LoRa and Meshtastic

Meshtastic is described as an off-grid text message project. The text messages travel entirely over a network consisting of LoRa devices connected in a mesh. What does “off-grid” mean in this context? It means the text messages use a network that has nothing to do with wifi or the Internet or cell phone service. Instead the messages are transported over a mesh network made up of multiple LoRa devices. The device that sends and displays the texts is a smartphone, connected by bluetooth to a LoRa device. The LoRa device is in turn part of a mesh network with other LoRa devices. Again, wifi, the Internet, or the cellular network are not involved. Bluetooth is used only to connect between the smartphone and the LoRa device. Thus the entire end-to-end text message is completed off the grid. Meshtastic is a firmware version that is installed on a LoRa device. One example of a LoRa device is a TTGO T-Beam, shown below. Meshtastic firmware has been installed.

What does LoRa and Meshtastic have to do with a remote station?

The answer to that question is, it can be used for station telemetry. That means temperature, voltage, and current can be texted back to the client. The text messages can be generated by an Arduino microcontroller or a Raspberry Pi microcomputer and fed into the Lora device. On the other hand the client can send texts that turn on relays or turn off relays. Equipment can be rebooted. Equipment can be turned on and off.

It is a plan to implement a Meshtastic system at the W0QL remote station.

Upon further study, it appears that the above scenario would work fine if the two endpoints were less than 2 miles a part. With distances of 35 miles it is not a solution. Meshtastic requires the mesh nodes, that is, the relays in the middle, to be under the control of the same operator as the end points. Given the t-beam units have a range of 2 miles, several nodes will be necessary as relays. The purchase cost, maintenance, and installation of multiple nodes may be a limiting factor to using Meshtastic. Moving on to similar technologies, would LoraWAN work?

Research on LoraWAN shows it needs a gateway to the Internet. Any gateway at the remote station site would be down if the Internet is down and therefore not usable at the very time it is needed most. Finding another gateway that is reachable out in the country is a challenge. Gateways require authorization and that’s where this technology is limited. So as of now there doesn’t seem to be a solution for telemetry monitoring over a 35-mile link that is within reason. Project is on hold.

KMTronic Remote Relay Device

Mike Walker at Flexradio introduced us to KMTronic. He uses this device in his remote station to simplify turning equipment on and off remotely over the web. The KMTronic has a built in web page providing a simple user interface. All that is needed is a web browser and the KMTronic’s i.p. address. Priced at less than $100, it is a great solution for remote station users.

At the W0QL remote station a KMTronic has been installed to provide two backdoor access functions. One is LAN isolation between the AT&T Mobile Hotspot and the main LAN. Four relay contacts are used to electrically bridge the two LAN’s, or to isolate them. The other four contacts are used to reset the BMS’s on the four battery banks. If a BMS has tripped, the KMTronic can be accessed over the Internet and the corresponding relay can be activated that will reset the BMS remotely. This saves a site visit.

How To Use

Internally the i.p. address of the KMTronic is It can be reached remotely by any device on ZeroTier with a network id ending in ee4.

For product information see the KMTronic web site: https://www.kmtronic.com/all-products?product_id=113

A screen shot of the W0QL KMTronic as it is configured today:

Backdoor Access Project

Abstract: It has always been a goal to have “backdoor” remote access for troubleshooting. There are times when the primary Internet connection is down and normal access is not possible. It is those times when backdoor remote access saves the day. It could prevent a site visit, a trip to the site. These are the specific essential building blocks:

AT&T Mobile Hotspot

Raspberry Pi running ZeroTier, ipforward and iptables

Same subnet but separate ranges of i.p. addresses

Let’s get started: First, an explanatory overview. The hotspot provides Internet access over a different path by using the cellular data network. This specific hotspot costs $35 a month for unlimited data. T-Mobile’s $50 service would probably also work. Up and down bandwidth is 30 Mbps, even in the rural location. Luckily there is an AT&T cell tower not too far from the remote site. Not so lucky is the fact that the hotspot provides only a private i.p. address and not a public address so it cannot be reached from the outside world. Called “carrier grade NAT” or CGNAT, it is a heavy duty impenetrable firewall. Not to fear, however.

A great solution to the CGNAT problem is a product call ZeroTier which becomes the second detail of this project. ZeroTier is an application that runs on a computer behind a firewall and reaches out over the Internet to a software defined LAN. A software defined LAN is similar to the user side of a home router. Instead of the hardware connections like a home router uses, a software defined LAN does it all with algorithms and the Internet. Other computers running the same application and same credentials can reach the same software defined LAN and communicate as if they were all in the same office. For backdoor access one instance of the application is running on a computer at the remote site (a Raspberry Pi) and another instance is running on a computer (Windows 11 pc ) at the home location. Competing products exist and might also work, like Tailsscale, reverse TCP tunnelling, SoftEther, WireGuard and possibly others that do NAT traversal. ZeroTier has been the most comfortable and successful of the ones tried at this remote station.

