EchoLink Proxy Guide

I have already talked about what EchoLink is in a previous post. In this post, I am more interested in covering all the steps required to stand up your own private proxy for accessing EchoLink while you are on the go. I’m going to do this by documenting the steps while I actually deploy my own proxy.

I’m using AWS’s LightSail to provision a very cheap Ubuntu 20.04 machine as my server. You can use any cloud provider (Azure, AWS, Oracle, DigitalOcean, etc…) or even something as simple as a raspberry pi at home with some port-forwarding on your router. I’m not going to show how to set that part up as there are so many places and ways to do so… Once you have your server ready and online please continue on.

First step… Update everything…

sudo apt update && sudo apt upgrade

Now let’s start installing the necessary package dependencies for EchoLink.

sudo apt install fail2ban openjdk-17-jre-headless screen unzip

Let us create a folder to download and install EchoLink into.

mkdir echolink
cd echolink
wget https://www.echolink.org/downloads/EchoLinkProxy_1_2_3.zip

Now we’ll unzip the EchoLink proxy software, then modify the permissions to run the file.

unzip EchoLinkProxy_1_2_3.zip
chmod 755 EchoLinkProxy.jar

Open a text editor and edit the “ELProxy.conf” file. You will need to update the “Password” value to a password of your choice.

Password=MyBlogIsAwesome

*If you want to make it into a public proxy, set the password to “PUBLIC” if you will be a publically accessible proxy.

NOTE: Make note of which port is set to be used in your config file… Is it port 5200 or port 8100?
You will need this value when you connect from the client on your computer or smartphone.

Let’s make the cron job that helps us restart the proxy anytime the system has been rebooted.
Replace <USER> with your username.

crontab -e

@reboot sleep 60 && /usr/bin/screen -S echolink -d -m /usr/bin/java -jar /home/<USER>/echolink/EchoLinkProxy.jar /home/<USER>/echolink/ELProxy.conf

Something worth noting is that the above cron task waits 60 seconds after rebooting before it initializes EchoLink. This allows the system to finish fully booting up and potentially avoids some weirdness. It’s really not a big deal… But it is worth knowing so that you don’t expect to be able to connect instantly after a reboot.

Time to create the firewall rules on the machine.

sudo ufw allow 5198:5199/udp
sudo ufw allow 5200/tcp
sudo ufw allow 8100/tcp

Now it’s time to set up Fail2Ban. Let us navigate to the folder below and create a file that we will edit in the next step.

cd /etc/fail2ban/filter.d/
touch echolink.conf

Open your editor of choice and paste this into the echolink.conf file

# fail2ban filter configuration for Echolink proxy
[Init]
maxlines = 2
[Definition]
failregex = ^.* Client connected: <HOST>\n.* Incorrect password challenge received
ignoreregex =

After we have the above-mentioned filter, we need to set up a “jail.” Let us navigate to the folder below and create a file that we will edit in the next step.

cd /etc/fail2ban/jail.d/
touch echolink.local

Open a text editor and copy the code below into it. Update “<USER>” to your username.
Note: Make sure that the port used here is the same as what is in your ELProxy.conf file.

[echolink]
enabled  = true
port     = 8100
filter   = echolink
logpath  = /home/<USER>/echolink/ELProxy.log
findtime = 14400
maxretry = 3
bantime  = 31536000
banaction = ufw

Now that we have everything set up… Reboot your machine. Then after waiting for it to come back up, try connecting to your Personal EchoLink Proxy from the client application on your computer or smartphone.

Tags: , , , , ,
Copyright 2022. All rights reserved.

Posted November 5, 2022 by ham in category "Software

Leave a Reply

Your email address will not be published. Required fields are marked *