasons for lockouts are already
  provided.
• Lists the active nodes in a drop down box.
• More secure than the old TCP system used in the
  past.

58
Reflector Monitoring and Control
59
Reflector Monitoring and Control
60
Upcoming Reflector Changes

• Allow the reflector owner to switch modes of
  the reflector to satisfy current need
• Emergency mode only certain nodes can connect
• Local mode any node can connect and listen,
  only certain listed nodes can talk
• Addition of the ability to mute people rather
  than blocking them
• Adding the ability to link reflector channels
  together across the same or different reflectors
  with reliable results.

61
Questions?
62
The Internet Radio Linking Project

• Part 5

63
The Internet Radio Linking Project
I.R.L.P

• Presented by VE7LTDIRLP System Designer
• Las Vegas, April 16 2005

64
Topics of DiscussionPresentation No. 5

• Remote Receiver Project
• Current Setup
• Future Ideas

65
Remote Receiver Project

• Uses IRLP and Linux to install internet remote
  receivers.
• Minimal hardware required.
• Uses separate CTCSS tones for separate receivers.

66
Future Ideas

• Somehow determine and adjust the delays
  associated with each receiver to make signals
  arrive at the same time.
• Use Signal-to-Noise ratio detection, and send
  signal quality with audio stream.
• Somehow vote the signals seamlessly in real time.

67
Local Houston IRLP Repeater

• 444.300 MHz
• Plus offset,
• 100.0 Hz tone

68
Questions?