How To Use

Any device anywhere worldwide on the same ZeroTier network can reach the LAN at the remote site. As this is written the network id ends in ee4. To reach the i3 NUC: Power is on the ‘Station’ circuit on the 4005i using port 82. The NUC i.p. on the LAN is It can be reached using Remote Desktop Protocol. The Pi is at and it can be reached with Putty. The KMTronic is at and it can be reached with a browser. If the main LAN is down the only device that can be reached is the Pi. Other well known ports:

Pi .201

86 .205

88 .206

82 .207

83 .208

90 .209

89 .210

84 .211

85 .212

How To Set Up

Click on the Home Main link to visit ZeroTier.

Home Main

Follow the instructions on the ZeroTier web page to make an account and to create a network. Their free plan has all the features needed.

This brings us to the third detail, the Raspberry Pi computer.

A Raspberry Pi is fully capable of running the ZeroTier application and then some.

Shown above is a Raspberry Pi model 3 which is the model being used in this project. Follow the instructions on the ZeroTier web page to join the network created above. With a hotspot and a Pi running ZeroTier the hardware and some of the software to get into the site is complete but no connection has been made to the main LAN yet.

Each detail has involved challenges but probably the biggest challenge of all has been how to connect to and how to communicate with the existing LAN at the remote site. At this point there are two LAN’s, one providing a data link between the hotspot and the Pi and the other LAN providing communication for all the existing equipment. Connecting any two LAN’s requires a router, but not just any router. An ordinary home router will not do. Turns out the solution is simple and elegant thanks to the Linux operating system running on the Raspberry Pi. It can run a few built-in processes and perform the necessary router functions. A nice writeup of how to configure this routing function is published by the ZeroTier developers: “Route between ZeroTier and Physical Networks


One of the essential processes is iptables:

sudo iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE
sudo iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state –state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT

Another essential process is ipforwarding:

sudo sysctl -w net.ipv4.ip_forward=1

Edit /etc/sysctl.conf to uncomment net.ipv4.ip_forward. This enables forwarding at boot.

Next, take steps to avoid two devices having the same addresses on the combined LAN: On the hotspot, set the dhcp i.p. address range to the highest 50 addresses in the subnet, and make the subnet identical to the main LAN subnet. Turnoff DHCP on the hotspot. On the main LAN, set the router dhcp range to exclude the top 50 addresses and leave DHCP on.

A few items remain to polish the backdoor project. The whole idea is to be able to access the remote network at all times. There is no way to know what the source of the failure might be. It could be power down inside the remote station. In that case the backdoor needs to have it’s own power. For that reason, the hotspot and Pi have their own battery and solar panel separate from the rest. Considering the main LAN goes through a big ethernet switch and that switch could be down, the hotspot and Pi have their own switch. That small switch is also powered by the separate battery. Rebooting devices remotely is invaluable. Some devices, like computers, can be rebooted with software commands or they might need a hardware reset. Other devices, like BMS’s and EMC’s require a hardware reset. Relays wired to provide the hardware reset, controlled over the Internet through the backdoor can save a trip to the site. At this site relays are wired to short out the BMS’s (which is how they are reset if they have tripped). Another bank of relays is installed to reset the EMC’s if they lock up ( like they have been prone to do ). Almost all equipment has a method of being rebooted or reset remotely.

A successful backdoor access project provides a lot of comfort knowing the every day remote operation has tools for a better chance of recovery when something goes wrong.

Thoughts for future improvements – One improvement could be to move all the non-radio equipment to the secondary Internet connection, leaving the entire bandwidth of the main connection to the radio. That would be easy because the hardware connections are already in place. It would just be a matter of changing the i.p. settings on each piece of equipment to static with the gateway address of the secondary connection. A second idea is to combine the two Internet connections into what is called “dual-WAN” service. A product exists to do this easily (according to the sales literature). It is called Speedify and is worth checking out someday.

One additional thought. Use bridging instead of routing to see if bridging would pass the broadcast packets. What this means is the packets that advertise a service are being blocked (by the hotspot??) when using routing. It is possible bridging would fix this. The hotspot would not see the packet headers and thus not know any particular packet was a broadcast packet.

One more additional thought. Use iptables “mangle” to create a mangle table which will be a MSS filter. Set the filter size to, in turn, create an MTU size that will pass through the PPPoE Internet connection at the radio end.

