Various Tips

Brian, NJ6N and Darren, G7LWT's D-STAR ScriptShop

D-STAR Web Status

As of v2.1c, the current status is represented in /dstar/tmp/status A very quick'n'dirty way to get this on the web is:

# ln -s /dstar/tmp/status /opt/products/dstar/apache/securesite/dplus-status.txt

then you can point a browser at: https://your_gateway_ip_address/dplus-status.txt
~Iain K6IAM

Connection Status

If you now use "XXNYYY I" as urcall (where you substitute your repeater callsign), it will play /dstar/tmp/id.dvtool if not linked and if linked it will play /dstar/dv/remotesystemlinked.dvtool.
Added a status file as /dstar/tmp/status that shows the current status of dplus. The status file shows dplus version, connected dongle users, and linked modules.
Robin AA4RC

Trust Server Replication Status

Change User Password

A program that will change a user’s password on your G2 system has been released.

cd /tmp
curl –O
sh ./

Usage:  /dstar/tools/dstarpasswd CALLSIGN password
(e.g. /dstar/tools/dstarpasswd AA4RC IneedApass? )

Robin AA4RC

D-STAR G2 Scripts & Utilities

service dstar_gw stop - Stop the gateway software
service dstar_gw start - Start the gateway software
service dstar_gw restart - Restart the gateway software
service dstar_gw status - Check the status of the gateway software
service dplus stop - Stop the dplus software
service dplus start - Start the dplus software
service dplus restart - Restart the dplus software
service dplus status - Check the status of the dplus software
service dsm stop - Stop the DstarMonitor software
service dsm start - Start the DstarMonitor software
service dsm restart - Restart the DstarMonitor software
service dsm status - Check the status of the DstarMonitor software
cat /var/named/chroot/var/named/dstar.local.db Peek inside the named database of all the current registered calls

Linking Script

I have created a simple command line linking bash script to make linking to the reflectors or repeaters a bit earsier. You can modify the script to fit your needs. It is easy to edit and use.

# Link and un-link simple script
# David Griffith - NZ6D
PS3='Choose your favorite reflector and port '
select reflector in "KI6KQUB" "REF001A" "REF002A" "REF003A" "REF004A" "REF005A" "REF006A" "REF001B" "REF002B" "REF003B" "REF004B" "REF005B" "REF006B" "REF001C" "REF002C" "REF003C" "REF004C" "REF005C" "REF006C"
echo "LINKING to $reflector."
echo "$reflector"L >/dstar/tmp/link-b
PS3='UNLINK which Reflector and port '

select reflector in "KI6KQUB" "REF001A" "REF002A" "REF003A" "REF004A" "REF005A" "REF006A" "REF001B" "REF002B" "REF003B" "REF004B" "REF005B" "REF006B" "REF001C" "REF002C" "REF003C" "REF004C" "REF005C" "REF006C"
echo "UN-LINKING $reflector."
echo "$reflector"U >/dstar/tmp/link-b
exit 0


Dave - NZ6D


Gateway status

Posted by: "Evans F. Mitchell KD4EFM -" Wed Mar 26, 2008
log in and type
service dstar_gw status
check the listing it sends back to you.
Also from the web interface, check and see if you see the other G2 gateways just to make sure...Evans
Email notification
Re: G2 Email Notification Function
Posted by: "Matthew J. Grossman" Tue Apr 8, 2008
Make sure sendmail is properly configured:
chkconfig sendmail on
/etc/init.d/sendmail start

Also check /var/mail/maillog* to see if attempts are being made. It's also a good idea to alias (/etc/aliases) root to an account that you check. Sendmail was off on our machine and a bunch of "Log Watch" reports weren't going anywhere because of it.
(I just discovered the sendmail issue when investigating this same issue.)

-Matthew AC7IL


cd /dstar/tools/
curl -0

Then make the download executable:

chmod 755 dshark

Then execute:


Re: dshark question(s)
Posted by: "john_ke5c" Fri Apr 11, 2008
1)      If you downloaded to another directory, for consistency, put dshark in /dstar/tools. You may need to create both of those directories.

cd /
mkdir dstar
cd dstar
mkdir tools
mv /somedirectory/dshark/dstar/tools/dshark

2)      Make dshark executable. When you download it, it is not "executable.

cd /dstar/tools
chmod 755 dshark

3A) To run dshark from /dstar/tools (i.e., you are logged onto this directory) - you must be logged on as root or have su'ed to root privileges:


3B) To run dshark from any other directory:

