RTKLIB does not currently natively support TLS, hopefully it will in time.
This article details configuration of RTKLIB rtknavi to work on a Win10 workstation using stunnel to connect to a NTRIP server that is only available using TLS.
The version of rtklib used is v2.4.3b33, and stunnel v5.60.
Rover
The GPS receiver used here is a U-blox LEA-6T.
Serial mouse detection
GPS traffic may be falsely detected by Windows as mouse traffic, and cause havoc
If you are not using a serial mouse (and most of us do not these days) t is advisable to disable serial mouse detection at startup. You can do that with the following command in a administrator authorised Powershell.
Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\sermouse" -name "start" -Value 4
Reboot for it to take effect.
Serial options
Above is a screenshot of the serial port options. Use an appropriate COM port for your configuration.
Serial commands at startup
!UBX CFG-RATE 200 1 1 !UBX CFG-MSG 2 16 0 1 0 1 0 0 !UBX CFG-MSG 2 17 0 1 0 1 0 0 !UBX CFG-MSG 240 0 0 1 0 1 # NMEA GGA !UBX CFG-MSG 240 1 0 0 0 0 # NMEA GLL !UBX CFG-MSG 240 2 0 0 0 0 # NMEA GSA !UBX CFG-MSG 240 3 0 0 0 0 # NMEA GSV !UBX CFG-MSG 240 4 0 1 0 1 # NMEA RMC !UBX CFG-MSG 240 5 0 0 0 0 # NMEA VTG !UBX CFG-MSG 240 8 0 0 0 0 # NMEA ZDA
The above commands set the message rate, enable the raw messages needed and disable some of the default NMEA messages.
Serial commands at shutdown
!UBX CFG-RST 0
The above command resets the GPS to avoid the binary messages continuing after shutdown of the RTKLIB connection.
Base
NTRIP client options
The combination localhost:2102 directs the packets to stunnel running on the workstation, which in turns forwards the packets in an SSL tunnel. Use your user-id and password.
Stunnel
Stunnel needs the following section added to its configuration file and activated. This redirects connections to localhost:2102 to ntrip.host:443 in this case, but use the applicable destination host and port
[ntrip] client=yes accept=localhost:2102 connect=ntrip.host:443 verifyChain = yes CAfile = ca-certs.pem
Stunell needs to be directed to reload the configuration when updated.
You must start stunnel before attempting to connect with rtklib, otherwise it will fail to connect to localhost:2102. If you see that message, check that you have stunnel configured correctly and running.
Testing
This solution works with Geoscience Australia’s TLS NTRIP caster.
Other client apps
The stunnel solution might well work with other NTRIP client apps.