3G inbound port 80 traffic in Vanuatu

Forums › New Zealand Mobile and Wireless › 3G inbound port 80 traffic in Vanuatu

1 | 2 | 3

deadlyllama

1262 posts

Uber Geek

Trusted

#817009 13-May-2013 20:17

jwgorman: I definitely agree - the VPN is the way to go, but - if I understand correctly - it still requires that the 3G modems be given public IP addresses right, so that DYNDNS can identify them staticly with a URL? the VPN is created with that dynamic IP, and then the devices behind the remote router can exist on a private subnet, with all communication going through the tunnel that the VPN defines?

Not quite.

VPN client behind NAT makes a connection out to your VPN router. The VPN router assigns it an IP address e.g. 192.168.150.12 and gives it some static routes, e.g. 192.168.140.0/24 that are reachable down the VPN connection.

The VPN connection is like a virtual network cable between the VPN client and VPN server -- a bit like a dialup connection that goes over the internet rather than over an analogue phone line. So now that your client has been assigned an IP, you can connect to that IP -- providing your networking at the other end is set up to send traffic down the VPN appropriately.

You can either use DNAT rules or static routing to enable the industrial PC to be accessible, if it's not the device running the VPN client.

You have to get the routing rules right because now both wherever your VPN server is hosted, and the Vanuatu end have *two* network connections -- one out to the public internet, and the virtual connection the VPN provides.

jwgorman

42 posts

Geek

#817016 13-May-2013 20:41

OK, that is clear explanation - thank you. I am about to check out a Draytek 2760 we just picked up to have the hands-on understanding of the 0/24 range you mention - am expecting that the basic config means that that clients on both sides of the VPN can be within this range and ping eachother (if ICMP is enabled? but you know what I mean - they can communicate on the same subnet using allowed ports...)

Q: Do you think that the VPN technology of the Draytek is equivalent to that of OpenVPN, but less dependent on the generic CPU of a (for example) linux box? better / worse? clearly depends on what is running OpenVPN but say with CPU cycles to spare...

Do you know whether this device can handle another issue regarding the 3G bandwidth: we have another router that currently automatically makes a 3G connection using an APN and Dial Number. it works as soon as the router boots up - but - when the 3G connection drops out for some reason (not sure why: it has 5/5 bars on a smartphone in that exact location and 70% strength showing in this router's HTML status screen) the router will not re-initiate until rebooted. OK well, that's the router we used to start with - but do you know of a VPN-enabled router that will reconnect if the 3G signal drops out? perhaps the Draytek 2760? intersecting Venn diagrams of feature sets...

anyway lots of questions - thanks a lot for your responses it's very helpful.

deadlyllama

1262 posts

Uber Geek

Trusted

#817021 13-May-2013 21:04

jwgorman: OK, that is clear explanation - thank you. I am about to check out a Draytek 2760 we just picked up to have the hands-on understanding of the 0/24 range you mention - am expecting that the basic config means that that clients on both sides of the VPN can be within this range and ping eachother (if ICMP is enabled? but you know what I mean - they can communicate on the same subnet using allowed ports...)

Q: Do you think that the VPN technology of the Draytek is equivalent to that of OpenVPN, but less dependent on the generic CPU of a (for example) linux box? better / worse? clearly depends on what is running OpenVPN but say with CPU cycles to spare...

Do you know whether this device can handle another issue regarding the 3G bandwidth: we have another router that currently automatically makes a 3G connection using an APN and Dial Number. it works as soon as the router boots up - but - when the 3G connection drops out for some reason (not sure why: it has 5/5 bars on a smartphone in that exact location and 70% strength showing in this router's HTML status screen) the router will not re-initiate until rebooted. OK well, that's the router we used to start with - but do you know of a VPN-enabled router that will reconnect if the 3G signal drops out? perhaps the Draytek 2760? intersecting Venn diagrams of feature sets...

anyway lots of questions - thanks a lot for your responses it's very helpful.

There are lots of different VPN technologies out there. Don't know what protocols the Draytek supports, would expect some subset of PPTP, L2TP, IPSEC, L2TP+IPSEC. It's unlikely to support OpenVPN (which has its very own protocol). Note that some of those protocols don't work so well through NAT -- you want something UDP based.

Random x86 Linux PC will run OpenVPN just fine. The Draytek will almost certainly be doing all the VPN stuff on its own internal CPU with no crypto accelerator. Anything running OpenWRT should be able to run OpenVPN. I used to run software VPN stuff (vtun, which I would not recommend these days) on an old WRT54G which is pretty weedy CPU-wise and it could still push a few Mbps through the VPN.

I don't have much experience with 3G routers but if you're comfortable with Linux scripting I'd suggest finding something that can run OpenWRT -- at a pinch you can write a cron job that notices the 3G is down and restart the 3G connection (or just reboot the router).

One option is to just have two routers, one that does the 3G and one that does the VPN, but then you need more power and equipment, don't know what your limitations are there.

jwgorman

42 posts

Geek

#846499 28-Jun-2013 00:41

Just as a related topic, now that I'm moving on to a Linux implementation - what 3G USB modems do you recommend that can be started and stopped from the command line. I have been testing a 2Degrees Huawei E3131 which does work out of the box with Debian 7, but it doesn't present a device like /dev/ttyUSB0 so not as scriptable. Sakis3g can't do much with it it seems either...but any modem like it that has an external antenna option?

Zeon

3916 posts

Uber Geek

Trusted

#846501 28-Jun-2013 01:10

I can't say explicitly I have experience directly with this but found that the E1552 2degrees modem is known for good compatibility with *nix. If it doesn't support an external antenna connector you may be able to retrofit one.

Speedtest 2019-10-14

jwgorman

42 posts

Geek

#846586 28-Jun-2013 09:49

Thanks OK I will check that one out!

I put another post here:

http://www.geekzone.co.nz/forums.asp?forumid=85&topicid=123202

about the modem I was testing with, the Huawei E173s. seems like you can toggle the E3131 to become a E173s serial modem. problem is that as the E3131, Debian 7 can connect to the internet, uses a network interface "eth2" but there is no /dev/ttyUSBx to work with.

As the E173s, you do get a /dev/ttyUSB0,/dev/ttyUSB1, and a /dev/ttyUSB2 but you don't get a network interface.

I eventually need a modem that can connect using a SIM card to a 900MHZ network in Vanuatu, and sounded like the E3131 could do that.

1 | 2 | 3