/dstar/tools/ dshark

3)      To stop execution, type ctrl-C
73 – John


I installed "dshark" which is AA4RC's tool to look at gateway internet traffic. You should see a handshake with packets listed by dshark beginning "C>G ..." after every packet labelled "G>C ...", and you only have the gateway sending to the controller. dplus is running, and you see AA4RC's server pinging your dplus which it does so it knows your gateway is still there.
Posted by: "AA7OO" Tue Mar 25, 2008
WOW !!!!, named was not running !! I never even thought about it and it was
staring me in the face. Reason is that when doing the named script install,it was done from root's desktop term window(default is therefore run level 5) I have the server rebooting to run level 3. So named was not running after each of the reboots. Thus the reason for my errors on not binding. Not sure why it only gave that error once.

I'm now able to register all my modules, even though they are not connect. My gateway is working but will give empty connections.

Might be a good idea to distribute this little install factoid about run-levels. When installing from root and doing it from the desktop, go to services and set named to start at run level 3 and run level 5.

It's not really mentioned anywhere that the install should be done only from the root command line and there is nothing mentioned about what run-level the server should boot to. I set my run level because that was what G1 wanted.

Thanks Tommy !! Norm, aa7oo

Bad owner name

Posted by: "ke5c" Sat Apr 26, 2008

> Looks like this is in the K5CTX System for N5AWH. Can you please > remove the entry or have them edit it so that the - goes away.
First, apologies to Gerry and the entire group for not detecting this ourselves.

Second, if someone does this on your gateway, your gateway DNS will break. I don't understand exactly why, but it will. I spent eight hours yesterday trying to figure out why 'dig router.dstar. local' quit working on K5CTX. The voice part of the gateway continued to work, but I'm sure the data part would not have. Since we do not do DD right now, I discovered this totally by accident. I compared files, even copied working files, from the sister gateway, W5HAT, on which 'dig  router.dstar. local' continued to work, all to no avail. Immediately after I deleted the 'n5awh-' terminal (DNS) entry from the database, K5CTX resumed normal behavior. Thus it appears an illegal DNS name only shoots your own gateway in the foot, not the entire network - some consolation.

BTW, 'dig pcname.dstar. local', e.g. 'dig ke5c.dstar.local' will return  your gateway assigned 10.x.y.z IP. Just remember, use your 'pcname' you that entered registering your 'terminal', and this may be different from your actual callsign, as we just saw...

73 - John

How to see what the Gateway is doing/has done?

Posted by: "Robin Cutshaw Wed Apr 23, 2008

I constantly run "tail -f  /var/log/dplus.log" to see what is happening real-time on my gateways.
Robin AA4RC


Monitor D-STAR Communications

cd /dstar/tools
ctrl c to exit.

Local Data Viewer

To see GPS Information - Just telnet in from the gateway computer to localhost:port > (24580, 24581, 24582, or 24583 matching ports 1 through 4) and key up

DPlus command line linking

Added support for linking new multi-gateway reflectors.  Fixed some collector logging code for reporting dongle users to  Added the ability to link and unlink from the Linux command line on gateways.  Examples:

echo "REF001CL" >/dstar/tmp/link-b

to link your local module B to reflector module C

echo "       U" >/dstar/tmp/link-b

to unlink your local module B from any gateway/reflector Do not link multiple local modules to the same remote module.  You can link local modules to separate remote modules on the same or different reflectors/gateways.  As with 2.0, you cannot link the same local module to multiple remote gateways/modules.  This avoids  undetectable linking loops.  Use the reflectors for this function.


Best practices - Root Logins

1…by John KE5C
kb2wf questions - I still log in as Root, which does not seem wise. I want to use SSH or something, considering the PC will be remote. What do you advise as best practices?
1) Go to System>Administration>Groups and Users and create a few users. We have ke5c, nu5d and a few others as users.
2) Edit the file /etc/ssh/sshd_config by going down to the line "#Port 22". Delete the pound sign and change the port to whatever you want to ssh in on. Port 22 is standard and you don't want to do that. You can use 2220 etc. Save the file. REMEMBER TO FORWARD PORT 2220 ON YOUR ROUTER AND OPEN PORT 2220 ON YOUR IPTABLES (if you are running them)!!!