Here is an example of a line of code to create the mangle table:

iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452

Credit for this example goes to serverfault.com


Adding a Web Controlled Rotator to A3S

Project 7 of 7 for October, 2020 – projects to keep sane during Covid-19 Lockdown

Status: All work is completed.

A new Yaesu G-450ADC rotator was ordered from GigaParts. Still needed are the rotor plate, the cable, and the interface to make it remote controlled. Cable and interface are on order from DXEngineering and HRO. This project has hit a snag. Rotor plate is special order and has a November ship date. It has not even been ordered and by the time it gets here the weather could be too wintry to install it.

Universal Towers saved the day. An order was placed directly with them today and they promised a much earlier delivery date.

“The rest of the story” is this tower is decrepit. It was used 10 years to hold up wireless Internet antennas on a windy hill. It has two blow outs from being overloaded. Even though the blowouts have been repaired the concern now is it might not be able to keep the A3S in the air. Torque is the tower killer when wind makes a beam twist. An overloaded tower can fail from that twisting motion. When this tower is down for the rotor installation a torque arm will be attached in an attempt to reduce the twisting motion.

Remote Controlling The Rotator

All parts have arrived. The Yeasu G-450 rotator is the new DC version which makes absolutely no detectable difference in the operation but it makes lightning protection easier. Relays had to be used on the AC rotator because the AC voltage was too high for the 26vac/31vdc MOV’s on hand. Perfect for the 20 volts DC the new version uses. Modifying the controller for access over the Internet looks like this:

Actually the controller is not modified. A few wires are tacked onto existing terminals inside. Wires are brought out through an existing hole. The controller could be easily restored to original. In the picture above, the green thing at the bottom is the remote interface from RemoteRig.com model RCU-1216:


The interface talks to the RemoteRig 1216H Webswitch and will get mounted inside the controller. A Webswitch already exists at the remote site to provide remote access of the first rotator on the taller tower. That missed getting written up. That’s why this is being written up now. The unit has the capability of two rotators so all that was needed was this interface to the Webswitch. The installation just needs some hookup wire and a solder iron.

There is no brake release button on Yaesu control boxes so a brake release connection is not needed. Only the Pot potentiometer connection and the two motor activation buttons are needed. A data pair and a power pair connect back to the Webswitch.

For this rotator the two jumpers, P5 and P6, are opened up to accomodate the voltage on the Yaesu rotator for direction indication potentiometer. Voltage maxes at 1.3 volts on the pot. Next attach a little Blue Tack or 3M gray stickem to hold the interface in place.

Stick it to the inside of the cabinet and you’re done. It should look something like this:

Coming out of an existing hole in the back are two pairs of wires. One is for 12 volts DC. The other is the 1-wire data pair (1-wire really means 1-wire and ground). Next step is to install and test at the site.

Today the rotor plate was mounted and the rotator is mounted to the plate. A short piece of aluminum tubing was cut to go from the rotator to the mast. A hole was drilled for a bolt to keep the mast from twisting and slipping.

The tower was raised a few feet to see if it is too heavy with the rotator. It is noticeably heavier and harder to lift but not impossible. None of the gin components complained. The rotator only weighs 7 pounds and the wire is probably 2 more pounds. Another 9 pounds is apparently not overdoing it. Next the cables will be extended where needed for slack and they will be dressed. The bolt will be installed. The rotator connector will have a waterproof boot installed. The balun will be reworked to provide enough slack for turning the antenna (the balun is near the center of the picture with cable ties holding it to the tower leg). The rotator cable will be run through the cable entrance at the shed and MOV lightning protection will be provided. Inside the shed the controller will be connected to the RemoteRig Webswitch and all will be tested. It will be really nice to be able to turn this beam in the direction of the signals as they change.

Today, the balun was rebuilt by replacing the RG-58 windings with LMR-400. It is still 5 turns through a stack of 4 Mix 52 ferrite toroid cores. It looks like it can handle a lot more power now. Only the common mode current is flowing through the toroid.

Proving the balun is working is a matter of observing the signal pattern on pskreporter. In this case it is a nice flashlight beam shape in Europe indicating the balun is doing it’s job. It’s job is to keep common mode currents from generating stray radiation which distorts the pattern. No pattern distortion, the balun is working.

The rotator mounting is completed and the cables are dressed. Ready to raise the tower.

Back up in the air the rotator turns the beam perfectly with no issues. As for remote control, a relay is being used to switch between the two rotators. The other rotor turns the 203BA 20 meter beam on the big tower. One rotor at a time is accessible over the Internet.

This project is completed.



