ASL3 remote node 42393 can be connected to from hub 42610; but connection cannot be initiated from the 42393 side. I can initiate SSH connection from either side to the other server. No apparent firewall issues. Both nodes are in the ext_nodes database file. Router port forwarding on hub side works for other nodes to connect. What am I overlooking ?
Thanks,
Tom / K5TRA
how new is 42610? did you recently expand your node numbering with an NNX request?
Hi Joe, no, 42610 is a decade old. It moved from a Portland server to my Austin server 6 weeks ago. The port forwarding and portal declaration are both correct and other nodes can initiate a connection. I believe the 42393 remote node has Spectrum as the ISP.
Does 42610 have an allow/block list?
No allow/block list on 42610. I normally have an iptables filter for North America (plus exceptions). I tried opening iptables completely; but the result was the same.
Tom, I have been dealing with the same items on the new nodes i have been dealing with here. What I had to do is in each rpt.conf place place the nodes with their IP and IAX port like:
42105 = radio@127.0.0.1/42105,NONE
27855 = radio@192.168.88.46:4569/27855,NONE
27077 = radio@xxx.xxx.xxx.xxx:4568/27077,NONE
42103 = radio@192.168.88.59:4569/42103,NONE
Chuck K0XM
Hardcoding like that is necessary when you have multiple nodes on the same IP subnet or when you have to have some special mapping that isn't in the directory. For example two nodes connecting over a VPN.That's not needed for the normal case.
I can connect to node 42610 just fine. I cannot connect to 42393. That implies the problem is on 42393.
Is there a limit on what range of numbers the IAX port can use? That node number’s (server’s) IAX port is definitely out of the usual range…
Tom
I did connect just fine from my node 49439 to your 42610 at ip address 136.49.13.191 port 4569 with no problem from the outside world but when I try to connect to your 42393 node at 67.10.90.154 ip address at port 4888 it will not connect so I would make sure the server at Allstarlink.org for this node is set to 4888 and then make sure the node it self is set to 4888 and that the port forward for 4888 is going to the right LAN ip address, you will also need to check to make sure the ip address on the node has no other gateways in the middle like CGN translation machine in the middle as right now I see a block from the outside world to the 42393 node on port 4888 as if it was not getting blocked I would be able to connect to it. if you could log into your router and make sure the WAN on the router is at 67.10.90.154 then you will know there is no other machine in the middle if that is not you WAN ip address then there is a CGN nat machine some where blocking me from getting to your Node 42393 on port 4888 at 67.10.90.154
Earl W9EJH
Thanks for the replies.
Earl, 4888 is set in the portal and is in the ASL3 settings, as well as router forwarding. I can connect from my hub.
Robert, 4888 is a fine port number, known to work.
Chuck, the 42393 node isn't on the same LAN. The [Nodes] stanza explicit address method is usually for shared nodes on the same LAN; however, I did set a FQDN in the [Nodes] stanza of 42393 pointing back to my 42610 hub. I suspect this is what allows at lease my hub-to-remote connection.
Jason, yes, the problem may be on 42393; but what possibly could it be?
I occasionally (after connect attempt) see this in the message log:
[2025-12-10 22:51:15.100] WARNING[5147][C-0000000e] app_rpt/rpt_channel.c: Failed to send text !NEWKEY1! on IAX2/136.49.13.191:4888-13090
[2025-12-10 22:51:17.087] WARNING[4414] app_rpt.c: 0x7f90000bf0 newkeytimer expired on connected node, setting newkey from RADIO_KEY_NOT_ALLOWED to RADIO_KEY_ALLOWED.
Tom did you check the WAN IP address to make sure it is what I sent you by chance and see if it is 67.10.90.154
Earl
I forgot to say on the router.
Earl
curl checkip.amazonaws.com returns 67.10.90.154 and I can SSH to that IP
Does 42393 have anything in its [nodes] stanza for 42610? Is the information (IP, port) correct?
Does 42610 have anything in its [nodes] stanza for 42393? Is the information (IP, port) correct?
Alan,
42393 has 42610 = radio@927tech.dynuddns.net:4569/42610,NONE in the [nodes] stanza. 4569 is the correct port for 42610.
42610 does not have any reference to 42393.
Tom
With the explicit [nodes] stanza addresses I can connect to 42393. I've tested this with 42610 and 29520 Both those nodes are on my hub server.
If I remove the [nodes] stanza addresses and attempt connection from 42610 or 29520, It will connect for 5 seconds and then drop. The following message log events are seen:
From message log on 42393:
[after connect attempt from 42610]
[2025-12-11 10:29:24.487] WARNING[28239][C-00000007] app_rpt/rpt_channel.c: Failed to send text !NEWKEY1! on IAX2/136.49.13.191:4569-2821
[2025-12-11 10:29:26.488] WARNING[28222] app_rpt.c: 0x7f84001860 newkeytimer expired on connected node, setting newkey from RADIO_KEY_NOT_ALLOWED to RADIO_KEY_ALLOWED.
[after connect attempt from 42610]
[2025-12-11 10:30:16.081] WARNING[28266][C-00000008] app_rpt/rpt_channel.c: Failed to send text !NEWKEY1! on IAX2/136.49.13.191:4569-2915
[2025-12-11 10:30:18.068] WARNING[28222] app_rpt.c: 0x7f840191c0 newkeytimer expired on connected node, setting newkey from RADIO_KEY_NOT_ALLOWED to RADIO_KEY_ALLOWED.
All nodes are in the ext-nodes database:
29520=radio@136.49.13.191:4569/29520,136.49.13.191
42610=radio@136.49.13.191:4569/42610,136.49.13.191
42393=radio@67.10.90.154:4888/42393,67.10.90.154
I cannot initiate connection from 42393 to anything.
Tom
Interesting, I have never seen a configuration that uses an FQDN.
What does 42393 have in its [nodes] stanza for itself? Hopefully, you have :
42393 = radio@127.0.0.1:4888/42393,NONE
and, because this is looking like a networking issue, I'll ask about firewalls in the server/node, firewalls in the router, whether you are using any tunnels, VPNs, or the like.
Yes, 42393 = radio@127.0.0.1:4888/42393,NONE is in the [nodes] stanza.
I would be happy to not have to explicitly have the path to 42610 in the [nodes] stanza; but simply relying on registration isn't working. Something isn't right and I want to understand it. This is a really strange one.
Tom