3) Edit the file /etc/sudoers. This is a bit trickier since this starts as a read only file and needs to end up a read only file. So do the following:

chmod 640 /etc/sudoers

edit the file /etc/sudoers by adding lines like the following where I show them. I've shown two existing lines before and after:

## Allow root to run any commands anywhere <= existing
root ALL=(ALL) ALL <= existing

## Beginning of added lines
## Apr 9, 2008 by kb2wf
## Allow w5hdr admins to run all commands
User_Alias W5HDR = kb2wf, k5jtj
## End of added lines

## Allows members of the 'sys' group to run networking, software, <=
## service management apps and more. <= existing

save the file

chmod 440 /etc/sudoers

4) now you can ssh in on port 2220 as ordinary users, then use the "su -" command (super-user) to gain root privileges if you need them, and you do to start and stop the gateway, etc. just remember that the path you have is still the path of an ordinary user so some system commands aren't in your path and you have to specify them. an example is the command "ifconfig". to use that you now have to type /sbin/ifconfig. If you try a command you think should be available but it is not, look for the command using find. to find ifconfig, type "find / -name ifconfig". this won't happen often.

> (I show named as running in level/ edit level 5 this correct?)

i have named running in all runlevels. go to System>Administration>Services and click the Edit Runlevel menu. Select  the last option, Runlevel All. Check the box for all run levels. That  way you can boot to just runlevel 3 if you want. You'll do the same thing with dstar_gw (and dplus once that's installed and working).

73, John KE5C

su  vs.  su -

When you use the su command to change to the super user, add the "dash option" - just a dash. 'su' just gives you the identity of root, but you stay in the login 'environment', e.g., PATH, etc. Using the dash option actually is just like logging in as root so you get root's environment, including the sometimes important '/sbin' directory in your PATH.

Root Logins

Posted by: "ve7fet" ve7fet Wed Apr 23, 2008

In /etc/ssh/sshd_config you will also want to change:

#PermitRootLogin yes


PermitRootLogin no

That disallows root logins in ssh. You need to login as a regular user and su - to root. Also, if you make any changes to sshd_config, you either need to kill -HUP the sshd process or (since this is CentOS) service sshd restart to allow it to re-read the config file.
There is no real reason to run the G2 box in full graphical mode once you get it all setup. Especially if you will be remote administrating it via SSH (since everything we're doing requires terminal access anyways). Save some RAM and horsepower and change the default runlevel to 3 from 5.
Open /etc/inittab and change:




and then restart.

You already have a note about checking that named is started in runlevel 3.
If you do a chkconfig --list it will list all the services and runlevels and whether those services are on or off in the different runlevels.
Ensure that what's running in runlevel 5 is the same for runlevel 3.
Note that even with sendmail configured and running, the G2 software doesn't seem to be sending user registration alerts. Hopefully that will be resolved at some point.
There are also other services that can usually be turned off (unless you have a specific need for them). These include things like all the Bluetooth support processes, nfs, cups, etc. They will save some RAM too if they're not running.
Cheers!  Lee


Simplified access for users

Re: G2 Web Page Access
Posted by: "ve7fet""
Sun Apr 20, 2008 12:18 pm (PDT)
Pulling a thread out of the way back file...Paste the following into a file called index.html:

Forwarding to login page...please wait.

Save it somewhere on your G2 box that you remember.

Log in as root on your G2 box and copy this file to into


Change to that directory
(cd /opt/products/dstar/apache/securesite)
and do the following:

chown dstar.dstar index.html
chmod 644 index.html

Now, when you browse to your G2 box in a web browser and forget the part (but don't forget it still has to be https), you will
get re-directed to the login page automagically.

Works if you browse to https://my.external .ip.address, or
https://FQDN., etc.
Cheers! Lee
Open a terminal screen on your G2 box.

More simplified access:

"Nate Duehr" wy0x Wed Apr 23, 2008 5:00 pm (PDT)
I had some ideas on how to make VE7FET's "Simplified Access for Users" in this document better. He adds an "index.html" file to the "securesite" directory.

Here's some rough notes folks can do if they wish. I'd like some linux-savvy folks to look this over, obviously -- but I'll share.

First off, I thought the index.html was a little clunky, so I re-did it, real fast, using the stylesheet.css from the page, etc.

You can see my version on our gateway: https://aspen. natetech. com Our gateway will be shut down for a week or two while we move it, so if you're reading this in the archives months from now, use: https://gateway. coloradodstar. org

Okay... now that you've seen it and want it:     On your gateway...

cd /opt/products/dstar/apache/securesite
curl -O html
mv -i dstar-index.html index.html
(It will ask you if the filenames are right -- CHECK THEM, then hit "y".)
chown dstar:dstar index.html
chmod 644 index.html

This is an sample file, you need to edit it to replace the word CHANGEME with your FQDN or public IP of your Gateway.
Open the index.html file in whatever editor you choose and replace CHANGEME with the appropriate FQDN or IP of your Gateway that users access from the Net. (There are three CHANGEME's in the file.)