Changed out the old Linksys E2500 router today for an upgraded Linksys EA6350.  Two problems are addressed.   First the E2500 has the lowest lan-to-wan throughput of any Linksys router, per tomshardware.com.  The EA6350 is much better.   Second, out of all the Linksys routers the E2500 is one of only a few that are susceptible to the new vpnfilter malware, per https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware.  The E2500 has blocked some web sites even when using the I.P. address which is a good hint that it has the malware.


Repainting To Control Summer Heat

Temperatures of 104 degrees Fahrenheit were common inside the shed when outside temps were still only 85.  This had to be improved.  Step one was to cut two 6″ circular vents into one gable and add a solar powered fan.  No noticeable improvement.  Step two was to cut in a second vent in the opposite gable.  Same result.  Third step was to cut in a 8″ X 16″ vent midway up the north wall.  Same result.  Fourth step was to paint the shed white.  This helped.  Inside and outside temps since have been nearly the same.  The cute barn red shed is now almost ugly white.  But it’s cool inside.


Why the concern? We were worried more about the batteries than the equipment.  The electronic equipment was still within specified operating range at 104.  Sources say batteries, on the other hand, can exhibit thermal runaway (catch fire) at 122 degrees.  Summer’s highest temperatures hadn’t even arrived yet.

Progress On New Site

Today was a milestone because we got Internet installed and made the first remote base qso on a test antenna.  It is the vertical on the right in this picture which is a EF-20 end fed half wave on a fiberglass pole. Notice the new Internet dish on the roof. It brings in Internet from 7 miles away but it also produces a birdy in the center of the 60 meter band. That birdy will have to be worked out. ( Clamping on a couple of ferrite toroids completely eliminated the birdie.)


Progress was also made today on the main low band vertical antenna by completing the radial field.  It is made up of 4 radials each 4 feet wide consisting of welded wire fencing laid flat and held in place with landscape pins.  Below is one radial.  The vertical element will  be 60 feet tall with a top hat.


The equipment has been moved up from the Elizabeth site and re-used.   Even the welded wire fencing was painstakingly removed and brought up to Strasburg.

New Coat Of Paint

The pale green shed is now a vibrant barn red with tan trim.  Painting something is a good way to make it one’s own.  No longer drab, now it has sparkle.


It’s ready for the move-in.  First item is solar panels and batteries so there is power to have the Internet installed.  Radio equipment comes after the Internet is up and running.  Finally antennas, which always seem to be work in progress forever.  Ever changing for that extra db.

Raw Farm Land Purchased

This beautiful 40 acre piece of farm land became available this fall, complete with enough space for any antenna, no covenants, nor hoa’s, and perfectly flat and unobstructed. Lucky me, the property is now mine.  Having one’s own land upon which to put a remote base has a much nicer feel than having to borrow from friends.  As gracious as my friends have been it’ll be relaxing to use my own land instead.  This is what the acreage looks like when still a blank sheet of paper.  The mountains are just barely visible in the distance.


A Tuff Shed “barn” is scheduled for delivery tomorrow and then the equipment can begin to be moved in.  Off grid solar power has served us well in Elizabeth and those panels will be moved up here.  A Direct Link internet tower is 7 miles north for Internet access and we should be able to reach that easily.  This acreage is located near Strasburg, Colorado about 25 miles east of Denver in the heart of farm and ranch country.  Access is quick by I-70 and the county roads are paved all the way except for the last mile.  Testing for RF noise showed no S-meter movement off the S-zero level on 20 meters.  The plan is to slowly move the other two remote bases here.  The Tuff Shed will house the remote base equipment and also serve as an operating location on occasion.  It will be big enough to accommodate a camp cot and a sleeping bag.  If a used tower and beam comes on the market that could also be in future plans.   For now the antennas will be verticals.   Lots and lots of verticals.  With lots and lots of radials.

The cost of this land is looked upon not as an expense but as an investment that I can get some ham radio use out of.  Investing in land is almost never a bad thing.   Lucky for us, Colorado is one of the sought after places these days and some say almost any real estate here is a good investment.  We’re fastening our seat belt for the next exciting ride.  Here we go.

November 21, 2016 – Tuff Shed arrives. It doesn’t look so much like a barn as a shed.  From a distance I thought it looks like a yurt until my wife corrected me.  She says yurts are round.  I guess I’ll have to find a better name than “Little Yurt On The Prairie”.


At the closing I asked what the address will be since there was no address on the paper work.  The answer was, “Oh, the County will give you an address when you apply for a driveway permit.”  Reality sets in.   Permits?  We don’t need no stinkin’ permits.  Do we?  Oh, maybe we do.  I’ll put that on my Christmas list.  (February update:  still no permits and still no address )