This gives you a "nicer" page than in VE7FET's e-mail, but it is still based on his idea.

Next, if you'd like your users to be able to hit the NON-secure port 80 FQDN or IP of your Gateway and get redirected to the Secure page at 443, over SSL... especially now that you have a web page that works for https://FQDN/ from the above change, see below.

First, you have to determine if you can use port 80. Your router might be using it from the external interface (often not, but check) or something else in your network might be. (You decide.) Many times it is not available.

But if it is available and not blocked in your ISPs network:
Port-forward port 80 on your routers external interface to
After that's done, go back to your Gateway and:

cd /opt/products/dstar/apache/conf

First, a warning. This is the master configuration file for your Gateway's webserver.
BE CAREFUL. And before you mess with it, MAKE A BACKUP COPY of your httpd.conf file:

cp -ai httpd.conf httpd.conf.backup

If everything goes we’ll, remove it later with:

rm -i /opt/products/dstar/apache/conf/httpd.conf.backup

If things don't go well, there's instructions at the bottom of this e-mail.

Open the httpd.conf file, and right below these three lines:

Include conf/dstarssl. Conf

Add a line that says:

Include conf/dstarnonssl. Conf

Save and exit the file.
Now do this:

cd /opt/products/dstar/apache/ conf
curl –O
chown dstar:dstar dstarnonssl.conf
chmod 644 dstarnonssl.conf

Open the file and replace CHANGEME with the correct FQDN or public IP of your gateway that you want people using.
Finally, restart your Gateway to get Apache to reload the new information.

/etc/init.d/dstar_gw restart

This is a rough start on an easier way to do this. Since it touches the httpd.conf file, any reinstall of the Gateway software itself would wipe  out any of this, of course. Make backups of the changed files for your  records after you have it working.  I would like to re-do this with a script download that would prompt the user for their FQDN or IP and do the "hard" stuff for you, but no time  to mess with that, right now. If someone wants to take it on as a  project, feel free. 

Sharing this for those who are COMFORTABLE doing things like this and  are CAREFUL about making backups of things they're changing. I tried to  make this as "fool-proof" as I could, but be aware that you're changing  httpd.conf, the main configuration file for your webserver and if you  botch it, you'll need to roll back your original:


cd /opt/products/dstar/apache/conf
cp -ai httpd.conf.backup httpd.conf
/etc/init.d/dstar_gw restart

Have fun., Nate WY0X


Posted by: "john_ke5c" Tue Mar 25, 2008 contains some utilities that report on the gateway database. They appear to run as is without arguments. The names are fairly self-explanatory. I put each in a directory /dstar/tools. You can easily download them with curl while logged onto that directory, e.g.:

cd /dstar/tools/
curl -0 http://www.opendsta G2/dstarquerydb

Then the download executable:

chmod 755 dstarquerydb

Then execute:


Changing repeater information on gateway

Posted by: "Iain (K6IAM)" Jun7 2008
“I just changed frequency from 447.575 to 444.650 How do I make  the changes so that the JFINDU site have the correct frequency of my repeater.”
That's fed by DStarMonitor. Edit the file:


then run:

service dsm restart

Scheduled Linking/unlinking

From: John - KE5C June 7, 2008

K5CTX^^B and W5HAT^^B will be linked to the Texas net each Tuesday by crond. Sysadmins, you can add lines to your crontab to unlink your module at 7:58 PM and link it at 7:59 PM.Change link-b to link-a or link-c if necessary:

# Texas net
58 19 * * Tue echo "       U" > /dstar/tmp/link-b
59 19 * * Tue echo "REF001AL" > /dstar/tmp/link-b

To add the entries

crontab -e

This will place you in a VI type editor, so be sure you know how to use it. If you get there by mistake use :q to exit.

Crontab entries removed

If your crontab entries get removed, which can be seen by not having entries in /var/log/dsipsvd.log file every few minutes, the crontab can be rebuilt  by the following

cd /opt/products/dstar/dstar_gw/cron
crontab root.cron

To also add the Postgres entries

crontab -u postgres postgres.cron

Play a voice file over the radio

Copy the file to /dstar/tmp/play-b.dvtool or change the play-b for the appropriate module

cp /dstar/dv/alreadylinked.dvtool /dstar/tmp/play-b.dvtool

To record a new voice file

A new voice file can be made with either a radio of the DVDongle. With the DVDongle, set the options to create a .dvtool file and copy the file to the gateway server /dstar/dv and replace the appropriate file or create a new id.dvtool for your repeater's ID.

From a radio, create a voicemail by setting the UR to XXNXXXS0. To play this file back, set the UR to XXNXXXP0
This will create a voice file /dstar/tmp/vm-0.dvtool. Rename this file to id.dvtool.

cd /dstar/tmp
mv vm-0.dvtool id.dvtool

To play the ID, use XXNXXX I. This will give the linked status of the repeater or the ID if not linked.

The following commands from

Fix Registration Page Re-direct

Out of the box, you are supposed to register users on the gateway system at (note the https).

This is, of course, a secure web page.

Unfortunately, if you just go to the domain name, and forget the, you get an error (Apache tries to do a directory listing because there is no index file, and the permissions won't allow that).

To fix this error, and get people to the right place, a simple fix is to create a basic index.html file that re-directs them to the right place.

You need the following code:

<META HTTP-EQUIV="Refresh" Content="2;">
Forwarding to login page...please wait.

Place it in a file called index.html in /opt/products/dstar/apache/securesite. Make sure it is readable by all chmod 644 index.html.

Now, when you go to the base URL of the G2 box, you should get re-directed to the login page after a couple of seconds.

This is the simplest way to do it. It does not rely on knowing any hostnames or anything else fancy. Pretty it up and do what you like... if you want.


Make G2 Email You

Again, out of the box, there is a "problem" with the G2 software in that there is no way to know if there are new registrations pending approval.

One would figure the box would notify someone, as it implies, when a new user registers... but it doesn't.

Go get the JavaMail API from Sun. You have to do some clicking to actually get to the file, so download it somewhere conveniently, then transfer it to your G2 box.

Go get the JAF API from Sun. Again, you have to do some clicking to actually get to the file, so download it somewhere conveniently, then transfer it to your G2 box.

Once you get both those files onto your G2 box, un-zip them.

From the JavaMail file, get the mail.jar file and copy it to /opt/products/dstar/tomcat/webapps/D-STAR/WEB-INF/lib, and from the JAF file, get the activation.jar file and copy it too into the same place.

These files enable you to actually be able to send email from Tomcat/Java.

Now, go to /opt/products/dstar/tomcat/webapps/D-STAR/WEB-INF/pages/register and you will see a couple of files. Back up the Complete.jsp file (cp Complete.jsp Complete.jsp.old is a good idea).

Open Complete.jsp in a text editor. At the very top of the file, paste in the following three lines above everything else:

<%@page import="java.util.*"%>
<%@page import="javax.mail.*"%>
<%@page import="javax.mail.internet.*"%>

Next, just above the <html:html> tag, paste the following:


Properties props = new Properties();
props.put("", "localhost");

Session s = Session.getInstance(props, null);
MimeMessage message = new MimeMessage(s);
InternetAddress from = new InternetAddress("dstar@localhost");

InternetAddress to = new InternetAddress("dstar@localhost");
message.addRecipient(Message.RecipientType.TO, to);
message.setSubject("New D-STAR Registration");
message.setText("A new user has registered and is awaiting approval!");


Now, what will happen is that when new users register, they have to click "OK" in the "Are you sure?" box. If the registration passes without errors, the Complete.jsp file gets called. The code that you just pasted gets run when the page is called. It sends an email to "dstar@localhost", which is the dstar user on the G2 machine to let them know that someone has just registered and is pending approval.

Of course, you probably aren't going to check that mail, so you will want it to be forwarded somewhere else more convenient (or even to multiple admins).

That's easy, as the G2 box should have Sendmail running on it.

The reason we choose the dstar user and not root to send the notification to, is that root also gets mails from logwatch and other stuff that is running.

Open /etc/aliases in a text editor, go way down to the bottom of the file, and paste in the following:


# Who should we send D-STAR notifications to

Save the file, then run the command newaliases to update the database. Finally, restart Sendmail with a service sendmail restart.

That's it, now when new registrations arrive, you will get an email notification!

If you want the easy way to do this, download this file to your G2 machine, and run the following commands:


tar -xzf email_mod.tar.gz
cd ./email_mod
sh ./email_mod

You can download this file directly to your G2 box with the command:

curl -O